libpcap  1.10.1
About: libpcap is a packet filter library used by tools like tcpdump.
  Fossies Dox: libpcap-1.10.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

dlpisubs.c
Go to the documentation of this file.
1 /*
2  * This code is derived from code formerly in pcap-dlpi.c, originally
3  * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
4  * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
5  * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
6  * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
7  */
8 
9 /*
10  * This file contains dlpi/libdlpi related common functions used
11  * by pcap-[dlpi,libdlpi].c.
12  */
13 
14 #ifdef HAVE_CONFIG_H
15 #include <config.h>
16 #endif
17 
18 #ifndef DL_IPATM
19 #define DL_IPATM 0x12 /* ATM Classical IP interface */
20 #endif
21 
22 #ifdef HAVE_SYS_BUFMOD_H
23  /*
24  * Size of a bufmod chunk to pass upstream; that appears to be the
25  * biggest value to which you can set it, and setting it to that value
26  * (which is bigger than what appears to be the Solaris default of 8192)
27  * reduces the number of packet drops.
28  */
29 #define CHUNKSIZE 65536
30 
31  /*
32  * Size of the buffer to allocate for packet data we read; it must be
33  * large enough to hold a chunk.
34  */
35 #define PKTBUFSIZE CHUNKSIZE
36 
37 #else /* HAVE_SYS_BUFMOD_H */
38 
39  /*
40  * Size of the buffer to allocate for packet data we read; this is
41  * what the value used to be - there's no particular reason why it
42  * should be tied to MAXDLBUF, but we'll leave it as this for now.
43  */
44 #define MAXDLBUF 8192
45 #define PKTBUFSIZE (MAXDLBUF * sizeof(bpf_u_int32))
46 
47 #endif
48 
49 #include <sys/types.h>
50 #include <sys/time.h>
51 #ifdef HAVE_SYS_BUFMOD_H
52 #include <sys/bufmod.h>
53 #endif
54 #include <sys/dlpi.h>
55 #include <sys/stream.h>
56 
57 #include <errno.h>
58 #include <memory.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <stropts.h>
63 #include <unistd.h>
64 
65 #ifdef HAVE_LIBDLPI
66 #include <libdlpi.h>
67 #endif
68 
69 #include "pcap-int.h"
70 #include "dlpisubs.h"
71 
72 #ifdef HAVE_SYS_BUFMOD_H
73 static void pcap_stream_err(const char *, int, char *);
74 #endif
75 
76 /*
77  * Get the packet statistics.
78  */
79 int
81 {
82  struct pcap_dlpi *pd = p->priv;
83 
84  /*
85  * "ps_recv" counts packets handed to the filter, not packets
86  * that passed the filter. As filtering is done in userland,
87  * this would not include packets dropped because we ran out
88  * of buffer space; in order to make this more like other
89  * platforms (Linux 2.4 and later, BSDs with BPF), where the
90  * "packets received" count includes packets received but dropped
91  * due to running out of buffer space, and to keep from confusing
92  * applications that, for example, compute packet drop percentages,
93  * we also make it count packets dropped by "bufmod" (otherwise we
94  * might run the risk of the packet drop count being bigger than
95  * the received-packet count).
96  *
97  * "ps_drop" counts packets dropped by "bufmod" because of
98  * flow control requirements or resource exhaustion; it doesn't
99  * count packets dropped by the interface driver, or packets
100  * dropped upstream. As filtering is done in userland, it counts
101  * packets regardless of whether they would've passed the filter.
102  *
103  * These statistics don't include packets not yet read from
104  * the kernel by libpcap, but they may include packets not
105  * yet read from libpcap by the application.
106  */
107  *ps = pd->stat;
108 
109  /*
110  * Add in the drop count, as per the above comment.
111  */
112  ps->ps_recv += ps->ps_drop;
113  return (0);
114 }
115 
116 /*
117  * Does the processor for which we're compiling this support aligned loads?
118  */
119 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
120  (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
121  (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
122  (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
123  (defined(__s390__) || defined(__s390x__) || defined(__zarch__))
124  /* Yes, it does. */
125 #else
126  /* No, it doesn't. */
127  #define REQUIRE_ALIGNMENT
128 #endif
129 
130 /*
131  * Loop through the packets and call the callback for each packet.
132  * Return the number of packets read.
133  */
134 int
135 pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
136  int count, u_char *bufp, int len)
137 {
138  struct pcap_dlpi *pd = p->priv;
139  int n, caplen, origlen;
140  u_char *ep, *pk;
141  struct pcap_pkthdr pkthdr;
142 #ifdef HAVE_SYS_BUFMOD_H
143  struct sb_hdr *sbp;
144 #ifdef REQUIRE_ALIGNMENT
145  struct sb_hdr sbhdr;
146 #endif
147 #endif
148 
149  /* Loop through packets */
150  ep = bufp + len;
151  n = 0;
152 
153 #ifdef HAVE_SYS_BUFMOD_H
154  while (bufp < ep) {
155  /*
156  * Has "pcap_breakloop()" been called?
157  * If so, return immediately - if we haven't read any
158  * packets, clear the flag and return -2 to indicate
159  * that we were told to break out of the loop, otherwise
160  * leave the flag set, so that the *next* call will break
161  * out of the loop without having read any packets, and
162  * return the number of packets we've processed so far.
163  */
164  if (p->break_loop) {
165  if (n == 0) {
166  p->break_loop = 0;
167  return (-2);
168  } else {
169  p->bp = bufp;
170  p->cc = ep - bufp;
171  return (n);
172  }
173  }
174 #ifdef REQUIRE_ALIGNMENT
175  if ((long)bufp & 3) {
176  sbp = &sbhdr;
177  memcpy(sbp, bufp, sizeof(*sbp));
178  } else
179 #endif
180  sbp = (struct sb_hdr *)bufp;
181  pd->stat.ps_drop = sbp->sbh_drops;
182  pk = bufp + sizeof(*sbp);
183  bufp += sbp->sbh_totlen;
184  origlen = sbp->sbh_origlen;
185  caplen = sbp->sbh_msglen;
186 #else
187  origlen = len;
188  caplen = min(p->snapshot, len);
189  pk = bufp;
190  bufp += caplen;
191 #endif
192  ++pd->stat.ps_recv;
193  if (pcap_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
194 #ifdef HAVE_SYS_BUFMOD_H
195  pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
196  pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
197 #else
198  (void) gettimeofday(&pkthdr.ts, NULL);
199 #endif
200  pkthdr.len = origlen;
201  pkthdr.caplen = caplen;
202  /* Insure caplen does not exceed snapshot */
203  if (pkthdr.caplen > (bpf_u_int32)p->snapshot)
204  pkthdr.caplen = (bpf_u_int32)p->snapshot;
205  (*callback)(user, &pkthdr, pk);
206  if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
207  p->cc = ep - bufp;
208  p->bp = bufp;
209  return (n);
210  }
211  }
212 #ifdef HAVE_SYS_BUFMOD_H
213  }
214 #endif
215  p->cc = 0;
216  return (n);
217 }
218 
219 /*
220  * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
221  */
222 int
223 pcap_process_mactype(pcap_t *p, u_int mactype)
224 {
225  int retv = 0;
226 
227  switch (mactype) {
228 
229  case DL_CSMACD:
230  case DL_ETHER:
231  p->linktype = DLT_EN10MB;
232  p->offset = 2;
233  /*
234  * This is (presumably) a real Ethernet capture; give it a
235  * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
236  * that an application can let you choose it, in case you're
237  * capturing DOCSIS traffic that a Cisco Cable Modem
238  * Termination System is putting out onto an Ethernet (it
239  * doesn't put an Ethernet header onto the wire, it puts raw
240  * DOCSIS frames out on the wire inside the low-level
241  * Ethernet framing).
242  */
243  p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
244  /*
245  * If that fails, just leave the list empty.
246  */
247  if (p->dlt_list != NULL) {
248  p->dlt_list[0] = DLT_EN10MB;
249  p->dlt_list[1] = DLT_DOCSIS;
250  p->dlt_count = 2;
251  }
252  break;
253 
254  case DL_FDDI:
255  p->linktype = DLT_FDDI;
256  p->offset = 3;
257  break;
258 
259  case DL_TPR:
260  /* XXX - what about DL_TPB? Is that Token Bus? */
261  p->linktype = DLT_IEEE802;
262  p->offset = 2;
263  break;
264 
265 #ifdef HAVE_SOLARIS
266  case DL_IPATM:
267  p->linktype = DLT_SUNATM;
268  p->offset = 0; /* works for LANE and LLC encapsulation */
269  break;
270 #endif
271 
272 #ifdef DL_IPV4
273  case DL_IPV4:
274  p->linktype = DLT_IPV4;
275  p->offset = 0;
276  break;
277 #endif
278 
279 #ifdef DL_IPV6
280  case DL_IPV6:
281  p->linktype = DLT_IPV6;
282  p->offset = 0;
283  break;
284 #endif
285 
286 #ifdef DL_IPNET
287  case DL_IPNET:
288  /*
289  * XXX - DL_IPNET devices default to "raw IP" rather than
290  * "IPNET header"; see
291  *
292  * https://seclists.org/tcpdump/2009/q1/202
293  *
294  * We'd have to do DL_IOC_IPNET_INFO to enable getting
295  * the IPNET header.
296  */
297  p->linktype = DLT_RAW;
298  p->offset = 0;
299  break;
300 #endif
301 
302  default:
303  snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype 0x%x",
304  mactype);
305  retv = -1;
306  }
307 
308  return (retv);
309 }
310 
311 #ifdef HAVE_SYS_BUFMOD_H
312 /*
313  * Push and configure the buffer module. Returns -1 for error, otherwise 0.
314  */
315 int
316 pcap_conf_bufmod(pcap_t *p, int snaplen)
317 {
318  struct timeval to;
319  bpf_u_int32 ss, chunksize;
320 
321  /* Non-standard call to get the data nicely buffered. */
322  if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
323  pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
324  return (-1);
325  }
326 
327  ss = snaplen;
328  if (ss > 0 &&
329  strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
330  pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
331  return (-1);
332  }
333 
334  if (p->opt.immediate) {
335  /* Set the timeout to zero, for immediate delivery. */
336  to.tv_sec = 0;
337  to.tv_usec = 0;
338  if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
339  pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
340  return (-1);
341  }
342  } else {
343  /* Set up the bufmod timeout. */
344  if (p->opt.timeout != 0) {
345  to.tv_sec = p->opt.timeout / 1000;
346  to.tv_usec = (p->opt.timeout * 1000) % 1000000;
347  if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
348  pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
349  return (-1);
350  }
351  }
352 
353  /* Set the chunk length. */
354  chunksize = CHUNKSIZE;
355  if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
356  != 0) {
357  pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
358  return (-1);
359  }
360  }
361 
362  return (0);
363 }
364 #endif /* HAVE_SYS_BUFMOD_H */
365 
366 /*
367  * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
368  */
369 int
371 {
372  p->bufsize = PKTBUFSIZE;
373  p->buffer = malloc(p->bufsize + p->offset);
374  if (p->buffer == NULL) {
376  errno, "malloc");
377  return (-1);
378  }
379 
380  return (0);
381 }
382 
383 /*
384  * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
385  * length of returned data on success.
386  */
387 int
388 strioctl(int fd, int cmd, int len, char *dp)
389 {
390  struct strioctl str;
391  int retv;
392 
393  str.ic_cmd = cmd;
394  str.ic_timout = -1;
395  str.ic_len = len;
396  str.ic_dp = dp;
397  if ((retv = ioctl(fd, I_STR, &str)) < 0)
398  return (retv);
399 
400  return (str.ic_len);
401 }
402 
403 #ifdef HAVE_SYS_BUFMOD_H
404 /*
405  * Write stream error message to errbuf.
406  */
407 static void
408 pcap_stream_err(const char *func, int err, char *errbuf)
409 {
410  pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, err, "%s", func);
411 }
412 #endif
u_int bpf_u_int32
Definition: bpf.h:98
u_int pcap_filter(const struct bpf_insn *pc, const u_char *p, u_int wirelen, u_int buflen)
Definition: bpf_filter.c:391
static pcap_t * pd
Definition: capturetest.c:63
int strioctl(int fd, int cmd, int len, char *dp)
Definition: dlpisubs.c:388
int pcap_process_mactype(pcap_t *p, u_int mactype)
Definition: dlpisubs.c:223
int pcap_alloc_databuf(pcap_t *p)
Definition: dlpisubs.c:370
#define PKTBUFSIZE
Definition: dlpisubs.c:45
int pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
Definition: dlpisubs.c:80
#define DL_IPATM
Definition: dlpisubs.c:19
int pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user, int count, u_char *bufp, int len)
Definition: dlpisubs.c:135
#define DLT_RAW
Definition: dlt.h:88
#define DLT_IEEE802
Definition: dlt.h:68
#define DLT_EN10MB
Definition: dlt.h:63
#define DLT_IPV4
Definition: dlt.h:1041
#define DLT_DOCSIS
Definition: dlt.h:465
#define DLT_IPV6
Definition: dlt.h:1042
#define DLT_SUNATM
Definition: dlt.h:381
#define DLT_FDDI
Definition: dlt.h:72
void pcap_fmt_errmsg_for_errno(char *errbuf, size_t errbuflen, int errnum, const char *fmt,...)
Definition: fmtutils.c:269
int snprintf(char *, size_t, const char *,...)
int gettimeofday(struct timeval *, struct timezone *)
int ioctl(int, int, caddr_t)
#define min(a, b)
Definition: pcap-dos.h:81
int errno
#define PACKET_COUNT_IS_UNLIMITED(count)
Definition: pcap-int.h:444
#define CHUNKSIZE
Definition: pcap-nit.c:59
void(* pcap_handler)(u_char *, const struct pcap_pkthdr *, const u_char *)
Definition: pcap.h:330
#define PCAP_ERRBUF_SIZE
Definition: pcap.h:152
struct bpf_insn * bf_insns
Definition: bpf.h:119
int timeout
Definition: pcap-int.h:147
int immediate
Definition: pcap-int.h:151
bpf_u_int32 caplen
Definition: pcap.h:247
struct timeval ts
Definition: pcap.h:246
bpf_u_int32 len
Definition: pcap.h:248
u_int ps_drop
Definition: pcap.h:256
u_int ps_recv
Definition: pcap.h:255
Definition: pcap-int.h:200
sig_atomic_t break_loop
Definition: pcap-int.h:225
int dlt_count
Definition: pcap-int.h:299
u_int bufsize
Definition: pcap-int.h:220
void * priv
Definition: pcap-int.h:227
int offset
Definition: pcap-int.h:250
u_int * dlt_list
Definition: pcap-int.h:300
void * buffer
Definition: pcap-int.h:221
u_char * bp
Definition: pcap-int.h:222
int snapshot
Definition: pcap-int.h:247
int cc
Definition: pcap-int.h:223
struct bpf_program fcode
Definition: pcap-int.h:293
char errbuf[256+1]
Definition: pcap-int.h:295
int linktype
Definition: pcap-int.h:248
int fd
Definition: pcap-int.h:214
struct pcap_opt opt
Definition: pcap-int.h:254