1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2017, Joyent, Inc.
25 */
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <ctype.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <sys/sockio.h>
33 #include <net/if.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/in.h>
36 #include <netinet/if_ether.h>
37 #include <netinet/ip.h>
38 #include <netdb.h>
39 #include <string.h>
40 #include <signal.h>
41 #include <setjmp.h>
42 #include <arpa/inet.h>
43 #include <sys/time.h>
44 #include "snoop.h"
45
46 static sigjmp_buf nisjmp;
47 static hrtime_t snoop_lastwarn; /* Last time NS warning fired */
48 static unsigned snoop_warninter = 60; /* Time in seconds between warnings */
49
50 #define MAXHASH 1024 /* must be a power of 2 */
51
52 #define SEPARATORS " \t\n"
53
54 struct hostdata {
55 struct hostdata *h_next;
56 char *h_hostname;
57 int h_pktsout;
58 int h_pktsin;
59 };
60
61 struct hostdata4 {
62 struct hostdata4 *h4_next;
63 char *h4_hostname;
64 int h4_pktsout;
65 int h4_pktsin;
66 struct in_addr h4_addr;
67 };
68
69 struct hostdata6 {
70 struct hostdata6 *h6_next;
71 char *h6_hostname;
72 int h6_pktsout;
73 int h6_pktsin;
74 struct in6_addr h6_addr;
75 };
76
77 static struct hostdata *addhost(int, const void *, const char *, char **);
78
79 static struct hostdata4 *h_table4[MAXHASH];
80 static struct hostdata6 *h_table6[MAXHASH];
81
82 #define iphash(e) ((e) & (MAXHASH-1))
83
84 /* ARGSUSED */
85 static void
wakeup(int n)86 wakeup(int n)
87 {
88 siglongjmp(nisjmp, 1);
89 }
90
91 extern char *inet_ntoa();
92
93 static void
snoop_nswarn(void)94 snoop_nswarn(void)
95 {
96 hrtime_t now = gethrtime();
97
98 if (now - snoop_lastwarn >= snoop_warninter * NANOSEC) {
99 snoop_lastwarn = now;
100 (void) fprintf(stderr, "snoop: warning: packets captured, but "
101 "name service lookups are timing out. Use snoop -r to "
102 "disable name service lookups\n");
103 }
104 }
105
106 static struct hostdata *
iplookup(struct in_addr ipaddr)107 iplookup(struct in_addr ipaddr)
108 {
109 register struct hostdata4 *h;
110 struct hostent *hp = NULL;
111 struct netent *np;
112 int error_num;
113 struct hostdata *retval;
114
115 for (h = h_table4[iphash(ipaddr.s_addr)]; h; h = h->h4_next) {
116 if (h->h4_addr.s_addr == ipaddr.s_addr)
117 return ((struct hostdata *)h);
118 }
119
120 /* not found. Put it in */
121
122 if (ipaddr.s_addr == htonl(INADDR_BROADCAST))
123 return (addhost(AF_INET, &ipaddr, "BROADCAST", NULL));
124 if (ipaddr.s_addr == htonl(INADDR_ANY))
125 return (addhost(AF_INET, &ipaddr, "OLD-BROADCAST", NULL));
126
127 /*
128 * Set an alarm here so we don't get held up by
129 * an unresponsive name server.
130 * Give it 3 sec to do its work.
131 */
132 if (!rflg) {
133 if (sigsetjmp(nisjmp, 1) == 0) {
134 (void) snoop_alarm(3, wakeup);
135 hp = getipnodebyaddr((char *)&ipaddr, sizeof (int),
136 AF_INET, &error_num);
137 if (hp == NULL && inet_lnaof(ipaddr) == 0) {
138 np = getnetbyaddr(inet_netof(ipaddr), AF_INET);
139 if (np)
140 return (addhost(AF_INET, &ipaddr,
141 np->n_name, np->n_aliases));
142 }
143 (void) snoop_alarm(0, wakeup);
144 } else {
145 snoop_nswarn();
146 }
147 }
148
149 retval = addhost(AF_INET, &ipaddr,
150 hp ? hp->h_name : inet_ntoa(ipaddr),
151 hp ? hp->h_aliases : NULL);
152 if (hp != NULL)
153 freehostent(hp);
154 return (retval);
155 }
156
157 static struct hostdata *
ip6lookup(const struct in6_addr * ip6addr)158 ip6lookup(const struct in6_addr *ip6addr)
159 {
160 struct hostdata6 *h;
161 struct hostent *hp = NULL;
162 int error_num;
163 char addrstr[INET6_ADDRSTRLEN];
164 char *addname;
165 struct hostdata *retval;
166
167 for (h = h_table6[iphash(((uint32_t *)ip6addr)[3])]; h;
168 h = h->h6_next) {
169 if (IN6_ARE_ADDR_EQUAL(&h->h6_addr, ip6addr))
170 return ((struct hostdata *)h);
171 }
172
173 /* not in the hash table, put it in */
174 if (IN6_IS_ADDR_UNSPECIFIED(ip6addr))
175 return (addhost(AF_INET6, ip6addr, "UNSPECIFIED", NULL));
176
177 /*
178 * Set an alarm here so we don't get held up by
179 * an unresponsive name server.
180 * Give it 3 sec to do its work.
181 */
182 if (!rflg) {
183 if (sigsetjmp(nisjmp, 1) == 0) {
184 (void) snoop_alarm(3, wakeup);
185 hp = getipnodebyaddr(ip6addr, sizeof (struct in6_addr),
186 AF_INET6, &error_num);
187 (void) snoop_alarm(0, wakeup);
188 } else {
189 snoop_nswarn();
190 }
191 } else {
192 hp = NULL;
193 }
194
195 if (hp != NULL)
196 addname = hp->h_name;
197 else {
198 (void) inet_ntop(AF_INET6, ip6addr, addrstr, INET6_ADDRSTRLEN);
199 addname = addrstr;
200 }
201
202 retval = addhost(AF_INET6, ip6addr, addname, hp ? hp->h_aliases : NULL);
203 if (hp != NULL)
204 freehostent(hp);
205 return (retval);
206 }
207
208 static struct hostdata *
addhost(int family,const void * ipaddr,const char * name,char ** aliases)209 addhost(int family, const void *ipaddr, const char *name, char **aliases)
210 {
211 struct hostdata **hp, *n = NULL;
212 extern FILE *namefile;
213 int hashval;
214 static char aname[128];
215 char *np;
216 static struct hostdata h;
217 int ind;
218
219 switch (family) {
220 case AF_INET:
221 n = (struct hostdata *)malloc(sizeof (struct hostdata4));
222 if (n == NULL)
223 goto alloc_failed;
224
225 memset(n, 0, sizeof (struct hostdata4));
226 n->h_hostname = strdup(name);
227 if (n->h_hostname == NULL)
228 goto alloc_failed;
229
230 ((struct hostdata4 *)n)->h4_addr =
231 *(const struct in_addr *)ipaddr;
232 hashval = ((struct in_addr *)ipaddr)->s_addr;
233 hp = (struct hostdata **)&h_table4[iphash(hashval)];
234 break;
235 case AF_INET6:
236 n = (struct hostdata *)malloc(sizeof (struct hostdata6));
237 if (n == NULL)
238 goto alloc_failed;
239
240 memset(n, 0, sizeof (struct hostdata6));
241 n->h_hostname = strdup(name);
242 if (n->h_hostname == NULL)
243 goto alloc_failed;
244
245 memcpy(&((struct hostdata6 *)n)->h6_addr, ipaddr,
246 sizeof (struct in6_addr));
247 hashval = ((const int *)ipaddr)[3];
248 hp = (struct hostdata **)&h_table6[iphash(hashval)];
249 break;
250 default:
251 fprintf(stderr, "snoop: ERROR: Unknown address family: %d",
252 family);
253 exit(1);
254 }
255
256 n->h_next = *hp;
257 *hp = n;
258
259 if (namefile != NULL) {
260 if (family == AF_INET) {
261 np = inet_ntoa(*(const struct in_addr *)ipaddr);
262 if (np) {
263 (void) fprintf(namefile, "%s\t%s", np, name);
264 if (aliases) {
265 for (ind = 0;
266 aliases[ind] != NULL;
267 ind++) {
268 (void) fprintf(namefile, " %s",
269 aliases[ind]);
270 }
271 }
272 (void) fprintf(namefile, "\n");
273 }
274 } else if (family == AF_INET6) {
275 np = (char *)inet_ntop(AF_INET6, (void *)ipaddr, aname,
276 sizeof (aname));
277 if (np) {
278 (void) fprintf(namefile, "%s\t%s", np, name);
279 if (aliases) {
280 for (ind = 0;
281 aliases[ind] != NULL;
282 ind++) {
283 (void) fprintf(namefile, " %s",
284 aliases[ind]);
285 }
286 }
287 (void) fprintf(namefile, "\n");
288 }
289 } else {
290 (void) fprintf(stderr, "addhost: unknown family %d\n",
291 family);
292 }
293 }
294 return (n);
295
296 alloc_failed:
297 if (n)
298 free(n);
299 (void) fprintf(stderr, "addhost: no mem\n");
300
301 aname[0] = '\0';
302 memset(&h, 0, sizeof (struct hostdata));
303 h.h_hostname = aname;
304 return (&h);
305 }
306
307 char *
addrtoname(int family,const void * ipaddr)308 addrtoname(int family, const void *ipaddr)
309 {
310 switch (family) {
311 case AF_INET:
312 return (iplookup(*(const struct in_addr *)ipaddr)->h_hostname);
313 case AF_INET6:
314 return (ip6lookup((const struct in6_addr *)ipaddr)->h_hostname);
315 }
316 (void) fprintf(stderr, "snoop: ERROR: unknown address family: %d\n",
317 family);
318 exit(1);
319 /* NOTREACHED */
320 }
321
322 void
load_names(char * fname)323 load_names(char *fname)
324 {
325 char buf[1024];
326 char *addr, *name, *alias;
327 FILE *f;
328 unsigned int addrv4;
329 struct in6_addr addrv6;
330 int family;
331 void *naddr;
332
333 (void) fprintf(stderr, "Loading name file %s\n", fname);
334 f = fopen(fname, "r");
335 if (f == NULL) {
336 perror(fname);
337 return;
338 }
339
340 while (fgets(buf, 1024, f) != NULL) {
341 addr = strtok(buf, SEPARATORS);
342 if (addr == NULL || *addr == '#')
343 continue;
344 if (inet_pton(AF_INET6, addr, (void *)&addrv6) == 1) {
345 family = AF_INET6;
346 naddr = (void *)&addrv6;
347 } else if ((addrv4 = inet_addr(addr)) != (ulong_t)-1) {
348 family = AF_INET;
349 naddr = (void *)&addrv4;
350 }
351 name = strtok(NULL, SEPARATORS);
352 if (name == NULL)
353 continue;
354 while ((alias = strtok(NULL, SEPARATORS)) != NULL &&
355 (*alias != '#')) {
356 (void) addhost(family, naddr, alias, NULL);
357 }
358 (void) addhost(family, naddr, name, NULL);
359 /* Note: certain addresses such as broadcast are skipped */
360 }
361
362 (void) fclose(f);
363 }
364
365 /*
366 * lgetipnodebyname: looks up hostname in cached address data. This allows
367 * filtering on hostnames from the .names file to work properly, and
368 * avoids name clashes between domains. Note that only the first of the
369 * ipv4, ipv6, or v4mapped address will be returned, because the
370 * cache does not contain information on multi-homed hosts.
371 */
372 /*ARGSUSED*/
373 struct hostent *
lgetipnodebyname(const char * name,int af,int flags,int * error_num)374 lgetipnodebyname(const char *name, int af, int flags, int *error_num)
375 {
376 int i;
377 struct hostdata4 *h;
378 struct hostdata6 *h6;
379 static struct hostent he; /* host entry */
380 static struct in6_addr h46_addr[MAXADDRS]; /* v4mapped address */
381 static char h_name[MAXHOSTNAMELEN]; /* hostname */
382 static char *list[MAXADDRS]; /* addr_list array */
383 struct hostent *hp = &he;
384 int ind;
385
386 (void) memset((char *)hp, 0, sizeof (struct hostent));
387 hp->h_name = h_name;
388 h_name[0] = '\0';
389 strcpy(h_name, name);
390
391 hp->h_addrtype = AF_INET6;
392
393 hp->h_addr_list = list;
394 for (i = 0; i < MAXADDRS; i++)
395 hp->h_addr_list[i] = NULL;
396 ind = 0;
397
398 /* ipv6 lookup */
399 if (af == AF_INET6) {
400 hp->h_length = sizeof (struct in6_addr);
401 for (i = 0; i < MAXHASH; i++) {
402 for (h6 = h_table6[i]; h6; h6 = h6->h6_next) {
403 if (strcmp(name, h6->h6_hostname) == 0) {
404 if (ind >= MAXADDRS - 1) {
405 /* too many addresses */
406 return (hp);
407 }
408 /* found ipv6 addr */
409 hp->h_addr_list[ind] =
410 (char *)&h6->h6_addr;
411 ind++;
412 }
413 }
414 }
415 }
416 /* ipv4 or v4mapped lookup */
417 if (af == AF_INET || (flags & AI_ALL)) {
418 for (i = 0; i < MAXHASH; i++) {
419 for (h = h_table4[i]; h; h = h->h4_next) {
420 if (strcmp(name, h->h4_hostname) == 0) {
421 if (ind >= MAXADDRS - 1) {
422 /* too many addresses */
423 return (hp);
424 }
425 if (af == AF_INET) {
426 /* found ipv4 addr */
427 hp->h_addrtype = AF_INET;
428 hp->h_length =
429 sizeof (struct in_addr);
430 hp->h_addr_list[ind] =
431 (char *)&h->h4_addr;
432 ind++;
433 } else {
434 /* found v4mapped addr */
435 hp->h_length =
436 sizeof (struct in6_addr);
437 hp->h_addr_list[ind] =
438 (char *)&h46_addr[ind];
439 IN6_INADDR_TO_V4MAPPED(
440 &h->h4_addr,
441 &h46_addr[ind]);
442 ind++;
443 }
444 }
445 }
446 }
447 }
448 return (ind > 0 ? hp : NULL);
449 }
450