1 /*
2  * This code is derived from code formerly in pcap-dlpi.c, originally
3  * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
4  * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
5  * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
6  * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
7  */
8 
9 /*
10  * This file contains dlpi/libdlpi related common functions used
11  * by pcap-[dlpi,libdlpi].c.
12  */
13 #ifndef lint
14 static const char rcsid[] _U_ =
15 	"@(#) $Header: /tcpdump/master/libpcap/dlpisubs.c,v 1.3 2008-12-02 16:40:19 guy Exp $ (LBL)";
16 #endif
17 
18 #ifdef HAVE_CONFIG_H
19 #include "config.h"
20 #endif
21 
22 #ifndef DL_IPATM
23 #define DL_IPATM	0x12	/* ATM Classical IP interface */
24 #endif
25 
26 #ifdef HAVE_SYS_BUFMOD_H
27 	/*
28 	 * Size of a bufmod chunk to pass upstream; that appears to be the
29 	 * biggest value to which you can set it, and setting it to that value
30 	 * (which is bigger than what appears to be the Solaris default of 8192)
31 	 * reduces the number of packet drops.
32 	 */
33 #define	CHUNKSIZE	65536
34 
35 	/*
36 	 * Size of the buffer to allocate for packet data we read; it must be
37 	 * large enough to hold a chunk.
38 	 */
39 #define	PKTBUFSIZE	CHUNKSIZE
40 
41 #else /* HAVE_SYS_BUFMOD_H */
42 
43 	/*
44 	 * Size of the buffer to allocate for packet data we read; this is
45 	 * what the value used to be - there's no particular reason why it
46 	 * should be tied to MAXDLBUF, but we'll leave it as this for now.
47 	 */
48 #define	MAXDLBUF	8192
49 #define	PKTBUFSIZE	(MAXDLBUF * sizeof(bpf_u_int32))
50 
51 #endif
52 
53 #include <sys/types.h>
54 #include <sys/time.h>
55 #ifdef HAVE_SYS_BUFMOD_H
56 #include <sys/bufmod.h>
57 #endif
58 #include <sys/dlpi.h>
59 #include <sys/stream.h>
60 
61 #include <errno.h>
62 #include <memory.h>
63 #include <stdio.h>
64 #include <stdlib.h>
65 #include <string.h>
66 #include <stropts.h>
67 #include <unistd.h>
68 
69 #ifdef HAVE_LIBDLPI
70 #include <libdlpi.h>
71 #endif
72 
73 #include "pcap-int.h"
74 #include "dlpisubs.h"
75 
76 #ifdef HAVE_SYS_BUFMOD_H
77 static void pcap_stream_err(const char *, int, char *);
78 #endif
79 
80 /*
81  * Get the packet statistics.
82  */
83 int
pcap_stats_dlpi(pcap_t * p,struct pcap_stat * ps)84 pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
85 {
86 	struct pcap_dlpi *pd = p->priv;
87 
88 	/*
89 	 * "ps_recv" counts packets handed to the filter, not packets
90 	 * that passed the filter.  As filtering is done in userland,
91 	 * this would not include packets dropped because we ran out
92 	 * of buffer space; in order to make this more like other
93 	 * platforms (Linux 2.4 and later, BSDs with BPF), where the
94 	 * "packets received" count includes packets received but dropped
95 	 * due to running out of buffer space, and to keep from confusing
96 	 * applications that, for example, compute packet drop percentages,
97 	 * we also make it count packets dropped by "bufmod" (otherwise we
98 	 * might run the risk of the packet drop count being bigger than
99 	 * the received-packet count).
100 	 *
101 	 * "ps_drop" counts packets dropped by "bufmod" because of
102 	 * flow control requirements or resource exhaustion; it doesn't
103 	 * count packets dropped by the interface driver, or packets
104 	 * dropped upstream.  As filtering is done in userland, it counts
105 	 * packets regardless of whether they would've passed the filter.
106 	 *
107 	 * These statistics don't include packets not yet read from
108 	 * the kernel by libpcap, but they may include packets not
109 	 * yet read from libpcap by the application.
110 	 */
111 	*ps = pd->stat;
112 
113 	/*
114 	 * Add in the drop count, as per the above comment.
115 	 */
116 	ps->ps_recv += ps->ps_drop;
117 	return (0);
118 }
119 
120 /*
121  * Loop through the packets and call the callback for each packet.
122  * Return the number of packets read.
123  */
124 int
pcap_process_pkts(pcap_t * p,pcap_handler callback,u_char * user,int count,u_char * bufp,int len)125 pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
126 	int count, u_char *bufp, int len)
127 {
128 	struct pcap_dlpi *pd = p->priv;
129 	int n, caplen, origlen;
130 	u_char *ep, *pk;
131 	struct pcap_pkthdr pkthdr;
132 #ifdef HAVE_SYS_BUFMOD_H
133 	struct sb_hdr *sbp;
134 #ifdef LBL_ALIGN
135 	struct sb_hdr sbhdr;
136 #endif
137 #endif
138 
139 	/* Loop through packets */
140 	ep = bufp + len;
141 	n = 0;
142 
143 #ifdef HAVE_SYS_BUFMOD_H
144 	while (bufp < ep) {
145 		/*
146 		 * Has "pcap_breakloop()" been called?
147 		 * If so, return immediately - if we haven't read any
148 		 * packets, clear the flag and return -2 to indicate
149 		 * that we were told to break out of the loop, otherwise
150 		 * leave the flag set, so that the *next* call will break
151 		 * out of the loop without having read any packets, and
152 		 * return the number of packets we've processed so far.
153 		 */
154 		if (p->break_loop) {
155 			if (n == 0) {
156 				p->break_loop = 0;
157 				return (-2);
158 			} else {
159 				p->bp = bufp;
160 				p->cc = ep - bufp;
161 				return (n);
162 			}
163 		}
164 #ifdef LBL_ALIGN
165 		if ((long)bufp & 3) {
166 			sbp = &sbhdr;
167 			memcpy(sbp, bufp, sizeof(*sbp));
168 		} else
169 #endif
170 			sbp = (struct sb_hdr *)bufp;
171 		pd->stat.ps_drop = sbp->sbh_drops;
172 		pk = bufp + sizeof(*sbp);
173 		bufp += sbp->sbh_totlen;
174 		origlen = sbp->sbh_origlen;
175 		caplen = sbp->sbh_msglen;
176 #else
177 		origlen = len;
178 		caplen = min(p->snapshot, len);
179 		pk = bufp;
180 		bufp += caplen;
181 #endif
182 		++pd->stat.ps_recv;
183 		if (bpf_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
184 #ifdef HAVE_SYS_BUFMOD_H
185 			pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
186 			pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
187 #else
188 			(void) gettimeofday(&pkthdr.ts, NULL);
189 #endif
190 			pkthdr.len = origlen;
191 			pkthdr.caplen = caplen;
192 			/* Insure caplen does not exceed snapshot */
193 			if (pkthdr.caplen > p->snapshot)
194 				pkthdr.caplen = p->snapshot;
195 			(*callback)(user, &pkthdr, pk);
196 			if (++n >= count && !PACKET_COUNT_IS_UNLIMITED(count)) {
197 				p->cc = ep - bufp;
198 				p->bp = bufp;
199 				return (n);
200 			}
201 		}
202 #ifdef HAVE_SYS_BUFMOD_H
203 	}
204 #endif
205 	p->cc = 0;
206 	return (n);
207 }
208 
209 /*
210  * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
211  */
212 int
pcap_process_mactype(pcap_t * p,u_int mactype)213 pcap_process_mactype(pcap_t *p, u_int mactype)
214 {
215 	int retv = 0;
216 
217 	switch (mactype) {
218 
219 	case DL_CSMACD:
220 	case DL_ETHER:
221 		p->linktype = DLT_EN10MB;
222 		p->offset = 2;
223 		/*
224 		 * This is (presumably) a real Ethernet capture; give it a
225 		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
226 		 * that an application can let you choose it, in case you're
227 		 * capturing DOCSIS traffic that a Cisco Cable Modem
228 		 * Termination System is putting out onto an Ethernet (it
229 		 * doesn't put an Ethernet header onto the wire, it puts raw
230 		 * DOCSIS frames out on the wire inside the low-level
231 		 * Ethernet framing).
232 		 */
233 		p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
234 		/*
235 		 * If that fails, just leave the list empty.
236 		 */
237 		if (p->dlt_list != NULL) {
238 			p->dlt_list[0] = DLT_EN10MB;
239 			p->dlt_list[1] = DLT_DOCSIS;
240 			p->dlt_count = 2;
241 		}
242 		break;
243 
244 	case DL_FDDI:
245 		p->linktype = DLT_FDDI;
246 		p->offset = 3;
247 		break;
248 
249 	case DL_TPR:
250 		/* XXX - what about DL_TPB?  Is that Token Bus?  */
251 		p->linktype = DLT_IEEE802;
252 		p->offset = 2;
253 		break;
254 
255 #ifdef HAVE_SOLARIS
256 	case DL_IPATM:
257 		p->linktype = DLT_SUNATM;
258 		p->offset = 0;  /* works for LANE and LLC encapsulation */
259 		break;
260 #endif
261 
262 	default:
263 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype %u",
264 		    mactype);
265 		retv = -1;
266 	}
267 
268 	return (retv);
269 }
270 
271 #ifdef HAVE_SYS_BUFMOD_H
272 /*
273  * Push and configure the buffer module. Returns -1 for error, otherwise 0.
274  */
275 int
pcap_conf_bufmod(pcap_t * p,int snaplen)276 pcap_conf_bufmod(pcap_t *p, int snaplen)
277 {
278 	struct timeval to;
279 	bpf_u_int32 ss, chunksize;
280 
281 	/* Non-standard call to get the data nicely buffered. */
282 	if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
283 		pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
284 		return (-1);
285 	}
286 
287 	ss = snaplen;
288 	if (ss > 0 &&
289 	    strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
290 		pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
291 		return (-1);
292 	}
293 
294 	if (p->opt.immediate) {
295 		/* Set the timeout to zero, for immediate delivery. */
296 		to.tv_sec = 0;
297 		to.tv_usec = 0;
298 		if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
299 			pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
300 			return (-1);
301 		}
302 	} else {
303 		/* Set up the bufmod timeout. */
304 		if (p->opt.timeout != 0) {
305 			to.tv_sec = p->opt.timeout / 1000;
306 			to.tv_usec = (p->opt.timeout * 1000) % 1000000;
307 			if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
308 				pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
309 				return (-1);
310 			}
311 		}
312 
313 		/* Set the chunk length. */
314 		chunksize = CHUNKSIZE;
315 		if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
316 		    != 0) {
317 			pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
318 			return (-1);
319 		}
320 	}
321 
322 	return (0);
323 }
324 #endif /* HAVE_SYS_BUFMOD_H */
325 
326 /*
327  * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
328  */
329 int
pcap_alloc_databuf(pcap_t * p)330 pcap_alloc_databuf(pcap_t *p)
331 {
332 	p->bufsize = PKTBUFSIZE;
333 	p->buffer = (u_char *)malloc(p->bufsize + p->offset);
334 	if (p->buffer == NULL) {
335 		strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
336 		return (-1);
337 	}
338 
339 	return (0);
340 }
341 
342 /*
343  * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
344  * length of returned data on success.
345  */
346 int
strioctl(int fd,int cmd,int len,char * dp)347 strioctl(int fd, int cmd, int len, char *dp)
348 {
349 	struct strioctl str;
350 	int retv;
351 
352 	str.ic_cmd = cmd;
353 	str.ic_timout = -1;
354 	str.ic_len = len;
355 	str.ic_dp = dp;
356 	if ((retv = ioctl(fd, I_STR, &str)) < 0)
357 		return (retv);
358 
359 	return (str.ic_len);
360 }
361 
362 #ifdef HAVE_SYS_BUFMOD_H
363 /*
364  * Write stream error message to errbuf.
365  */
366 static void
pcap_stream_err(const char * func,int err,char * errbuf)367 pcap_stream_err(const char *func, int err, char *errbuf)
368 {
369 	snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", func, pcap_strerror(err));
370 }
371 #endif
372