xref: /freebsd/contrib/libpcap/pcap-usb-linux.c (revision 642870485c089b57000fe538d3485e272b038d59)
1 /*
2  * Copyright (c) 2006 Paolo Abeni (Italy)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote
15  * products derived from this software without specific prior written
16  * permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  *
30  * USB sniffing API implementation for Linux platform
31  * By Paolo Abeni <paolo.abeni@email.it>
32  * Modifications: Kris Katterjohn <katterjohn@gmail.com>
33  *
34  */
35 
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39 
40 #include "pcap-int.h"
41 #include "pcap-usb-linux.h"
42 #include "pcap/usb.h"
43 
44 #ifdef NEED_STRERROR_H
45 #include "strerror.h"
46 #endif
47 
48 #include <ctype.h>
49 #include <errno.h>
50 #include <stdlib.h>
51 #include <unistd.h>
52 #include <fcntl.h>
53 #include <string.h>
54 #include <dirent.h>
55 #include <byteswap.h>
56 #include <netinet/in.h>
57 #include <sys/ioctl.h>
58 #include <sys/mman.h>
59 #ifdef HAVE_LINUX_USBDEVICE_FS_H
60 /*
61  * We might need <linux/compiler.h> to define __user for
62  * <linux/usbdevice_fs.h>.
63  */
64 #ifdef HAVE_LINUX_COMPILER_H
65 #include <linux/compiler.h>
66 #endif /* HAVE_LINUX_COMPILER_H */
67 #include <linux/usbdevice_fs.h>
68 #endif /* HAVE_LINUX_USBDEVICE_FS_H */
69 
70 #define USB_IFACE "usbmon"
71 #define USB_TEXT_DIR_OLD "/sys/kernel/debug/usbmon"
72 #define USB_TEXT_DIR "/sys/kernel/debug/usb/usbmon"
73 #define SYS_USB_BUS_DIR "/sys/bus/usb/devices"
74 #define PROC_USB_BUS_DIR "/proc/bus/usb"
75 #define USB_LINE_LEN 4096
76 
77 #if __BYTE_ORDER == __LITTLE_ENDIAN
78 #define htols(s) s
79 #define htoll(l) l
80 #define htol64(ll) ll
81 #else
82 #define htols(s) bswap_16(s)
83 #define htoll(l) bswap_32(l)
84 #define htol64(ll) bswap_64(ll)
85 #endif
86 
87 struct mon_bin_stats {
88 	u_int32_t queued;
89 	u_int32_t dropped;
90 };
91 
92 struct mon_bin_get {
93 	pcap_usb_header *hdr;
94 	void *data;
95 	size_t data_len;   /* Length of data (can be zero) */
96 };
97 
98 struct mon_bin_mfetch {
99 	int32_t *offvec;   /* Vector of events fetched */
100 	int32_t nfetch;    /* Number of events to fetch (out: fetched) */
101 	int32_t nflush;    /* Number of events to flush */
102 };
103 
104 #define MON_IOC_MAGIC 0x92
105 
106 #define MON_IOCQ_URB_LEN _IO(MON_IOC_MAGIC, 1)
107 #define MON_IOCX_URB  _IOWR(MON_IOC_MAGIC, 2, struct mon_bin_hdr)
108 #define MON_IOCG_STATS _IOR(MON_IOC_MAGIC, 3, struct mon_bin_stats)
109 #define MON_IOCT_RING_SIZE _IO(MON_IOC_MAGIC, 4)
110 #define MON_IOCQ_RING_SIZE _IO(MON_IOC_MAGIC, 5)
111 #define MON_IOCX_GET   _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get)
112 #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch)
113 #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8)
114 
115 #define MON_BIN_SETUP 	0x1 /* setup hdr is present*/
116 #define MON_BIN_SETUP_ZERO 	0x2 /* setup buffer is not available */
117 #define MON_BIN_DATA_ZERO 	0x4 /* data buffer is not available */
118 #define MON_BIN_ERROR 	0x8
119 
120 /*
121  * Private data for capturing on Linux USB.
122  */
123 struct pcap_usb_linux {
124 	u_char *mmapbuf;	/* memory-mapped region pointer */
125 	size_t mmapbuflen;	/* size of region */
126 	int bus_index;
127 	u_int packets_read;
128 };
129 
130 /* forward declaration */
131 static int usb_activate(pcap_t *);
132 static int usb_stats_linux(pcap_t *, struct pcap_stat *);
133 static int usb_stats_linux_bin(pcap_t *, struct pcap_stat *);
134 static int usb_read_linux(pcap_t *, int , pcap_handler , u_char *);
135 static int usb_read_linux_bin(pcap_t *, int , pcap_handler , u_char *);
136 static int usb_read_linux_mmap(pcap_t *, int , pcap_handler , u_char *);
137 static int usb_inject_linux(pcap_t *, const void *, size_t);
138 static int usb_setdirection_linux(pcap_t *, pcap_direction_t);
139 static void usb_cleanup_linux_mmap(pcap_t *);
140 
141 /* facility to add an USB device to the device list*/
142 static int
143 usb_dev_add(pcap_if_t** alldevsp, int n, char *err_str)
144 {
145 	char dev_name[10];
146 	char dev_descr[30];
147 	pcap_snprintf(dev_name, 10, USB_IFACE"%d", n);
148 	pcap_snprintf(dev_descr, 30, "USB bus number %d", n);
149 
150 	if (pcap_add_if(alldevsp, dev_name, 0,
151 	    dev_descr, err_str) < 0)
152 		return -1;
153 	return 0;
154 }
155 
156 int
157 usb_findalldevs(pcap_if_t **alldevsp, char *err_str)
158 {
159 	int fd;
160 	struct dirent* data;
161 	int ret = 0;
162 	DIR* dir;
163 	int n;
164 	char* name;
165 	size_t len;
166 
167 	/*
168 	 * Do we have a "scan all buses" device?
169 	 * First, try the binary device.
170 	 */
171 	fd = open(LINUX_USB_MON_DEV"0", O_RDONLY, 0);
172 	if (fd >= 0) {
173 		/*
174 		 * Yes.
175 		 */
176 		close(fd);
177 		if (pcap_add_if(alldevsp, "usbmon0", 0, "All USB buses",
178 		    err_str) < 0)
179 			return -1;
180 	} else {
181 		/*
182 		 * No binary device; do we have the text device?
183 		 */
184 		fd = open(USB_TEXT_DIR"/0t", O_RDONLY, 0);
185 		if (fd < 0) {
186 			/*
187 			 * Not at the new location; try the old location.
188 			 */
189 			fd = open(USB_TEXT_DIR_OLD"/0t", O_RDONLY, 0);
190 		}
191 		if (fd >= 0) {
192 			/*
193 			 * We found it.
194 			 */
195 			close(fd);
196 			if (pcap_add_if(alldevsp, "usbmon0", 0, "All USB buses",
197 			    err_str) < 0)
198 				return -1;
199 		}
200 	}
201 
202 	/*
203 	 * Now look for individual USB buses.
204 	 *
205 	 * First, try scanning sysfs USB bus directory.
206 	 */
207 	dir = opendir(SYS_USB_BUS_DIR);
208 	if (dir != NULL) {
209 		while ((ret == 0) && ((data = readdir(dir)) != 0)) {
210 			name = data->d_name;
211 
212 			if (strncmp(name, "usb", 3) != 0)
213 				continue;
214 
215 			if (sscanf(&name[3], "%d", &n) == 0)
216 				continue;
217 
218 			ret = usb_dev_add(alldevsp, n, err_str);
219 		}
220 
221 		closedir(dir);
222 		return ret;
223 	}
224 
225 	/* That didn't work; try scanning procfs USB bus directory. */
226 	dir = opendir(PROC_USB_BUS_DIR);
227 	if (dir != NULL) {
228 		while ((ret == 0) && ((data = readdir(dir)) != 0)) {
229 			name = data->d_name;
230 			len = strlen(name);
231 
232 			/* if this file name does not end with a number it's not of our interest */
233 			if ((len < 1) || !isdigit(name[--len]))
234 				continue;
235 			while (isdigit(name[--len]));
236 			if (sscanf(&name[len+1], "%d", &n) != 1)
237 				continue;
238 
239 			ret = usb_dev_add(alldevsp, n, err_str);
240 		}
241 
242 		closedir(dir);
243 		return ret;
244 	}
245 
246 	/* neither of them worked */
247 	return 0;
248 }
249 
250 static
251 int usb_mmap(pcap_t* handle)
252 {
253 	struct pcap_usb_linux *handlep = handle->priv;
254 	int len = ioctl(handle->fd, MON_IOCQ_RING_SIZE);
255 	if (len < 0)
256 		return 0;
257 
258 	handlep->mmapbuflen = len;
259 	handlep->mmapbuf = mmap(0, handlep->mmapbuflen, PROT_READ,
260 	    MAP_SHARED, handle->fd, 0);
261 	return handlep->mmapbuf != MAP_FAILED;
262 }
263 
264 #ifdef HAVE_LINUX_USBDEVICE_FS_H
265 
266 #define CTRL_TIMEOUT    (5*1000)        /* milliseconds */
267 
268 #define USB_DIR_IN		0x80
269 #define USB_TYPE_STANDARD	0x00
270 #define USB_RECIP_DEVICE	0x00
271 
272 #define USB_REQ_GET_DESCRIPTOR	6
273 
274 #define USB_DT_DEVICE		1
275 
276 /* probe the descriptors of the devices attached to the bus */
277 /* the descriptors will end up in the captured packet stream */
278 /* and be decoded by external apps like wireshark */
279 /* without these identifying probes packet data can't be fully decoded */
280 static void
281 probe_devices(int bus)
282 {
283 	struct usbdevfs_ctrltransfer ctrl;
284 	struct dirent* data;
285 	int ret = 0;
286 	char buf[40];
287 	DIR* dir;
288 
289 	/* scan usb bus directories for device nodes */
290 	pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d", bus);
291 	dir = opendir(buf);
292 	if (!dir)
293 		return;
294 
295 	while ((ret >= 0) && ((data = readdir(dir)) != 0)) {
296 		int fd;
297 		char* name = data->d_name;
298 
299 		if (name[0] == '.')
300 			continue;
301 
302 		pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name);
303 
304 		fd = open(buf, O_RDWR);
305 		if (fd == -1)
306 			continue;
307 
308 		/*
309 		 * Sigh.  Different kernels have different member names
310 		 * for this structure.
311 		 */
312 #ifdef HAVE_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE
313 		ctrl.bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
314 		ctrl.bRequest = USB_REQ_GET_DESCRIPTOR;
315 		ctrl.wValue = USB_DT_DEVICE << 8;
316 		ctrl.wIndex = 0;
317  		ctrl.wLength = sizeof(buf);
318 #else
319 		ctrl.requesttype = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
320 		ctrl.request = USB_REQ_GET_DESCRIPTOR;
321 		ctrl.value = USB_DT_DEVICE << 8;
322 		ctrl.index = 0;
323  		ctrl.length = sizeof(buf);
324 #endif
325 		ctrl.data = buf;
326 		ctrl.timeout = CTRL_TIMEOUT;
327 
328 		ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl);
329 
330 		close(fd);
331 	}
332 	closedir(dir);
333 }
334 #endif /* HAVE_LINUX_USBDEVICE_FS_H */
335 
336 pcap_t *
337 usb_create(const char *device, char *ebuf, int *is_ours)
338 {
339 	const char *cp;
340 	char *cpend;
341 	long devnum;
342 	pcap_t *p;
343 
344 	/* Does this look like a USB monitoring device? */
345 	cp = strrchr(device, '/');
346 	if (cp == NULL)
347 		cp = device;
348 	/* Does it begin with USB_IFACE? */
349 	if (strncmp(cp, USB_IFACE, sizeof USB_IFACE - 1) != 0) {
350 		/* Nope, doesn't begin with USB_IFACE */
351 		*is_ours = 0;
352 		return NULL;
353 	}
354 	/* Yes - is USB_IFACE followed by a number? */
355 	cp += sizeof USB_IFACE - 1;
356 	devnum = strtol(cp, &cpend, 10);
357 	if (cpend == cp || *cpend != '\0') {
358 		/* Not followed by a number. */
359 		*is_ours = 0;
360 		return NULL;
361 	}
362 	if (devnum < 0) {
363 		/* Followed by a non-valid number. */
364 		*is_ours = 0;
365 		return NULL;
366 	}
367 
368 	/* OK, it's probably ours. */
369 	*is_ours = 1;
370 
371 	p = pcap_create_common(ebuf, sizeof (struct pcap_usb_linux));
372 	if (p == NULL)
373 		return (NULL);
374 
375 	p->activate_op = usb_activate;
376 	return (p);
377 }
378 
379 static int
380 usb_activate(pcap_t* handle)
381 {
382 	struct pcap_usb_linux *handlep = handle->priv;
383 	char 		full_path[USB_LINE_LEN];
384 
385 	/* Initialize some components of the pcap structure. */
386 	handle->bufsize = handle->snapshot;
387 	handle->offset = 0;
388 	handle->linktype = DLT_USB_LINUX;
389 
390 	handle->inject_op = usb_inject_linux;
391 	handle->setfilter_op = install_bpf_program; /* no kernel filtering */
392 	handle->setdirection_op = usb_setdirection_linux;
393 	handle->set_datalink_op = NULL;	/* can't change data link type */
394 	handle->getnonblock_op = pcap_getnonblock_fd;
395 	handle->setnonblock_op = pcap_setnonblock_fd;
396 
397 	/*get usb bus index from device name */
398 	if (sscanf(handle->opt.device, USB_IFACE"%d", &handlep->bus_index) != 1)
399 	{
400 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
401 			"Can't get USB bus index from %s", handle->opt.device);
402 		return PCAP_ERROR;
403 	}
404 
405 	/*now select the read method: try to open binary interface */
406 	pcap_snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handlep->bus_index);
407 	handle->fd = open(full_path, O_RDONLY, 0);
408 	if (handle->fd >= 0)
409 	{
410 		if (handle->opt.rfmon) {
411 			/*
412 			 * Monitor mode doesn't apply to USB devices.
413 			 */
414 			close(handle->fd);
415 			return PCAP_ERROR_RFMON_NOTSUP;
416 		}
417 
418 		/* binary api is available, try to use fast mmap access */
419 		if (usb_mmap(handle)) {
420 			handle->linktype = DLT_USB_LINUX_MMAPPED;
421 			handle->stats_op = usb_stats_linux_bin;
422 			handle->read_op = usb_read_linux_mmap;
423 			handle->cleanup_op = usb_cleanup_linux_mmap;
424 #ifdef HAVE_LINUX_USBDEVICE_FS_H
425 			probe_devices(handlep->bus_index);
426 #endif
427 
428 			/*
429 			 * "handle->fd" is a real file, so "select()" and
430 			 * "poll()" work on it.
431 			 */
432 			handle->selectable_fd = handle->fd;
433 			return 0;
434 		}
435 
436 		/* can't mmap, use plain binary interface access */
437 		handle->stats_op = usb_stats_linux_bin;
438 		handle->read_op = usb_read_linux_bin;
439 #ifdef HAVE_LINUX_USBDEVICE_FS_H
440 		probe_devices(handlep->bus_index);
441 #endif
442 	}
443 	else {
444 		/*Binary interface not available, try open text interface */
445 		pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handlep->bus_index);
446 		handle->fd = open(full_path, O_RDONLY, 0);
447 		if (handle->fd < 0)
448 		{
449 			if (errno == ENOENT)
450 			{
451 				/*
452 				 * Not found at the new location; try
453 				 * the old location.
454 				 */
455 				pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handlep->bus_index);
456 				handle->fd = open(full_path, O_RDONLY, 0);
457 			}
458 			if (handle->fd < 0) {
459 				/* no more fallback, give it up*/
460 				pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
461 					"Can't open USB bus file %s: %s", full_path, strerror(errno));
462 				return PCAP_ERROR;
463 			}
464 		}
465 
466 		if (handle->opt.rfmon) {
467 			/*
468 			 * Monitor mode doesn't apply to USB devices.
469 			 */
470 			close(handle->fd);
471 			return PCAP_ERROR_RFMON_NOTSUP;
472 		}
473 
474 		handle->stats_op = usb_stats_linux;
475 		handle->read_op = usb_read_linux;
476 	}
477 
478 	/*
479 	 * "handle->fd" is a real file, so "select()" and "poll()"
480 	 * work on it.
481 	 */
482 	handle->selectable_fd = handle->fd;
483 
484 	/* for plain binary access and text access we need to allocate the read
485 	 * buffer */
486 	handle->buffer = malloc(handle->bufsize);
487 	if (!handle->buffer) {
488 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
489 			 "malloc: %s", pcap_strerror(errno));
490 		close(handle->fd);
491 		return PCAP_ERROR;
492 	}
493 	return 0;
494 }
495 
496 static inline int
497 ascii_to_int(char c)
498 {
499 	return c < 'A' ? c- '0': ((c<'a') ? c - 'A' + 10: c-'a'+10);
500 }
501 
502 /*
503  * see <linux-kernel-source>/Documentation/usb/usbmon.txt and
504  * <linux-kernel-source>/drivers/usb/mon/mon_text.c for urb string
505  * format description
506  */
507 static int
508 usb_read_linux(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
509 {
510 	/* see:
511 	* /usr/src/linux/Documentation/usb/usbmon.txt
512 	* for message format
513 	*/
514 	struct pcap_usb_linux *handlep = handle->priv;
515 	unsigned timestamp;
516 	int tag, cnt, ep_num, dev_addr, dummy, ret, urb_len, data_len;
517 	char etype, pipeid1, pipeid2, status[16], urb_tag, line[USB_LINE_LEN];
518 	char *string = line;
519 	u_char * rawdata = handle->buffer;
520 	struct pcap_pkthdr pkth;
521 	pcap_usb_header* uhdr = (pcap_usb_header*)handle->buffer;
522 	u_char urb_transfer=0;
523 	int incoming=0;
524 
525 	/* ignore interrupt system call errors */
526 	do {
527 		ret = read(handle->fd, line, USB_LINE_LEN - 1);
528 		if (handle->break_loop)
529 		{
530 			handle->break_loop = 0;
531 			return -2;
532 		}
533 	} while ((ret == -1) && (errno == EINTR));
534 	if (ret < 0)
535 	{
536 		if (errno == EAGAIN)
537 			return 0;	/* no data there */
538 
539 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
540 		    "Can't read from fd %d: %s", handle->fd, strerror(errno));
541 		return -1;
542 	}
543 
544 	/* read urb header; %n argument may increment return value, but it's
545 	* not mandatory, so does not count on it*/
546 	string[ret] = 0;
547 	ret = sscanf(string, "%x %d %c %c%c:%d:%d %s%n", &tag, &timestamp, &etype,
548 		&pipeid1, &pipeid2, &dev_addr, &ep_num, status,
549 		&cnt);
550 	if (ret < 8)
551 	{
552 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
553 		    "Can't parse USB bus message '%s', too few tokens (expected 8 got %d)",
554 		    string, ret);
555 		return -1;
556 	}
557 	uhdr->id = tag;
558 	uhdr->device_address = dev_addr;
559 	uhdr->bus_id = handlep->bus_index;
560 	uhdr->status = 0;
561 	string += cnt;
562 
563 	/* don't use usbmon provided timestamp, since it have low precision*/
564 	if (gettimeofday(&pkth.ts, NULL) < 0)
565 	{
566 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
567 			"Can't get timestamp for message '%s' %d:%s",
568 			string, errno, strerror(errno));
569 		return -1;
570 	}
571 	uhdr->ts_sec = pkth.ts.tv_sec;
572 	uhdr->ts_usec = pkth.ts.tv_usec;
573 
574 	/* parse endpoint information */
575 	if (pipeid1 == 'C')
576 		urb_transfer = URB_CONTROL;
577 	else if (pipeid1 == 'Z')
578 		urb_transfer = URB_ISOCHRONOUS;
579 	else if (pipeid1 == 'I')
580 		urb_transfer = URB_INTERRUPT;
581 	else if (pipeid1 == 'B')
582 		urb_transfer = URB_BULK;
583 	if (pipeid2 == 'i') {
584 		ep_num |= URB_TRANSFER_IN;
585 		incoming = 1;
586 	}
587 	if (etype == 'C')
588 		incoming = !incoming;
589 
590 	/* direction check*/
591 	if (incoming)
592 	{
593 		if (handle->direction == PCAP_D_OUT)
594 			return 0;
595 	}
596 	else
597 		if (handle->direction == PCAP_D_IN)
598 			return 0;
599 	uhdr->event_type = etype;
600 	uhdr->transfer_type = urb_transfer;
601 	uhdr->endpoint_number = ep_num;
602 	pkth.caplen = sizeof(pcap_usb_header);
603 	rawdata += sizeof(pcap_usb_header);
604 
605 	/* check if this is a setup packet */
606 	ret = sscanf(status, "%d", &dummy);
607 	if (ret != 1)
608 	{
609 		/* this a setup packet, setup data can be filled with underscore if
610 		* usbmon has not been able to read them, so we must parse this fields as
611 		* strings */
612 		pcap_usb_setup* shdr;
613 		char str1[3], str2[3], str3[5], str4[5], str5[5];
614 		ret = sscanf(string, "%s %s %s %s %s%n", str1, str2, str3, str4,
615 		str5, &cnt);
616 		if (ret < 5)
617 		{
618 			pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
619 				"Can't parse USB bus message '%s', too few tokens (expected 5 got %d)",
620 				string, ret);
621 			return -1;
622 		}
623 		string += cnt;
624 
625 		/* try to convert to corresponding integer */
626 		shdr = &uhdr->setup;
627 		shdr->bmRequestType = strtoul(str1, 0, 16);
628 		shdr->bRequest = strtoul(str2, 0, 16);
629 		shdr->wValue = htols(strtoul(str3, 0, 16));
630 		shdr->wIndex = htols(strtoul(str4, 0, 16));
631 		shdr->wLength = htols(strtoul(str5, 0, 16));
632 
633 		uhdr->setup_flag = 0;
634 	}
635 	else
636 		uhdr->setup_flag = 1;
637 
638 	/* read urb data */
639 	ret = sscanf(string, " %d%n", &urb_len, &cnt);
640 	if (ret < 1)
641 	{
642 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
643 		  "Can't parse urb length from '%s'", string);
644 		return -1;
645 	}
646 	string += cnt;
647 
648 	/* urb tag is not present if urb length is 0, so we can stop here
649 	 * text parsing */
650 	pkth.len = urb_len+pkth.caplen;
651 	uhdr->urb_len = urb_len;
652 	uhdr->data_flag = 1;
653 	data_len = 0;
654 	if (uhdr->urb_len == 0)
655 		goto got;
656 
657 	/* check for data presence; data is present if and only if urb tag is '=' */
658 	if (sscanf(string, " %c", &urb_tag) != 1)
659 	{
660 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
661 			"Can't parse urb tag from '%s'", string);
662 		return -1;
663 	}
664 
665 	if (urb_tag != '=')
666 		goto got;
667 
668 	/* skip urb tag and following space */
669 	string += 3;
670 
671 	/* if we reach this point we got some urb data*/
672 	uhdr->data_flag = 0;
673 
674 	/* read all urb data; if urb length is greater then the usbmon internal
675 	 * buffer length used by the kernel to spool the URB, we get only
676 	 * a partial information.
677 	 * At least until linux 2.6.17 there is no way to set usbmon intenal buffer
678 	 * length and default value is 130. */
679 	while ((string[0] != 0) && (string[1] != 0) && (pkth.caplen < (bpf_u_int32)handle->snapshot))
680 	{
681 		rawdata[0] = ascii_to_int(string[0]) * 16 + ascii_to_int(string[1]);
682 		rawdata++;
683 		string+=2;
684 		if (string[0] == ' ')
685 			string++;
686 		pkth.caplen++;
687 		data_len++;
688 	}
689 
690 got:
691 	uhdr->data_len = data_len;
692 	if (pkth.caplen > (bpf_u_int32)handle->snapshot)
693 		pkth.caplen = (bpf_u_int32)handle->snapshot;
694 
695 	if (handle->fcode.bf_insns == NULL ||
696 	    bpf_filter(handle->fcode.bf_insns, handle->buffer,
697 	      pkth.len, pkth.caplen)) {
698 		handlep->packets_read++;
699 		callback(user, &pkth, handle->buffer);
700 		return 1;
701 	}
702 	return 0;	/* didn't pass filter */
703 }
704 
705 static int
706 usb_inject_linux(pcap_t *handle, const void *buf, size_t size)
707 {
708 	pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "inject not supported on "
709 		"USB devices");
710 	return (-1);
711 }
712 
713 static int
714 usb_stats_linux(pcap_t *handle, struct pcap_stat *stats)
715 {
716 	struct pcap_usb_linux *handlep = handle->priv;
717 	int dummy, ret, consumed, cnt;
718 	char string[USB_LINE_LEN];
719 	char token[USB_LINE_LEN];
720 	char * ptr = string;
721 	int fd;
722 
723 	pcap_snprintf(string, USB_LINE_LEN, USB_TEXT_DIR"/%ds", handlep->bus_index);
724 	fd = open(string, O_RDONLY, 0);
725 	if (fd < 0)
726 	{
727 		if (errno == ENOENT)
728 		{
729 			/*
730 			 * Not found at the new location; try the old
731 			 * location.
732 			 */
733 			pcap_snprintf(string, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%ds", handlep->bus_index);
734 			fd = open(string, O_RDONLY, 0);
735 		}
736 		if (fd < 0) {
737 			pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
738 				"Can't open USB stats file %s: %s",
739 				string, strerror(errno));
740 			return -1;
741 		}
742 	}
743 
744 	/* read stats line */
745 	do {
746 		ret = read(fd, string, USB_LINE_LEN-1);
747 	} while ((ret == -1) && (errno == EINTR));
748 	close(fd);
749 
750 	if (ret < 0)
751 	{
752 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
753 			"Can't read stats from fd %d ", fd);
754 		return -1;
755 	}
756 	string[ret] = 0;
757 
758 	/* extract info on dropped urbs */
759 	for (consumed=0; consumed < ret; ) {
760 		/* from the sscanf man page:
761  		 * The C standard says: "Execution of a %n directive does
762  		 * not increment the assignment count returned at the completion
763 		 * of  execution" but the Corrigendum seems to contradict this.
764 		 * Do not make any assumptions on the effect of %n conversions
765 		 * on the return value and explicitly check for cnt assignmet*/
766 		int ntok;
767 
768 		cnt = -1;
769 		ntok = sscanf(ptr, "%s%n", token, &cnt);
770 		if ((ntok < 1) || (cnt < 0))
771 			break;
772 		consumed += cnt;
773 		ptr += cnt;
774 		if (strcmp(token, "nreaders") == 0)
775 			ret = sscanf(ptr, "%d", &stats->ps_drop);
776 		else
777 			ret = sscanf(ptr, "%d", &dummy);
778 		if (ntok != 1)
779 			break;
780 		consumed += cnt;
781 		ptr += cnt;
782 	}
783 
784 	stats->ps_recv = handlep->packets_read;
785 	stats->ps_ifdrop = 0;
786 	return 0;
787 }
788 
789 static int
790 usb_setdirection_linux(pcap_t *p, pcap_direction_t d)
791 {
792 	p->direction = d;
793 	return 0;
794 }
795 
796 
797 static int
798 usb_stats_linux_bin(pcap_t *handle, struct pcap_stat *stats)
799 {
800 	struct pcap_usb_linux *handlep = handle->priv;
801 	int ret;
802 	struct mon_bin_stats st;
803 	ret = ioctl(handle->fd, MON_IOCG_STATS, &st);
804 	if (ret < 0)
805 	{
806 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
807 			"Can't read stats from fd %d:%s ", handle->fd, strerror(errno));
808 		return -1;
809 	}
810 
811 	stats->ps_recv = handlep->packets_read + st.queued;
812 	stats->ps_drop = st.dropped;
813 	stats->ps_ifdrop = 0;
814 	return 0;
815 }
816 
817 /*
818  * see <linux-kernel-source>/Documentation/usb/usbmon.txt and
819  * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI
820  */
821 static int
822 usb_read_linux_bin(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
823 {
824 	struct pcap_usb_linux *handlep = handle->priv;
825 	struct mon_bin_get info;
826 	int ret;
827 	struct pcap_pkthdr pkth;
828 	u_int clen = handle->snapshot - sizeof(pcap_usb_header);
829 
830 	/* the usb header is going to be part of 'packet' data*/
831 	info.hdr = (pcap_usb_header*) handle->buffer;
832 	info.data = (u_char *)handle->buffer + sizeof(pcap_usb_header);
833 	info.data_len = clen;
834 
835 	/* ignore interrupt system call errors */
836 	do {
837 		ret = ioctl(handle->fd, MON_IOCX_GET, &info);
838 		if (handle->break_loop)
839 		{
840 			handle->break_loop = 0;
841 			return -2;
842 		}
843 	} while ((ret == -1) && (errno == EINTR));
844 	if (ret < 0)
845 	{
846 		if (errno == EAGAIN)
847 			return 0;	/* no data there */
848 
849 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
850 		    "Can't read from fd %d: %s", handle->fd, strerror(errno));
851 		return -1;
852 	}
853 
854 	/* we can get less that than really captured from kernel, depending on
855 	 * snaplen, so adjust header accordingly */
856 	if (info.hdr->data_len < clen)
857 		clen = info.hdr->data_len;
858 	info.hdr->data_len = clen;
859 	pkth.caplen = clen + sizeof(pcap_usb_header);
860 	pkth.len = info.hdr->data_len + sizeof(pcap_usb_header);
861 	pkth.ts.tv_sec = info.hdr->ts_sec;
862 	pkth.ts.tv_usec = info.hdr->ts_usec;
863 
864 	if (handle->fcode.bf_insns == NULL ||
865 	    bpf_filter(handle->fcode.bf_insns, handle->buffer,
866 	      pkth.len, pkth.caplen)) {
867 		handlep->packets_read++;
868 		callback(user, &pkth, handle->buffer);
869 		return 1;
870 	}
871 
872 	return 0;	/* didn't pass filter */
873 }
874 
875 /*
876  * see <linux-kernel-source>/Documentation/usb/usbmon.txt and
877  * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI
878  */
879 #define VEC_SIZE 32
880 static int
881 usb_read_linux_mmap(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
882 {
883 	struct pcap_usb_linux *handlep = handle->priv;
884 	struct mon_bin_mfetch fetch;
885 	int32_t vec[VEC_SIZE];
886 	struct pcap_pkthdr pkth;
887 	pcap_usb_header* hdr;
888 	int nflush = 0;
889 	int packets = 0;
890 	u_int clen, max_clen;
891 
892 	max_clen = handle->snapshot - sizeof(pcap_usb_header);
893 
894 	for (;;) {
895 		int i, ret;
896 		int limit = max_packets - packets;
897 		if (limit <= 0)
898 			limit = VEC_SIZE;
899 		if (limit > VEC_SIZE)
900 			limit = VEC_SIZE;
901 
902 		/* try to fetch as many events as possible*/
903 		fetch.offvec = vec;
904 		fetch.nfetch = limit;
905 		fetch.nflush = nflush;
906 		/* ignore interrupt system call errors */
907 		do {
908 			ret = ioctl(handle->fd, MON_IOCX_MFETCH, &fetch);
909 			if (handle->break_loop)
910 			{
911 				handle->break_loop = 0;
912 				return -2;
913 			}
914 		} while ((ret == -1) && (errno == EINTR));
915 		if (ret < 0)
916 		{
917 			if (errno == EAGAIN)
918 				return 0;	/* no data there */
919 
920 			pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
921 			    "Can't mfetch fd %d: %s", handle->fd, strerror(errno));
922 			return -1;
923 		}
924 
925 		/* keep track of processed events, we will flush them later */
926 		nflush = fetch.nfetch;
927 		for (i=0; i<fetch.nfetch; ++i) {
928 			/* discard filler */
929 			hdr = (pcap_usb_header*) &handlep->mmapbuf[vec[i]];
930 			if (hdr->event_type == '@')
931 				continue;
932 
933 			/* we can get less that than really captured from kernel, depending on
934 	 		* snaplen, so adjust header accordingly */
935 			clen = max_clen;
936 			if (hdr->data_len < clen)
937 				clen = hdr->data_len;
938 
939 			/* get packet info from header*/
940 			pkth.caplen = clen + sizeof(pcap_usb_header_mmapped);
941 			pkth.len = hdr->data_len + sizeof(pcap_usb_header_mmapped);
942 			pkth.ts.tv_sec = hdr->ts_sec;
943 			pkth.ts.tv_usec = hdr->ts_usec;
944 
945 			if (handle->fcode.bf_insns == NULL ||
946 			    bpf_filter(handle->fcode.bf_insns, (u_char*) hdr,
947 			      pkth.len, pkth.caplen)) {
948 				handlep->packets_read++;
949 				callback(user, &pkth, (u_char*) hdr);
950 				packets++;
951 			}
952 		}
953 
954 		/* with max_packets specifying "unlimited" we stop afer the first chunk*/
955 		if (PACKET_COUNT_IS_UNLIMITED(max_packets) || (packets == max_packets))
956 			break;
957 	}
958 
959 	/* flush pending events*/
960 	if (ioctl(handle->fd, MON_IOCH_MFLUSH, nflush) == -1) {
961 		pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
962 		    "Can't mflush fd %d: %s", handle->fd, strerror(errno));
963 		return -1;
964 	}
965 	return packets;
966 }
967 
968 static void
969 usb_cleanup_linux_mmap(pcap_t* handle)
970 {
971 	struct pcap_usb_linux *handlep = handle->priv;
972 
973 	/* if we have a memory-mapped buffer, unmap it */
974 	if (handlep->mmapbuf != NULL) {
975 		munmap(handlep->mmapbuf, handlep->mmapbuflen);
976 		handlep->mmapbuf = NULL;
977 	}
978 	pcap_cleanup_live_common(handle);
979 }
980