if.c

* A ncurses user interface. * Network statistics to view the amount of packets and data in many

/*

  This file is part of sniffer, a packet capture utility and
  network moniter
  The author can be contacted at <mistral@stev.org>
  the lastest version is avilable from 
  http://stev.org

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <pthread.h>
#include <time.h>
#include <fcntl.h>

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>

#include "config.h"
#include "locks.h"
#include "list.h"
#include "arp.h"
#include "sniff.h"
#include "stat.h"
#include "log.h"
#include "ip.h"
#include "if.h"

struct list_t *if_list;
pthread_mutex_t if_mutex = PTHREAD_MUTEX_INITIALIZER;

/* The new way to read from the socket */
/* this should be able to tell that interface the packet came from */
/* and then send it to the correct handler */
int inline if_handle(struct sniff_pkt *pkt, struct sockaddr_ll *fromaddr, void *data) {
	struct if_stat cmp; /* used for the searches */
	struct if_stat *tmp; /* used for stats */
	int i;

	SLOCK(&if_mutex); /* we need to lock the list */

	cmp.if_index = fromaddr->sll_ifindex;
	i = list_search(if_list, &cmp);
	if (i < 0) {
		tmp = if_add(fromaddr);
		if (!tmp)
			return -1; /* something bad happened */
	} else {
		tmp = list_get(if_list, i);
	}

	SLOCK(&tmp->mutex); /* lock the single record */
	SUNLOCK(&if_mutex); /* unlock the whole list */

	pkt->if_index = tmp->if_index;
	pkt->if_name = &tmp->if_name[0];

	/* work out which packet type it is */
	switch(fromaddr->sll_hatype) {
		case LINK_ETHERNET: /* ethernet packet */
			return if_eth(pkt, tmp, fromaddr, data);
			break;
		case LINK_PPP:
			return if_raw(pkt, tmp, fromaddr, data);
			break;
		case ARPHRD_LOOPBACK:
			return if_lo(pkt, tmp, fromaddr, data);
			break;
		case ARPHRD_PPP:
			return if_raw(pkt, tmp, fromaddr, data);
			break;
		default:
			stat_global.dropped++;
			tmp->all_stat.dropped++;
			SUNLOCK(&tmp->mutex); /* nobody else got it !! */
			log_error("if_handle: Packet Type %d Not Known\n", fromaddr->sll_hatype);
			break;
	} /* end of hardware types */
	return -2;
}

struct if_stat *if_add(struct sockaddr_ll *fromaddr) {
	struct ifreq ifr;
	struct if_stat *tmp;
	int i, total;

	total = list_length(if_list);

	for(i=0;i<total;i++) {
		tmp = list_get(if_list, i);
		SLOCK(&tmp->mutex);
		bzero(&ifr, sizeof(ifr));
		ifr.ifr_ifru.ifru_ivalue = fromaddr->sll_ifindex;
		if (ioctl(sockfd, SIOCGIFNAME, &ifr) < 0) {
			log_errno("ioctl");
		} else { /* do a string compare for if name */
			if (strcmp(&ifr.ifr_ifrn.ifrn_name[0], &tmp->if_name[0]) == 0) {
				tmp->if_index = fromaddr->sll_ifindex;
				/* FIXME we need to call stuff to change if_index on other data eg ARP */
				SUNLOCK(&tmp->mutex);
				return tmp;
			}
		}
		SUNLOCK(&tmp->mutex);
	}

	/* if we get down here create a new record */

	tmp = malloc( sizeof(struct if_stat));
	if (!tmp) {
		log_errno("malloc");
		return NULL;
	}

	init_stat(&tmp->all_stat, "ALL");
	init_stat(&tmp->in_stat,  "IN");
	init_stat(&tmp->out_stat, "OUT");
	init_stat(&tmp->other_stat, "OTHER");
	tmp->if_index = fromaddr->sll_ifindex;
	pthread_mutex_init(&tmp->mutex, NULL);

	bzero(&ifr, sizeof(ifr));
	ifr.ifr_ifru.ifru_ivalue = fromaddr->sll_ifindex;

	if (ioctl(sockfd, SIOCGIFNAME, &ifr) < 0) {
		log_errno("ioctl");
		sprintf(&tmp->if_name[0], "IF%d\n", fromaddr->sll_ifindex);
	}
	strcpy(&tmp->if_name[0], &ifr.ifr_ifrn.ifrn_name[0]);
	list_add_sort(if_list, tmp);

	return tmp;
}

int if_cmp_index(struct if_stat *c1, struct if_stat *c2) {
	if (c1->if_index > c2->if_index) return -1;
	if (c1->if_index < c2->if_index) return 1;
	if (c1->if_index == c2->if_index) return 0;
	return 0;
}

int if_init() {
	SLOCK(&if_mutex);
	if_list = list_init();
	list_setcmp(if_list, (void *) if_cmp_index);
	SUNLOCK(&if_mutex);
	return 0;
}

/* Functions for different interfaces */
int inline if_eth(struct sniff_pkt *pkt, struct if_stat *interface, struct sockaddr_ll *fromaddr, char *data) {
	struct ethhdr *eth_packet; /* ethernet packet */
	char *pointer = data;

	if (pkt->dataleft < sizeof(struct ethhdr))
		return -10;

	/* move forward */
	eth_packet = (struct ethhdr *) data;
	pointer += sizeof(struct ethhdr);
	pkt->dataleft -= sizeof(struct ethhdr);

	interface->all_stat.packets++;
	interface->all_stat.bytes += pkt->readlen;

	/* time to find out what ethernet packet it is */

	switch(fromaddr->sll_pkttype) {
		case PACKET_HOST:
			interface->in_stat.packets++;
			interface->in_stat.bytes += pkt->readlen;
			break;
		case PACKET_OUTGOING:
			interface->out_stat.packets++;
			interface->out_stat.bytes += pkt->readlen;
			break;
		default:
			interface->other_stat.packets++;
			interface->other_stat.bytes += pkt->readlen;
			break;
	}

	SUNLOCK(&interface->mutex); /* it arrives locked */

	switch( ntohs(eth_packet->h_proto)) {  
		case ETH_P_ARP: /* arp packets */
			return arp_handle(pkt, pointer);
			break;
		case ETH_P_IP: /* ip - tcp/udp/icmp */
			return ip_handle(pkt, (void *) pointer);
			break;
		default:
			stat_global.dropped++;
			log_error("sniff_eth Unsupported Packet Type: %x\n", ntohs(eth_packet->h_proto));
			break;
	} /* end switch ethetnet packet type */
	return -2;
}                       


int inline if_lo(struct sniff_pkt *pkt, struct if_stat *interface, struct sockaddr_ll *fromaddr, char *data) {
	struct ethhdr *eth_packet; /* ethernet packet */
	char *pointer = data;

	if (pkt->dataleft < sizeof(struct ethhdr))
		return -10;

	eth_packet = (struct ethhdr *) data;
	pointer += sizeof(struct ethhdr);
	pkt->dataleft -= sizeof(struct ethhdr);

	/* NOTE on a loop back interface we will see all
	data twice we dont want this so jump out ASAP */

	switch(fromaddr->sll_pkttype) {
		case PACKET_HOST:
			interface->all_stat.packets++;
			interface->all_stat.bytes += pkt->readlen;
			break;
		default:
			/* on the local if we get both in / out which are the same packet */
			SUNLOCK(&interface->mutex);
			return 0;
			break;
	}
	SUNLOCK(&interface->mutex);

	/* time to find out what ethernet packet it is */
	switch( ntohs(eth_packet->h_proto)) {  
		case ETH_P_ARP: /* arp packets */
			return arp_handle(pkt, pointer);
			break;
		case ETH_P_IP: /* ip - tcp/udp/icmp */
			return ip_handle(pkt, (void *) pointer);
			break;
		default:
			stat_global.dropped++;
			log_error("sniff_eth Unsupported Packet Type: %x\n", ntohs(eth_packet->h_proto));
			break;
	} /* end switch ethetnet packet type */
	return -2;
}                       


int inline if_raw(struct sniff_pkt *pkt, struct if_stat *interface, struct sockaddr_ll *fromaddr, char *data) {

	switch(fromaddr->sll_pkttype) {
		case PACKET_HOST:
			interface->in_stat.packets++;
			interface->in_stat.bytes += pkt->readlen;
			break;
		case PACKET_OUTGOING:
			interface->out_stat.packets++;
			interface->out_stat.bytes += pkt->readlen;
			break;
		default:
			interface->other_stat.packets++;
			interface->other_stat.bytes += pkt->readlen;
			break;
	}

	interface->all_stat.packets++;
	interface->all_stat.bytes += pkt->readlen;

	SUNLOCK(&interface->mutex);

	switch(ntohs(fromaddr->sll_protocol)) {
		case ETH_P_IP:
			return ip_handle(pkt, (void *) data);
			break;
		default:
			log_error("sniff_raw Unsupported Packet: %x\n", ntohs(fromaddr->sll_protocol));
			return -2;
			break;
	} /* end of different protocls */
	return -3;
}