pcap-dag.c

用来监视网络通信数据的源代码和应用程序,方便网络程序底层开发.

/*
 * pcap-dag.c: Packet capture interface for Endace DAG card.
 *
 * The functionality of this code attempts to mimic that of pcap-linux as much
 * as possible.  This code is compiled in several different ways depending on
 * whether DAG_ONLY and HAVE_DAG_API are defined.  If HAVE_DAG_API is not
 * defined it should not get compiled in, otherwise if DAG_ONLY is defined then
 * the 'dag_' function calls are renamed to 'pcap_' equivalents.  If DAG_ONLY
 * is not defined then nothing is altered - the dag_ functions will be
 * called as required from their pcap-linux/bpf equivalents.
 *
 * Author: Richard Littin, Sean Irvine ({richard,sean}@reeltwo.com)
 *
 * Modifications:
 *   2003 May - Jesper Peterson <support@endace.com>
 *              Code shuffled around to suit fad-xxx.c structure
 *              Added atexit() handler to stop DAG if application is too lazy
 *   2003 September - Koryn Grant <koryn@endace.com>
 *              Added support for nonblocking operation.
 *              Added support for processing more than a single packet in pcap_dispatch().
 *              Fixed bug in loss counter code.
 *              Improved portability of loss counter code (e.g. use UINT_MAX instead of 0xffff).
 *              Removed unused local variables.
 *              Added required headers (ctype.h, limits.h, unistd.h, netinet/in.h).
 *   2003 October - Koryn Grant <koryn@endace.com.>
 *              Changed semantics to match those of standard pcap on linux.
 *                - packets rejected by the filter are not counted.
 */

#ifndef lint
static const char rcsid[] _U_ =
    "@(#) $Header: /tcpdump/master/libpcap/pcap-dag.c,v 1.10.2.4 2003/11/21 10:20:45 guy Exp $ (LBL)";
#endif

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <sys/param.h>			/* optionally get BSD define */

#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include "pcap-int.h"

#include <ctype.h>
#include <netinet/in.h>
#include <sys/mman.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>

struct mbuf;		/* Squelch compiler warnings on some platforms for */
struct rtentry;		/* declarations in <net/if.h> */
#include <net/if.h>

#include <dagnew.h>
#include <dagapi.h>

#define MIN_DAG_SNAPLEN		12
#define MAX_DAG_SNAPLEN		2040
#define ATM_SNAPLEN		48

typedef struct pcap_dag_node {
  struct pcap_dag_node *next;
  pcap_t *p;
  pid_t pid;
} pcap_dag_node_t;

static pcap_dag_node_t *pcap_dags = NULL;
static int atexit_handler_installed = 0;
static const unsigned short endian_test_word = 0x0100;

#define IS_BIGENDIAN() (*((unsigned char *)&endian_test_word))

/*
 * Swap byte ordering of unsigned long long timestamp on a big endian
 * machine.
 */
#define SWAP_TS(ull)  ((ull & 0xff00000000000000LL) >> 56) | \
                      ((ull & 0x00ff000000000000LL) >> 40) | \
                      ((ull & 0x0000ff0000000000LL) >> 24) | \
                      ((ull & 0x000000ff00000000LL) >> 8)  | \
                      ((ull & 0x00000000ff000000LL) << 8)  | \
                      ((ull & 0x0000000000ff0000LL) << 24) | \
                      ((ull & 0x000000000000ff00LL) << 40) | \
                      ((ull & 0x00000000000000ffLL) << 56)


#ifdef DAG_ONLY
/* This code is required when compiling for a DAG device only. */
#include "pcap-dag.h"

/* Replace dag function names with pcap equivalent. */
#define dag_open_live pcap_open_live
#define dag_platform_finddevs pcap_platform_finddevs
#endif /* DAG_ONLY */

static int dag_setfilter(pcap_t *p, struct bpf_program *fp);
static int dag_stats(pcap_t *p, struct pcap_stat *ps);
static int dag_set_datalink(pcap_t *p, int dlt);
static int dag_get_datalink(pcap_t *p);
static int dag_setnonblock(pcap_t *p, int nonblock, char *errbuf);

static void delete_pcap_dag(pcap_t *p) {
  pcap_dag_node_t *curr = NULL, *prev = NULL;

  for (prev = NULL, curr = pcap_dags;
      curr != NULL && curr->p != p;
      prev = curr, curr = curr->next) {
    /* empty */
  }

  if (curr != NULL && curr->p == p) {
    if (prev != NULL) {
      prev->next = curr->next;
    } else {
      pcap_dags = curr->next;
    }
  }
}

/*
 * Performs a graceful shutdown of the DAG card, frees dynamic memory held
 * in the pcap_t structure, and closes the file descriptor for the DAG card.
 */

static void dag_platform_close(pcap_t *p) {

#ifdef linux
  if (p != NULL && p->md.device != NULL) {
    if(dag_stop(p->fd) < 0)
      fprintf(stderr,"dag_stop %s: %s\n", p->md.device, strerror(errno));
    if(dag_close(p->fd) < 0)
      fprintf(stderr,"dag_close %s: %s\n", p->md.device, strerror(errno));
    
    free(p->md.device);
  }
#else
  if (p != NULL) {
    if(dag_stop(p->fd) < 0)
      fprintf(stderr,"dag_stop: %s\n", strerror(errno));
    if(dag_close(p->fd) < 0)
      fprintf(stderr,"dag_close: %s\n", strerror(errno));
  }
#endif
  delete_pcap_dag(p);
  /* Note: don't need to call close(p->fd) here as dag_close(p->fd) does this. */
}

static void atexit_handler(void) {
  while (pcap_dags != NULL) {
    if (pcap_dags->pid == getpid()) {
      dag_platform_close(pcap_dags->p);
    } else {
      delete_pcap_dag(pcap_dags->p);
    }
  }
}

static int new_pcap_dag(pcap_t *p) {
  pcap_dag_node_t *node = NULL;

  if ((node = malloc(sizeof(pcap_dag_node_t))) == NULL) {
    return -1;
  }

  if (!atexit_handler_installed) {
    atexit(atexit_handler);
    atexit_handler_installed = 1;
  }

  node->next = pcap_dags;
  node->p = p;
  node->pid = getpid();

  pcap_dags = node;

  return 0;
}

/*
 *  Read at most max_packets from the capture stream and call the callback
 *  for each of them. Returns the number of packets handled, -1 if an
 *  error occured, or -2 if we were told to break out of the loop.
 */
static int dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) {
	unsigned int processed = 0;
	int flags = p->md.dag_offset_flags;
	unsigned int nonblocking = flags & DAGF_NONBLOCK;

	for (;;)
	{
		/* Get the next bufferful of packets (if necessary). */
		while (p->md.dag_mem_top - p->md.dag_mem_bottom < dag_record_size) {
 
			/*
			 * Has "pcap_breakloop()" been called?
			 */
			if (p->break_loop) {
				/*
				 * Yes - clear the flag that indicates that
				 * it has, and return -2 to indicate that
				 * we were told to break out of the loop.
				 */
				p->break_loop = 0;
				return -2;
			}

			p->md.dag_mem_top = dag_offset(p->fd, &(p->md.dag_mem_bottom), flags);
			if ((p->md.dag_mem_top - p->md.dag_mem_bottom < dag_record_size) && nonblocking)
			{
				/* Pcap is configured to process only available packets, and there aren't any. */
				return 0;
			}
		}
  
		/* Process the packets. */
		while (p->md.dag_mem_top - p->md.dag_mem_bottom >= dag_record_size) {

			unsigned short packet_len = 0;
			int caplen = 0;
			struct pcap_pkthdr	pcap_header;

			dag_record_t *header = (dag_record_t *)(p->md.dag_mem_base + p->md.dag_mem_bottom);
			u_char *dp = ((u_char *)header) + dag_record_size;
			unsigned short rlen;
 
			/*
			 * Has "pcap_breakloop()" been called?
			 */
			if (p->break_loop) {
				/*
				 * Yes - clear the flag that indicates that
				 * it has, and return -2 to indicate that
				 * we were told to break out of the loop.
				 */
				p->break_loop = 0;
				return -2;
			}
 
			if (IS_BIGENDIAN())
			{
				rlen = header->rlen;
			}
			else
			{
				rlen = ntohs(header->rlen);
			}
			p->md.dag_mem_bottom += rlen;

			switch(header->type) {
			case TYPE_ATM:
				packet_len = ATM_SNAPLEN;
				caplen = ATM_SNAPLEN;
				dp += 4;
				break;

			case TYPE_ETH:
				if (IS_BIGENDIAN())
				{
					packet_len = header->wlen;
				}
				else
				{
					packet_len = ntohs(header->wlen);
				}
				packet_len -= (p->md.dag_fcs_bits >> 3);
				caplen = rlen - dag_record_size - 2;
				if (caplen > packet_len)
				{
					caplen = packet_len;
				}
				dp += 2;
				break;

			case TYPE_HDLC_POS:
				if (IS_BIGENDIAN())
				{
					packet_len = header->wlen;
				}
				else
				{
					packet_len = ntohs(header->wlen);
				}
				packet_len -= (p->md.dag_fcs_bits >> 3);
				caplen = rlen - dag_record_size;
				if (caplen > packet_len)
				{
					caplen = packet_len;
				}
				break;
			}
 
			if (caplen > p->snapshot)
				caplen = p->snapshot;

			/* Count lost packets. */
			if (header->lctr) {
				if (p->md.stat.ps_drop > (UINT_MAX - header->lctr)) {
					p->md.stat.ps_drop = UINT_MAX;
				} else {
					p->md.stat.ps_drop += header->lctr;
				}
			}

			/* Run the packet filter if there is one. */
			if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, dp, packet_len, caplen)) {

				/* convert between timestamp formats */
				register unsigned long long ts;
				
				if (IS_BIGENDIAN())
				{
					ts = SWAP_TS(header->ts);
				}
				else
				{
					ts = header->ts;
				}

				pcap_header.ts.tv_sec  = ts >> 32;
				ts = (ts & 0xffffffffULL) * 1000000;
				ts += 0x80000000; /* rounding */
				pcap_header.ts.tv_usec = ts >> 32;		
				if (pcap_header.ts.tv_usec >= 1000000) {
					pcap_header.ts.tv_usec -= 1000000;
					pcap_header.ts.tv_sec++;
				}

				/* Fill in our own header data */
				pcap_header.caplen = caplen;
				pcap_header.len = packet_len;
  
				/* Count the packet. */
				p->md.stat.ps_recv++;
  
				/* Call the user supplied callback function */
				callback(user, &pcap_header, dp);
  
				/* Only count packets that pass the filter, for consistency with standard Linux behaviour. */
				processed++;
				if (processed == cnt)
				{
					/* Reached the user-specified limit. */
					return cnt;
				}
			}
		}

		if (nonblocking || processed)
		{
			return processed;
		}
	}