1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 27 */ 28 29 #ifndef _SNOOP_H 30 #define _SNOOP_H 31 32 #include <rpc/types.h> 33 #include <sys/pfmod.h> 34 #include <sys/time.h> 35 #include <sys/types.h> 36 #include <sys/socket.h> 37 #include <sys/bufmod.h> 38 #include <net/if.h> 39 #include <netinet/in.h> 40 #include <netinet/if_ether.h> 41 #include <netinet/in_systm.h> 42 #include <netinet/ip.h> 43 #include <netinet/ip6.h> 44 #include <netinet/ip_icmp.h> 45 #include <netinet/icmp6.h> 46 #include <net/pppoe.h> 47 #include <libdlpi.h> 48 #include <note.h> 49 50 #ifdef __cplusplus 51 extern "C" { 52 #endif 53 54 /* 55 * Flags to control packet info display 56 */ 57 #define F_NOW 0x00000001 /* display in realtime */ 58 #define F_SUM 0x00000002 /* display summary line */ 59 #define F_ALLSUM 0x00000004 /* display all summary lines */ 60 #define F_DTAIL 0x00000008 /* display detail lines */ 61 #define F_TIME 0x00000010 /* display time */ 62 #define F_ATIME 0x00000020 /* display absolute time */ 63 #define F_RTIME 0x00000040 /* display relative time */ 64 #define F_DROPS 0x00000080 /* display drops */ 65 #define F_LEN 0x00000100 /* display pkt length */ 66 #define F_NUM 0x00000200 /* display pkt number */ 67 #define F_WHO 0x00000400 /* display src/dst */ 68 69 #define MAXLINE (1088) /* max len of detail line */ 70 71 /* 72 * The RPC XID cache structure. 73 * When analyzing RPC protocols we 74 * have to cache the xid of the RPC 75 * request together with the program 76 * number, proc, version etc since this 77 * information is missing in the reply 78 * packet. Using the xid in the reply 79 * we can lookup this previously stashed 80 * information in the cache. 81 * 82 * For RPCSEC_GSS flavor, some special processing is 83 * needed for the argument interpretation based on its 84 * control procedure and service type. This information 85 * is stored in the cache table during interpretation of 86 * the rpc header and will be referenced later when the rpc 87 * argument is interpreted. 88 */ 89 #define XID_CACHE_SIZE 256 90 struct cache_struct { 91 int xid_num; /* RPC transaction id */ 92 int xid_frame; /* Packet number */ 93 int xid_prog; /* RPC program number */ 94 int xid_vers; /* RPC version number */ 95 int xid_proc; /* RPC procedure number */ 96 unsigned int xid_gss_proc; /* control procedure */ 97 int xid_gss_service; /* none, integ, priv */ 98 } xid_cache[XID_CACHE_SIZE]; 99 100 101 /* 102 * The following macros advance the pointer passed to them. They 103 * assume they are given a char *. 104 */ 105 #define GETINT8(v, ptr) { \ 106 (v) = (*(ptr)++); \ 107 } 108 109 #define GETINT16(v, ptr) { \ 110 (v) = *(ptr)++ << 8; \ 111 (v) |= *(ptr)++; \ 112 } 113 114 #define GETINT32(v, ptr) { \ 115 (v) = *(ptr)++ << 8; \ 116 (v) |= *(ptr)++; (v) <<= 8; \ 117 (v) |= *(ptr)++; (v) <<= 8; \ 118 (v) |= *(ptr)++; \ 119 } 120 121 /* 122 * Used to print nested protocol layers. For example, an ip datagram included 123 * in an icmp error, or a PPP packet included in an LCP protocol reject.. 124 */ 125 extern char *prot_nest_prefix; 126 127 extern char *get_sum_line(void); 128 extern char *get_detail_line(int, int); 129 extern int want_packet(uchar_t *, int, int); 130 extern void set_vlan_id(int); 131 extern struct timeval prev_time; 132 extern void process_pkt(struct sb_hdr *, char *, int, int); 133 extern char *getflag(int, int, char *, char *); 134 extern void show_header(char *, char *, int); 135 extern void show_count(void); 136 extern void xdr_init(char *, int); 137 extern char *get_line(int, int); 138 extern int get_line_remain(void); 139 extern char getxdr_char(void); 140 extern char showxdr_char(char *); 141 extern uchar_t getxdr_u_char(void); 142 extern uchar_t showxdr_u_char(char *); 143 extern short getxdr_short(void); 144 extern short showxdr_short(char *); 145 extern ushort_t getxdr_u_short(void); 146 extern ushort_t showxdr_u_short(char *); 147 extern long getxdr_long(void); 148 extern long showxdr_long(char *); 149 extern ulong_t getxdr_u_long(void); 150 extern ulong_t showxdr_u_long(char *); 151 extern longlong_t getxdr_longlong(void); 152 extern longlong_t showxdr_longlong(char *); 153 extern u_longlong_t getxdr_u_longlong(void); 154 extern u_longlong_t showxdr_u_longlong(char *); 155 extern char *getxdr_opaque(char *, int); 156 extern char *getxdr_string(char *, int); 157 extern char *showxdr_string(int, char *); 158 extern char *getxdr_bytes(uint_t *); 159 extern void xdr_skip(int); 160 extern int getxdr_pos(void); 161 extern void setxdr_pos(int); 162 extern char *getxdr_context(char *, int); 163 extern char *showxdr_context(char *); 164 extern enum_t getxdr_enum(void); 165 extern void show_space(void); 166 extern void show_trailer(void); 167 extern char *getxdr_date(void); 168 extern char *showxdr_date(char *); 169 extern char *getxdr_date_ns(void); 170 char *format_time(int64_t sec, uint32_t nsec); 171 extern char *showxdr_date_ns(char *); 172 extern char *getxdr_hex(int); 173 extern char *showxdr_hex(int, char *); 174 extern bool_t getxdr_bool(void); 175 extern bool_t showxdr_bool(char *); 176 extern char *concat_args(char **, int); 177 extern int pf_compile(char *, int); 178 extern void compile(char *, int); 179 extern void load_names(char *); 180 extern void cap_write(struct sb_hdr *, char *, int, int); 181 extern void cap_open_read(const char *); 182 extern void cap_open_write(const char *); 183 extern void cap_read(int, int, int, void (*)(), int); 184 extern void cap_close(void); 185 extern boolean_t open_datalink(dlpi_handle_t *, const char *); 186 extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *, 187 struct Pf_ext_packetfilt *); 188 extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int); 189 extern void click(int); 190 extern void show_pktinfo(int, int, char *, char *, struct timeval *, 191 struct timeval *, int, int); 192 extern void show_line(char *); 193 /*PRINTFLIKE1*/ 194 extern void show_printf(char *fmt, ...) 195 __PRINTFLIKE(1); 196 extern char *getxdr_time(void); 197 extern char *showxdr_time(char *); 198 extern char *addrtoname(int, const void *); 199 extern char *show_string(const char *, int, int); 200 extern void pr_err(const char *, ...); 201 extern void pr_errdlpi(dlpi_handle_t, const char *, int); 202 extern void check_retransmit(char *, ulong_t); 203 extern char *nameof_prog(int); 204 extern char *getproto(int); 205 extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *); 206 extern void protoprint(int, int, ulong_t, int, int, int, char *, int); 207 extern char *getportname(int, in_port_t); 208 209 extern void interpret_arp(int, struct arphdr *, int); 210 extern void interpret_bparam(int, int, int, int, int, char *, int); 211 extern void interpret_dns(int, int, const uchar_t *, int, int); 212 extern void interpret_mount(int, int, int, int, int, char *, int); 213 extern void interpret_nfs(int, int, int, int, int, char *, int); 214 extern void interpret_nfs3(int, int, int, int, int, char *, int); 215 extern void interpret_nfs4(int, int, int, int, int, char *, int); 216 extern void interpret_nfs4_cb(int, int, int, int, int, char *, int); 217 extern void interpret_nfs_acl(int, int, int, int, int, char *, int); 218 extern void interpret_nis(int, int, int, int, int, char *, int); 219 extern void interpret_nisbind(int, int, int, int, int, char *, int); 220 extern void interpret_nlm(int, int, int, int, int, char *, int); 221 extern void interpret_pmap(int, int, int, int, int, char *, int); 222 extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int); 223 extern void interpret_rquota(int, int, int, int, int, char *, int); 224 extern void interpret_rstat(int, int, int, int, int, char *, int); 225 extern void interpret_solarnet_fw(int, int, int, int, int, char *, int); 226 extern void interpret_ldap(int, char *, int, int, int); 227 extern void interpret_icmp(int, struct icmp *, int, int); 228 extern void interpret_icmpv6(int, icmp6_t *, int, int); 229 extern int interpret_ip(int, const struct ip *, int); 230 extern int interpret_ipv6(int, const ip6_t *, int); 231 extern int interpret_ppp(int, uchar_t *, int); 232 extern int interpret_pppoe(int, poep_t *, int); 233 struct tcphdr; 234 extern int interpret_tcp(int, struct tcphdr *, int, int); 235 struct udphdr; 236 extern int interpret_udp(int, struct udphdr *, int, int); 237 extern int interpret_esp(int, uint8_t *, int, int); 238 extern int interpret_ah(int, uint8_t *, int, int); 239 struct sctp_hdr; 240 extern void interpret_sctp(int, struct sctp_hdr *, int, int); 241 struct dccphdr; 242 extern int interpret_dccp(int, struct dccphdr *, int, int); 243 extern void interpret_mip_cntrlmsg(int, uchar_t *, int); 244 struct dhcp; 245 extern int interpret_dhcp(int, struct dhcp *, int); 246 extern int interpret_dhcpv6(int, const uint8_t *, int); 247 struct tftphdr; 248 extern int interpret_tftp(int, struct tftphdr *, int); 249 extern int interpret_http(int, char *, int); 250 struct ntpdata; 251 extern int interpret_ntp(int, struct ntpdata *, int); 252 extern void interpret_netbios_ns(int, uchar_t *, int); 253 extern void interpret_netbios_datagram(int, uchar_t *, int); 254 extern void interpret_netbios_ses(int, uchar_t *, int); 255 extern void interpret_slp(int, char *, int); 256 struct rip; 257 extern int interpret_rip(int, struct rip *, int); 258 struct rip6; 259 extern int interpret_rip6(int, struct rip6 *, int); 260 extern int interpret_socks_call(int, char *, int); 261 extern int interpret_socks_reply(int, char *, int); 262 extern int interpret_trill(int, struct ether_header **, char *, int *); 263 extern int interpret_isis(int, char *, int, boolean_t); 264 extern int interpret_bpdu(int, char *, int); 265 extern void init_ldap(void); 266 extern boolean_t arp_for_ether(char *, struct ether_addr *); 267 extern char *ether_ouiname(uint32_t); 268 extern char *tohex(char *p, int len); 269 extern char *printether(struct ether_addr *); 270 extern char *print_ethertype(int); 271 extern const char *arp_htype(int); 272 extern int valid_rpc(char *, int); 273 274 /* 275 * Describes characteristics of the Media Access Layer. 276 * The mac_type is one of the supported DLPI media 277 * types (see <sys/dlpi.h>). 278 * The mtu_size is the size of the largest frame. 279 * network_type_offset is where the network type 280 * is located in the link layer header. 281 * The header length is returned by a function to 282 * allow for variable header size - for ethernet it's 283 * just a constant 14 octets. 284 * The interpreter is the function that "knows" how 285 * to interpret the frame. 286 * try_kernel_filter tells snoop to first try a kernel 287 * filter (because the header size is fixed, or if it could 288 * be of variable size where the variable size is easy for a kernel 289 * filter to handle, for example, Ethernet and VLAN tags) 290 * and only use a user space filter if the filter expression 291 * cannot be expressed in kernel space. 292 */ 293 typedef uint_t (interpreter_fn_t)(int, char *, int, int); 294 typedef uint_t (headerlen_fn_t)(char *, size_t); 295 typedef struct interface { 296 uint_t mac_type; 297 uint_t mtu_size; 298 uint_t network_type_offset; 299 size_t network_type_len; 300 uint_t network_type_ip; 301 uint_t network_type_ipv6; 302 headerlen_fn_t *header_len; 303 interpreter_fn_t *interpreter; 304 boolean_t try_kernel_filter; 305 } interface_t; 306 307 extern interface_t INTERFACES[], *interface; 308 extern char *dlc_header; 309 extern char *src_name, *dst_name; 310 extern char *prot_prefix; 311 extern char *prot_nest_prefix; 312 extern char *prot_title; 313 314 /* Keep track of how many nested IP headers we have. */ 315 extern unsigned int encap_levels, total_encap_levels; 316 317 extern int quitting; 318 extern boolean_t Iflg, Pflg, rflg; 319 320 /* 321 * Global error recovery routine: used to reset snoop variables after 322 * catastrophic failure. 323 */ 324 void snoop_recover(void); 325 326 /* 327 * Global alarm handler structure for managing multiple alarms within 328 * snoop. 329 */ 330 typedef struct snoop_handler { 331 struct snoop_handler *s_next; /* next alarm handler */ 332 time_t s_time; /* time to fire */ 333 void (*s_handler)(); /* alarm handler */ 334 } snoop_handler_t; 335 336 #define SNOOP_MAXRECOVER 20 /* maxium number of recoveries */ 337 #define SNOOP_ALARM_GRAN 3 /* alarm() timeout multiplier */ 338 339 /* 340 * Global alarm handler management routine. 341 */ 342 extern int snoop_alarm(int s_sec, void (*s_handler)()); 343 344 /* 345 * The next two definitions do not take into account the length 346 * of the underlying link header. In order to use them, you must 347 * add link_header_len to them. The reason it is not done here is 348 * that later these macros are used to initialize a table. 349 */ 350 #define IPV4_TYPE_HEADER_OFFSET 9 351 #define IPV6_TYPE_HEADER_OFFSET 6 352 353 #ifdef __cplusplus 354 } 355 #endif 356 357 #endif /* _SNOOP_H */