1/* 2 * This code is derived from code formerly in pcap-dlpi.c, originally 3 * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College 4 * London, and subsequently modified by Guy Harris (guy@alum.mit.edu), 5 * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>, 6 * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>. 7 */ 8 9/* 10 * This file contains dlpi/libdlpi related common functions used 11 * by pcap-[dlpi,libdlpi].c. 12 */ 13#ifndef lint 14static const char rcsid[] _U_ = 15 "@(#) $Header: /tcpdump/master/libpcap/dlpisubs.c,v 1.3 2008-12-02 16:40:19 guy Exp $ (LBL)"; 16#endif 17 18#ifdef HAVE_CONFIG_H 19#include "config.h" 20#endif 21 22#ifndef DL_IPATM 23#define DL_IPATM 0x12 /* ATM Classical IP interface */ 24#endif 25 26#ifdef HAVE_SYS_BUFMOD_H 27 /* 28 * Size of a bufmod chunk to pass upstream; that appears to be the 29 * biggest value to which you can set it, and setting it to that value 30 * (which is bigger than what appears to be the Solaris default of 8192) 31 * reduces the number of packet drops. 32 */ 33#define CHUNKSIZE 65536 34 35 /* 36 * Size of the buffer to allocate for packet data we read; it must be 37 * large enough to hold a chunk. 38 */ 39#define PKTBUFSIZE CHUNKSIZE 40 41#else /* HAVE_SYS_BUFMOD_H */ 42 43 /* 44 * Size of the buffer to allocate for packet data we read; this is 45 * what the value used to be - there's no particular reason why it 46 * should be tied to MAXDLBUF, but we'll leave it as this for now. 47 */ 48#define MAXDLBUF 8192 49#define PKTBUFSIZE (MAXDLBUF * sizeof(bpf_u_int32)) 50 51#endif 52 53#include <sys/types.h> 54#include <sys/time.h> 55#ifdef HAVE_SYS_BUFMOD_H 56#include <sys/bufmod.h> 57#endif 58#include <sys/dlpi.h> 59#include <sys/stream.h> 60 61#include <errno.h> 62#include <memory.h> 63#include <stdio.h> 64#include <stdlib.h> 65#include <string.h> 66#include <stropts.h> 67#include <unistd.h> 68 69#ifdef HAVE_LIBDLPI 70#include <libdlpi.h> 71#endif 72 73#include "pcap-int.h" 74#include "dlpisubs.h" 75 76#ifdef HAVE_SYS_BUFMOD_H 77static void pcap_stream_err(const char *, int, char *); 78#endif 79 80/* 81 * Get the packet statistics. 82 */ 83int 84pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps) 85{ 86 struct pcap_dlpi *pd = p->priv; 87 88 /* 89 * "ps_recv" counts packets handed to the filter, not packets 90 * that passed the filter. As filtering is done in userland, 91 * this would not include packets dropped because we ran out 92 * of buffer space; in order to make this more like other 93 * platforms (Linux 2.4 and later, BSDs with BPF), where the 94 * "packets received" count includes packets received but dropped 95 * due to running out of buffer space, and to keep from confusing 96 * applications that, for example, compute packet drop percentages, 97 * we also make it count packets dropped by "bufmod" (otherwise we 98 * might run the risk of the packet drop count being bigger than 99 * the received-packet count). 100 * 101 * "ps_drop" counts packets dropped by "bufmod" because of 102 * flow control requirements or resource exhaustion; it doesn't 103 * count packets dropped by the interface driver, or packets 104 * dropped upstream. As filtering is done in userland, it counts 105 * packets regardless of whether they would've passed the filter. 106 * 107 * These statistics don't include packets not yet read from 108 * the kernel by libpcap, but they may include packets not 109 * yet read from libpcap by the application. 110 */ 111 *ps = pd->stat; 112 113 /* 114 * Add in the drop count, as per the above comment. 115 */ 116 ps->ps_recv += ps->ps_drop; 117 return (0); 118} 119 120/* 121 * Loop through the packets and call the callback for each packet. 122 * Return the number of packets read. 123 */ 124int 125pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user, 126 int count, u_char *bufp, int len) 127{ 128 struct pcap_dlpi *pd = p->priv; 129 int n, caplen, origlen; 130 u_char *ep, *pk; 131 struct pcap_pkthdr pkthdr; 132#ifdef HAVE_SYS_BUFMOD_H 133 struct sb_hdr *sbp; 134#ifdef LBL_ALIGN 135 struct sb_hdr sbhdr; 136#endif 137#endif 138 139 /* Loop through packets */ 140 ep = bufp + len; 141 n = 0; 142 143#ifdef HAVE_SYS_BUFMOD_H 144 while (bufp < ep) { 145 /* 146 * Has "pcap_breakloop()" been called? 147 * If so, return immediately - if we haven't read any 148 * packets, clear the flag and return -2 to indicate 149 * that we were told to break out of the loop, otherwise 150 * leave the flag set, so that the *next* call will break 151 * out of the loop without having read any packets, and 152 * return the number of packets we've processed so far. 153 */ 154 if (p->break_loop) { 155 if (n == 0) { 156 p->break_loop = 0; 157 return (-2); 158 } else { 159 p->bp = bufp; 160 p->cc = ep - bufp; 161 return (n); 162 } 163 } 164#ifdef LBL_ALIGN 165 if ((long)bufp & 3) { 166 sbp = &sbhdr; 167 memcpy(sbp, bufp, sizeof(*sbp)); 168 } else 169#endif 170 sbp = (struct sb_hdr *)bufp; 171 pd->stat.ps_drop = sbp->sbh_drops; 172 pk = bufp + sizeof(*sbp); 173 bufp += sbp->sbh_totlen; 174 origlen = sbp->sbh_origlen; 175 caplen = sbp->sbh_msglen; 176#else 177 origlen = len; 178 caplen = min(p->snapshot, len); 179 pk = bufp; 180 bufp += caplen; 181#endif 182 ++pd->stat.ps_recv; 183 if (bpf_filter(p->fcode.bf_insns, pk, origlen, caplen)) { 184#ifdef HAVE_SYS_BUFMOD_H 185 pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec; 186 pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec; 187#else 188 (void) gettimeofday(&pkthdr.ts, NULL); 189#endif 190 pkthdr.len = origlen; 191 pkthdr.caplen = caplen; 192 /* Insure caplen does not exceed snapshot */ 193 if (pkthdr.caplen > p->snapshot) 194 pkthdr.caplen = p->snapshot; 195 (*callback)(user, &pkthdr, pk); 196 if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) { 197 p->cc = ep - bufp; 198 p->bp = bufp; 199 return (n); 200 } 201 } 202#ifdef HAVE_SYS_BUFMOD_H 203 } 204#endif 205 p->cc = 0; 206 return (n); 207} 208 209/* 210 * Process the mac type. Returns -1 if no matching mac type found, otherwise 0. 211 */ 212int 213pcap_process_mactype(pcap_t *p, u_int mactype) 214{ 215 int retv = 0; 216 217 switch (mactype) { 218 219 case DL_CSMACD: 220 case DL_ETHER: 221 p->linktype = DLT_EN10MB; 222 p->offset = 2; 223 /* 224 * This is (presumably) a real Ethernet capture; give it a 225 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so 226 * that an application can let you choose it, in case you're 227 * capturing DOCSIS traffic that a Cisco Cable Modem 228 * Termination System is putting out onto an Ethernet (it 229 * doesn't put an Ethernet header onto the wire, it puts raw 230 * DOCSIS frames out on the wire inside the low-level 231 * Ethernet framing). 232 */ 233 p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2); 234 /* 235 * If that fails, just leave the list empty. 236 */ 237 if (p->dlt_list != NULL) { 238 p->dlt_list[0] = DLT_EN10MB; 239 p->dlt_list[1] = DLT_DOCSIS; 240 p->dlt_count = 2; 241 } 242 break; 243 244 case DL_FDDI: 245 p->linktype = DLT_FDDI; 246 p->offset = 3; 247 break; 248 249 case DL_TPR: 250 /* XXX - what about DL_TPB? Is that Token Bus? */ 251 p->linktype = DLT_IEEE802; 252 p->offset = 2; 253 break; 254 255#ifdef HAVE_SOLARIS 256 case DL_IPATM: 257 p->linktype = DLT_SUNATM; 258 p->offset = 0; /* works for LANE and LLC encapsulation */ 259 break; 260#endif 261 262 default: 263 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype %u", 264 mactype); 265 retv = -1; 266 } 267 268 return (retv); 269} 270 271#ifdef HAVE_SYS_BUFMOD_H 272/* 273 * Push and configure the buffer module. Returns -1 for error, otherwise 0. 274 */ 275int 276pcap_conf_bufmod(pcap_t *p, int snaplen) 277{ 278 struct timeval to; 279 bpf_u_int32 ss, chunksize; 280 281 /* Non-standard call to get the data nicely buffered. */ 282 if (ioctl(p->fd, I_PUSH, "bufmod") != 0) { 283 pcap_stream_err("I_PUSH bufmod", errno, p->errbuf); 284 return (-1); 285 } 286 287 ss = snaplen; 288 if (ss > 0 && 289 strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) { 290 pcap_stream_err("SBIOCSSNAP", errno, p->errbuf); 291 return (-1); 292 } 293 294 if (p->opt.immediate) { 295 /* Set the timeout to zero, for immediate delivery. */ 296 to.tv_sec = 0; 297 to.tv_usec = 0; 298 if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) { 299 pcap_stream_err("SBIOCSTIME", errno, p->errbuf); 300 return (-1); 301 } 302 } else { 303 /* Set up the bufmod timeout. */ 304 if (p->opt.timeout != 0) { 305 to.tv_sec = p->opt.timeout / 1000; 306 to.tv_usec = (p->opt.timeout * 1000) % 1000000; 307 if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) { 308 pcap_stream_err("SBIOCSTIME", errno, p->errbuf); 309 return (-1); 310 } 311 } 312 313 /* Set the chunk length. */ 314 chunksize = CHUNKSIZE; 315 if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize) 316 != 0) { 317 pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf); 318 return (-1); 319 } 320 } 321 322 return (0); 323} 324#endif /* HAVE_SYS_BUFMOD_H */ 325 326/* 327 * Allocate data buffer. Returns -1 if memory allocation fails, else 0. 328 */ 329int 330pcap_alloc_databuf(pcap_t *p) 331{ 332 p->bufsize = PKTBUFSIZE; 333 p->buffer = (u_char *)malloc(p->bufsize + p->offset); 334 if (p->buffer == NULL) { 335 strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE); 336 return (-1); 337 } 338 339 return (0); 340} 341 342/* 343 * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise 344 * length of returned data on success. 345 */ 346int 347strioctl(int fd, int cmd, int len, char *dp) 348{ 349 struct strioctl str; 350 int retv; 351 352 str.ic_cmd = cmd; 353 str.ic_timout = -1; 354 str.ic_len = len; 355 str.ic_dp = dp; 356 if ((retv = ioctl(fd, I_STR, &str)) < 0) 357 return (retv); 358 359 return (str.ic_len); 360} 361 362#ifdef HAVE_SYS_BUFMOD_H 363/* 364 * Write stream error message to errbuf. 365 */ 366static void 367pcap_stream_err(const char *func, int err, char *errbuf) 368{ 369 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", func, pcap_strerror(err)); 370} 371#endif 372