1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  27  */
  28 
  29 #ifndef _SNOOP_H
  30 #define _SNOOP_H
  31 
  32 #include <rpc/types.h>
  33 #include <sys/pfmod.h>
  34 #include <sys/time.h>
  35 #include <sys/types.h>
  36 #include <sys/socket.h>
  37 #include <sys/bufmod.h>
  38 #include <net/if.h>
  39 #include <netinet/in.h>
  40 #include <netinet/if_ether.h>
  41 #include <netinet/in_systm.h>
  42 #include <netinet/ip.h>
  43 #include <netinet/ip6.h>
  44 #include <netinet/ip_icmp.h>
  45 #include <netinet/icmp6.h>
  46 #include <net/pppoe.h>
  47 #include <libdlpi.h>
  48 #include <note.h>
  49 
  50 #ifdef __cplusplus
  51 extern "C" {
  52 #endif
  53 
  54 /*
  55  * Flags to control packet info display
  56  */
  57 #define F_NOW           0x00000001      /* display in realtime */
  58 #define F_SUM           0x00000002      /* display summary line */
  59 #define F_ALLSUM        0x00000004      /* display all summary lines */
  60 #define F_DTAIL         0x00000008      /* display detail lines */
  61 #define F_TIME          0x00000010      /* display time */
  62 #define F_ATIME         0x00000020      /* display absolute time */
  63 #define F_RTIME         0x00000040      /* display relative time */
  64 #define F_DROPS         0x00000080      /* display drops */
  65 #define F_LEN           0x00000100      /* display pkt length */
  66 #define F_NUM           0x00000200      /* display pkt number */
  67 #define F_WHO           0x00000400      /* display src/dst */
  68 
  69 #define MAXLINE         (1088)          /* max len of detail line */
  70 
  71 /*
  72  * The RPC XID cache structure.
  73  * When analyzing RPC protocols we
  74  * have to cache the xid of the RPC
  75  * request together with the program
  76  * number, proc, version etc since this
  77  * information is missing in the reply
  78  * packet.  Using the xid in the reply
  79  * we can lookup this previously stashed
  80  * information in the cache.
  81  *
  82  * For RPCSEC_GSS flavor, some special processing is
  83  * needed for the argument interpretation based on its
  84  * control procedure and service type.  This information
  85  * is stored in the cache table during interpretation of
  86  * the rpc header and will be referenced later when the rpc
  87  * argument is interpreted.
  88  */
  89 #define XID_CACHE_SIZE 256
  90 struct cache_struct {
  91         int xid_num;    /* RPC transaction id */
  92         int xid_frame;  /* Packet number */
  93         int xid_prog;   /* RPC program number */
  94         int xid_vers;   /* RPC version number */
  95         int xid_proc;   /* RPC procedure number */
  96         unsigned int xid_gss_proc; /* control procedure */
  97         int xid_gss_service; /* none, integ, priv */
  98 } xid_cache[XID_CACHE_SIZE];
  99 
 100 
 101 /*
 102  * The following macros advance the pointer passed to them.  They
 103  * assume they are given a char *.
 104  */
 105 #define GETINT8(v, ptr) { \
 106         (v) = (*(ptr)++); \
 107 }
 108 
 109 #define GETINT16(v, ptr) { \
 110         (v) = *(ptr)++ << 8; \
 111         (v) |= *(ptr)++; \
 112 }
 113 
 114 #define GETINT32(v, ptr) { \
 115         (v) = *(ptr)++ << 8; \
 116         (v) |= *(ptr)++; (v) <<= 8; \
 117         (v) |= *(ptr)++; (v) <<= 8; \
 118         (v) |= *(ptr)++; \
 119 }
 120 
 121 /*
 122  * Used to print nested protocol layers.  For example, an ip datagram included
 123  * in an icmp error, or a PPP packet included in an LCP protocol reject..
 124  */
 125 extern char *prot_nest_prefix;
 126 
 127 extern char *get_sum_line(void);
 128 extern char *get_detail_line(int, int);
 129 extern int want_packet(uchar_t *, int, int);
 130 extern void set_vlan_id(int);
 131 extern struct timeval prev_time;
 132 extern void process_pkt(struct sb_hdr *, char *, int, int);
 133 extern char *getflag(int, int, char *, char *);
 134 extern void show_header(char *, char *, int);
 135 extern void show_count(void);
 136 extern void xdr_init(char *, int);
 137 extern char *get_line(int, int);
 138 extern int get_line_remain(void);
 139 extern char getxdr_char(void);
 140 extern char showxdr_char(char *);
 141 extern uchar_t getxdr_u_char(void);
 142 extern uchar_t showxdr_u_char(char *);
 143 extern short getxdr_short(void);
 144 extern short showxdr_short(char *);
 145 extern ushort_t getxdr_u_short(void);
 146 extern ushort_t showxdr_u_short(char *);
 147 extern long getxdr_long(void);
 148 extern long showxdr_long(char *);
 149 extern ulong_t getxdr_u_long(void);
 150 extern ulong_t showxdr_u_long(char *);
 151 extern longlong_t getxdr_longlong(void);
 152 extern longlong_t showxdr_longlong(char *);
 153 extern u_longlong_t getxdr_u_longlong(void);
 154 extern u_longlong_t showxdr_u_longlong(char *);
 155 extern char *getxdr_opaque(char *, int);
 156 extern char *getxdr_string(char *, int);
 157 extern char *showxdr_string(int, char *);
 158 extern char *getxdr_bytes(uint_t *);
 159 extern void xdr_skip(int);
 160 extern int getxdr_pos(void);
 161 extern void setxdr_pos(int);
 162 extern char *getxdr_context(char *, int);
 163 extern char *showxdr_context(char *);
 164 extern enum_t getxdr_enum(void);
 165 extern void show_space(void);
 166 extern void show_trailer(void);
 167 extern char *getxdr_date(void);
 168 extern char *showxdr_date(char *);
 169 extern char *getxdr_date_ns(void);
 170 char *format_time(int64_t sec, uint32_t nsec);
 171 extern char *showxdr_date_ns(char *);
 172 extern char *getxdr_hex(int);
 173 extern char *showxdr_hex(int, char *);
 174 extern bool_t getxdr_bool(void);
 175 extern bool_t showxdr_bool(char *);
 176 extern char *concat_args(char **, int);
 177 extern int pf_compile(char *, int);
 178 extern void compile(char *, int);
 179 extern void load_names(char *);
 180 extern void cap_write(struct sb_hdr *, char *, int, int);
 181 extern void cap_open_read(const char *);
 182 extern void cap_open_write(const char *);
 183 extern void cap_read(int, int, int, void (*)(), int);
 184 extern void cap_close(void);
 185 extern boolean_t open_datalink(dlpi_handle_t *, const char *);
 186 extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *,
 187     struct Pf_ext_packetfilt *);
 188 extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int);
 189 extern void click(int);
 190 extern void show_pktinfo(int, int, char *, char *, struct timeval *,
 191                 struct timeval *, int, int);
 192 extern void show_line(char *);
 193 /*PRINTFLIKE1*/
 194 extern void show_printf(char *fmt, ...)
 195     __PRINTFLIKE(1);
 196 extern char *getxdr_time(void);
 197 extern char *showxdr_time(char *);
 198 extern char *addrtoname(int, const void *);
 199 extern char *show_string(const char *, int, int);
 200 extern void pr_err(const char *, ...);
 201 extern void pr_errdlpi(dlpi_handle_t, const char *, int);
 202 extern void check_retransmit(char *, ulong_t);
 203 extern char *nameof_prog(int);
 204 extern char *getproto(int);
 205 extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *);
 206 extern void protoprint(int, int, ulong_t, int, int, int, char *, int);
 207 extern char *getportname(int, in_port_t);
 208 
 209 extern void interpret_arp(int, struct arphdr *, int);
 210 extern void interpret_bparam(int, int, int, int, int, char *, int);
 211 extern void interpret_dns(int, int, const uchar_t *, int, int);
 212 extern void interpret_mount(int, int, int, int, int, char *, int);
 213 extern void interpret_nfs(int, int, int, int, int, char *, int);
 214 extern void interpret_nfs3(int, int, int, int, int, char *, int);
 215 extern void interpret_nfs4(int, int, int, int, int, char *, int);
 216 extern void interpret_nfs4_cb(int, int, int, int, int, char *, int);
 217 extern void interpret_nfs_acl(int, int, int, int, int, char *, int);
 218 extern void interpret_nis(int, int, int, int, int, char *, int);
 219 extern void interpret_nisbind(int, int, int, int, int, char *, int);
 220 extern void interpret_nlm(int, int, int, int, int, char *, int);
 221 extern void interpret_pmap(int, int, int, int, int, char *, int);
 222 extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int);
 223 extern void interpret_rquota(int, int, int, int, int, char *, int);
 224 extern void interpret_rstat(int, int, int, int, int, char *, int);
 225 extern void interpret_solarnet_fw(int, int, int, int, int, char *, int);
 226 extern void interpret_ldap(int, char *, int, int, int);
 227 extern void interpret_icmp(int, struct icmp *, int, int);
 228 extern void interpret_icmpv6(int, icmp6_t *, int, int);
 229 extern int interpret_ip(int, const struct ip *, int);
 230 extern int interpret_ipv6(int, const ip6_t *, int);
 231 extern int interpret_ppp(int, uchar_t *, int);
 232 extern int interpret_pppoe(int, poep_t *, int);
 233 struct tcphdr;
 234 extern int interpret_tcp(int, struct tcphdr *, int, int);
 235 struct udphdr;
 236 extern int interpret_udp(int, struct udphdr *, int, int);
 237 extern int interpret_esp(int, uint8_t *, int, int);
 238 extern int interpret_ah(int, uint8_t *, int, int);
 239 struct sctp_hdr;
 240 extern void interpret_sctp(int, struct sctp_hdr *, int, int);
 241 struct dccphdr;
 242 extern int interpret_dccp(int, struct dccphdr *, int, int);
 243 extern void interpret_mip_cntrlmsg(int, uchar_t *, int);
 244 struct dhcp;
 245 extern int interpret_dhcp(int, struct dhcp *, int);
 246 extern int interpret_dhcpv6(int, const uint8_t *, int);
 247 struct tftphdr;
 248 extern int interpret_tftp(int, struct tftphdr *, int);
 249 extern int interpret_http(int, char *, int);
 250 struct ntpdata;
 251 extern int interpret_ntp(int, struct ntpdata *, int);
 252 extern void interpret_netbios_ns(int, uchar_t *, int);
 253 extern void interpret_netbios_datagram(int, uchar_t *, int);
 254 extern void interpret_netbios_ses(int, uchar_t *, int);
 255 extern void interpret_slp(int, char *, int);
 256 struct rip;
 257 extern int interpret_rip(int, struct rip *, int);
 258 struct rip6;
 259 extern int interpret_rip6(int, struct rip6 *, int);
 260 extern int interpret_socks_call(int, char *, int);
 261 extern int interpret_socks_reply(int, char *, int);
 262 extern int interpret_trill(int, struct ether_header **, char *, int *);
 263 extern int interpret_isis(int, char *, int, boolean_t);
 264 extern int interpret_bpdu(int, char *, int);
 265 extern void init_ldap(void);
 266 extern boolean_t arp_for_ether(char *, struct ether_addr *);
 267 extern char *ether_ouiname(uint32_t);
 268 extern char *tohex(char *p, int len);
 269 extern char *printether(struct ether_addr *);
 270 extern char *print_ethertype(int);
 271 extern const char *arp_htype(int);
 272 extern int valid_rpc(char *, int);
 273 
 274 /*
 275  * Describes characteristics of the Media Access Layer.
 276  * The mac_type is one of the supported DLPI media
 277  * types (see <sys/dlpi.h>).
 278  * The mtu_size is the size of the largest frame.
 279  * network_type_offset is where the network type
 280  * is located in the link layer header.
 281  * The header length is returned by a function to
 282  * allow for variable header size - for ethernet it's
 283  * just a constant 14 octets.
 284  * The interpreter is the function that "knows" how
 285  * to interpret the frame.
 286  * try_kernel_filter tells snoop to first try a kernel
 287  * filter (because the header size is fixed, or if it could
 288  * be of variable size where the variable size is easy for a kernel
 289  * filter to handle, for example, Ethernet and VLAN tags)
 290  * and only use a user space filter if the filter expression
 291  * cannot be expressed in kernel space.
 292  */
 293 typedef uint_t (interpreter_fn_t)(int, char *, int, int);
 294 typedef uint_t (headerlen_fn_t)(char *, size_t);
 295 typedef struct interface {
 296         uint_t          mac_type;
 297         uint_t          mtu_size;
 298         uint_t          network_type_offset;
 299         size_t          network_type_len;
 300         uint_t          network_type_ip;
 301         uint_t          network_type_ipv6;
 302         headerlen_fn_t  *header_len;
 303         interpreter_fn_t *interpreter;
 304         boolean_t       try_kernel_filter;
 305 } interface_t;
 306 
 307 extern interface_t INTERFACES[], *interface;
 308 extern char *dlc_header;
 309 extern char *src_name, *dst_name;
 310 extern char *prot_prefix;
 311 extern char *prot_nest_prefix;
 312 extern char *prot_title;
 313 
 314 /* Keep track of how many nested IP headers we have. */
 315 extern unsigned int encap_levels, total_encap_levels;
 316 
 317 extern int quitting;
 318 extern boolean_t Iflg, Pflg, rflg;
 319 
 320 /*
 321  * Global error recovery routine: used to reset snoop variables after
 322  * catastrophic failure.
 323  */
 324 void snoop_recover(void);
 325 
 326 /*
 327  * Global alarm handler structure for managing multiple alarms within
 328  * snoop.
 329  */
 330 typedef struct snoop_handler {
 331         struct snoop_handler *s_next;           /* next alarm handler */
 332         time_t s_time;                          /* time to fire */
 333         void (*s_handler)();                    /* alarm handler */
 334 } snoop_handler_t;
 335 
 336 #define SNOOP_MAXRECOVER        20      /* maxium number of recoveries */
 337 #define SNOOP_ALARM_GRAN        3       /* alarm() timeout multiplier */
 338 
 339 /*
 340  * Global alarm handler management routine.
 341  */
 342 extern int snoop_alarm(int s_sec, void (*s_handler)());
 343 
 344 /*
 345  * The next two definitions do not take into account the length
 346  * of the underlying link header.  In order to use them, you must
 347  * add link_header_len to them.  The reason it is not done here is
 348  * that later these macros are used to initialize a table.
 349  */
 350 #define IPV4_TYPE_HEADER_OFFSET 9
 351 #define IPV6_TYPE_HEADER_OFFSET 6
 352 
 353 #ifdef __cplusplus
 354 }
 355 #endif
 356 
 357 #endif  /* _SNOOP_H */