snoop.h revision 10491:8893b747ecdf
1193323Sed/* 2193323Sed * CDDL HEADER START 3193323Sed * 4193323Sed * The contents of this file are subject to the terms of the 5193323Sed * Common Development and Distribution License (the "License"). 6193323Sed * You may not use this file except in compliance with the License. 7193323Sed * 8193323Sed * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9193323Sed * or http://www.opensolaris.org/os/licensing. 10193323Sed * See the License for the specific language governing permissions 11193323Sed * and limitations under the License. 12193323Sed * 13193323Sed * When distributing Covered Code, include this CDDL HEADER in each 14193323Sed * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15193323Sed * If applicable, add the following below this CDDL HEADER, with the 16193323Sed * fields enclosed by brackets "[]" replaced with your own identifying 17203954Srdivacky * information: Portions Copyright [yyyy] [name of copyright owner] 18193323Sed * 19198090Srdivacky * CDDL HEADER END 20193323Sed */ 21193323Sed 22198090Srdivacky/* 23193323Sed * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24198090Srdivacky * Use is subject to license terms. 25203954Srdivacky */ 26203954Srdivacky 27203954Srdivacky#ifndef _SNOOP_H 28198090Srdivacky#define _SNOOP_H 29193323Sed 30203954Srdivacky#include <rpc/types.h> 31193323Sed#include <sys/pfmod.h> 32202375Srdivacky#include <sys/time.h> 33198090Srdivacky#include <sys/types.h> 34193323Sed#include <sys/socket.h> 35193323Sed#include <sys/bufmod.h> 36193323Sed#include <net/if.h> 37193323Sed#include <netinet/in.h> 38193323Sed#include <netinet/if_ether.h> 39193323Sed#include <netinet/in_systm.h> 40198953Srdivacky#include <netinet/ip.h> 41198953Srdivacky#include <netinet/ip6.h> 42198953Srdivacky#include <netinet/ip_icmp.h> 43198953Srdivacky#include <netinet/icmp6.h> 44199989Srdivacky#include <net/pppoe.h> 45199989Srdivacky#include <libdlpi.h> 46202878Srdivacky 47202878Srdivacky#ifdef __cplusplus 48198953Srdivackyextern "C" { 49198953Srdivacky#endif 50198953Srdivacky 51198953Srdivacky/* 52198953Srdivacky * Flags to control packet info display 53198953Srdivacky */ 54198953Srdivacky#define F_NOW 0x00000001 /* display in realtime */ 55198953Srdivacky#define F_SUM 0x00000002 /* display summary line */ 56198953Srdivacky#define F_ALLSUM 0x00000004 /* display all summary lines */ 57198953Srdivacky#define F_DTAIL 0x00000008 /* display detail lines */ 58198953Srdivacky#define F_TIME 0x00000010 /* display time */ 59198953Srdivacky#define F_ATIME 0x00000020 /* display absolute time */ 60193323Sed#define F_RTIME 0x00000040 /* display relative time */ 61193323Sed#define F_DROPS 0x00000080 /* display drops */ 62193323Sed#define F_LEN 0x00000100 /* display pkt length */ 63193323Sed#define F_NUM 0x00000200 /* display pkt number */ 64193323Sed#define F_WHO 0x00000400 /* display src/dst */ 65193323Sed 66193323Sed#define MAXLINE (1088) /* max len of detail line */ 67193323Sed 68193323Sed#define MAX_HDRTRAILER (64) /* max hdr/trailer packet slack */ 69193323Sed 70203954Srdivacky/* 71203954Srdivacky * The RPC XID cache structure. 72203954Srdivacky * When analyzing RPC protocols we 73202375Srdivacky * have to cache the xid of the RPC 74203954Srdivacky * request together with the program 75203954Srdivacky * number, proc, version etc since this 76203954Srdivacky * information is missing in the reply 77203954Srdivacky * packet. Using the xid in the reply 78203954Srdivacky * we can lookup this previously stashed 79203954Srdivacky * information in the cache. 80203954Srdivacky * 81203954Srdivacky * For RPCSEC_GSS flavor, some special processing is 82203954Srdivacky * needed for the argument interpretation based on its 83193323Sed * control procedure and service type. This information 84193323Sed * is stored in the cache table during interpretation of 85198090Srdivacky * the rpc header and will be referenced later when the rpc 86193323Sed * argument is interpreted. 87193323Sed */ 88198090Srdivacky#define XID_CACHE_SIZE 256 89193323Sedstruct cache_struct { 90199989Srdivacky int xid_num; /* RPC transaction id */ 91199989Srdivacky int xid_frame; /* Packet number */ 92199989Srdivacky int xid_prog; /* RPC program number */ 93199989Srdivacky int xid_vers; /* RPC version number */ 94199989Srdivacky int xid_proc; /* RPC procedure number */ 95198090Srdivacky unsigned int xid_gss_proc; /* control procedure */ 96198090Srdivacky int xid_gss_service; /* none, integ, priv */ 97198090Srdivacky} xid_cache[XID_CACHE_SIZE]; 98198090Srdivacky 99198090Srdivacky 100198090Srdivacky/* 101198090Srdivacky * The following macros advance the pointer passed to them. They 102201360Srdivacky * assume they are given a char *. 103201360Srdivacky */ 104201360Srdivacky#define GETINT8(v, ptr) { \ 105201360Srdivacky (v) = (*(ptr)++); \ 106201360Srdivacky} 107201360Srdivacky 108198090Srdivacky#define GETINT16(v, ptr) { \ 109201360Srdivacky (v) = *(ptr)++ << 8; \ 110201360Srdivacky (v) |= *(ptr)++; \ 111201360Srdivacky} 112201360Srdivacky 113201360Srdivacky#define GETINT32(v, ptr) { \ 114198090Srdivacky (v) = *(ptr)++ << 8; \ 115203954Srdivacky (v) |= *(ptr)++; (v) <<= 8; \ 116203954Srdivacky (v) |= *(ptr)++; (v) <<= 8; \ 117203954Srdivacky (v) |= *(ptr)++; \ 118203954Srdivacky} 119193323Sed 120193323Sed/* 121203954Srdivacky * Used to print nested protocol layers. For example, an ip datagram included 122193323Sed * in an icmp error, or a PPP packet included in an LCP protocol reject.. 123203954Srdivacky */ 124203954Srdivackyextern char *prot_nest_prefix; 125203954Srdivacky 126203954Srdivackyextern char *get_sum_line(void); 127193323Sedextern char *get_detail_line(int, int); 128203954Srdivackyextern void set_vlan_id(int); 129203954Srdivackyextern struct timeval prev_time; 130203954Srdivackyextern void process_pkt(struct sb_hdr *, char *, int, int); 131203954Srdivackyextern char *getflag(int, int, char *, char *); 132203954Srdivackyextern void show_header(char *, char *, int); 133203954Srdivackyextern void xdr_init(char *, int); 134203954Srdivackyextern char *get_line(int, int); 135203954Srdivackyextern int get_line_remain(void); 136203954Srdivackyextern char getxdr_char(void); 137203954Srdivackyextern char showxdr_char(char *); 138203954Srdivackyextern uchar_t getxdr_u_char(void); 139193323Sedextern uchar_t showxdr_u_char(char *); 140193323Sedextern short getxdr_short(void); 141203954Srdivackyextern short showxdr_short(char *); 142203954Srdivackyextern ushort_t getxdr_u_short(void); 143203954Srdivackyextern ushort_t showxdr_u_short(char *); 144203954Srdivackyextern long getxdr_long(void); 145203954Srdivackyextern long showxdr_long(char *); 146203954Srdivackyextern ulong_t getxdr_u_long(void); 147203954Srdivackyextern ulong_t showxdr_u_long(char *); 148203954Srdivackyextern longlong_t getxdr_longlong(void); 149203954Srdivackyextern longlong_t showxdr_longlong(char *); 150203954Srdivackyextern u_longlong_t getxdr_u_longlong(void); 151203954Srdivackyextern u_longlong_t showxdr_u_longlong(char *); 152203954Srdivackyextern char *getxdr_opaque(char *, int); 153203954Srdivackyextern char *getxdr_string(char *, int); 154203954Srdivackyextern char *showxdr_string(int, char *); 155203954Srdivackyextern char *getxdr_bytes(uint_t *); 156203954Srdivackyextern void xdr_skip(int); 157203954Srdivackyextern int getxdr_pos(void); 158203954Srdivackyextern void setxdr_pos(int); 159203954Srdivackyextern char *getxdr_context(char *, int); 160203954Srdivackyextern char *showxdr_context(char *); 161203954Srdivackyextern enum_t getxdr_enum(void); 162203954Srdivackyextern void show_space(void); 163203954Srdivackyextern void show_trailer(void); 164203954Srdivackyextern char *getxdr_date(void); 165203954Srdivackyextern char *showxdr_date(char *); 166203954Srdivackyextern char *getxdr_date_ns(void); 167203954Srdivackychar *format_time(int64_t sec, uint32_t nsec); 168203954Srdivackyextern char *showxdr_date_ns(char *); 169203954Srdivackyextern char *getxdr_hex(int); 170203954Srdivackyextern char *showxdr_hex(int, char *); 171198090Srdivackyextern bool_t getxdr_bool(void); 172203954Srdivackyextern bool_t showxdr_bool(char *); 173203954Srdivackyextern char *concat_args(char **, int); 174203954Srdivackyextern int pf_compile(char *, int); 175198090Srdivackyextern void compile(char *, int); 176202878Srdivackyextern void load_names(char *); 177203954Srdivackyextern void cap_write(struct sb_hdr *, char *, int, int); 178203954Srdivackyextern void cap_open_read(const char *); 179201360Srdivackyextern void cap_open_write(const char *); 180203954Srdivackyextern void cap_read(int, int, int, void (*)(), int); 181201360Srdivackyextern void cap_close(void); 182201360Srdivackyextern boolean_t open_datalink(dlpi_handle_t *, const char *); 183201360Srdivackyextern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *, 184198090Srdivacky struct Pf_ext_packetfilt *); 185203954Srdivackyextern void net_read(dlpi_handle_t, size_t, int, void (*)(), int); 186193323Sedextern void click(int); 187193323Sedextern void show_pktinfo(int, int, char *, char *, struct timeval *, 188193323Sed struct timeval *, int, int); 189203954Srdivackyextern void show_line(char *); 190193323Sedextern char *getxdr_time(void); 191193323Sedextern char *showxdr_time(char *); 192193323Sedextern char *addrtoname(int, const void *); 193193323Sedextern char *show_string(const char *, int, int); 194193323Sedextern void pr_err(const char *, ...); 195193323Sedextern void pr_errdlpi(dlpi_handle_t, const char *, int); 196193323Sedextern void check_retransmit(char *, ulong_t); 197201360Srdivackyextern char *nameof_prog(int); 198201360Srdivackyextern char *getproto(int); 199201360Srdivackyextern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *); 200193323Sedextern void protoprint(int, int, ulong_t, int, int, int, char *, int); 201193323Sedextern char *getportname(int, in_port_t); 202193323Sed 203193323Sedextern void interpret_arp(int, struct arphdr *, int); 204198090Srdivackyextern void interpret_bparam(int, int, int, int, int, char *, int); 205193323Sedextern void interpret_dns(int, int, const uchar_t *, int, int); 206193323Sedextern void interpret_mount(int, int, int, int, int, char *, int); 207193323Sedextern void interpret_nfs(int, int, int, int, int, char *, int); 208193323Sedextern void interpret_nfs3(int, int, int, int, int, char *, int); 209193323Sedextern void interpret_nfs4(int, int, int, int, int, char *, int); 210193323Sedextern void interpret_nfs4_cb(int, int, int, int, int, char *, int); 211198892Srdivackyextern void interpret_nfs_acl(int, int, int, int, int, char *, int); 212193323Sedextern void interpret_nis(int, int, int, int, int, char *, int); 213193323Sedextern void interpret_nisbind(int, int, int, int, int, char *, int); 214202375Srdivackyextern void interpret_nisp_cb(int, int, int, int, int, char *, int); 215193323Sedextern void interpret_nisplus(int, int, int, int, int, char *, int); 216193323Sedextern void interpret_nlm(int, int, int, int, int, char *, int); 217193323Sedextern void interpret_pmap(int, int, int, int, int, char *, int); 218193323Sedextern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int); 219193323Sedextern void interpret_rquota(int, int, int, int, int, char *, int); 220193323Sedextern void interpret_rstat(int, int, int, int, int, char *, int); 221193323Sedextern void interpret_solarnet_fw(int, int, int, int, int, char *, int); 222193323Sedextern void interpret_ldap(int, char *, int, int, int); 223193323Sedextern void interpret_icmp(int, struct icmp *, int, int); 224193323Sedextern void interpret_icmpv6(int, icmp6_t *, int, int); 225193323Sedextern int interpret_ip(int, const struct ip *, int); 226193323Sedextern int interpret_ipv6(int, const ip6_t *, int); 227199989Srdivackyextern int interpret_ppp(int, uchar_t *, int); 228199989Srdivackyextern int interpret_pppoe(int, poep_t *, int); 229199989Srdivackystruct tcphdr; 230199989Srdivackyextern int interpret_tcp(int, struct tcphdr *, int, int); 231199989Srdivackystruct udphdr; 232199989Srdivackyextern int interpret_udp(int, struct udphdr *, int, int); 233193323Sedextern int interpret_esp(int, uint8_t *, int, int); 234198953Srdivackyextern int interpret_ah(int, uint8_t *, int, int); 235193323Sedstruct sctp_hdr; 236193323Sedextern void interpret_sctp(int, struct sctp_hdr *, int, int); 237202375Srdivackyextern void interpret_mip_cntrlmsg(int, uchar_t *, int); 238203954Srdivackystruct dhcp; 239203954Srdivackyextern int interpret_dhcp(int, struct dhcp *, int); 240203954Srdivackyextern int interpret_dhcpv6(int, const uint8_t *, int); 241193323Sedstruct tftphdr; 242193323Sedextern int interpret_tftp(int, struct tftphdr *, int); 243193323Sedextern int interpret_http(int, char *, int); 244193323Sedstruct ntpdata; 245198090Srdivackyextern int interpret_ntp(int, struct ntpdata *, int); 246198090Srdivackyextern void interpret_netbios_ns(int, uchar_t *, int); 247198090Srdivackyextern void interpret_netbios_datagram(int, uchar_t *, int); 248198090Srdivackyextern void interpret_netbios_ses(int, uchar_t *, int); 249202375Srdivackyextern void interpret_slp(int, char *, int); 250202375Srdivackystruct rip; 251202375Srdivackyextern int interpret_rip(int, struct rip *, int); 252202375Srdivackystruct rip6; 253202375Srdivackyextern int interpret_rip6(int, struct rip6 *, int); 254202375Srdivackyextern int interpret_socks_call(int, char *, int); 255198090Srdivackyextern int interpret_socks_reply(int, char *, int); 256198090Srdivackyextern int interpret_trill(int, struct ether_header **, char *, int *); 257198090Srdivackyextern int interpret_isis(int, char *, int, boolean_t); 258198090Srdivackyextern int interpret_bpdu(int, char *, int); 259198090Srdivackyextern void init_ldap(void); 260198090Srdivackyextern boolean_t arp_for_ether(char *, struct ether_addr *); 261193323Sedextern char *ether_ouiname(uint32_t); 262198090Srdivackyextern char *tohex(char *p, int len); 263198090Srdivackyextern char *printether(struct ether_addr *); 264193323Sedextern char *print_ethertype(int); 265193323Sedextern const char *arp_htype(int); 266193323Sed 267193323Sed/* 268193323Sed * Describes characteristics of the Media Access Layer. 269193323Sed * The mac_type is one of the supported DLPI media 270198953Srdivacky * types (see <sys/dlpi.h>). 271193323Sed * The mtu_size is the size of the largest frame. 272193323Sed * network_type_offset is where the network type 273193323Sed * is located in the link layer header. 274193323Sed * The header length is returned by a function to 275193323Sed * allow for variable header size - for ethernet it's 276193323Sed * just a constant 14 octets. 277193323Sed * The interpreter is the function that "knows" how 278202375Srdivacky * to interpret the frame. 279193323Sed * try_kernel_filter tells snoop to first try a kernel 280193323Sed * filter (because the header size is fixed, or if it could 281193323Sed * be of variable size where the variable size is easy for a kernel 282198090Srdivacky * filter to handle, for example, Ethernet and VLAN tags) 283198090Srdivacky * and only use a user space filter if the filter expression 284198090Srdivacky * cannot be expressed in kernel space. 285193323Sed */ 286193323Sedtypedef struct interface { 287193323Sed uint_t mac_type; 288193323Sed uint_t mtu_size; 289193323Sed uint_t network_type_offset; 290193323Sed size_t network_type_len; 291193323Sed uint_t network_type_ip; 292193323Sed uint_t network_type_ipv6; 293193323Sed uint_t (*header_len)(char *); 294193323Sed uint_t (*interpreter)(int, char *, int, int); 295198892Srdivacky boolean_t try_kernel_filter; 296198892Srdivacky} interface_t; 297193323Sed 298203954Srdivackyextern interface_t INTERFACES[], *interface; 299203954Srdivackyextern char *dlc_header; 300203954Srdivackyextern char *src_name, *dst_name; 301203954Srdivackyextern char *prot_prefix; 302203954Srdivackyextern char *prot_nest_prefix; 303203954Srdivackyextern char *prot_title; 304203954Srdivacky 305203954Srdivacky/* Keep track of how many nested IP headers we have. */ 306203954Srdivackyextern unsigned int encap_levels, total_encap_levels; 307203954Srdivacky 308193323Sedextern int quitting; 309202375Srdivackyextern boolean_t Iflg, Pflg, rflg; 310198953Srdivacky 311198953Srdivacky/* 312198953Srdivacky * Global error recovery routine: used to reset snoop variables after 313198953Srdivacky * catastrophic failure. 314198892Srdivacky */ 315198892Srdivackyvoid snoop_recover(void); 316193323Sed 317193323Sed/* 318200581Srdivacky * Global alarm handler structure for managing multiple alarms within 319202878Srdivacky * snoop. 320200581Srdivacky */ 321202375Srdivackytypedef struct snoop_handler { 322202375Srdivacky struct snoop_handler *s_next; /* next alarm handler */ 323200581Srdivacky time_t s_time; /* time to fire */ 324200581Srdivacky void (*s_handler)(); /* alarm handler */ 325193323Sed} snoop_handler_t; 326193323Sed 327198892Srdivacky#define SNOOP_MAXRECOVER 20 /* maxium number of recoveries */ 328198892Srdivacky#define SNOOP_ALARM_GRAN 3 /* alarm() timeout multiplier */ 329193323Sed 330193323Sed/* 331193323Sed * Global alarm handler management routine. 332198892Srdivacky */ 333193323Sedextern int snoop_alarm(int s_sec, void (*s_handler)()); 334193323Sed 335198953Srdivacky/* 336198090Srdivacky * The next two definitions do not take into account the length 337198090Srdivacky * of the underlying link header. In order to use them, you must 338198090Srdivacky * add link_header_len to them. The reason it is not done here is 339198892Srdivacky * that later these macros are used to initialize a table. 340198892Srdivacky */ 341193323Sed#define IPV4_TYPE_HEADER_OFFSET 9 342193323Sed#define IPV6_TYPE_HEADER_OFFSET 6 343193323Sed 344198892Srdivacky#ifdef __cplusplus 345193323Sed} 346193323Sed#endif 347198892Srdivacky 348193323Sed#endif /* _SNOOP_H */ 349193323Sed