pcap-snit.c revision 146768 
117683Spst/*
217683Spst * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996
317683Spst *	The Regents of the University of California.  All rights reserved.
417683Spst *
517683Spst * Redistribution and use in source and binary forms, with or without
617683Spst * modification, are permitted provided that: (1) source code distributions
717683Spst * retain the above copyright notice and this paragraph in its entirety, (2)
817683Spst * distributions including binary code include the above copyright notice and
917683Spst * this paragraph in its entirety in the documentation or other materials
1017683Spst * provided with the distribution, and (3) all advertising materials mentioning
1117683Spst * features or use of this software display the following acknowledgement:
1217683Spst * ``This product includes software developed by the University of California,
1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
1417683Spst * the University nor the names of its contributors may be used to endorse
1517683Spst * or promote products derived from this software without specific prior
1617683Spst * written permission.
1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
2026175Sfenner *
2117683Spst * Modifications made to accommodate the new SunOS4.0 NIT facility by
2217683Spst * Micky Liu, micky@cunixc.cc.columbia.edu, Columbia University in May, 1989.
2317683Spst * This module now handles the STREAMS based NIT.
2417683Spst */
2517683Spst
2626175Sfenner#ifndef lint
27127664Sbmsstatic const char rcsid[] _U_ =
28146768Ssam    "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.72 2004/10/19 07:06:13 guy Exp $ (LBL)";
2926175Sfenner#endif
3026175Sfenner
3175107Sfenner#ifdef HAVE_CONFIG_H
3275107Sfenner#include "config.h"
3375107Sfenner#endif
3475107Sfenner
3517683Spst#include <sys/types.h>
3617683Spst#include <sys/time.h>
3717683Spst#include <sys/timeb.h>
3817683Spst#include <sys/dir.h>
3917683Spst#include <sys/fcntlcom.h>
4017683Spst#include <sys/file.h>
4117683Spst#include <sys/ioctl.h>
4217683Spst#include <sys/socket.h>
4317683Spst#include <sys/stropts.h>
4417683Spst
4517683Spst#include <net/if.h>
4617683Spst#include <net/nit.h>
4717683Spst#include <net/nit_if.h>
4817683Spst#include <net/nit_pf.h>
4917683Spst#include <net/nit_buf.h>
5017683Spst
5117683Spst#include <netinet/in.h>
5217683Spst#include <netinet/in_systm.h>
5317683Spst#include <netinet/ip.h>
5417683Spst#include <netinet/if_ether.h>
5517683Spst#include <netinet/ip_var.h>
5617683Spst#include <netinet/udp.h>
5717683Spst#include <netinet/udp_var.h>
5817683Spst#include <netinet/tcp.h>
5917683Spst#include <netinet/tcpip.h>
6017683Spst
6117683Spst#include <ctype.h>
6217683Spst#include <errno.h>
6317683Spst#include <stdio.h>
6417683Spst#include <string.h>
6517683Spst#include <unistd.h>
6617683Spst
6717683Spst#include "pcap-int.h"
6817683Spst
6917683Spst#ifdef HAVE_OS_PROTO_H
7017683Spst#include "os-proto.h"
7117683Spst#endif
7217683Spst
7317683Spst/*
7417683Spst * The chunk size for NIT.  This is the amount of buffering
7517683Spst * done for read calls.
7617683Spst */
7717683Spst#define CHUNKSIZE (2*1024)
7817683Spst
7917683Spst/*
8017683Spst * The total buffer space used by NIT.
8117683Spst */
8217683Spst#define BUFSPACE (4*CHUNKSIZE)
8317683Spst
8417683Spst/* Forwards */
8517683Spststatic int nit_setflags(int, int, int, char *);
8617683Spst
87127664Sbmsstatic int
88127664Sbmspcap_stats_snit(pcap_t *p, struct pcap_stat *ps)
8917683Spst{
9017683Spst
9198530Sfenner	/*
9298530Sfenner	 * "ps_recv" counts packets handed to the filter, not packets
9398530Sfenner	 * that passed the filter.  As filtering is done in userland,
9498530Sfenner	 * this does not include packets dropped because we ran out
9598530Sfenner	 * of buffer space.
9698530Sfenner	 *
9798530Sfenner	 * "ps_drop" counts packets dropped inside the "/dev/nit"
9898530Sfenner	 * device because of flow control requirements or resource
9998530Sfenner	 * exhaustion; it doesn't count packets dropped by the
10098530Sfenner	 * interface driver, or packets dropped upstream.  As filtering
10198530Sfenner	 * is done in userland, it counts packets regardless of whether
10298530Sfenner	 * they would've passed the filter.
10398530Sfenner	 *
10498530Sfenner	 * These statistics don't include packets not yet read from the
10598530Sfenner	 * kernel by libpcap or packets not yet read from libpcap by the
10698530Sfenner	 * application.
10798530Sfenner	 */
10817683Spst	*ps = p->md.stat;
10917683Spst	return (0);
11017683Spst}
11117683Spst
112127664Sbmsstatic int
113127664Sbmspcap_read_snit(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
11417683Spst{
11517683Spst	register int cc, n;
11617683Spst	register struct bpf_insn *fcode = p->fcode.bf_insns;
11717683Spst	register u_char *bp, *cp, *ep;
11817683Spst	register struct nit_bufhdr *hdrp;
11917683Spst	register struct nit_iftime *ntp;
12017683Spst	register struct nit_iflen *nlp;
12117683Spst	register struct nit_ifdrops *ndp;
12217683Spst	register int caplen;
12317683Spst
12417683Spst	cc = p->cc;
12517683Spst	if (cc == 0) {
12617683Spst		cc = read(p->fd, (char *)p->buffer, p->bufsize);
12717683Spst		if (cc < 0) {
12817683Spst			if (errno == EWOULDBLOCK)
12917683Spst				return (0);
13075107Sfenner			snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s",
13117683Spst				pcap_strerror(errno));
13217683Spst			return (-1);
13317683Spst		}
13417683Spst		bp = p->buffer;
13517683Spst	} else
13617683Spst		bp = p->bp;
13717683Spst
13817683Spst	/*
13917683Spst	 * loop through each snapshot in the chunk
14017683Spst	 */
14117683Spst	n = 0;
14217683Spst	ep = bp + cc;
14317683Spst	while (bp < ep) {
144127664Sbms		/*
145127664Sbms		 * Has "pcap_breakloop()" been called?
146127664Sbms		 * If so, return immediately - if we haven't read any
147127664Sbms		 * packets, clear the flag and return -2 to indicate
148127664Sbms		 * that we were told to break out of the loop, otherwise
149127664Sbms		 * leave the flag set, so that the *next* call will break
150127664Sbms		 * out of the loop without having read any packets, and
151127664Sbms		 * return the number of packets we've processed so far.
152127664Sbms		 */
153127664Sbms		if (p->break_loop) {
154127664Sbms			if (n == 0) {
155127664Sbms				p->break_loop = 0;
156127664Sbms				return (-2);
157127664Sbms			} else {
158127664Sbms				p->bp = bp;
159127664Sbms				p->cc = ep - bp;
160127664Sbms				return (n);
161127664Sbms			}
162127664Sbms		}
163127664Sbms
16417683Spst		++p->md.stat.ps_recv;
16517683Spst		cp = bp;
16617683Spst
16717683Spst		/* get past NIT buffer  */
16817683Spst		hdrp = (struct nit_bufhdr *)cp;
16917683Spst		cp += sizeof(*hdrp);
17017683Spst
17117683Spst		/* get past NIT timer   */
17217683Spst		ntp = (struct nit_iftime *)cp;
17317683Spst		cp += sizeof(*ntp);
17417683Spst
17517683Spst		ndp = (struct nit_ifdrops *)cp;
17617683Spst		p->md.stat.ps_drop = ndp->nh_drops;
17717683Spst		cp += sizeof *ndp;
17817683Spst
17917683Spst		/* get past packet len  */
18017683Spst		nlp = (struct nit_iflen *)cp;
18117683Spst		cp += sizeof(*nlp);
18217683Spst
18317683Spst		/* next snapshot        */
18417683Spst		bp += hdrp->nhb_totlen;
18517683Spst
18617683Spst		caplen = nlp->nh_pktlen;
18717683Spst		if (caplen > p->snapshot)
18817683Spst			caplen = p->snapshot;
18917683Spst
19017683Spst		if (bpf_filter(fcode, cp, nlp->nh_pktlen, caplen)) {
19117683Spst			struct pcap_pkthdr h;
19217683Spst			h.ts = ntp->nh_timestamp;
19317683Spst			h.len = nlp->nh_pktlen;
19417683Spst			h.caplen = caplen;
19517683Spst			(*callback)(user, &h, cp);
19617683Spst			if (++n >= cnt && cnt >= 0) {
19717683Spst				p->cc = ep - bp;
19817683Spst				p->bp = bp;
19917683Spst				return (n);
20017683Spst			}
20117683Spst		}
20217683Spst	}
20317683Spst	p->cc = 0;
20417683Spst	return (n);
20517683Spst}
20617683Spst
20717683Spststatic int
208146768Ssampcap_inject_snit(pcap_t *p, const void *buf, size_t size)
209146768Ssam{
210146768Ssam	struct strbuf ctl, data;
211146768Ssam
212146768Ssam	/*
213146768Ssam	 * XXX - can we just do
214146768Ssam	 *
215146768Ssam	ret = write(pd->f, buf, size);
216146768Ssam	 */
217146768Ssam	ctl.len = sizeof(*sa);	/* XXX - what was this? */
218146768Ssam	ctl.buf = (char *)sa;
219146768Ssam	data.buf = buf;
220146768Ssam	data.len = size;
221146768Ssam	ret = putmsg(p->fd, &ctl, &data);
222146768Ssam	if (ret == -1) {
223146768Ssam		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
224146768Ssam		    pcap_strerror(errno));
225146768Ssam		return (-1);
226146768Ssam	}
227146768Ssam	return (ret);
228146768Ssam}
229146768Ssam
230146768Ssamstatic int
23117683Spstnit_setflags(int fd, int promisc, int to_ms, char *ebuf)
23217683Spst{
23317683Spst	bpf_u_int32 flags;
23417683Spst	struct strioctl si;
23517683Spst	struct timeval timeout;
23617683Spst
23717683Spst	si.ic_timout = INFTIM;
23817683Spst	if (to_ms != 0) {
23917683Spst		timeout.tv_sec = to_ms / 1000;
24017683Spst		timeout.tv_usec = (to_ms * 1000) % 1000000;
24117683Spst		si.ic_cmd = NIOCSTIME;
24217683Spst		si.ic_len = sizeof(timeout);
24317683Spst		si.ic_dp = (char *)&timeout;
24417683Spst		if (ioctl(fd, I_STR, (char *)&si) < 0) {
24575107Sfenner			snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSTIME: %s",
24675107Sfenner			    pcap_strerror(errno));
24717683Spst			return (-1);
24817683Spst		}
24917683Spst	}
25017683Spst	flags = NI_TIMESTAMP | NI_LEN | NI_DROPS;
25117683Spst	if (promisc)
25217683Spst		flags |= NI_PROMISC;
25317683Spst	si.ic_cmd = NIOCSFLAGS;
25417683Spst	si.ic_len = sizeof(flags);
25517683Spst	si.ic_dp = (char *)&flags;
25617683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
25775107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSFLAGS: %s",
25875107Sfenner		    pcap_strerror(errno));
25917683Spst		return (-1);
26017683Spst	}
26117683Spst	return (0);
26217683Spst}
26317683Spst
26417683Spstpcap_t *
265127664Sbmspcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
266127664Sbms    char *ebuf)
26717683Spst{
26817683Spst	struct strioctl si;		/* struct for ioctl() */
26917683Spst	struct ifreq ifr;		/* interface request struct */
27017683Spst	int chunksize = CHUNKSIZE;
27117683Spst	int fd;
27217683Spst	static char dev[] = "/dev/nit";
27317683Spst	register pcap_t *p;
27417683Spst
27517683Spst	p = (pcap_t *)malloc(sizeof(*p));
27617683Spst	if (p == NULL) {
27775107Sfenner		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
27817683Spst		return (NULL);
27917683Spst	}
28017683Spst
28117683Spst	if (snaplen < 96)
28217683Spst		/*
28317683Spst		 * NIT requires a snapshot length of at least 96.
28417683Spst		 */
28517683Spst		snaplen = 96;
28617683Spst
28775107Sfenner	memset(p, 0, sizeof(*p));
288146768Ssam	/*
289146768Ssam	 * Initially try a read/write open (to allow the inject
290146768Ssam	 * method to work).  If that fails due to permission
291146768Ssam	 * issues, fall back to read-only.  This allows a
292146768Ssam	 * non-root user to be granted specific access to pcap
293146768Ssam	 * capabilities via file permissions.
294146768Ssam	 *
295146768Ssam	 * XXX - we should have an API that has a flag that
296146768Ssam	 * controls whether to open read-only or read-write,
297146768Ssam	 * so that denial of permission to send (or inability
298146768Ssam	 * to send, if sending packets isn't supported on
299146768Ssam	 * the device in question) can be indicated at open
300146768Ssam	 * time.
301146768Ssam	 */
302146768Ssam	p->fd = fd = open(dev, O_RDWR);
303146768Ssam	if (fd < 0 && errno == EACCES)
304146768Ssam		p->fd = fd = open(dev, O_RDONLY);
30517683Spst	if (fd < 0) {
30675107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dev,
30775107Sfenner		    pcap_strerror(errno));
30817683Spst		goto bad;
30917683Spst	}
31017683Spst
31117683Spst	/* arrange to get discrete messages from the STREAM and use NIT_BUF */
31217683Spst	if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) {
31375107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s",
31475107Sfenner		    pcap_strerror(errno));
31517683Spst		goto bad;
31617683Spst	}
31717683Spst	if (ioctl(fd, I_PUSH, "nbuf") < 0) {
31875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "push nbuf: %s",
31975107Sfenner		    pcap_strerror(errno));
32017683Spst		goto bad;
32117683Spst	}
32217683Spst	/* set the chunksize */
32317683Spst	si.ic_cmd = NIOCSCHUNK;
32417683Spst	si.ic_timout = INFTIM;
32517683Spst	si.ic_len = sizeof(chunksize);
32617683Spst	si.ic_dp = (char *)&chunksize;
32717683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
32875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s",
32975107Sfenner		    pcap_strerror(errno));
33017683Spst		goto bad;
33117683Spst	}
33217683Spst
33317683Spst	/* request the interface */
33417683Spst	strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
335127664Sbms	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
33617683Spst	si.ic_cmd = NIOCBIND;
33717683Spst	si.ic_len = sizeof(ifr);
33817683Spst	si.ic_dp = (char *)&ifr;
33917683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
34075107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s",
34117683Spst			ifr.ifr_name, pcap_strerror(errno));
34217683Spst		goto bad;
34317683Spst	}
34417683Spst
34517683Spst	/* set the snapshot length */
34617683Spst	si.ic_cmd = NIOCSSNAP;
34717683Spst	si.ic_len = sizeof(snaplen);
34817683Spst	si.ic_dp = (char *)&snaplen;
34917683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
35075107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s",
35175107Sfenner		    pcap_strerror(errno));
35217683Spst		goto bad;
35317683Spst	}
35417683Spst	p->snapshot = snaplen;
35517683Spst	if (nit_setflags(p->fd, promisc, to_ms, ebuf) < 0)
35617683Spst		goto bad;
35717683Spst
35817683Spst	(void)ioctl(fd, I_FLUSH, (char *)FLUSHR);
35917683Spst	/*
36017683Spst	 * NIT supports only ethernets.
36117683Spst	 */
36217683Spst	p->linktype = DLT_EN10MB;
36317683Spst
36417683Spst	p->bufsize = BUFSPACE;
36517683Spst	p->buffer = (u_char *)malloc(p->bufsize);
36617683Spst	if (p->buffer == NULL) {
36775107Sfenner		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
36817683Spst		goto bad;
36917683Spst	}
370127664Sbms
371127664Sbms	/*
372127664Sbms	 * "p->fd" is an FD for a STREAMS device, so "select()" and
373127664Sbms	 * "poll()" should work on it.
374127664Sbms	 */
375127664Sbms	p->selectable_fd = p->fd;
376127664Sbms
377146768Ssam	/*
378146768Ssam	 * This is (presumably) a real Ethernet capture; give it a
379146768Ssam	 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
380146768Ssam	 * that an application can let you choose it, in case you're
381146768Ssam	 * capturing DOCSIS traffic that a Cisco Cable Modem
382146768Ssam	 * Termination System is putting out onto an Ethernet (it
383146768Ssam	 * doesn't put an Ethernet header onto the wire, it puts raw
384146768Ssam	 * DOCSIS frames out on the wire inside the low-level
385146768Ssam	 * Ethernet framing).
386146768Ssam	 */
387146768Ssam	p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
388146768Ssam	/*
389146768Ssam	 * If that fails, just leave the list empty.
390146768Ssam	 */
391146768Ssam	if (p->dlt_list != NULL) {
392146768Ssam		p->dlt_list[0] = DLT_EN10MB;
393146768Ssam		p->dlt_list[1] = DLT_DOCSIS;
394146768Ssam		p->dlt_count = 2;
395146768Ssam	}
396146768Ssam
397127664Sbms	p->read_op = pcap_read_snit;
398146768Ssam	p->inject_op = pcap_inject_snit;
399127664Sbms	p->setfilter_op = install_bpf_program;	/* no kernel filtering */
400127664Sbms	p->set_datalink_op = NULL;	/* can't change data link type */
401127664Sbms	p->getnonblock_op = pcap_getnonblock_fd;
402127664Sbms	p->setnonblock_op = pcap_setnonblock_fd;
403127664Sbms	p->stats_op = pcap_stats_snit;
404146768Ssam	p->close_op = pcap_close_common;
405127664Sbms
40617683Spst	return (p);
40717683Spst bad:
40817683Spst	if (fd >= 0)
40917683Spst		close(fd);
41017683Spst	free(p);
41117683Spst	return (NULL);
41217683Spst}
41317683Spst
41417683Spstint
415127664Sbmspcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
41617683Spst{
41717683Spst	return (0);
41817683Spst}
419