1 /*
2 * This code is derived from code formerly in pcap-dlpi.c, originally
3 * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
4 * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
5 * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
6 * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
7 */
8
9 /*
10 * This file contains dlpi/libdlpi related common functions used
11 * by pcap-[dlpi,libdlpi].c.
12 */
13
14 #ifdef HAVE_CONFIG_H
15 #include <config.h>
16 #endif
17
18 #ifndef DL_IPATM
19 #define DL_IPATM 0x12 /* ATM Classical IP interface */
20 #endif
21
22 #ifdef HAVE_SYS_BUFMOD_H
23 /*
24 * Size of a bufmod chunk to pass upstream; that appears to be the
25 * biggest value to which you can set it, and setting it to that value
26 * (which is bigger than what appears to be the Solaris default of 8192)
27 * reduces the number of packet drops.
28 */
29 #define CHUNKSIZE 65536
30
31 /*
32 * Size of the buffer to allocate for packet data we read; it must be
33 * large enough to hold a chunk.
34 */
35 #define PKTBUFSIZE CHUNKSIZE
36
37 #else /* HAVE_SYS_BUFMOD_H */
38
39 /*
40 * Size of the buffer to allocate for packet data we read; this is
41 * what the value used to be - there's no particular reason why it
42 * should be tied to MAXDLBUF, but we'll leave it as this for now.
43 */
44 #define MAXDLBUF 8192
45 #define PKTBUFSIZE (MAXDLBUF * sizeof(bpf_u_int32))
46
47 #endif
48
49 #include <sys/types.h>
50 #include <sys/time.h>
51 #ifdef HAVE_SYS_BUFMOD_H
52 #include <sys/bufmod.h>
53 #endif
54 #include <sys/dlpi.h>
55 #include <sys/stream.h>
56
57 #include <errno.h>
58 #include <memory.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <stropts.h>
63 #include <unistd.h>
64
65 #ifdef HAVE_LIBDLPI
66 #include <libdlpi.h>
67 #endif
68
69 #include "pcap-int.h"
70 #include "dlpisubs.h"
71
72 #ifdef HAVE_SYS_BUFMOD_H
73 static void pcap_stream_err(const char *, int, char *);
74 #endif
75
76 /*
77 * Get the packet statistics.
78 */
79 int
pcap_stats_dlpi(pcap_t * p,struct pcap_stat * ps)80 pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
81 {
82 struct pcap_dlpi *pd = p->priv;
83
84 /*
85 * "ps_recv" counts packets handed to the filter, not packets
86 * that passed the filter. As filtering is done in userland,
87 * this would not include packets dropped because we ran out
88 * of buffer space; in order to make this more like other
89 * platforms (Linux 2.4 and later, BSDs with BPF), where the
90 * "packets received" count includes packets received but dropped
91 * due to running out of buffer space, and to keep from confusing
92 * applications that, for example, compute packet drop percentages,
93 * we also make it count packets dropped by "bufmod" (otherwise we
94 * might run the risk of the packet drop count being bigger than
95 * the received-packet count).
96 *
97 * "ps_drop" counts packets dropped by "bufmod" because of
98 * flow control requirements or resource exhaustion; it doesn't
99 * count packets dropped by the interface driver, or packets
100 * dropped upstream. As filtering is done in userland, it counts
101 * packets regardless of whether they would've passed the filter.
102 *
103 * These statistics don't include packets not yet read from
104 * the kernel by libpcap, but they may include packets not
105 * yet read from libpcap by the application.
106 */
107 *ps = pd->stat;
108
109 /*
110 * Add in the drop count, as per the above comment.
111 */
112 ps->ps_recv += ps->ps_drop;
113 return (0);
114 }
115
116 /*
117 * Does the processor for which we're compiling this support aligned loads?
118 */
119 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
120 (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
121 (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
122 (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
123 (defined(__s390__) || defined(__s390x__) || defined(__zarch__))
124 /* Yes, it does. */
125 #else
126 /* No, it doesn't. */
127 #define REQUIRE_ALIGNMENT
128 #endif
129
130 /*
131 * Loop through the packets and call the callback for each packet.
132 * Return the number of packets read.
133 */
134 int
pcap_process_pkts(pcap_t * p,pcap_handler callback,u_char * user,int count,u_char * bufp,int len)135 pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
136 int count, u_char *bufp, int len)
137 {
138 struct pcap_dlpi *pd = p->priv;
139 int n, caplen, origlen;
140 u_char *ep, *pk;
141 struct pcap_pkthdr pkthdr;
142 #ifdef HAVE_SYS_BUFMOD_H
143 struct sb_hdr *sbp;
144 #ifdef REQUIRE_ALIGNMENT
145 struct sb_hdr sbhdr;
146 #endif
147 #endif
148
149 /* Loop through packets */
150 ep = bufp + len;
151 n = 0;
152
153 #ifdef HAVE_SYS_BUFMOD_H
154 while (bufp < ep) {
155 /*
156 * Has "pcap_breakloop()" been called?
157 * If so, return immediately - if we haven't read any
158 * packets, clear the flag and return -2 to indicate
159 * that we were told to break out of the loop, otherwise
160 * leave the flag set, so that the *next* call will break
161 * out of the loop without having read any packets, and
162 * return the number of packets we've processed so far.
163 */
164 if (p->break_loop) {
165 if (n == 0) {
166 p->break_loop = 0;
167 return (-2);
168 } else {
169 p->bp = bufp;
170 p->cc = ep - bufp;
171 return (n);
172 }
173 }
174 #ifdef REQUIRE_ALIGNMENT
175 if ((long)bufp & 3) {
176 sbp = &sbhdr;
177 memcpy(sbp, bufp, sizeof(*sbp));
178 } else
179 #endif
180 sbp = (struct sb_hdr *)bufp;
181 pd->stat.ps_drop = sbp->sbh_drops;
182 pk = bufp + sizeof(*sbp);
183 bufp += sbp->sbh_totlen;
184 origlen = sbp->sbh_origlen;
185 caplen = sbp->sbh_msglen;
186 #else
187 origlen = len;
188 caplen = min(p->snapshot, len);
189 pk = bufp;
190 bufp += caplen;
191 #endif
192 ++pd->stat.ps_recv;
193 if (pcap_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
194 #ifdef HAVE_SYS_BUFMOD_H
195 pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
196 pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
197 #else
198 (void) gettimeofday(&pkthdr.ts, NULL);
199 #endif
200 pkthdr.len = origlen;
201 pkthdr.caplen = caplen;
202 /* Insure caplen does not exceed snapshot */
203 if (pkthdr.caplen > (bpf_u_int32)p->snapshot)
204 pkthdr.caplen = (bpf_u_int32)p->snapshot;
205 (*callback)(user, &pkthdr, pk);
206 if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
207 p->cc = ep - bufp;
208 p->bp = bufp;
209 return (n);
210 }
211 }
212 #ifdef HAVE_SYS_BUFMOD_H
213 }
214 #endif
215 p->cc = 0;
216 return (n);
217 }
218
219 /*
220 * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
221 */
222 int
pcap_process_mactype(pcap_t * p,u_int mactype)223 pcap_process_mactype(pcap_t *p, u_int mactype)
224 {
225 int retv = 0;
226
227 switch (mactype) {
228
229 case DL_CSMACD:
230 case DL_ETHER:
231 p->linktype = DLT_EN10MB;
232 p->offset = 2;
233 /*
234 * This is (presumably) a real Ethernet capture; give it a
235 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
236 * that an application can let you choose it, in case you're
237 * capturing DOCSIS traffic that a Cisco Cable Modem
238 * Termination System is putting out onto an Ethernet (it
239 * doesn't put an Ethernet header onto the wire, it puts raw
240 * DOCSIS frames out on the wire inside the low-level
241 * Ethernet framing).
242 */
243 p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
244 /*
245 * If that fails, just leave the list empty.
246 */
247 if (p->dlt_list != NULL) {
248 p->dlt_list[0] = DLT_EN10MB;
249 p->dlt_list[1] = DLT_DOCSIS;
250 p->dlt_count = 2;
251 }
252 break;
253
254 case DL_FDDI:
255 p->linktype = DLT_FDDI;
256 p->offset = 3;
257 break;
258
259 case DL_TPR:
260 /* XXX - what about DL_TPB? Is that Token Bus? */
261 p->linktype = DLT_IEEE802;
262 p->offset = 2;
263 break;
264
265 #ifdef HAVE_SOLARIS
266 case DL_IPATM:
267 p->linktype = DLT_SUNATM;
268 p->offset = 0; /* works for LANE and LLC encapsulation */
269 break;
270 #endif
271
272 #ifdef DL_IPV4
273 case DL_IPV4:
274 p->linktype = DLT_IPV4;
275 p->offset = 0;
276 break;
277 #endif
278
279 #ifdef DL_IPV6
280 case DL_IPV6:
281 p->linktype = DLT_IPV6;
282 p->offset = 0;
283 break;
284 #endif
285
286 #ifdef DL_IPNET
287 case DL_IPNET:
288 /*
289 * XXX - DL_IPNET devices default to "raw IP" rather than
290 * "IPNET header"; see
291 *
292 * https://seclists.org/tcpdump/2009/q1/202
293 *
294 * We'd have to do DL_IOC_IPNET_INFO to enable getting
295 * the IPNET header.
296 */
297 p->linktype = DLT_RAW;
298 p->offset = 0;
299 break;
300 #endif
301
302 default:
303 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype 0x%x",
304 mactype);
305 retv = -1;
306 }
307
308 return (retv);
309 }
310
311 #ifdef HAVE_SYS_BUFMOD_H
312 /*
313 * Push and configure the buffer module. Returns -1 for error, otherwise 0.
314 */
315 int
pcap_conf_bufmod(pcap_t * p,int snaplen)316 pcap_conf_bufmod(pcap_t *p, int snaplen)
317 {
318 struct timeval to;
319 bpf_u_int32 ss, chunksize;
320
321 /* Non-standard call to get the data nicely buffered. */
322 if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
323 pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
324 return (-1);
325 }
326
327 ss = snaplen;
328 if (ss > 0 &&
329 strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
330 pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
331 return (-1);
332 }
333
334 if (p->opt.immediate) {
335 /* Set the timeout to zero, for immediate delivery. */
336 to.tv_sec = 0;
337 to.tv_usec = 0;
338 if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
339 pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
340 return (-1);
341 }
342 } else {
343 /* Set up the bufmod timeout. */
344 if (p->opt.timeout != 0) {
345 to.tv_sec = p->opt.timeout / 1000;
346 to.tv_usec = (p->opt.timeout * 1000) % 1000000;
347 if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
348 pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
349 return (-1);
350 }
351 }
352
353 /* Set the chunk length. */
354 chunksize = CHUNKSIZE;
355 if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
356 != 0) {
357 pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
358 return (-1);
359 }
360 }
361
362 return (0);
363 }
364 #endif /* HAVE_SYS_BUFMOD_H */
365
366 /*
367 * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
368 */
369 int
pcap_alloc_databuf(pcap_t * p)370 pcap_alloc_databuf(pcap_t *p)
371 {
372 p->bufsize = PKTBUFSIZE;
373 p->buffer = malloc(p->bufsize + p->offset);
374 if (p->buffer == NULL) {
375 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
376 errno, "malloc");
377 return (-1);
378 }
379
380 return (0);
381 }
382
383 /*
384 * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
385 * length of returned data on success.
386 */
387 int
strioctl(int fd,int cmd,int len,char * dp)388 strioctl(int fd, int cmd, int len, char *dp)
389 {
390 struct strioctl str;
391 int retv;
392
393 str.ic_cmd = cmd;
394 str.ic_timout = -1;
395 str.ic_len = len;
396 str.ic_dp = dp;
397 if ((retv = ioctl(fd, I_STR, &str)) < 0)
398 return (retv);
399
400 return (str.ic_len);
401 }
402
403 #ifdef HAVE_SYS_BUFMOD_H
404 /*
405 * Write stream error message to errbuf.
406 */
407 static void
pcap_stream_err(const char * func,int err,char * errbuf)408 pcap_stream_err(const char *func, int err, char *errbuf)
409 {
410 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, err, "%s", func);
411 }
412 #endif
413