xref: /freebsd/contrib/libpcap/dlpisubs.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c) 
1 /*
2  * This code is derived from code formerly in pcap-dlpi.c, originally
3  * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
4  * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
5  * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
6  * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
7  */
8 
9 /*
10  * This file contains dlpi/libdlpi related common functions used
11  * by pcap-[dlpi,libdlpi].c.
12  */
13 
14 #ifdef HAVE_CONFIG_H
15 #include <config.h>
16 #endif
17 
18 #ifndef DL_IPATM
19 #define DL_IPATM	0x12	/* ATM Classical IP interface */
20 #endif
21 
22 #ifdef HAVE_SYS_BUFMOD_H
23 	/*
24 	 * Size of a bufmod chunk to pass upstream; that appears to be the
25 	 * biggest value to which you can set it, and setting it to that value
26 	 * (which is bigger than what appears to be the Solaris default of 8192)
27 	 * reduces the number of packet drops.
28 	 */
29 #define	CHUNKSIZE	65536
30 
31 	/*
32 	 * Size of the buffer to allocate for packet data we read; it must be
33 	 * large enough to hold a chunk.
34 	 */
35 #define	PKTBUFSIZE	CHUNKSIZE
36 
37 #else /* HAVE_SYS_BUFMOD_H */
38 
39 	/*
40 	 * Size of the buffer to allocate for packet data we read; this is
41 	 * what the value used to be - there's no particular reason why it
42 	 * should be tied to MAXDLBUF, but we'll leave it as this for now.
43 	 */
44 #define	MAXDLBUF	8192
45 #define	PKTBUFSIZE	(MAXDLBUF * sizeof(bpf_u_int32))
46 
47 #endif
48 
49 #include <sys/types.h>
50 #include <sys/time.h>
51 #ifdef HAVE_SYS_BUFMOD_H
52 #include <sys/bufmod.h>
53 #endif
54 #include <sys/dlpi.h>
55 #include <sys/stream.h>
56 
57 #include <errno.h>
58 #include <memory.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <stropts.h>
63 #include <unistd.h>
64 
65 #ifdef HAVE_LIBDLPI
66 #include <libdlpi.h>
67 #endif
68 
69 #include "pcap-int.h"
70 #include "dlpisubs.h"
71 
72 #ifdef HAVE_SYS_BUFMOD_H
73 static void pcap_stream_err(const char *, int, char *);
74 #endif
75 
76 /*
77  * Get the packet statistics.
78  */
79 int
80 pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
81 {
82 	struct pcap_dlpi *pd = p->priv;
83 
84 	/*
85 	 * "ps_recv" counts packets handed to the filter, not packets
86 	 * that passed the filter.  As filtering is done in userland,
87 	 * this would not include packets dropped because we ran out
88 	 * of buffer space; in order to make this more like other
89 	 * platforms (Linux 2.4 and later, BSDs with BPF), where the
90 	 * "packets received" count includes packets received but dropped
91 	 * due to running out of buffer space, and to keep from confusing
92 	 * applications that, for example, compute packet drop percentages,
93 	 * we also make it count packets dropped by "bufmod" (otherwise we
94 	 * might run the risk of the packet drop count being bigger than
95 	 * the received-packet count).
96 	 *
97 	 * "ps_drop" counts packets dropped by "bufmod" because of
98 	 * flow control requirements or resource exhaustion; it doesn't
99 	 * count packets dropped by the interface driver, or packets
100 	 * dropped upstream.  As filtering is done in userland, it counts
101 	 * packets regardless of whether they would've passed the filter.
102 	 *
103 	 * These statistics don't include packets not yet read from
104 	 * the kernel by libpcap, but they may include packets not
105 	 * yet read from libpcap by the application.
106 	 */
107 	*ps = pd->stat;
108 
109 	/*
110 	 * Add in the drop count, as per the above comment.
111 	 */
112 	ps->ps_recv += ps->ps_drop;
113 	return (0);
114 }
115 
116 /*
117  * Does the processor for which we're compiling this support aligned loads?
118  */
119 #if (defined(__i386__) || defined(_M_IX86) || defined(__X86__) || defined(__x86_64__) || defined(_M_X64)) || \
120     (defined(__arm__) || defined(_M_ARM) || defined(__aarch64__)) || \
121     (defined(__m68k__) && (!defined(__mc68000__) && !defined(__mc68010__))) || \
122     (defined(__ppc__) || defined(__ppc64__) || defined(_M_PPC) || defined(_ARCH_PPC) || defined(_ARCH_PPC64)) || \
123     (defined(__s390__) || defined(__s390x__) || defined(__zarch__))
124     /* Yes, it does. */
125 #else
126     /* No, it doesn't. */
127     #define REQUIRE_ALIGNMENT
128 #endif
129 
130 /*
131  * Loop through the packets and call the callback for each packet.
132  * Return the number of packets read.
133  */
134 int
135 pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
136 	int count, u_char *bufp, int len)
137 {
138 	struct pcap_dlpi *pd = p->priv;
139 	int n, caplen, origlen;
140 	u_char *ep, *pk;
141 	struct pcap_pkthdr pkthdr;
142 #ifdef HAVE_SYS_BUFMOD_H
143 	struct sb_hdr *sbp;
144 #ifdef REQUIRE_ALIGNMENT
145 	struct sb_hdr sbhdr;
146 #endif
147 #endif
148 
149 	/*
150 	 * Loop through packets.
151 	 *
152 	 * This assumes that a single buffer of packets will have
153 	 * <= INT_MAX packets, so the packet count doesn't overflow.
154 	 */
155 	ep = bufp + len;
156 	n = 0;
157 
158 #ifdef HAVE_SYS_BUFMOD_H
159 	while (bufp < ep) {
160 		/*
161 		 * Has "pcap_breakloop()" been called?
162 		 * If so, return immediately - if we haven't read any
163 		 * packets, clear the flag and return -2 to indicate
164 		 * that we were told to break out of the loop, otherwise
165 		 * leave the flag set, so that the *next* call will break
166 		 * out of the loop without having read any packets, and
167 		 * return the number of packets we've processed so far.
168 		 */
169 		if (p->break_loop) {
170 			if (n == 0) {
171 				p->break_loop = 0;
172 				return (-2);
173 			} else {
174 				p->bp = bufp;
175 				p->cc = ep - bufp;
176 				return (n);
177 			}
178 		}
179 #ifdef REQUIRE_ALIGNMENT
180 		if ((long)bufp & 3) {
181 			sbp = &sbhdr;
182 			memcpy(sbp, bufp, sizeof(*sbp));
183 		} else
184 #endif
185 			sbp = (struct sb_hdr *)bufp;
186 		pd->stat.ps_drop = sbp->sbh_drops;
187 		pk = bufp + sizeof(*sbp);
188 		bufp += sbp->sbh_totlen;
189 		origlen = sbp->sbh_origlen;
190 		caplen = sbp->sbh_msglen;
191 #else
192 		origlen = len;
193 		caplen = min(p->snapshot, len);
194 		pk = bufp;
195 		bufp += caplen;
196 #endif
197 		++pd->stat.ps_recv;
198 		if (pcap_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
199 #ifdef HAVE_SYS_BUFMOD_H
200 			pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
201 			pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
202 #else
203 			(void) gettimeofday(&pkthdr.ts, NULL);
204 #endif
205 			pkthdr.len = origlen;
206 			pkthdr.caplen = caplen;
207 			/* Insure caplen does not exceed snapshot */
208 			if (pkthdr.caplen > (bpf_u_int32)p->snapshot)
209 				pkthdr.caplen = (bpf_u_int32)p->snapshot;
210 			(*callback)(user, &pkthdr, pk);
211 			if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
212 				p->cc = ep - bufp;
213 				p->bp = bufp;
214 				return (n);
215 			}
216 		}
217 #ifdef HAVE_SYS_BUFMOD_H
218 	}
219 #endif
220 	p->cc = 0;
221 	return (n);
222 }
223 
224 /*
225  * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
226  */
227 int
228 pcap_process_mactype(pcap_t *p, u_int mactype)
229 {
230 	int retv = 0;
231 
232 	switch (mactype) {
233 
234 	case DL_CSMACD:
235 	case DL_ETHER:
236 		p->linktype = DLT_EN10MB;
237 		p->offset = 2;
238 		/*
239 		 * This is (presumably) a real Ethernet capture; give it a
240 		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
241 		 * that an application can let you choose it, in case you're
242 		 * capturing DOCSIS traffic that a Cisco Cable Modem
243 		 * Termination System is putting out onto an Ethernet (it
244 		 * doesn't put an Ethernet header onto the wire, it puts raw
245 		 * DOCSIS frames out on the wire inside the low-level
246 		 * Ethernet framing).
247 		 */
248 		p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
249 		/*
250 		 * If that fails, just leave the list empty.
251 		 */
252 		if (p->dlt_list != NULL) {
253 			p->dlt_list[0] = DLT_EN10MB;
254 			p->dlt_list[1] = DLT_DOCSIS;
255 			p->dlt_count = 2;
256 		}
257 		break;
258 
259 	case DL_FDDI:
260 		p->linktype = DLT_FDDI;
261 		p->offset = 3;
262 		break;
263 
264 	case DL_TPR:
265 		/* XXX - what about DL_TPB?  Is that Token Bus?  */
266 		p->linktype = DLT_IEEE802;
267 		p->offset = 2;
268 		break;
269 
270 #ifdef HAVE_SOLARIS
271 	case DL_IPATM:
272 		p->linktype = DLT_SUNATM;
273 		p->offset = 0;  /* works for LANE and LLC encapsulation */
274 		break;
275 #endif
276 
277 #ifdef DL_IPV4
278 	case DL_IPV4:
279 		p->linktype = DLT_IPV4;
280 		p->offset = 0;
281 		break;
282 #endif
283 
284 #ifdef DL_IPV6
285 	case DL_IPV6:
286 		p->linktype = DLT_IPV6;
287 		p->offset = 0;
288 		break;
289 #endif
290 
291 #ifdef DL_IPNET
292 	case DL_IPNET:
293 		/*
294 		 * XXX - DL_IPNET devices default to "raw IP" rather than
295 		 * "IPNET header"; see
296 		 *
297 		 *    https://seclists.org/tcpdump/2009/q1/202
298 		 *
299 		 * We'd have to do DL_IOC_IPNET_INFO to enable getting
300 		 * the IPNET header.
301 		 */
302 		p->linktype = DLT_RAW;
303 		p->offset = 0;
304 		break;
305 #endif
306 
307 	default:
308 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype 0x%x",
309 		    mactype);
310 		retv = -1;
311 	}
312 
313 	return (retv);
314 }
315 
316 #ifdef HAVE_SYS_BUFMOD_H
317 /*
318  * Push and configure the buffer module. Returns -1 for error, otherwise 0.
319  */
320 int
321 pcap_conf_bufmod(pcap_t *p, int snaplen)
322 {
323 	struct timeval to;
324 	bpf_u_int32 ss, chunksize;
325 
326 	/* Non-standard call to get the data nicely buffered. */
327 	if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
328 		pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
329 		return (-1);
330 	}
331 
332 	ss = snaplen;
333 	if (ss > 0 &&
334 	    strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
335 		pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
336 		return (-1);
337 	}
338 
339 	if (p->opt.immediate) {
340 		/* Set the timeout to zero, for immediate delivery. */
341 		to.tv_sec = 0;
342 		to.tv_usec = 0;
343 		if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
344 			pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
345 			return (-1);
346 		}
347 	} else {
348 		/* Set up the bufmod timeout. */
349 		if (p->opt.timeout != 0) {
350 			to.tv_sec = p->opt.timeout / 1000;
351 			to.tv_usec = (p->opt.timeout * 1000) % 1000000;
352 			if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
353 				pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
354 				return (-1);
355 			}
356 		}
357 
358 		/* Set the chunk length. */
359 		chunksize = CHUNKSIZE;
360 		if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
361 		    != 0) {
362 			pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
363 			return (-1);
364 		}
365 	}
366 
367 	return (0);
368 }
369 #endif /* HAVE_SYS_BUFMOD_H */
370 
371 /*
372  * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
373  */
374 int
375 pcap_alloc_databuf(pcap_t *p)
376 {
377 	p->bufsize = PKTBUFSIZE;
378 	p->buffer = malloc(p->bufsize + p->offset);
379 	if (p->buffer == NULL) {
380 		pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
381 		    errno, "malloc");
382 		return (-1);
383 	}
384 
385 	return (0);
386 }
387 
388 /*
389  * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
390  * length of returned data on success.
391  */
392 int
393 strioctl(int fd, int cmd, int len, char *dp)
394 {
395 	struct strioctl str;
396 	int retv;
397 
398 	str.ic_cmd = cmd;
399 	str.ic_timout = -1;
400 	str.ic_len = len;
401 	str.ic_dp = dp;
402 	if ((retv = ioctl(fd, I_STR, &str)) < 0)
403 		return (retv);
404 
405 	return (str.ic_len);
406 }
407 
408 #ifdef HAVE_SYS_BUFMOD_H
409 /*
410  * Write stream error message to errbuf.
411  */
412 static void
413 pcap_stream_err(const char *func, int err, char *errbuf)
414 {
415 	pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, err, "%s", func);
416 }
417 #endif
418