snoop_capture.c revision 2e3b64671f0fdac42d7fb21a8fa7e3ce9fce3359
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI" /* SunOS */
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <setjmp.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include <unistd.h>
#include <stropts.h>
#include <stdlib.h>
#include <ctype.h>
#include <values.h>
#include <libdlpi.h>
#include "snoop.h"
void scan();
void convert_to_network();
void convert_from_network();
void convert_old();
extern int quitting;
int netfd;
char *bufp; /* pointer to read buffer */
extern unsigned int encap_levels;
static int strioctl(int, int, int, int, char *);
/*
* Convert a device id to a ppa value
* e.g. "le0" -> 0
*/
int
char *device;
{
char *p;
char *tp;
if (p == NULL)
return (0);
/* ignore numbers within device names */
return (device_ppa(tp));
return (atoi(p));
}
/*
* Convert a device id to a pathname.
*/
char *
char *device;
{
char *p;
return (buff);
if (isdigit(*p))
*p = '\0';
else
break;
}
return (buff);
}
/*
* Open up the device, and start finding out something about it,
* especially stuff about the data link headers. We need that information
* to build the proper packet filters.
*/
{
char *devname;
/*
* Determine which network device
* to use if none given.
* Should get back a value like "le0".
*/
char *cbuf;
int s;
int n;
int numifs;
unsigned bufsize;
pr_err("socket");
pr_err("check_device: ioctl SIOCGIFNUM");
(void) close(s);
s = -1;
return (B_FALSE);
}
pr_err("out of memory\n");
(void) close(s);
s = -1;
return (B_FALSE);
}
pr_err("check_device: ioctl SIOCGIFCONF");
(void) close(s);
s = -1;
return (B_FALSE);
}
for (; n > 0; n--, ifr++) {
continue;
pr_err("ioctl SIOCGIFFLAGS");
break;
}
if (n == 0)
pr_err("No network interface devices found");
(void) close(s);
}
/*
* Check for DLPI Version 2.
*/
pr_err("DL_INFO_ACK: incompatible version %d",
/*
* Attach for DLPI Style 2.
*/
/* Reread more specific information */
}
/* Enable passive mode so that we can snoop on aggregated links. */
break;
/* allow limited functionality even is interface isn't known */
}
/* for backward compatibility, allow known interface mtu_sizes */
return (B_TRUE);
return (B_FALSE);
}
/*
* Do whatever is necessary to initialize the interface
* for packet capture. Bind the device opened and attached (if DL_STYLE2)
* in check_device(), request raw ethernet packets and set promiscuous mode,
* push the streams buffer module and packet filter module, set various buffer
* parameters.
*/
void
char *device;
struct Pf_ext_packetfilt *fp;
int ppa;
{
union DL_primitives dl;
extern int Pflg;
/*
* Bind to SAP 2 on token ring, 0 on other interface types.
* (SAP 0 has special significance on token ring)
*/
else
/*
* If Pflg not set - use physical level
* promiscuous mode. Otherwise - just SAP level.
*/
if (!Pflg) {
} else {
}
}
if (fp) {
/*
* push and configure the packet filtering module
*/
pr_err("ioctl: I_PUSH pfmod: %s: %m",
}
(char *)fp) < 0) {
}
}
}
(char *)timeout) < 0) {
}
(char *)&chunksize) < 0) {
}
(char *)&snaplen) < 0) {
}
/*
* Flush the read queue, to get rid of anything that
* accumulated before the device reached its final configuration.
*/
}
}
/*
* Read packets from the network. Initdevice is called in
* here to set up the network interface for reading of
* raw ethernet packets in promiscuous mode into a buffer.
* Packets are read and either written directly to a file
* or interpreted for display on the fly.
*/
void
void (*proc)();
int flags;
{
int r = 0;
int flgs;
extern int count;
count = 0;
/* allocate a read buffer */
/*
* read frames
*/
for (;;) {
flgs = 0;
if (r < 0 || quitting)
break;
continue;
}
if (!quitting) {
if (r < 0)
pr_err("network read failed: %m");
else
pr_err("network read returned %d", r);
}
}
#ifdef DEBUG
/*
* corrupt: simulate packet corruption for debugging interpreters
*/
void
volatile char *bufstop)
{
int c;
int i;
int p;
return;
i = (rand() % c)>>1;
while (--i > 0) {
p = (rand() % c);
}
}
}
#endif /* DEBUG */
void
char *buf;
void (*proc)();
int flags;
{
volatile char *pktp;
volatile struct timeval last_timestamp;
volatile int header_okay;
extern int snoop_nrecover;
#ifdef DEBUG
extern int zflg;
#endif /* DEBUG */
proc(0, 0, 0);
/*
*
* Loop through each packet in the buffer
*/
last_timestamp.tv_sec = 0;
/*
* Gracefully exit if user terminates
*/
if (quitting)
break;
/*
* Global error recocery: Prepare to continue when a corrupt
* packet or header is encountered.
*/
goto err;
}
header_okay = 0;
/*
* If reading a capture file
* convert the headers from network
* byte order (for little-endians like X86)
*/
if (cap) {
/*
* If the packets come from an old
* capture file, convert the header.
*/
if (old) {
}
}
/* Enhanced check for valid header */
if ((nhdrp->sbh_totlen == 0) ||
(nhdrp->sbh_origlen == 0) ||
(nhdrp->sbh_msglen == 0) ||
if (cap)
"in capture file");
else
"in buffer");
goto err;
}
if (nhdrp->sbh_totlen >
if (cap)
"greater than MTU in capture file");
else
"greater than MTU in buffer");
}
/*
* Check for incomplete packet. We are conservative here,
* since we don't know how good the checking is in other
* parts of the code. We pass a partial packet, with
* a warning.
*/
}
#ifdef DEBUG
if (zflg)
#endif /* DEBUG */
header_okay = 1;
if (!filter ||
nhdrp->sbh_origlen)) {
count++;
/*
* Start deadman timer for interpreter processing
*/
NULL);
encap_levels = 0;
(void) snoop_alarm(0, NULL);
break;
}
exit(0);
}
snoop_nrecover = 0; /* success */
(void) snoop_alarm(0, NULL);
}
continue;
err:
/*
* Corruption has been detected. Reset errors.
*/
/*
* packet header was apparently okay. Continue.
*/
if (header_okay)
continue;
/*
* Otherwise try to scan forward to the next packet, using
* the last known timestamp if it is available.
*/
nhdrp->sbh_totlen = 0;
if (last_timestamp.tv_sec == 0) {
bp += sizeof (int);
} else {
bp += sizeof (int)) {
/* An approximate timestamp located */
break;
}
}
}
/* reset jmp_env for program exit */
proc(0, -1, 0);
}
/*
* Called if nwrite() encounters write problems.
*/
static void
cap_write_error(const char *msgtype)
{
"snoop: cannot write %s to capture file: %s\n",
exit(1);
}
/*
* Writes target buffer to the open file descriptor. Upon detection of a short
* write, an attempt to process the remaining bytes occurs until all anticipated
* bytes are written. An error status is returned to indicate any serious write
* failures.
*/
static int
{
if (nbytes == -1)
return (-1);
if (nbytes == 0) {
return (-1);
}
}
return (0);
}
/*
* Routines for opening, closing, reading and writing
* a capture file of packets saved with the -o option.
*/
static int capfile_out;
/*
* The snoop capture file has a header to identify
* it as a capture file and record its version.
* A file without this header is assumed to be an
* old format snoop file.
*
* A version 1 header looks like this:
*
* 0 1 2 3 4 5 6 7 8 9 10 11
* +---+---+---+---+---+---+---+---+---+---+---+---+---+
* | s | n | o | o | p | \0| \0| \0| version | data
* +---+---+---+---+---+---+---+---+---+---+---+---+---+
* | word 0 | word 1 | word 2 |
*
*
* A version 2 header adds a word that identifies the MAC type.
* This allows for capture files from FDDI etc.
*
* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | s | n | o | o | p | \0| \0| \0| version | MAC type | data
* +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
* | word 0 | word 1 | word 2 | word 3
*
*/
const char *snoop_id = "snoop\0\0\0";
const int snoop_idlen = 8;
const int snoop_version = 2;
void
char *name;
{
int vers;
int rc;
if (capfile_out < 0)
cap_write_error("snoop_id");
cap_write_error("version");
}
void
{
}
static int cap_len = 0;
static int cap_new;
void
char *name;
{
int cap_vers;
int *word, device_mac_type;
int capfile_in;
if (capfile_in < 0)
if ((int)cap_buffp == -1)
/* Check if new snoop capture file format */
/*
* If new file - check version and
* set buffer pointer to point at first packet
*/
if (cap_new) {
cap_buffp += snoop_idlen + sizeof (int);
cap_len -= snoop_idlen + sizeof (int);
switch (cap_vers) {
case 1:
break;
case 2:
cap_buffp += sizeof (int);
cap_len -= sizeof (int);
break;
default:
pr_err("capture file: %s: Version %d unrecognized\n",
}
interface++)
break;
pr_err("Mac Type = %x is not supported\n",
} else {
/* Use heuristic to check if it's an old-style file */
/* Change protection so's we can fix the headers */
}
}
void
int filter;
void (*proc)();
int flags;
{
extern int count;
count = 0;
}
void
char *pktp;
{
static int first = 1;
int rc;
return;
if (first) {
first = 0;
cap_write_error("mac_type");
}
/*
* Convert sb_hdr to network byte order
*/
cap_write_error("packet header");
cap_write_error("packet");
if (! qflg)
show_count();
}
/*
* Old header format.
* Actually two concatenated structs: nit_bufhdr + nit_head
*/
struct ohdr {
/* nit_bufhdr */
int o_msglen;
int o_totlen;
/* nit_head */
int o_drops;
int o_len;
};
/*
* Convert a packet header from
* old to new format.
*/
void
{
}
static int
{
int rc;
if (rc < 0)
return (rc);
else
}