1/*
2 * This code is derived from code formerly in pcap-dlpi.c, originally
3 * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
4 * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
5 * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
6 * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
7 */
8
9/*
10 * This file contains dlpi/libdlpi related common functions used
11 * by pcap-[dlpi,libdlpi].c.
12 */
13
14#ifdef HAVE_CONFIG_H
15#include <config.h>
16#endif
17
18#ifndef DL_IPATM
19#define DL_IPATM	0x12	/* ATM Classical IP interface */
20#endif
21
22#ifdef HAVE_SYS_BUFMOD_H
23	/*
24	 * Size of a bufmod chunk to pass upstream; that appears to be the
25	 * biggest value to which you can set it, and setting it to that value
26	 * (which is bigger than what appears to be the Solaris default of 8192)
27	 * reduces the number of packet drops.
28	 */
29#define	CHUNKSIZE	65536
30
31	/*
32	 * Size of the buffer to allocate for packet data we read; it must be
33	 * large enough to hold a chunk.
34	 */
35#define	PKTBUFSIZE	CHUNKSIZE
36
37#else /* HAVE_SYS_BUFMOD_H */
38
39	/*
40	 * Size of the buffer to allocate for packet data we read; this is
41	 * what the value used to be - there's no particular reason why it
42	 * should be tied to MAXDLBUF, but we'll leave it as this for now.
43	 */
44#define	MAXDLBUF	8192
45#define	PKTBUFSIZE	(MAXDLBUF * sizeof(bpf_u_int32))
46
47#endif
48
49#include <sys/types.h>
50#include <sys/time.h>
51#ifdef HAVE_SYS_BUFMOD_H
52#include <sys/bufmod.h>
53#endif
54#include <sys/dlpi.h>
55#include <sys/stream.h>
56
57#include <errno.h>
58#include <memory.h>
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <stropts.h>
63#include <unistd.h>
64
65#ifdef HAVE_LIBDLPI
66#include <libdlpi.h>
67#endif
68
69#include "pcap-int.h"
70#include "dlpisubs.h"
71
72#ifdef HAVE_SYS_BUFMOD_H
73static void pcap_stream_err(const char *, int, char *);
74#endif
75
76/*
77 * Get the packet statistics.
78 */
79int
80pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
81{
82	struct pcap_dlpi *pd = p->priv;
83
84	/*
85	 * "ps_recv" counts packets handed to the filter, not packets
86	 * that passed the filter.  As filtering is done in userland,
87	 * this would not include packets dropped because we ran out
88	 * of buffer space; in order to make this more like other
89	 * platforms (Linux 2.4 and later, BSDs with BPF), where the
90	 * "packets received" count includes packets received but dropped
91	 * due to running out of buffer space, and to keep from confusing
92	 * applications that, for example, compute packet drop percentages,
93	 * we also make it count packets dropped by "bufmod" (otherwise we
94	 * might run the risk of the packet drop count being bigger than
95	 * the received-packet count).
96	 *
97	 * "ps_drop" counts packets dropped by "bufmod" because of
98	 * flow control requirements or resource exhaustion; it doesn't
99	 * count packets dropped by the interface driver, or packets
100	 * dropped upstream.  As filtering is done in userland, it counts
101	 * packets regardless of whether they would've passed the filter.
102	 *
103	 * These statistics don't include packets not yet read from
104	 * the kernel by libpcap, but they may include packets not
105	 * yet read from libpcap by the application.
106	 */
107	*ps = pd->stat;
108
109	/*
110	 * Add in the drop count, as per the above comment.
111	 */
112	ps->ps_recv += ps->ps_drop;
113	return (0);
114}
115
116/*
117 * Does the processor for which we're compiling this support aligned loads?
118 */
119#if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
120    (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
121    (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
122    (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
123    (defined(__s390__) || defined(__s390x__) || defined(__zarch__))
124    /* Yes, it does. */
125#else
126    /* No, it doesn't. */
127    #define REQUIRE_ALIGNMENT
128#endif
129
130/*
131 * Loop through the packets and call the callback for each packet.
132 * Return the number of packets read.
133 */
134int
135pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
136	int count, u_char *bufp, int len)
137{
138	struct pcap_dlpi *pd = p->priv;
139	int n, caplen, origlen;
140	u_char *ep, *pk;
141	struct pcap_pkthdr pkthdr;
142#ifdef HAVE_SYS_BUFMOD_H
143	struct sb_hdr *sbp;
144#ifdef REQUIRE_ALIGNMENT
145	struct sb_hdr sbhdr;
146#endif
147#endif
148
149	/*
150	 * Loop through packets.
151	 *
152	 * This assumes that a single buffer of packets will have
153	 * <= INT_MAX packets, so the packet count doesn't overflow.
154	 */
155	ep = bufp + len;
156	n = 0;
157
158#ifdef HAVE_SYS_BUFMOD_H
159	while (bufp < ep) {
160		/*
161		 * Has "pcap_breakloop()" been called?
162		 * If so, return immediately - if we haven't read any
163		 * packets, clear the flag and return -2 to indicate
164		 * that we were told to break out of the loop, otherwise
165		 * leave the flag set, so that the *next* call will break
166		 * out of the loop without having read any packets, and
167		 * return the number of packets we've processed so far.
168		 */
169		if (p->break_loop) {
170			if (n == 0) {
171				p->break_loop = 0;
172				return (-2);
173			} else {
174				p->bp = bufp;
175				p->cc = ep - bufp;
176				return (n);
177			}
178		}
179#ifdef REQUIRE_ALIGNMENT
180		if ((long)bufp & 3) {
181			sbp = &sbhdr;
182			memcpy(sbp, bufp, sizeof(*sbp));
183		} else
184#endif
185			sbp = (struct sb_hdr *)bufp;
186		pd->stat.ps_drop = sbp->sbh_drops;
187		pk = bufp + sizeof(*sbp);
188		bufp += sbp->sbh_totlen;
189		origlen = sbp->sbh_origlen;
190		caplen = sbp->sbh_msglen;
191#else
192		origlen = len;
193		caplen = min(p->snapshot, len);
194		pk = bufp;
195		bufp += caplen;
196#endif
197		++pd->stat.ps_recv;
198		if (pcap_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
199#ifdef HAVE_SYS_BUFMOD_H
200			pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
201			pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
202#else
203			(void) gettimeofday(&pkthdr.ts, NULL);
204#endif
205			pkthdr.len = origlen;
206			pkthdr.caplen = caplen;
207			/* Insure caplen does not exceed snapshot */
208			if (pkthdr.caplen > (bpf_u_int32)p->snapshot)
209				pkthdr.caplen = (bpf_u_int32)p->snapshot;
210			(*callback)(user, &pkthdr, pk);
211			if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
212				p->cc = ep - bufp;
213				p->bp = bufp;
214				return (n);
215			}
216		}
217#ifdef HAVE_SYS_BUFMOD_H
218	}
219#endif
220	p->cc = 0;
221	return (n);
222}
223
224/*
225 * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
226 */
227int
228pcap_process_mactype(pcap_t *p, u_int mactype)
229{
230	int retv = 0;
231
232	switch (mactype) {
233
234	case DL_CSMACD:
235	case DL_ETHER:
236		p->linktype = DLT_EN10MB;
237		p->offset = 2;
238		/*
239		 * This is (presumably) a real Ethernet capture; give it a
240		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
241		 * that an application can let you choose it, in case you're
242		 * capturing DOCSIS traffic that a Cisco Cable Modem
243		 * Termination System is putting out onto an Ethernet (it
244		 * doesn't put an Ethernet header onto the wire, it puts raw
245		 * DOCSIS frames out on the wire inside the low-level
246		 * Ethernet framing).
247		 */
248		p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
249		/*
250		 * If that fails, just leave the list empty.
251		 */
252		if (p->dlt_list != NULL) {
253			p->dlt_list[0] = DLT_EN10MB;
254			p->dlt_list[1] = DLT_DOCSIS;
255			p->dlt_count = 2;
256		}
257		break;
258
259	case DL_FDDI:
260		p->linktype = DLT_FDDI;
261		p->offset = 3;
262		break;
263
264	case DL_TPR:
265		/* XXX - what about DL_TPB?  Is that Token Bus?  */
266		p->linktype = DLT_IEEE802;
267		p->offset = 2;
268		break;
269
270#ifdef HAVE_SOLARIS
271	case DL_IPATM:
272		p->linktype = DLT_SUNATM;
273		p->offset = 0;  /* works for LANE and LLC encapsulation */
274		break;
275#endif
276
277#ifdef DL_IPV4
278	case DL_IPV4:
279		p->linktype = DLT_IPV4;
280		p->offset = 0;
281		break;
282#endif
283
284#ifdef DL_IPV6
285	case DL_IPV6:
286		p->linktype = DLT_IPV6;
287		p->offset = 0;
288		break;
289#endif
290
291#ifdef DL_IPNET
292	case DL_IPNET:
293		/*
294		 * XXX - DL_IPNET devices default to "raw IP" rather than
295		 * "IPNET header"; see
296		 *
297		 *    https://seclists.org/tcpdump/2009/q1/202
298		 *
299		 * We'd have to do DL_IOC_IPNET_INFO to enable getting
300		 * the IPNET header.
301		 */
302		p->linktype = DLT_RAW;
303		p->offset = 0;
304		break;
305#endif
306
307	default:
308		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype 0x%x",
309		    mactype);
310		retv = -1;
311	}
312
313	return (retv);
314}
315
316#ifdef HAVE_SYS_BUFMOD_H
317/*
318 * Push and configure the buffer module. Returns -1 for error, otherwise 0.
319 */
320int
321pcap_conf_bufmod(pcap_t *p, int snaplen)
322{
323	struct timeval to;
324	bpf_u_int32 ss, chunksize;
325
326	/* Non-standard call to get the data nicely buffered. */
327	if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
328		pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
329		return (-1);
330	}
331
332	ss = snaplen;
333	if (ss > 0 &&
334	    strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
335		pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
336		return (-1);
337	}
338
339	if (p->opt.immediate) {
340		/* Set the timeout to zero, for immediate delivery. */
341		to.tv_sec = 0;
342		to.tv_usec = 0;
343		if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
344			pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
345			return (-1);
346		}
347	} else {
348		/* Set up the bufmod timeout. */
349		if (p->opt.timeout != 0) {
350			to.tv_sec = p->opt.timeout / 1000;
351			to.tv_usec = (p->opt.timeout * 1000) % 1000000;
352			if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
353				pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
354				return (-1);
355			}
356		}
357
358		/* Set the chunk length. */
359		chunksize = CHUNKSIZE;
360		if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
361		    != 0) {
362			pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
363			return (-1);
364		}
365	}
366
367	return (0);
368}
369#endif /* HAVE_SYS_BUFMOD_H */
370
371/*
372 * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
373 */
374int
375pcap_alloc_databuf(pcap_t *p)
376{
377	p->bufsize = PKTBUFSIZE;
378	p->buffer = malloc(p->bufsize + p->offset);
379	if (p->buffer == NULL) {
380		pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
381		    errno, "malloc");
382		return (-1);
383	}
384
385	return (0);
386}
387
388/*
389 * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
390 * length of returned data on success.
391 */
392int
393strioctl(int fd, int cmd, int len, char *dp)
394{
395	struct strioctl str;
396	int retv;
397
398	str.ic_cmd = cmd;
399	str.ic_timout = -1;
400	str.ic_len = len;
401	str.ic_dp = dp;
402	if ((retv = ioctl(fd, I_STR, &str)) < 0)
403		return (retv);
404
405	return (str.ic_len);
406}
407
408#ifdef HAVE_SYS_BUFMOD_H
409/*
410 * Write stream error message to errbuf.
411 */
412static void
413pcap_stream_err(const char *func, int err, char *errbuf)
414{
415	pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, err, "%s", func);
416}
417#endif
418