source-git / libpcap

Clone
Source Code
GIT

Blame dlpisubs.c

c8 c8s master
  1.   1a9d5b3648d480915dc158c77596058c1e080bf1
  2.   dlpisubs.c
Blob History Raw
Packit 209cc3 
/*
Packit 209cc3 
 * This code is derived from code formerly in pcap-dlpi.c, originally
Packit 209cc3 
 * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
Packit 209cc3 
 * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
Packit 209cc3 
 * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
Packit 209cc3 
 * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
Packit 209cc3 
 */
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * This file contains dlpi/libdlpi related common functions used
Packit 209cc3 
 * by pcap-[dlpi,libdlpi].c.
Packit 209cc3 
 */
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_CONFIG_H
Packit 209cc3 
#include <config.h>
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifndef DL_IPATM
Packit 209cc3 
#define DL_IPATM	0x12	/* ATM Classical IP interface */
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
	/*
Packit 209cc3 
	 * Size of a bufmod chunk to pass upstream; that appears to be the
Packit 209cc3 
	 * biggest value to which you can set it, and setting it to that value
Packit 209cc3 
	 * (which is bigger than what appears to be the Solaris default of 8192)
Packit 209cc3 
	 * reduces the number of packet drops.
Packit 209cc3 
	 */
Packit 209cc3 
#define	CHUNKSIZE	65536
Packit 209cc3
Packit 209cc3 
	/*
Packit 209cc3 
	 * Size of the buffer to allocate for packet data we read; it must be
Packit 209cc3 
	 * large enough to hold a chunk.
Packit 209cc3 
	 */
Packit 209cc3 
#define	PKTBUFSIZE	CHUNKSIZE
Packit 209cc3
Packit 209cc3 
#else /* HAVE_SYS_BUFMOD_H */
Packit 209cc3
Packit 209cc3 
	/*
Packit 209cc3 
	 * Size of the buffer to allocate for packet data we read; this is
Packit 209cc3 
	 * what the value used to be - there's no particular reason why it
Packit 209cc3 
	 * should be tied to MAXDLBUF, but we'll leave it as this for now.
Packit 209cc3 
	 */
Packit 209cc3 
#define	MAXDLBUF	8192
Packit 209cc3 
#define	PKTBUFSIZE	(MAXDLBUF * sizeof(bpf_u_int32))
Packit 209cc3
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#include <sys/types.h>
Packit 209cc3 
#include <sys/time.h>
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
#include <sys/bufmod.h>
Packit 209cc3 
#endif
Packit 209cc3 
#include <sys/dlpi.h>
Packit 209cc3 
#include <sys/stream.h>
Packit 209cc3
Packit 209cc3 
#include <errno.h>
Packit 209cc3 
#include <memory.h>
Packit 209cc3 
#include <stdio.h>
Packit 209cc3 
#include <stdlib.h>
Packit 209cc3 
#include <string.h>
Packit 209cc3 
#include <stropts.h>
Packit 209cc3 
#include <unistd.h>
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_LIBDLPI
Packit 209cc3 
#include <libdlpi.h>
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#include "pcap-int.h"
Packit 209cc3 
#include "dlpisubs.h"
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
static void pcap_stream_err(const char *, int, char *);
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Get the packet statistics.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
Packit 209cc3 
{
Packit 209cc3 
	struct pcap_dlpi *pd = p->priv;
Packit 209cc3
Packit 209cc3 
	/*
Packit 209cc3 
	 * "ps_recv" counts packets handed to the filter, not packets
Packit 209cc3 
	 * that passed the filter.  As filtering is done in userland,
Packit 209cc3 
	 * this would not include packets dropped because we ran out
Packit 209cc3 
	 * of buffer space; in order to make this more like other
Packit 209cc3 
	 * platforms (Linux 2.4 and later, BSDs with BPF), where the
Packit 209cc3 
	 * "packets received" count includes packets received but dropped
Packit 209cc3 
	 * due to running out of buffer space, and to keep from confusing
Packit 209cc3 
	 * applications that, for example, compute packet drop percentages,
Packit 209cc3 
	 * we also make it count packets dropped by "bufmod" (otherwise we
Packit 209cc3 
	 * might run the risk of the packet drop count being bigger than
Packit 209cc3 
	 * the received-packet count).
Packit 209cc3 
	 *
Packit 209cc3 
	 * "ps_drop" counts packets dropped by "bufmod" because of
Packit 209cc3 
	 * flow control requirements or resource exhaustion; it doesn't
Packit 209cc3 
	 * count packets dropped by the interface driver, or packets
Packit 209cc3 
	 * dropped upstream.  As filtering is done in userland, it counts
Packit 209cc3 
	 * packets regardless of whether they would've passed the filter.
Packit 209cc3 
	 *
Packit 209cc3 
	 * These statistics don't include packets not yet read from
Packit 209cc3 
	 * the kernel by libpcap, but they may include packets not
Packit 209cc3 
	 * yet read from libpcap by the application.
Packit 209cc3 
	 */
Packit 209cc3 
	*ps = pd->stat;
Packit 209cc3
Packit 209cc3 
	/*
Packit 209cc3 
	 * Add in the drop count, as per the above comment.
Packit 209cc3 
	 */
Packit 209cc3 
	ps->ps_recv += ps->ps_drop;
Packit 209cc3 
	return (0);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Loop through the packets and call the callback for each packet.
Packit 209cc3 
 * Return the number of packets read.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
Packit 209cc3 
	int count, u_char *bufp, int len)
Packit 209cc3 
{
Packit 209cc3 
	struct pcap_dlpi *pd = p->priv;
Packit 209cc3 
	int n, caplen, origlen;
Packit 209cc3 
	u_char *ep, *pk;
Packit 209cc3 
	struct pcap_pkthdr pkthdr;
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
	struct sb_hdr *sbp;
Packit 209cc3 
#ifdef LBL_ALIGN
Packit 209cc3 
	struct sb_hdr sbhdr;
Packit 209cc3 
#endif
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
	/* Loop through packets */
Packit 209cc3 
	ep = bufp + len;
Packit 209cc3 
	n = 0;
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
	while (bufp < ep) {
Packit 209cc3 
		/*
Packit 209cc3 
		 * Has "pcap_breakloop()" been called?
Packit 209cc3 
		 * If so, return immediately - if we haven't read any
Packit 209cc3 
		 * packets, clear the flag and return -2 to indicate
Packit 209cc3 
		 * that we were told to break out of the loop, otherwise
Packit 209cc3 
		 * leave the flag set, so that the *next* call will break
Packit 209cc3 
		 * out of the loop without having read any packets, and
Packit 209cc3 
		 * return the number of packets we've processed so far.
Packit 209cc3 
		 */
Packit 209cc3 
		if (p->break_loop) {
Packit 209cc3 
			if (n == 0) {
Packit 209cc3 
				p->break_loop = 0;
Packit 209cc3 
				return (-2);
Packit 209cc3 
			} else {
Packit 209cc3 
				p->bp = bufp;
Packit 209cc3 
				p->cc = ep - bufp;
Packit 209cc3 
				return (n);
Packit 209cc3 
			}
Packit 209cc3 
		}
Packit 209cc3 
#ifdef LBL_ALIGN
Packit 209cc3 
		if ((long)bufp & 3) {
Packit 209cc3 
			sbp = &sbhdr;
Packit 209cc3 
			memcpy(sbp, bufp, sizeof(*sbp));
Packit 209cc3 
		} else
Packit 209cc3 
#endif
Packit 209cc3 
			sbp = (struct sb_hdr *)bufp;
Packit 209cc3 
		pd->stat.ps_drop = sbp->sbh_drops;
Packit 209cc3 
		pk = bufp + sizeof(*sbp);
Packit 209cc3 
		bufp += sbp->sbh_totlen;
Packit 209cc3 
		origlen = sbp->sbh_origlen;
Packit 209cc3 
		caplen = sbp->sbh_msglen;
Packit 209cc3 
#else
Packit 209cc3 
		origlen = len;
Packit 209cc3 
		caplen = min(p->snapshot, len);
Packit 209cc3 
		pk = bufp;
Packit 209cc3 
		bufp += caplen;
Packit 209cc3 
#endif
Packit 209cc3 
		++pd->stat.ps_recv;
Packit 209cc3 
		if (bpf_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
			pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
Packit 209cc3 
			pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
Packit 209cc3 
#else
Packit 209cc3 
			(void) gettimeofday(&pkthdr.ts, NULL);
Packit 209cc3 
#endif
Packit 209cc3 
			pkthdr.len = origlen;
Packit 209cc3 
			pkthdr.caplen = caplen;
Packit 209cc3 
			/* Insure caplen does not exceed snapshot */
Packit 209cc3 
			if (pkthdr.caplen > (bpf_u_int32)p->snapshot)
Packit 209cc3 
				pkthdr.caplen = (bpf_u_int32)p->snapshot;
Packit 209cc3 
			(*callback)(user, &pkthdr, pk);
Packit 209cc3 
			if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
Packit 209cc3 
				p->cc = ep - bufp;
Packit 209cc3 
				p->bp = bufp;
Packit 209cc3 
				return (n);
Packit 209cc3 
			}
Packit 209cc3 
		}
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
	}
Packit 209cc3 
#endif
Packit 209cc3 
	p->cc = 0;
Packit 209cc3 
	return (n);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
pcap_process_mactype(pcap_t *p, u_int mactype)
Packit 209cc3 
{
Packit 209cc3 
	int retv = 0;
Packit 209cc3
Packit 209cc3 
	switch (mactype) {
Packit 209cc3
Packit 209cc3 
	case DL_CSMACD:
Packit 209cc3 
	case DL_ETHER:
Packit 209cc3 
		p->linktype = DLT_EN10MB;
Packit 209cc3 
		p->offset = 2;
Packit 209cc3 
		/*
Packit 209cc3 
		 * This is (presumably) a real Ethernet capture; give it a
Packit 209cc3 
		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
Packit 209cc3 
		 * that an application can let you choose it, in case you're
Packit 209cc3 
		 * capturing DOCSIS traffic that a Cisco Cable Modem
Packit 209cc3 
		 * Termination System is putting out onto an Ethernet (it
Packit 209cc3 
		 * doesn't put an Ethernet header onto the wire, it puts raw
Packit 209cc3 
		 * DOCSIS frames out on the wire inside the low-level
Packit 209cc3 
		 * Ethernet framing).
Packit 209cc3 
		 */
Packit 209cc3 
		p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
Packit 209cc3 
		/*
Packit 209cc3 
		 * If that fails, just leave the list empty.
Packit 209cc3 
		 */
Packit 209cc3 
		if (p->dlt_list != NULL) {
Packit 209cc3 
			p->dlt_list[0] = DLT_EN10MB;
Packit 209cc3 
			p->dlt_list[1] = DLT_DOCSIS;
Packit 209cc3 
			p->dlt_count = 2;
Packit 209cc3 
		}
Packit 209cc3 
		break;
Packit 209cc3
Packit 209cc3 
	case DL_FDDI:
Packit 209cc3 
		p->linktype = DLT_FDDI;
Packit 209cc3 
		p->offset = 3;
Packit 209cc3 
		break;
Packit 209cc3
Packit 209cc3 
	case DL_TPR:
Packit 209cc3 
		/* XXX - what about DL_TPB?  Is that Token Bus?  */
Packit 209cc3 
		p->linktype = DLT_IEEE802;
Packit 209cc3 
		p->offset = 2;
Packit 209cc3 
		break;
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SOLARIS
Packit 209cc3 
	case DL_IPATM:
Packit 209cc3 
		p->linktype = DLT_SUNATM;
Packit 209cc3 
		p->offset = 0;  /* works for LANE and LLC encapsulation */
Packit 209cc3 
		break;
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifdef DL_IPV4
Packit 209cc3 
	case DL_IPV4:
Packit 209cc3 
		p->linktype = DLT_IPV4;
Packit 209cc3 
		p->offset = 0;
Packit 209cc3 
		break;
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifdef DL_IPV6
Packit 209cc3 
	case DL_IPV6:
Packit 209cc3 
		p->linktype = DLT_IPV6;
Packit 209cc3 
		p->offset = 0;
Packit 209cc3 
		break;
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifdef DL_IPNET
Packit 209cc3 
	case DL_IPNET:
Packit 209cc3 
		/*
Packit 209cc3 
		 * XXX - DL_IPNET devices default to "raw IP" rather than
Packit 209cc3 
		 * "IPNET header"; see
Packit 209cc3 
		 *
Packit 209cc3 
		 *    http://seclists.org/tcpdump/2009/q1/202
Packit 209cc3 
		 *
Packit 209cc3 
		 * We'd have to do DL_IOC_IPNET_INFO to enable getting
Packit 209cc3 
		 * the IPNET header.
Packit 209cc3 
		 */
Packit 209cc3 
		p->linktype = DLT_RAW;
Packit 209cc3 
		p->offset = 0;
Packit 209cc3 
		break;
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
	default:
Packit 209cc3 
		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype 0x%x",
Packit 209cc3 
		    mactype);
Packit 209cc3 
		retv = -1;
Packit 209cc3 
	}
Packit 209cc3
Packit 209cc3 
	return (retv);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
/*
Packit 209cc3 
 * Push and configure the buffer module. Returns -1 for error, otherwise 0.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
pcap_conf_bufmod(pcap_t *p, int snaplen)
Packit 209cc3 
{
Packit 209cc3 
	struct timeval to;
Packit 209cc3 
	bpf_u_int32 ss, chunksize;
Packit 209cc3
Packit 209cc3 
	/* Non-standard call to get the data nicely buffered. */
Packit 209cc3 
	if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
Packit 209cc3 
		pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
Packit 209cc3 
		return (-1);
Packit 209cc3 
	}
Packit 209cc3
Packit 209cc3 
	ss = snaplen;
Packit 209cc3 
	if (ss > 0 &&
Packit 209cc3 
	    strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
Packit 209cc3 
		pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
Packit 209cc3 
		return (-1);
Packit 209cc3 
	}
Packit 209cc3
Packit 209cc3 
	if (p->opt.immediate) {
Packit 209cc3 
		/* Set the timeout to zero, for immediate delivery. */
Packit 209cc3 
		to.tv_sec = 0;
Packit 209cc3 
		to.tv_usec = 0;
Packit 209cc3 
		if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
Packit 209cc3 
			pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
Packit 209cc3 
			return (-1);
Packit 209cc3 
		}
Packit 209cc3 
	} else {
Packit 209cc3 
		/* Set up the bufmod timeout. */
Packit 209cc3 
		if (p->opt.timeout != 0) {
Packit 209cc3 
			to.tv_sec = p->opt.timeout / 1000;
Packit 209cc3 
			to.tv_usec = (p->opt.timeout * 1000) % 1000000;
Packit 209cc3 
			if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
Packit 209cc3 
				pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
Packit 209cc3 
				return (-1);
Packit 209cc3 
			}
Packit 209cc3 
		}
Packit 209cc3
Packit 209cc3 
		/* Set the chunk length. */
Packit 209cc3 
		chunksize = CHUNKSIZE;
Packit 209cc3 
		if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
Packit 209cc3 
		    != 0) {
Packit 209cc3 
			pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
Packit 209cc3 
			return (-1);
Packit 209cc3 
		}
Packit 209cc3 
	}
Packit 209cc3
Packit 209cc3 
	return (0);
Packit 209cc3 
}
Packit 209cc3 
#endif /* HAVE_SYS_BUFMOD_H */
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
pcap_alloc_databuf(pcap_t *p)
Packit 209cc3 
{
Packit 209cc3 
	p->bufsize = PKTBUFSIZE;
Packit 209cc3 
	p->buffer = malloc(p->bufsize + p->offset);
Packit 209cc3 
	if (p->buffer == NULL) {
Packit 209cc3 
		pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
Packit 209cc3 
		    errno, "malloc");
Packit 209cc3 
		return (-1);
Packit 209cc3 
	}
Packit 209cc3
Packit 209cc3 
	return (0);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
Packit 209cc3 
 * length of returned data on success.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
strioctl(int fd, int cmd, int len, char *dp)
Packit 209cc3 
{
Packit 209cc3 
	struct strioctl str;
Packit 209cc3 
	int retv;
Packit 209cc3
Packit 209cc3 
	str.ic_cmd = cmd;
Packit 209cc3 
	str.ic_timout = -1;
Packit 209cc3 
	str.ic_len = len;
Packit 209cc3 
	str.ic_dp = dp;
Packit 209cc3 
	if ((retv = ioctl(fd, I_STR, &str)) < 0)
Packit 209cc3 
		return (retv);
Packit 209cc3
Packit 209cc3 
	return (str.ic_len);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_SYS_BUFMOD_H
Packit 209cc3 
/*
Packit 209cc3 
 * Write stream error message to errbuf.
Packit 209cc3 
 */
Packit 209cc3 
static void
Packit 209cc3 
pcap_stream_err(const char *func, int err, char *errbuf)
Packit 209cc3 
{
Packit 209cc3 
	pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, err, "%s", func);
Packit 209cc3 
}
Packit 209cc3 
#endif

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation