117683Spst/* 217683Spst * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 317683Spst * The Regents of the University of California. All rights reserved. 417683Spst * 517683Spst * Redistribution and use in source and binary forms, with or without 617683Spst * modification, are permitted provided that: (1) source code distributions 717683Spst * retain the above copyright notice and this paragraph in its entirety, (2) 817683Spst * distributions including binary code include the above copyright notice and 917683Spst * this paragraph in its entirety in the documentation or other materials 1017683Spst * provided with the distribution, and (3) all advertising materials mentioning 1117683Spst * features or use of this software display the following acknowledgement: 1217683Spst * ``This product includes software developed by the University of California, 1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 1417683Spst * the University nor the names of its contributors may be used to endorse 1517683Spst * or promote products derived from this software without specific prior 1617683Spst * written permission. 1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 2026175Sfenner * 2117683Spst * Modifications made to accommodate the new SunOS4.0 NIT facility by 2217683Spst * Micky Liu, micky@cunixc.cc.columbia.edu, Columbia University in May, 1989. 2317683Spst * This module now handles the STREAMS based NIT. 2417683Spst */ 2517683Spst 2626175Sfenner#ifndef lint 27127664Sbmsstatic const char rcsid[] _U_ = 28214518Srpaulo "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.77 2008-04-14 20:40:58 guy Exp $ (LBL)"; 2926175Sfenner#endif 3026175Sfenner 3175107Sfenner#ifdef HAVE_CONFIG_H 3275107Sfenner#include "config.h" 3375107Sfenner#endif 3475107Sfenner 3517683Spst#include <sys/types.h> 3617683Spst#include <sys/time.h> 3717683Spst#include <sys/timeb.h> 3817683Spst#include <sys/dir.h> 3917683Spst#include <sys/fcntlcom.h> 4017683Spst#include <sys/file.h> 4117683Spst#include <sys/ioctl.h> 4217683Spst#include <sys/socket.h> 4317683Spst#include <sys/stropts.h> 4417683Spst 4517683Spst#include <net/if.h> 4617683Spst#include <net/nit.h> 4717683Spst#include <net/nit_if.h> 4817683Spst#include <net/nit_pf.h> 4917683Spst#include <net/nit_buf.h> 5017683Spst 5117683Spst#include <netinet/in.h> 5217683Spst#include <netinet/in_systm.h> 5317683Spst#include <netinet/ip.h> 5417683Spst#include <netinet/if_ether.h> 5517683Spst#include <netinet/ip_var.h> 5617683Spst#include <netinet/udp.h> 5717683Spst#include <netinet/udp_var.h> 5817683Spst#include <netinet/tcp.h> 5917683Spst#include <netinet/tcpip.h> 6017683Spst 6117683Spst#include <ctype.h> 6217683Spst#include <errno.h> 6317683Spst#include <stdio.h> 6417683Spst#include <string.h> 6517683Spst#include <unistd.h> 6617683Spst 6717683Spst#include "pcap-int.h" 6817683Spst 6917683Spst#ifdef HAVE_OS_PROTO_H 7017683Spst#include "os-proto.h" 7117683Spst#endif 7217683Spst 7317683Spst/* 7417683Spst * The chunk size for NIT. This is the amount of buffering 7517683Spst * done for read calls. 7617683Spst */ 7717683Spst#define CHUNKSIZE (2*1024) 7817683Spst 7917683Spst/* 8017683Spst * The total buffer space used by NIT. 8117683Spst */ 8217683Spst#define BUFSPACE (4*CHUNKSIZE) 8317683Spst 8417683Spst/* Forwards */ 8517683Spststatic int nit_setflags(int, int, int, char *); 8617683Spst 87127664Sbmsstatic int 88127664Sbmspcap_stats_snit(pcap_t *p, struct pcap_stat *ps) 8917683Spst{ 9017683Spst 9198530Sfenner /* 9298530Sfenner * "ps_recv" counts packets handed to the filter, not packets 9398530Sfenner * that passed the filter. As filtering is done in userland, 9498530Sfenner * this does not include packets dropped because we ran out 9598530Sfenner * of buffer space. 9698530Sfenner * 9798530Sfenner * "ps_drop" counts packets dropped inside the "/dev/nit" 9898530Sfenner * device because of flow control requirements or resource 9998530Sfenner * exhaustion; it doesn't count packets dropped by the 10098530Sfenner * interface driver, or packets dropped upstream. As filtering 10198530Sfenner * is done in userland, it counts packets regardless of whether 10298530Sfenner * they would've passed the filter. 10398530Sfenner * 10498530Sfenner * These statistics don't include packets not yet read from the 10598530Sfenner * kernel by libpcap or packets not yet read from libpcap by the 10698530Sfenner * application. 10798530Sfenner */ 10817683Spst *ps = p->md.stat; 10917683Spst return (0); 11017683Spst} 11117683Spst 112127664Sbmsstatic int 113127664Sbmspcap_read_snit(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 11417683Spst{ 11517683Spst register int cc, n; 11617683Spst register u_char *bp, *cp, *ep; 11717683Spst register struct nit_bufhdr *hdrp; 11817683Spst register struct nit_iftime *ntp; 11917683Spst register struct nit_iflen *nlp; 12017683Spst register struct nit_ifdrops *ndp; 12117683Spst register int caplen; 12217683Spst 12317683Spst cc = p->cc; 12417683Spst if (cc == 0) { 12517683Spst cc = read(p->fd, (char *)p->buffer, p->bufsize); 12617683Spst if (cc < 0) { 12717683Spst if (errno == EWOULDBLOCK) 12817683Spst return (0); 12975107Sfenner snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s", 13017683Spst pcap_strerror(errno)); 13117683Spst return (-1); 13217683Spst } 13317683Spst bp = p->buffer; 13417683Spst } else 13517683Spst bp = p->bp; 13617683Spst 13717683Spst /* 13817683Spst * loop through each snapshot in the chunk 13917683Spst */ 14017683Spst n = 0; 14117683Spst ep = bp + cc; 14217683Spst while (bp < ep) { 143127664Sbms /* 144127664Sbms * Has "pcap_breakloop()" been called? 145127664Sbms * If so, return immediately - if we haven't read any 146127664Sbms * packets, clear the flag and return -2 to indicate 147127664Sbms * that we were told to break out of the loop, otherwise 148127664Sbms * leave the flag set, so that the *next* call will break 149127664Sbms * out of the loop without having read any packets, and 150127664Sbms * return the number of packets we've processed so far. 151127664Sbms */ 152127664Sbms if (p->break_loop) { 153127664Sbms if (n == 0) { 154127664Sbms p->break_loop = 0; 155127664Sbms return (-2); 156127664Sbms } else { 157127664Sbms p->bp = bp; 158127664Sbms p->cc = ep - bp; 159127664Sbms return (n); 160127664Sbms } 161127664Sbms } 162127664Sbms 16317683Spst ++p->md.stat.ps_recv; 16417683Spst cp = bp; 16517683Spst 16617683Spst /* get past NIT buffer */ 16717683Spst hdrp = (struct nit_bufhdr *)cp; 16817683Spst cp += sizeof(*hdrp); 16917683Spst 17017683Spst /* get past NIT timer */ 17117683Spst ntp = (struct nit_iftime *)cp; 17217683Spst cp += sizeof(*ntp); 17317683Spst 17417683Spst ndp = (struct nit_ifdrops *)cp; 17517683Spst p->md.stat.ps_drop = ndp->nh_drops; 17617683Spst cp += sizeof *ndp; 17717683Spst 17817683Spst /* get past packet len */ 17917683Spst nlp = (struct nit_iflen *)cp; 18017683Spst cp += sizeof(*nlp); 18117683Spst 18217683Spst /* next snapshot */ 18317683Spst bp += hdrp->nhb_totlen; 18417683Spst 18517683Spst caplen = nlp->nh_pktlen; 18617683Spst if (caplen > p->snapshot) 18717683Spst caplen = p->snapshot; 18817683Spst 189190225Srpaulo if (bpf_filter(p->fcode.bf_insns, cp, nlp->nh_pktlen, caplen)) { 19017683Spst struct pcap_pkthdr h; 19117683Spst h.ts = ntp->nh_timestamp; 19217683Spst h.len = nlp->nh_pktlen; 19317683Spst h.caplen = caplen; 19417683Spst (*callback)(user, &h, cp); 195190225Srpaulo if (++n >= cnt && cnt > 0) { 19617683Spst p->cc = ep - bp; 19717683Spst p->bp = bp; 19817683Spst return (n); 19917683Spst } 20017683Spst } 20117683Spst } 20217683Spst p->cc = 0; 20317683Spst return (n); 20417683Spst} 20517683Spst 20617683Spststatic int 207146768Ssampcap_inject_snit(pcap_t *p, const void *buf, size_t size) 208146768Ssam{ 209146768Ssam struct strbuf ctl, data; 210146768Ssam 211146768Ssam /* 212146768Ssam * XXX - can we just do 213146768Ssam * 214146768Ssam ret = write(pd->f, buf, size); 215146768Ssam */ 216146768Ssam ctl.len = sizeof(*sa); /* XXX - what was this? */ 217146768Ssam ctl.buf = (char *)sa; 218146768Ssam data.buf = buf; 219146768Ssam data.len = size; 220146768Ssam ret = putmsg(p->fd, &ctl, &data); 221146768Ssam if (ret == -1) { 222146768Ssam snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s", 223146768Ssam pcap_strerror(errno)); 224146768Ssam return (-1); 225146768Ssam } 226146768Ssam return (ret); 227146768Ssam} 228146768Ssam 229146768Ssamstatic int 23017683Spstnit_setflags(int fd, int promisc, int to_ms, char *ebuf) 23117683Spst{ 23217683Spst bpf_u_int32 flags; 23317683Spst struct strioctl si; 23417683Spst struct timeval timeout; 23517683Spst 23617683Spst si.ic_timout = INFTIM; 23717683Spst if (to_ms != 0) { 23817683Spst timeout.tv_sec = to_ms / 1000; 23917683Spst timeout.tv_usec = (to_ms * 1000) % 1000000; 24017683Spst si.ic_cmd = NIOCSTIME; 24117683Spst si.ic_len = sizeof(timeout); 24217683Spst si.ic_dp = (char *)&timeout; 24317683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 24475107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSTIME: %s", 24575107Sfenner pcap_strerror(errno)); 24617683Spst return (-1); 24717683Spst } 24817683Spst } 24917683Spst flags = NI_TIMESTAMP | NI_LEN | NI_DROPS; 25017683Spst if (promisc) 25117683Spst flags |= NI_PROMISC; 25217683Spst si.ic_cmd = NIOCSFLAGS; 25317683Spst si.ic_len = sizeof(flags); 25417683Spst si.ic_dp = (char *)&flags; 25517683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 25675107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSFLAGS: %s", 25775107Sfenner pcap_strerror(errno)); 25817683Spst return (-1); 25917683Spst } 26017683Spst return (0); 26117683Spst} 26217683Spst 263190225Srpaulostatic int 264190225Srpaulopcap_activate_snit(pcap_t *p) 26517683Spst{ 26617683Spst struct strioctl si; /* struct for ioctl() */ 26717683Spst struct ifreq ifr; /* interface request struct */ 26817683Spst int chunksize = CHUNKSIZE; 26917683Spst int fd; 27017683Spst static char dev[] = "/dev/nit"; 27117683Spst 272190225Srpaulo if (p->opt.rfmon) { 273190225Srpaulo /* 274190225Srpaulo * No monitor mode on SunOS 4.x (no Wi-Fi devices on 275190225Srpaulo * hardware supported by SunOS 4.x). 276190225Srpaulo */ 277190225Srpaulo return (PCAP_ERROR_RFMON_NOTSUP); 27817683Spst } 27917683Spst 280190225Srpaulo if (p->snapshot < 96) 28117683Spst /* 28217683Spst * NIT requires a snapshot length of at least 96. 28317683Spst */ 284190225Srpaulo p->snapshot = 96; 28517683Spst 286146768Ssam /* 287146768Ssam * Initially try a read/write open (to allow the inject 288146768Ssam * method to work). If that fails due to permission 289146768Ssam * issues, fall back to read-only. This allows a 290146768Ssam * non-root user to be granted specific access to pcap 291146768Ssam * capabilities via file permissions. 292146768Ssam * 293146768Ssam * XXX - we should have an API that has a flag that 294146768Ssam * controls whether to open read-only or read-write, 295146768Ssam * so that denial of permission to send (or inability 296146768Ssam * to send, if sending packets isn't supported on 297146768Ssam * the device in question) can be indicated at open 298146768Ssam * time. 299146768Ssam */ 300146768Ssam p->fd = fd = open(dev, O_RDWR); 301146768Ssam if (fd < 0 && errno == EACCES) 302146768Ssam p->fd = fd = open(dev, O_RDONLY); 30317683Spst if (fd < 0) { 304190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", dev, 30575107Sfenner pcap_strerror(errno)); 30617683Spst goto bad; 30717683Spst } 30817683Spst 30917683Spst /* arrange to get discrete messages from the STREAM and use NIT_BUF */ 31017683Spst if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) { 311190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s", 31275107Sfenner pcap_strerror(errno)); 31317683Spst goto bad; 31417683Spst } 31517683Spst if (ioctl(fd, I_PUSH, "nbuf") < 0) { 316190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "push nbuf: %s", 31775107Sfenner pcap_strerror(errno)); 31817683Spst goto bad; 31917683Spst } 32017683Spst /* set the chunksize */ 32117683Spst si.ic_cmd = NIOCSCHUNK; 32217683Spst si.ic_timout = INFTIM; 32317683Spst si.ic_len = sizeof(chunksize); 32417683Spst si.ic_dp = (char *)&chunksize; 32517683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 326190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s", 32775107Sfenner pcap_strerror(errno)); 32817683Spst goto bad; 32917683Spst } 33017683Spst 33117683Spst /* request the interface */ 332190225Srpaulo strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name)); 333127664Sbms ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; 33417683Spst si.ic_cmd = NIOCBIND; 33517683Spst si.ic_len = sizeof(ifr); 33617683Spst si.ic_dp = (char *)𝔦 33717683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 338190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s", 33917683Spst ifr.ifr_name, pcap_strerror(errno)); 34017683Spst goto bad; 34117683Spst } 34217683Spst 34317683Spst /* set the snapshot length */ 34417683Spst si.ic_cmd = NIOCSSNAP; 345190225Srpaulo si.ic_len = sizeof(p->snapshot); 346190225Srpaulo si.ic_dp = (char *)&p->snapshot; 34717683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 348190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s", 34975107Sfenner pcap_strerror(errno)); 35017683Spst goto bad; 35117683Spst } 352190225Srpaulo if (nit_setflags(p->fd, p->opt.promisc, p->md.timeout, p->errbuf) < 0) 35317683Spst goto bad; 35417683Spst 35517683Spst (void)ioctl(fd, I_FLUSH, (char *)FLUSHR); 35617683Spst /* 35717683Spst * NIT supports only ethernets. 35817683Spst */ 35917683Spst p->linktype = DLT_EN10MB; 36017683Spst 36117683Spst p->bufsize = BUFSPACE; 36217683Spst p->buffer = (u_char *)malloc(p->bufsize); 36317683Spst if (p->buffer == NULL) { 364190225Srpaulo strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE); 36517683Spst goto bad; 36617683Spst } 367127664Sbms 368127664Sbms /* 369127664Sbms * "p->fd" is an FD for a STREAMS device, so "select()" and 370127664Sbms * "poll()" should work on it. 371127664Sbms */ 372127664Sbms p->selectable_fd = p->fd; 373127664Sbms 374146768Ssam /* 375146768Ssam * This is (presumably) a real Ethernet capture; give it a 376146768Ssam * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so 377146768Ssam * that an application can let you choose it, in case you're 378146768Ssam * capturing DOCSIS traffic that a Cisco Cable Modem 379146768Ssam * Termination System is putting out onto an Ethernet (it 380146768Ssam * doesn't put an Ethernet header onto the wire, it puts raw 381146768Ssam * DOCSIS frames out on the wire inside the low-level 382146768Ssam * Ethernet framing). 383146768Ssam */ 384146768Ssam p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2); 385146768Ssam /* 386146768Ssam * If that fails, just leave the list empty. 387146768Ssam */ 388146768Ssam if (p->dlt_list != NULL) { 389146768Ssam p->dlt_list[0] = DLT_EN10MB; 390146768Ssam p->dlt_list[1] = DLT_DOCSIS; 391146768Ssam p->dlt_count = 2; 392146768Ssam } 393146768Ssam 394127664Sbms p->read_op = pcap_read_snit; 395146768Ssam p->inject_op = pcap_inject_snit; 396127664Sbms p->setfilter_op = install_bpf_program; /* no kernel filtering */ 397147894Ssam p->setdirection_op = NULL; /* Not implemented. */ 398127664Sbms p->set_datalink_op = NULL; /* can't change data link type */ 399127664Sbms p->getnonblock_op = pcap_getnonblock_fd; 400127664Sbms p->setnonblock_op = pcap_setnonblock_fd; 401127664Sbms p->stats_op = pcap_stats_snit; 402127664Sbms 403190225Srpaulo return (0); 40417683Spst bad: 405214518Srpaulo pcap_cleanup_live_common(p); 406190225Srpaulo return (PCAP_ERROR); 40717683Spst} 40817683Spst 409190225Srpaulopcap_t * 410251129Sdelphijpcap_create_interface(const char *device, char *ebuf) 411190225Srpaulo{ 412190225Srpaulo pcap_t *p; 413190225Srpaulo 414190225Srpaulo p = pcap_create_common(device, ebuf); 415190225Srpaulo if (p == NULL) 416190225Srpaulo return (NULL); 417190225Srpaulo 418190225Srpaulo p->activate_op = pcap_activate_snit; 419190225Srpaulo return (p); 420190225Srpaulo} 421190225Srpaulo 42217683Spstint 423127664Sbmspcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf) 42417683Spst{ 42517683Spst return (0); 42617683Spst} 427