2
* pcap-dag.c: Packet capture interface for Endace DAG card.
4
* The functionality of this code attempts to mimic that of pcap-linux as much
5
* as possible. This code is compiled in several different ways depending on
6
* whether DAG_ONLY and HAVE_DAG_API are defined. If HAVE_DAG_API is not
7
* defined it should not get compiled in, otherwise if DAG_ONLY is defined then
8
* the 'dag_' function calls are renamed to 'pcap_' equivalents. If DAG_ONLY
9
* is not defined then nothing is altered - the dag_ functions will be
10
* called as required from their pcap-linux/bpf equivalents.
12
* Authors: Richard Littin, Sean Irvine ({richard,sean}@reeltwo.com)
13
* Modifications: Jesper Peterson, Koryn Grant <support@endace.com>
17
static const char rcsid[] _U_ =
18
"@(#) $Header: /tcpdump/master/libpcap/pcap-dag.c,v 1.21 2005/04/03 23:56:47 guy Exp $ (LBL)";
25
#include <sys/param.h> /* optionally get BSD define */
34
#include <netinet/in.h>
36
#include <sys/socket.h>
37
#include <sys/types.h>
40
struct mbuf; /* Squelch compiler warnings on some platforms for */
41
struct rtentry; /* declarations in <net/if.h> */
47
#define MIN_DAG_SNAPLEN 12
48
#define MAX_DAG_SNAPLEN 2040
49
#define ATM_CELL_SIZE 52
50
#define ATM_HDR_SIZE 4
52
/* SunATM pseudo header */
54
unsigned char flags; /* destination and traffic type */
55
unsigned char vpi; /* VPI */
56
unsigned short vci; /* VCI */
59
typedef struct pcap_dag_node {
60
struct pcap_dag_node *next;
65
static pcap_dag_node_t *pcap_dags = NULL;
66
static int atexit_handler_installed = 0;
67
static const unsigned short endian_test_word = 0x0100;
69
#define IS_BIGENDIAN() (*((unsigned char *)&endian_test_word))
72
* Swap byte ordering of unsigned long long timestamp on a big endian
75
#define SWAP_TS(ull) ((ull & 0xff00000000000000LL) >> 56) | \
76
((ull & 0x00ff000000000000LL) >> 40) | \
77
((ull & 0x0000ff0000000000LL) >> 24) | \
78
((ull & 0x000000ff00000000LL) >> 8) | \
79
((ull & 0x00000000ff000000LL) << 8) | \
80
((ull & 0x0000000000ff0000LL) << 24) | \
81
((ull & 0x000000000000ff00LL) << 40) | \
82
((ull & 0x00000000000000ffLL) << 56)
86
/* This code is required when compiling for a DAG device only. */
89
/* Replace dag function names with pcap equivalent. */
90
#define dag_open_live pcap_open_live
91
#define dag_platform_finddevs pcap_platform_finddevs
94
static int dag_setfilter(pcap_t *p, struct bpf_program *fp);
95
static int dag_stats(pcap_t *p, struct pcap_stat *ps);
96
static int dag_set_datalink(pcap_t *p, int dlt);
97
static int dag_get_datalink(pcap_t *p);
98
static int dag_setnonblock(pcap_t *p, int nonblock, char *errbuf);
101
delete_pcap_dag(pcap_t *p)
103
pcap_dag_node_t *curr = NULL, *prev = NULL;
105
for (prev = NULL, curr = pcap_dags; curr != NULL && curr->p != p; prev = curr, curr = curr->next) {
109
if (curr != NULL && curr->p == p) {
111
prev->next = curr->next;
113
pcap_dags = curr->next;
119
* Performs a graceful shutdown of the DAG card, frees dynamic memory held
120
* in the pcap_t structure, and closes the file descriptor for the DAG card.
124
dag_platform_close(pcap_t *p)
128
if (p != NULL && p->md.device != NULL) {
129
if(dag_stop(p->fd) < 0)
130
fprintf(stderr,"dag_stop %s: %s\n", p->md.device, strerror(errno));
131
if(dag_close(p->fd) < 0)
132
fprintf(stderr,"dag_close %s: %s\n", p->md.device, strerror(errno));
138
if(dag_stop(p->fd) < 0)
139
fprintf(stderr,"dag_stop: %s\n", strerror(errno));
140
if(dag_close(p->fd) < 0)
141
fprintf(stderr,"dag_close: %s\n", strerror(errno));
145
/* Note: don't need to call close(p->fd) here as dag_close(p->fd) does this. */
151
while (pcap_dags != NULL) {
152
if (pcap_dags->pid == getpid()) {
153
dag_platform_close(pcap_dags->p);
155
delete_pcap_dag(pcap_dags->p);
161
new_pcap_dag(pcap_t *p)
163
pcap_dag_node_t *node = NULL;
165
if ((node = malloc(sizeof(pcap_dag_node_t))) == NULL) {
169
if (!atexit_handler_installed) {
170
atexit(atexit_handler);
171
atexit_handler_installed = 1;
174
node->next = pcap_dags;
176
node->pid = getpid();
184
* Read at most max_packets from the capture stream and call the callback
185
* for each of them. Returns the number of packets handled, -1 if an
186
* error occured, or -2 if we were told to break out of the loop.
189
dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
191
unsigned int processed = 0;
192
int flags = p->md.dag_offset_flags;
193
unsigned int nonblocking = flags & DAGF_NONBLOCK;
197
/* Get the next bufferful of packets (if necessary). */
198
while (p->md.dag_mem_top - p->md.dag_mem_bottom < dag_record_size) {
201
* Has "pcap_breakloop()" been called?
205
* Yes - clear the flag that indicates that
206
* it has, and return -2 to indicate that
207
* we were told to break out of the loop.
213
p->md.dag_mem_top = dag_offset(p->fd, &(p->md.dag_mem_bottom), flags);
214
if (nonblocking && (p->md.dag_mem_top - p->md.dag_mem_bottom < dag_record_size))
216
/* Pcap is configured to process only available packets, and there aren't any. */
221
/* Process the packets. */
222
while (p->md.dag_mem_top - p->md.dag_mem_bottom >= dag_record_size) {
224
unsigned short packet_len = 0;
226
struct pcap_pkthdr pcap_header;
228
dag_record_t *header = (dag_record_t *)(p->md.dag_mem_base + p->md.dag_mem_bottom);
229
u_char *dp = ((u_char *)header) + dag_record_size;
233
* Has "pcap_breakloop()" been called?
237
* Yes - clear the flag that indicates that
238
* it has, and return -2 to indicate that
239
* we were told to break out of the loop.
245
rlen = ntohs(header->rlen);
246
if (rlen < dag_record_size)
248
strncpy(p->errbuf, "dag_read: record too small", PCAP_ERRBUF_SIZE);
251
p->md.dag_mem_bottom += rlen;
253
switch(header->type) {
256
if (header->type == TYPE_AAL5) {
257
packet_len = ntohs(header->wlen);
258
caplen = rlen - dag_record_size;
260
caplen = packet_len = ATM_CELL_SIZE;
262
if (p->linktype == DLT_SUNATM) {
263
struct sunatm_hdr *sunatm = (struct sunatm_hdr *)dp;
264
unsigned long rawatm;
266
rawatm = ntohl(*((unsigned long *)dp));
267
sunatm->vci = htons((rawatm >> 4) & 0xffff);
268
sunatm->vpi = (rawatm >> 20) & 0x00ff;
269
sunatm->flags = ((header->flags.iface & 1) ? 0x80 : 0x00) |
270
((sunatm->vpi == 0 && sunatm->vci == htons(5)) ? 6 :
271
((sunatm->vpi == 0 && sunatm->vci == htons(16)) ? 5 :
272
((dp[ATM_HDR_SIZE] == 0xaa &&
273
dp[ATM_HDR_SIZE+1] == 0xaa &&
274
dp[ATM_HDR_SIZE+2] == 0x03) ? 2 : 1)));
277
packet_len -= ATM_HDR_SIZE;
278
caplen -= ATM_HDR_SIZE;
284
packet_len = ntohs(header->wlen);
285
packet_len -= (p->md.dag_fcs_bits >> 3);
286
caplen = rlen - dag_record_size - 2;
287
if (caplen > packet_len) {
294
packet_len = ntohs(header->wlen);
295
packet_len -= (p->md.dag_fcs_bits >> 3);
296
caplen = rlen - dag_record_size;
297
if (caplen > packet_len) {
303
if (caplen > p->snapshot)
304
caplen = p->snapshot;
306
/* Count lost packets. */
308
if (p->md.stat.ps_drop > (UINT_MAX - ntohs(header->lctr))) {
309
p->md.stat.ps_drop = UINT_MAX;
311
p->md.stat.ps_drop += ntohs(header->lctr);
315
/* Run the packet filter if there is one. */
316
if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, dp, packet_len, caplen)) {
318
/* convert between timestamp formats */
319
register unsigned long long ts;
321
if (IS_BIGENDIAN()) {
322
ts = SWAP_TS(header->ts);
327
pcap_header.ts.tv_sec = ts >> 32;
328
ts = (ts & 0xffffffffULL) * 1000000;
329
ts += 0x80000000; /* rounding */
330
pcap_header.ts.tv_usec = ts >> 32;
331
if (pcap_header.ts.tv_usec >= 1000000) {
332
pcap_header.ts.tv_usec -= 1000000;
333
pcap_header.ts.tv_sec++;
336
/* Fill in our own header data */
337
pcap_header.caplen = caplen;
338
pcap_header.len = packet_len;
340
/* Count the packet. */
341
p->md.stat.ps_recv++;
343
/* Call the user supplied callback function */
344
callback(user, &pcap_header, dp);
346
/* Only count packets that pass the filter, for consistency with standard Linux behaviour. */
348
if (processed == cnt)
350
/* Reached the user-specified limit. */
356
if (nonblocking || processed)
366
dag_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
368
strlcpy(p->errbuf, "Sending packets isn't supported on DAG cards",
374
* Get a handle for a live capture from the given DAG device. Passing a NULL
375
* device will result in a failure. The promisc flag is ignored because DAG
376
* cards are always promiscuous. The to_ms parameter is also ignored as it is
377
* not supported in hardware.
382
dag_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf)
384
char conf[30]; /* dag configure string */
390
if (device == NULL) {
391
snprintf(ebuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno));
394
/* Allocate a handle for this session. */
396
handle = malloc(sizeof(*handle));
397
if (handle == NULL) {
398
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc %s: %s", device, pcap_strerror(errno));
402
/* Initialize some components of the pcap structure. */
404
memset(handle, 0, sizeof(*handle));
406
if (strstr(device, "/dev") == NULL) {
407
char * newDev = (char *)malloc(strlen(device) + 6);
409
strcat(newDev, "/dev/");
410
strcat(newDev,device);
413
device = strdup(device);
416
if (device == NULL) {
417
snprintf(ebuf, PCAP_ERRBUF_SIZE, "str_dup: %s\n", pcap_strerror(errno));
421
/* setup device parameters */
422
if((handle->fd = dag_open((char *)device)) < 0) {
423
snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_open %s: %s", device, pcap_strerror(errno));
427
/* set the card snap length to the specified snaplen parameter */
428
if (snaplen == 0 || snaplen > MAX_DAG_SNAPLEN) {
429
snaplen = MAX_DAG_SNAPLEN;
430
} else if (snaplen < MIN_DAG_SNAPLEN) {
431
snaplen = MIN_DAG_SNAPLEN;
433
/* snap len has to be a multiple of 4 */
434
snprintf(conf, 30, "varlen slen=%d", (snaplen + 3) & ~3);
436
if(dag_configure(handle->fd, conf) < 0) {
437
snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_configure %s: %s\n", device, pcap_strerror(errno));
441
if((handle->md.dag_mem_base = dag_mmap(handle->fd)) == MAP_FAILED) {
442
snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_mmap %s: %s\n", device, pcap_strerror(errno));
446
if(dag_start(handle->fd) < 0) {
447
snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_start %s: %s\n", device, pcap_strerror(errno));
452
* Important! You have to ensure bottom is properly
453
* initialized to zero on startup, it won't give you
454
* a compiler warning if you make this mistake!
456
handle->md.dag_mem_bottom = 0;
457
handle->md.dag_mem_top = 0;
458
handle->md.dag_fcs_bits = 32;
460
/* Query the card first for special cases. */
461
daginf = dag_info(handle->fd);
462
if ((0x4200 == daginf->device_code) || (0x4230 == daginf->device_code))
464
/* DAG 4.2S and 4.23S already strip the FCS. Stripping the final word again truncates the packet. */
465
handle->md.dag_fcs_bits = 0;
468
/* Then allow an environment variable to override. */
469
if ((s = getenv("ERF_FCS_BITS")) != NULL) {
470
if ((n = atoi(s)) == 0 || n == 16|| n == 32) {
471
handle->md.dag_fcs_bits = n;
473
snprintf(ebuf, PCAP_ERRBUF_SIZE,
474
"pcap_open_live %s: bad ERF_FCS_BITS value (%d) in environment\n", device, n);
479
handle->snapshot = snaplen;
480
/*handle->md.timeout = to_ms; */
482
handle->linktype = -1;
483
if (dag_get_datalink(handle) < 0) {
484
strcpy(ebuf, handle->errbuf);
490
if (new_pcap_dag(handle) < 0) {
491
snprintf(ebuf, PCAP_ERRBUF_SIZE, "new_pcap_dag %s: %s\n", device, pcap_strerror(errno));
496
* "select()" and "poll()" don't (yet) work on DAG device descriptors.
498
handle->selectable_fd = -1;
501
handle->md.device = (char *)device;
503
free((char *)device);
507
handle->read_op = dag_read;
508
handle->inject_op = dag_inject;
509
handle->setfilter_op = dag_setfilter;
510
handle->set_datalink_op = dag_set_datalink;
511
handle->getnonblock_op = pcap_getnonblock_fd;
512
handle->setnonblock_op = dag_setnonblock;
513
handle->stats_op = dag_stats;
514
handle->close_op = dag_platform_close;
519
if (device != NULL) {
520
free((char *)device);
522
if (handle != NULL) {
524
* Get rid of any link-layer type list we allocated.
526
if (handle->dlt_list != NULL) {
527
free(handle->dlt_list);
536
dag_stats(pcap_t *p, struct pcap_stat *ps) {
537
/* This needs to be filled out correctly. Hopefully a dagapi call will
538
provide all necessary information.
540
/*p->md.stat.ps_recv = 0;*/
541
/*p->md.stat.ps_drop = 0;*/
549
* Get from "/proc/dag" all interfaces listed there; if they're
550
* already in the list of interfaces we have, that won't add another
551
* instance, but if they're not, that'll add them.
553
* We don't bother getting any addresses for them.
555
* We also don't fail if we couldn't open "/proc/dag"; we just leave
556
* the list of interfaces as is.
559
dag_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
565
char name[512]; /* XXX - pick a size */
569
/* Quick exit if /proc/dag not readable */
570
proc_dag_f = fopen("/proc/dag", "r");
571
if (proc_dag_f == NULL)
574
char dev[16] = "dagx";
576
for (i = '0'; ret == 0 && i <= '9'; i++) {
578
if (pcap_add_if(devlistp, dev, 0, NULL, errbuf) == -1) {
589
for (linenum = 1; fgets(linebuf, sizeof linebuf, proc_dag_f) != NULL; linenum++) {
592
* Skip the first two lines - they're headers.
599
if (*p == '\0' || *p == '\n' || *p != 'D')
600
continue; /* not a Dag line */
603
* Get the interface name.
606
while (*p != '\0' && *p != ':') {
608
*q++ = tolower(*p++);
615
* Add an entry for this interface, with no addresses.
617
p[strlen(p) - 1] = '\0'; /* get rid of \n */
618
if (pcap_add_if(devlistp, name, 0, strdup(p + 2), errbuf) == -1) {
628
* Well, we didn't fail for any other reason; did we
629
* fail due to an error reading the file?
631
if (ferror(proc_dag_f)) {
632
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
633
"Error reading /proc/dag: %s",
634
pcap_strerror(errno));
639
(void)fclose(proc_dag_f);
644
* Installs the given bpf filter program in the given pcap structure. There is
645
* no attempt to store the filter in kernel memory as that is not supported
649
dag_setfilter(pcap_t *p, struct bpf_program *fp)
654
strncpy(p->errbuf, "setfilter: No filter specified",
659
/* Make our private copy of the filter */
661
if (install_bpf_program(p, fp) < 0)
670
dag_set_datalink(pcap_t *p, int dlt)
678
dag_setnonblock(pcap_t *p, int nonblock, char *errbuf)
681
* Set non-blocking mode on the FD.
682
* XXX - is that necessary? If not, don't bother calling it,
683
* and have a "dag_getnonblock()" function that looks at
684
* "p->md.dag_offset_flags".
686
if (pcap_setnonblock_fd(p, nonblock, errbuf) < 0)
690
p->md.dag_offset_flags |= DAGF_NONBLOCK;
692
p->md.dag_offset_flags &= ~DAGF_NONBLOCK;
698
dag_get_datalink(pcap_t *p)
702
if (p->dlt_list == NULL && (p->dlt_list = malloc(2*sizeof(*(p->dlt_list)))) == NULL) {
703
(void)snprintf(p->errbuf, sizeof(p->errbuf), "malloc: %s", pcap_strerror(errno));
707
/* Check the type through a dagapi call. */
708
daglinktype = dag_linktype(p->fd);
710
switch(daglinktype) {
713
if (p->dlt_list != NULL) {
715
p->dlt_list[0] = DLT_CHDLC;
716
p->dlt_list[1] = DLT_PPP_SERIAL;
718
p->linktype = DLT_CHDLC;
723
* This is (presumably) a real Ethernet capture; give it a
724
* link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
725
* that an application can let you choose it, in case you're
726
* capturing DOCSIS traffic that a Cisco Cable Modem
727
* Termination System is putting out onto an Ethernet (it
728
* doesn't put an Ethernet header onto the wire, it puts raw
729
* DOCSIS frames out on the wire inside the low-level
732
if (p->dlt_list != NULL) {
734
p->dlt_list[0] = DLT_EN10MB;
735
p->dlt_list[1] = DLT_DOCSIS;
737
p->linktype = DLT_EN10MB;
742
if (p->dlt_list != NULL) {
744
p->dlt_list[0] = DLT_ATM_RFC1483;
745
p->dlt_list[1] = DLT_SUNATM;
747
p->linktype = DLT_ATM_RFC1483;
752
p->linktype = DLT_NULL;
756
snprintf(p->errbuf, sizeof(p->errbuf), "unknown DAG linktype %d\n", daglinktype);