618 lines
16 KiB
C
618 lines
16 KiB
C
/*
|
|
* pcap-dag.c: Packet capture interface for Endace DAG card.
|
|
*
|
|
* The functionality of this code attempts to mimic that of pcap-linux as much
|
|
* as possible. This code is compiled in several different ways depending on
|
|
* whether DAG_ONLY and HAVE_DAG_API are defined. If HAVE_DAG_API is not
|
|
* defined it should not get compiled in, otherwise if DAG_ONLY is defined then
|
|
* the 'dag_' function calls are renamed to 'pcap_' equivalents. If DAG_ONLY
|
|
* is not defined then nothing is altered - the dag_ functions will be
|
|
* called as required from their pcap-linux/bpf equivalents.
|
|
*
|
|
* Author: Richard Littin, Sean Irvine ({richard,sean}@reeltwo.com)
|
|
*
|
|
* Modifications:
|
|
* 2003 May - Jesper Peterson <support@endace.com>
|
|
* Code shuffled around to suit fad-xxx.c structure
|
|
* Added atexit() handler to stop DAG if application is too lazy
|
|
*/
|
|
|
|
#ifndef lint
|
|
static const char rcsid[] _U_ =
|
|
"@(#) $Header: /tcpdump/master/libpcap/pcap-dag.c,v 1.11 2003-11-15 23:24:02 guy Exp $ (LBL)";
|
|
#endif
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <sys/param.h> /* optionally get BSD define */
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
|
|
#include "pcap-int.h"
|
|
|
|
#include <sys/mman.h>
|
|
#include <sys/socket.h>
|
|
|
|
struct mbuf; /* Squelch compiler warnings on some platforms for */
|
|
struct rtentry; /* declarations in <net/if.h> */
|
|
#include <net/if.h>
|
|
|
|
#include <dagnew.h>
|
|
#include <dagapi.h>
|
|
|
|
#ifndef min
|
|
#define min(a, b) ((a) > (b) ? (b) : (a))
|
|
#endif
|
|
|
|
#define MIN_DAG_SNAPLEN 12
|
|
#define MAX_DAG_SNAPLEN 2040
|
|
#define ATM_SNAPLEN 48
|
|
|
|
/* Size of ATM payload */
|
|
#define ATM_WLEN(h) ATM_SNAPLEN
|
|
#define ATM_SLEN(h) ATM_SNAPLEN
|
|
|
|
/* Size Ethernet payload */
|
|
#define ETHERNET_WLEN(h, b) (ntohs((h)->wlen) - ((b) >> 3))
|
|
#define ETHERNET_SLEN(h, b) min(ETHERNET_WLEN(h, b), \
|
|
ntohs((h)->rlen) - dag_record_size - 2)
|
|
|
|
/* Size of HDLC payload */
|
|
#define HDLC_WLEN(h, b) (ntohs((h)->wlen) - ((b) >> 3))
|
|
#define HDLC_SLEN(h, b) min(HDLC_WLEN(h, b), \
|
|
ntohs((h)->rlen) - dag_record_size)
|
|
|
|
typedef struct pcap_dag_node {
|
|
struct pcap_dag_node *next;
|
|
pcap_t *p;
|
|
pid_t pid;
|
|
} pcap_dag_node_t;
|
|
|
|
static pcap_dag_node_t *pcap_dags = NULL;
|
|
static int atexit_handler_installed = 0;
|
|
static unsigned short endian_test_word = 0x0100;
|
|
|
|
#define IS_BIGENDIAN() (*((unsigned char *)&endian_test_word))
|
|
|
|
/*
|
|
* Swap byte ordering of unsigned long long timestamp on a big endian
|
|
* machine.
|
|
*/
|
|
#define SWAP_TS(ull) \
|
|
(IS_BIGENDIAN() ? ((ull & 0xff00000000000000LL) >> 56) | \
|
|
((ull & 0x00ff000000000000LL) >> 40) | \
|
|
((ull & 0x0000ff0000000000LL) >> 24) | \
|
|
((ull & 0x000000ff00000000LL) >> 8) | \
|
|
((ull & 0x00000000ff000000LL) << 8) | \
|
|
((ull & 0x0000000000ff0000LL) << 24) | \
|
|
((ull & 0x000000000000ff00LL) << 40) | \
|
|
((ull & 0x00000000000000ffLL) << 56) \
|
|
: ull)
|
|
|
|
#ifdef DAG_ONLY
|
|
/* This code is reguired when compiling for a DAG device only. */
|
|
#include "pcap-dag.h"
|
|
|
|
/* Replace dag function names with pcap equivalent. */
|
|
#define dag_open_live pcap_open_live
|
|
#define dag_platform_finddevs pcap_platform_finddevs
|
|
#endif /* DAG_ONLY */
|
|
|
|
static int dag_setfilter(pcap_t *p, struct bpf_program *fp);
|
|
static int dag_stats(pcap_t *p, struct pcap_stat *ps);
|
|
static int dag_set_datalink(pcap_t *p, int dlt);
|
|
static int dag_get_datalink(pcap_t *p);
|
|
|
|
static void delete_pcap_dag(pcap_t *p) {
|
|
pcap_dag_node_t *curr = NULL, *prev = NULL;
|
|
|
|
for (prev = NULL, curr = pcap_dags;
|
|
curr != NULL && curr->p != p;
|
|
prev = curr, curr = curr->next) {
|
|
/* empty */
|
|
}
|
|
|
|
if (curr != NULL && curr->p == p) {
|
|
if (prev != NULL) {
|
|
prev->next = curr->next;
|
|
} else {
|
|
pcap_dags = curr->next;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Performs a graceful shutdown of the DAG card, frees dynamic memory held
|
|
* in the pcap_t structure, and closes the file descriptor for the DAG card.
|
|
*/
|
|
|
|
static void dag_platform_close(pcap_t *p) {
|
|
|
|
#ifdef linux
|
|
if (p != NULL && p->md.device != NULL) {
|
|
if(dag_stop(p->fd) < 0)
|
|
fprintf(stderr,"dag_stop %s: %s\n", p->md.device, strerror(errno));
|
|
if(dag_close(p->fd) < 0)
|
|
fprintf(stderr,"dag_close %s: %s\n", p->md.device, strerror(errno));
|
|
|
|
free(p->md.device);
|
|
}
|
|
#else
|
|
if (p != NULL) {
|
|
if(dag_stop(p->fd) < 0)
|
|
fprintf(stderr,"dag_stop: %s\n", strerror(errno));
|
|
if(dag_close(p->fd) < 0)
|
|
fprintf(stderr,"dag_close: %s\n", strerror(errno));
|
|
}
|
|
#endif
|
|
delete_pcap_dag(p);
|
|
}
|
|
|
|
static void atexit_handler(void) {
|
|
while (pcap_dags != NULL) {
|
|
if (pcap_dags->pid == getpid()) {
|
|
dag_platform_close(pcap_dags->p);
|
|
} else {
|
|
delete_pcap_dag(pcap_dags->p);
|
|
}
|
|
}
|
|
}
|
|
|
|
static int new_pcap_dag(pcap_t *p) {
|
|
pcap_dag_node_t *node = NULL;
|
|
|
|
if ((node = malloc(sizeof(pcap_dag_node_t))) == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
if (!atexit_handler_installed) {
|
|
atexit(atexit_handler);
|
|
atexit_handler_installed = 1;
|
|
}
|
|
|
|
node->next = pcap_dags;
|
|
node->p = p;
|
|
node->pid = getpid();
|
|
|
|
pcap_dags = node;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Get pointer to the ERF header for the next packet in the input
|
|
* stream. This function blocks until a packet becomes available.
|
|
*/
|
|
static dag_record_t *get_next_dag_header(pcap_t *p) {
|
|
register dag_record_t *record;
|
|
int rlen;
|
|
|
|
/*
|
|
* The buffer is guaranteed to only contain complete records so any
|
|
* time top and bottom differ there will be at least one record available.
|
|
* Here we test the difference is at least the size of a record header
|
|
* using the poorly named constant 'dag_record_size'.
|
|
*/
|
|
while ((p->md.dag_mem_top - p->md.dag_mem_bottom) < dag_record_size) {
|
|
p->md.dag_mem_top = dag_offset(p->fd, &(p->md.dag_mem_bottom), 0);
|
|
}
|
|
|
|
record = (dag_record_t *)(p->md.dag_mem_base + p->md.dag_mem_bottom);
|
|
|
|
p->md.dag_mem_bottom += ntohs(record->rlen);
|
|
|
|
return record;
|
|
}
|
|
|
|
/*
|
|
* Read at most max_packets from the capture stream and call the callback
|
|
* for each of them. Returns the number of packets handled, -1 if an
|
|
* error occured, or -2 if we were told to break out of the loop.
|
|
* A blocking
|
|
*/
|
|
static int dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) {
|
|
u_char *dp = NULL;
|
|
int packet_len = 0, caplen = 0;
|
|
struct pcap_pkthdr pcap_header;
|
|
|
|
dag_record_t *header;
|
|
register unsigned long long ts;
|
|
|
|
/*
|
|
* Has "pcap_breakloop()" been called?
|
|
*/
|
|
if (p->break_loop) {
|
|
/*
|
|
* Yes - clear the flag that indicates that it has, and return -2
|
|
* to indicate that we were told to break out of the loop.
|
|
*/
|
|
p->break_loop = 0;
|
|
return -2;
|
|
}
|
|
|
|
/* Receive a single packet from the kernel */
|
|
header = get_next_dag_header(p);
|
|
dp = ((u_char *)header) + dag_record_size;
|
|
|
|
switch(header->type) {
|
|
case TYPE_ATM:
|
|
packet_len = ATM_WLEN(header);
|
|
caplen = ATM_SLEN(header);
|
|
dp += 4;
|
|
break;
|
|
case TYPE_ETH:
|
|
packet_len = ETHERNET_WLEN(header, p->md.dag_fcs_bits);
|
|
caplen = ETHERNET_SLEN(header, p->md.dag_fcs_bits);
|
|
dp += 2;
|
|
break;
|
|
case TYPE_HDLC_POS:
|
|
packet_len = HDLC_WLEN(header, p->md.dag_fcs_bits);
|
|
caplen = HDLC_SLEN(header, p->md.dag_fcs_bits);
|
|
break;
|
|
}
|
|
|
|
if (caplen > p->snapshot)
|
|
caplen = p->snapshot;
|
|
|
|
/* Count lost packets */
|
|
if (header->lctr > 0 && (p->md.stat.ps_drop+1) != 0) {
|
|
if (header->lctr == 0xffff ||
|
|
(p->md.stat.ps_drop + header->lctr) < p->md.stat.ps_drop) {
|
|
p->md.stat.ps_drop == ~0;
|
|
} else {
|
|
p->md.stat.ps_drop += header->lctr;
|
|
}
|
|
}
|
|
|
|
/* Run the packet filter if not using kernel filter */
|
|
if (p->fcode.bf_insns) {
|
|
if (bpf_filter(p->fcode.bf_insns, dp, packet_len, caplen) == 0) {
|
|
/* rejected by filter */
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
/* convert between timestamp formats */
|
|
ts = SWAP_TS(header->ts);
|
|
pcap_header.ts.tv_sec = ts >> 32;
|
|
ts = ((ts & 0xffffffffULL) * 1000 * 1000);
|
|
ts += (ts & 0x80000000ULL) << 1; /* rounding */
|
|
pcap_header.ts.tv_usec = ts >> 32;
|
|
if (pcap_header.ts.tv_usec >= 1000000) {
|
|
pcap_header.ts.tv_usec -= 1000000;
|
|
pcap_header.ts.tv_sec += 1;
|
|
}
|
|
|
|
/* Fill in our own header data */
|
|
pcap_header.caplen = caplen;
|
|
pcap_header.len = packet_len;
|
|
|
|
/*
|
|
* Count the packet.
|
|
*/
|
|
p->md.stat.ps_recv++;
|
|
|
|
/* Call the user supplied callback function */
|
|
callback(user, &pcap_header, dp);
|
|
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Get a handle for a live capture from the given DAG device. Passing a NULL
|
|
* device will result in a failure. The promisc flag is ignored because DAG
|
|
* cards are always promiscuous. The to_ms parameter is also ignored as it is
|
|
* not supported in hardware.
|
|
*
|
|
* See also pcap(3).
|
|
*/
|
|
pcap_t *dag_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf) {
|
|
char conf[30]; /* dag configure string */
|
|
pcap_t *handle;
|
|
char *s;
|
|
int n;
|
|
|
|
if (device == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
/* Allocate a handle for this session. */
|
|
|
|
handle = malloc(sizeof(*handle));
|
|
if (handle == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc %s: %s", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
/* Initialize some components of the pcap structure. */
|
|
|
|
memset(handle, 0, sizeof(*handle));
|
|
|
|
if (strstr(device, "/dev") == NULL) {
|
|
char * newDev = (char *)malloc(strlen(device) + 6);
|
|
newDev[0] = '\0';
|
|
strcat(newDev, "/dev/");
|
|
strcat(newDev,device);
|
|
device = newDev;
|
|
}
|
|
|
|
/* setup device parameters */
|
|
if((handle->fd = dag_open((char *)device)) < 0) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_open %s: %s", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
/* set the card snap length as specified by the specified snaplen parameter */
|
|
if (snaplen == 0 || snaplen > MAX_DAG_SNAPLEN) {
|
|
snaplen = MAX_DAG_SNAPLEN;
|
|
} else
|
|
if (snaplen < MIN_DAG_SNAPLEN) {
|
|
snaplen = MIN_DAG_SNAPLEN;
|
|
}
|
|
/* snap len has to be a multiple of 4 */
|
|
snprintf(conf, 30, "varlen slen=%d", (snaplen + 3) & ~3);
|
|
|
|
fprintf(stderr, "Configuring DAG with '%s'.\n", conf);
|
|
if(dag_configure(handle->fd, conf) < 0) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_configure %s: %s\n", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
if((handle->md.dag_mem_base = dag_mmap(handle->fd)) == MAP_FAILED) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_mmap %s: %s\n", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
if(dag_start(handle->fd) < 0) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_start %s: %s\n", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Important! You have to ensure bottom is properly
|
|
* initialized to zero on startup, it won't give you
|
|
* a compiler warning if you make this mistake!
|
|
*/
|
|
handle->md.dag_mem_bottom = 0;
|
|
handle->md.dag_mem_top = 0;
|
|
|
|
/* TODO: query the card */
|
|
handle->md.dag_fcs_bits = 32;
|
|
if ((s = getenv("ERF_FCS_BITS")) != NULL) {
|
|
if ((n = atoi(s)) == 0 || n == 16|| n == 32) {
|
|
handle->md.dag_fcs_bits = n;
|
|
} else {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE,
|
|
"pcap_open_live %s: bad ERF_FCS_BITS value (%d) in environment\n", device, n);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
handle->snapshot = snaplen;
|
|
/*handle->md.timeout = to_ms; */
|
|
|
|
#ifdef linux
|
|
if (device) {
|
|
handle->md.device = strdup(device);
|
|
}
|
|
|
|
if (handle->md.device == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "str_dup %s: %s\n", device, pcap_strerror(errno));
|
|
free(handle);
|
|
return NULL;
|
|
}
|
|
#endif
|
|
|
|
if ((handle->linktype = dag_get_datalink(handle)) < 0) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_get_linktype %s: unknown linktype\n", device);
|
|
return NULL;
|
|
}
|
|
|
|
handle->bufsize = 0;
|
|
|
|
if (new_pcap_dag(handle) < 0) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "new_pcap_dag %s: %s\n", device, pcap_strerror(errno));
|
|
return NULL;
|
|
}
|
|
|
|
handle->read_op = dag_read;
|
|
handle->setfilter_op = dag_setfilter;
|
|
handle->set_datalink_op = dag_set_datalink;
|
|
handle->stats_op = dag_stats;
|
|
handle->close_op = dag_platform_close;
|
|
|
|
return handle;
|
|
}
|
|
|
|
static int dag_stats(pcap_t *p, struct pcap_stat *ps) {
|
|
/* This needs to be filled out correctly. Hopefully a dagapi call will
|
|
provide all necessary information.
|
|
*/
|
|
/*p->md.stat.ps_recv = 0;*/
|
|
/*p->md.stat.ps_drop = 0;*/
|
|
|
|
*ps = p->md.stat;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Get from "/proc/dag" all interfaces listed there; if they're
|
|
* already in the list of interfaces we have, that won't add another
|
|
* instance, but if they're not, that'll add them.
|
|
*
|
|
* We don't bother getting any addresses for them.
|
|
*
|
|
* We also don't fail if we couldn't open "/proc/dag"; we just leave
|
|
* the list of interfaces as is.
|
|
*/
|
|
int
|
|
dag_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
|
|
{
|
|
FILE *proc_dag_f;
|
|
char linebuf[512];
|
|
int linenum;
|
|
unsigned char *p;
|
|
char name[512]; /* XXX - pick a size */
|
|
char *q, *saveq;
|
|
struct ifreq ifrflags;
|
|
int ret = 0;
|
|
|
|
/* Quick exit if /proc/dag not readable */
|
|
proc_dag_f = fopen("/proc/dag", "r");
|
|
if (proc_dag_f == NULL)
|
|
{
|
|
int i, fd;
|
|
char dev[16] = "dagx";
|
|
|
|
for (i = '0'; ret == 0 && i <= '9'; i++) {
|
|
dev[3] = i;
|
|
if (pcap_add_if(devlistp, dev, 0, NULL, errbuf) == -1) {
|
|
/*
|
|
* Failure.
|
|
*/
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
return (ret);
|
|
}
|
|
|
|
for (linenum = 1;
|
|
fgets(linebuf, sizeof linebuf, proc_dag_f) != NULL; linenum++) {
|
|
|
|
/*
|
|
* Skip the first two lines - they're headers.
|
|
*/
|
|
if (linenum <= 2)
|
|
continue;
|
|
|
|
p = &linebuf[0];
|
|
|
|
if (*p == '\0' || *p == '\n' || *p != 'D')
|
|
continue; /* not a Dag line */
|
|
|
|
/*
|
|
* Get the interface name.
|
|
*/
|
|
q = &name[0];
|
|
while (*p != '\0' && *p != ':') {
|
|
if (*p != ' ')
|
|
*q++ = tolower(*p++);
|
|
else
|
|
p++;
|
|
}
|
|
*q = '\0';
|
|
|
|
/*
|
|
* Add an entry for this interface, with no addresses.
|
|
*/
|
|
p[strlen(p) - 1] = '\0'; /* get rid of \n */
|
|
if (pcap_add_if(devlistp, name, 0, strdup(p + 2), errbuf) == -1) {
|
|
/*
|
|
* Failure.
|
|
*/
|
|
ret = -1;
|
|
break;
|
|
}
|
|
}
|
|
if (ret != -1) {
|
|
/*
|
|
* Well, we didn't fail for any other reason; did we
|
|
* fail due to an error reading the file?
|
|
*/
|
|
if (ferror(proc_dag_f)) {
|
|
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
|
|
"Error reading /proc/dag: %s",
|
|
pcap_strerror(errno));
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
(void)fclose(proc_dag_f);
|
|
return (ret);
|
|
}
|
|
|
|
/*
|
|
* Installs the gven bpf filter program in the given pcap structure. There is
|
|
* no attempt to store the filter in kernel memory as that is not supported
|
|
* with DAG cards.
|
|
*/
|
|
static int dag_setfilter(pcap_t *p, struct bpf_program *fp) {
|
|
if (!p)
|
|
return -1;
|
|
if (!fp) {
|
|
strncpy(p->errbuf, "setfilter: No filter specified",
|
|
sizeof(p->errbuf));
|
|
return -1;
|
|
}
|
|
|
|
/* Make our private copy of the filter */
|
|
|
|
if (install_bpf_program(p, fp) < 0) {
|
|
snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"malloc: %s", pcap_strerror(errno));
|
|
return -1;
|
|
}
|
|
|
|
p->md.use_bpf = 0;
|
|
|
|
return (0);
|
|
}
|
|
|
|
static int
|
|
dag_set_datalink(pcap_t *p, int dlt)
|
|
{
|
|
return (0);
|
|
}
|
|
|
|
static int
|
|
dag_get_datalink(pcap_t *p)
|
|
{
|
|
int linktype = -1;
|
|
|
|
/* Check the type through a dagapi call.
|
|
*/
|
|
switch(dag_linktype(p->fd)) {
|
|
case TYPE_HDLC_POS: {
|
|
dag_record_t *record;
|
|
|
|
/* peek at the first available record to see if it is PPP */
|
|
while ((p->md.dag_mem_top - p->md.dag_mem_bottom) < (dag_record_size + 4)) {
|
|
p->md.dag_mem_top = dag_offset(p->fd, &(p->md.dag_mem_bottom), 0);
|
|
}
|
|
record = (dag_record_t *)(p->md.dag_mem_base + p->md.dag_mem_bottom);
|
|
|
|
if ((ntohl(record->rec.pos.hdlc) & 0xffff0000) == 0xff030000) {
|
|
linktype = DLT_PPP_SERIAL;
|
|
fprintf(stderr, "Set DAG linktype to %d (DLT_PPP_SERIAL)\n", linktype);
|
|
} else {
|
|
linktype = DLT_CHDLC;
|
|
fprintf(stderr, "Set DAG linktype to %d (DLT_CHDLC)\n", linktype);
|
|
}
|
|
break;
|
|
}
|
|
case TYPE_ETH:
|
|
linktype = DLT_EN10MB;
|
|
fprintf(stderr, "Set DAG linktype to %d (DLT_EN10MB)\n", linktype);
|
|
break;
|
|
case TYPE_ATM:
|
|
linktype = DLT_ATM_RFC1483;
|
|
fprintf(stderr, "Set DAG linktype to %d (DLT_ATM_RFC1483)\n", linktype);
|
|
break;
|
|
case TYPE_LEGACY:
|
|
linktype = DLT_NULL;
|
|
fprintf(stderr, "Set DAG linktype to %d (DLT_NULL)\n", linktype);
|
|
break;
|
|
default:
|
|
fprintf(stderr, "Unknown DAG linktype %d\n", dag_linktype(p->fd));
|
|
break;
|
|
}
|
|
|
|
return linktype;
|
|
}
|