pcap-dag.c

Ubuntu packages of security software。 相当不错的源码

 *  cards are always promiscuous.  The to_ms parameter is also ignored as it is
 *  not supported in hardware.
 *  
 *  See also pcap(3).
 */
pcap_t *
dag_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf)
{
	char conf[30]; /* dag configure string */
	pcap_t *handle;
	char *s;
	int n;
	daginf_t* daginf;
	char * newDev;
#ifdef HAVE_DAG_STREAMS_API
	uint32_t mindata;
	struct timeval maxwait;
	struct timeval poll;
#endif

	if (device == NULL) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno));
		return NULL;
	}
	/* Allocate a handle for this session. */

	handle = malloc(sizeof(*handle));
	if (handle == NULL) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc %s: %s", device, pcap_strerror(errno));
		return NULL;
	}
	
	/* Initialize some components of the pcap structure. */
	
	memset(handle, 0, sizeof(*handle));

	newDev = (char *)malloc(strlen(device) + 16);

#ifdef HAVE_DAG_STREAMS_API
	
	/* Parse input name to get dag device and stream number if provided */
	if (dag_parse_name(device, newDev, strlen(device) + 16, &handle->md.dag_stream) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_parse_name: %s\n", pcap_strerror(errno));
		goto fail;
	}
	device = newDev;

	if (handle->md.dag_stream%2) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_parse_name: tx (even numbered) streams not supported for capture\n");
		goto fail;
	}
#else
	if (strstr(device, "/dev") == NULL) {
		newDev[0] = '\0';
		strcat(newDev, "/dev/");
		strcat(newDev,device);
		device = newDev;
	} else {
		device = strdup(device);
	}

	if (device == NULL) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "str_dup: %s\n", pcap_strerror(errno));
		goto fail;
	}
#endif /* HAVE_DAG_STREAMS_API */

	/* setup device parameters */
	if((handle->fd = dag_open((char *)device)) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_open %s: %s", device, pcap_strerror(errno));
		goto fail;
	}

#ifdef HAVE_DAG_STREAMS_API
	/* Open requested stream. Can fail if already locked or on error */
	if (dag_attach_stream(handle->fd, handle->md.dag_stream, 0, 0) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_attach_stream: %s\n", pcap_strerror(errno));
		goto fail;
	}

	/* Set up default poll parameters for stream
	 * Can be overridden by pcap_set_nonblock()
	 */
	if (dag_get_stream_poll(handle->fd, handle->md.dag_stream,
				&mindata, &maxwait, &poll) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_get_stream_poll: %s\n", pcap_strerror(errno));
		goto fail;
	}
	
	/* Amount of data to collect in Bytes before calling callbacks.
	 * Important for efficiency, but can introduce latency
	 * at low packet rates if to_ms not set!
	 */
	mindata = 65536;

	/* Obey to_ms if supplied. This is a good idea!
	 * Recommend 10-100ms. Calls will time out even if no data arrived.
	 */
	maxwait.tv_sec = to_ms/1000;
	maxwait.tv_usec = (to_ms%1000) * 1000;

	if (dag_set_stream_poll(handle->fd, handle->md.dag_stream,
				mindata, &maxwait, &poll) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_set_stream_poll: %s\n", pcap_strerror(errno));
		goto fail;
	}
		
#else
	if((handle->md.dag_mem_base = dag_mmap(handle->fd)) == MAP_FAILED) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_mmap %s: %s\n", device, pcap_strerror(errno));
		goto fail;
	}

#endif /* HAVE_DAG_STREAMS_API */

	/* set the card snap length to the specified snaplen parameter */
	if (snaplen == 0 || snaplen > MAX_DAG_SNAPLEN) {
		snaplen = MAX_DAG_SNAPLEN;
	} else if (snaplen < MIN_DAG_SNAPLEN) {
		snaplen = MIN_DAG_SNAPLEN;
	}
	/* snap len has to be a multiple of 4 */
	snprintf(conf, 30, "varlen slen=%d", (snaplen + 3) & ~3); 

	if(dag_configure(handle->fd, conf) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE,"dag_configure %s: %s\n", device, pcap_strerror(errno));
		goto fail;
	}
		
#ifdef HAVE_DAG_STREAMS_API
	if(dag_start_stream(handle->fd, handle->md.dag_stream) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_start_stream %s: %s\n", device, pcap_strerror(errno));
		goto fail;
	}
#else
	if(dag_start(handle->fd) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "dag_start %s: %s\n", device, pcap_strerror(errno));
		goto fail;
	}
#endif /* HAVE_DAG_STREAMS_API */

	/*
	 * Important! You have to ensure bottom is properly
	 * initialized to zero on startup, it won't give you
	 * a compiler warning if you make this mistake!
	 */
	handle->md.dag_mem_bottom = 0;
	handle->md.dag_mem_top = 0;
	handle->md.dag_fcs_bits = 32;

	/* Query the card first for special cases. */
	daginf = dag_info(handle->fd);
	if ((0x4200 == daginf->device_code) || (0x4230 == daginf->device_code))
	{
		/* DAG 4.2S and 4.23S already strip the FCS.  Stripping the final word again truncates the packet. */
		handle->md.dag_fcs_bits = 0;
	}

	/* Then allow an environment variable to override. */
	if ((s = getenv("ERF_FCS_BITS")) != NULL) {
		if ((n = atoi(s)) == 0 || n == 16|| n == 32) {
			handle->md.dag_fcs_bits = n;
		} else {
			snprintf(ebuf, PCAP_ERRBUF_SIZE,
				"pcap_open_live %s: bad ERF_FCS_BITS value (%d) in environment\n", device, n);
			goto fail;
		}
	}

	handle->snapshot	= snaplen;
	handle->md.dag_timeout	= to_ms;

	handle->linktype = -1;
	if (dag_get_datalink(handle) < 0) {
		strcpy(ebuf, handle->errbuf);
		goto fail;
	}
	
	handle->bufsize = 0;

	if (new_pcap_dag(handle) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "new_pcap_dag %s: %s\n", device, pcap_strerror(errno));
		goto fail;
	}

	/*
	 * "select()" and "poll()" don't work on DAG device descriptors.
	 */
	handle->selectable_fd = -1;

#ifdef linux
	handle->md.device = (char *)device;
	handle->md.timeout = to_ms;
#else
	free((char *)device);
	device = NULL;
#endif

	handle->read_op = dag_read;
	handle->inject_op = dag_inject;
	handle->setfilter_op = dag_setfilter;
	handle->setdirection_op = NULL; /* Not implemented.*/
	handle->set_datalink_op = dag_set_datalink;
	handle->getnonblock_op = pcap_getnonblock_fd;
	handle->setnonblock_op = dag_setnonblock;
	handle->stats_op = dag_stats;
	handle->close_op = dag_platform_close;

	return handle;

fail:
	if (newDev != NULL) {
		free((char *)newDev);
	}
	if (handle != NULL) {
		/*
		 * Get rid of any link-layer type list we allocated.
		 */
		if (handle->dlt_list != NULL) {
			free(handle->dlt_list);
		}
		free(handle);
	}

	return NULL;
}

static int
dag_stats(pcap_t *p, struct pcap_stat *ps) {
	/* This needs to be filled out correctly.  Hopefully a dagapi call will
		 provide all necessary information.
	*/
	/*p->md.stat.ps_recv = 0;*/
	/*p->md.stat.ps_drop = 0;*/
	
	*ps = p->md.stat;
 
	return 0;
}

/*
 * Simply submit all possible dag names as candidates.
 * pcap_add_if() internally tests each candidate with pcap_open_live(),
 * so any non-existent devices are dropped.
 * For 2.5 try all rx stream names as well.
 */
int
dag_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
{
	char name[12];	/* XXX - pick a size */
	int ret = 0;
	int c;

	/* Try all the DAGs 0-9 */
	for (c = 0; c < 9; c++) {
		snprintf(name, 12, "dag%d", c);
		if (pcap_add_if(devlistp, name, 0, NULL, errbuf) == -1) {
			/*
			 * Failure.
			 */
			ret = -1;
		}
#ifdef HAVE_DAG_STREAMS_API
		{
			int stream;
			for(stream=0;stream<16;stream+=2) {
				snprintf(name,  10, "dag%d:%d", c, stream);
				if (pcap_add_if(devlistp, name, 0, NULL, errbuf) == -1) {
					/*
					 * Failure.
					 */
					ret = -1;
				}
			}				
		}
#endif  /* HAVE_DAG_STREAMS_API */
	}
	return (ret);
}

/*
 * Installs the given bpf filter program in the given pcap structure.  There is
 * no attempt to store the filter in kernel memory as that is not supported
 * with DAG cards.
 */
static int
dag_setfilter(pcap_t *p, struct bpf_program *fp)
{
	if (!p)
		return -1;
	if (!fp) {
		strncpy(p->errbuf, "setfilter: No filter specified",
			sizeof(p->errbuf));
		return -1;
	}

	/* Make our private copy of the filter */

	if (install_bpf_program(p, fp) < 0)
		return -1;

	p->md.use_bpf = 0;

	return (0);
}

static int
dag_set_datalink(pcap_t *p, int dlt)
{
	p->linktype = dlt;

	return (0);
}

static int
dag_setnonblock(pcap_t *p, int nonblock, char *errbuf)
{
	/*
	 * Set non-blocking mode on the FD.
	 * XXX - is that necessary?  If not, don't bother calling it,
	 * and have a "dag_getnonblock()" function that looks at
	 * "p->md.dag_offset_flags".
	 */
	if (pcap_setnonblock_fd(p, nonblock, errbuf) < 0)
		return (-1);
#ifdef HAVE_DAG_STREAMS_API
	{
		uint32_t mindata;
		struct timeval maxwait;
		struct timeval poll;
		
		if (dag_get_stream_poll(p->fd, p->md.dag_stream,
					&mindata, &maxwait, &poll) < 0) {
			snprintf(errbuf, PCAP_ERRBUF_SIZE, "dag_get_stream_poll: %s\n", pcap_strerror(errno));
			return -1;
		}
		
		/* Amount of data to collect in Bytes before calling callbacks.
		 * Important for efficiency, but can introduce latency
		 * at low packet rates if to_ms not set!
		 */
		if(nonblock)
			mindata = 0;
		else
			mindata = 65536;
		
		if (dag_set_stream_poll(p->fd, p->md.dag_stream,
					mindata, &maxwait, &poll) < 0) {
			snprintf(errbuf, PCAP_ERRBUF_SIZE, "dag_set_stream_poll: %s\n", pcap_strerror(errno));
			return -1;
		}
	}
#endif /* HAVE_DAG_STREAMS_API */
	if (nonblock) {
		p->md.dag_offset_flags |= DAGF_NONBLOCK;
	} else {
		p->md.dag_offset_flags &= ~DAGF_NONBLOCK;
	}
	return (0);
}
		
static int
dag_get_datalink(pcap_t *p)
{
	int daglinktype;

	if (p->dlt_list == NULL && (p->dlt_list = malloc(2*sizeof(*(p->dlt_list)))) == NULL) {
		(void)snprintf(p->errbuf, sizeof(p->errbuf), "malloc: %s", pcap_strerror(errno));
		return (-1);
	}

	/* Check the type through a dagapi call. */
	daglinktype = dag_linktype(p->fd);

	switch(daglinktype) {

	case TYPE_HDLC_POS:
	case TYPE_COLOR_HDLC_POS:
		if (p->dlt_list != NULL) {
			p->dlt_count = 2;
			p->dlt_list[0] = DLT_CHDLC;
			p->dlt_list[1] = DLT_PPP_SERIAL;
			p->dlt_list[2] = DLT_FRELAY;
		}
		p->linktype = DLT_CHDLC;
		break;

	case TYPE_ETH:
	case TYPE_COLOR_ETH:
		/*
		 * This is (presumably) a real Ethernet capture; give it a
		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
		 * that an application can let you choose it, in case you're
		 * capturing DOCSIS traffic that a Cisco Cable Modem
		 * Termination System is putting out onto an Ethernet (it
		 * doesn't put an Ethernet header onto the wire, it puts raw
		 * DOCSIS frames out on the wire inside the low-level
		 * Ethernet framing).
		 */
		if (p->dlt_list != NULL) {
			p->dlt_count = 2;
			p->dlt_list[0] = DLT_EN10MB;
			p->dlt_list[1] = DLT_DOCSIS;
		}
		p->linktype = DLT_EN10MB;
		break;

	case TYPE_AAL5:
	case TYPE_ATM: 
	case TYPE_MC_ATM:
	case TYPE_MC_AAL5:
		if (p->dlt_list != NULL) {
			p->dlt_count = 2;
			p->dlt_list[0] = DLT_ATM_RFC1483;
			p->dlt_list[1] = DLT_SUNATM;
		}
		p->linktype = DLT_ATM_RFC1483;
		break;

	case TYPE_MC_HDLC:
		if (p->dlt_list != NULL) {
			p->dlt_count = 4;
			p->dlt_list[0] = DLT_CHDLC;
			p->dlt_list[1] = DLT_PPP_SERIAL;
			p->dlt_list[2] = DLT_FRELAY;
			p->dlt_list[3] = DLT_MTP2;
		}
		p->linktype = DLT_CHDLC;
		break;

	case TYPE_LEGACY:
		p->linktype = DLT_NULL;
		break;

	default:
		snprintf(p->errbuf, sizeof(p->errbuf), "unknown DAG linktype %d\n", daglinktype);
		return (-1);

	}

	return p->linktype;
}