1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SNOOP_H 28 #define _SNOOP_H 29 30 #include <rpc/types.h> 31 #include <sys/pfmod.h> 32 #include <sys/time.h> 33 #include <sys/types.h> 34 #include <sys/socket.h> 35 #include <sys/bufmod.h> 36 #include <net/if.h> 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 #include <netinet/in_systm.h> 40 #include <netinet/ip.h> 41 #include <netinet/ip6.h> 42 #include <netinet/ip_icmp.h> 43 #include <netinet/icmp6.h> 44 #include <net/pppoe.h> 45 #include <libdlpi.h> 46 47 #ifdef __cplusplus 48 extern "C" { 49 #endif 50 51 /* 52 * Flags to control packet info display 53 */ 54 #define F_NOW 0x00000001 /* display in realtime */ 55 #define F_SUM 0x00000002 /* display summary line */ 56 #define F_ALLSUM 0x00000004 /* display all summary lines */ 57 #define F_DTAIL 0x00000008 /* display detail lines */ 58 #define F_TIME 0x00000010 /* display time */ 59 #define F_ATIME 0x00000020 /* display absolute time */ 60 #define F_RTIME 0x00000040 /* display relative time */ 61 #define F_DROPS 0x00000080 /* display drops */ 62 #define F_LEN 0x00000100 /* display pkt length */ 63 #define F_NUM 0x00000200 /* display pkt number */ 64 #define F_WHO 0x00000400 /* display src/dst */ 65 66 #define MAXLINE (1088) /* max len of detail line */ 67 68 /* 69 * The RPC XID cache structure. 70 * When analyzing RPC protocols we 71 * have to cache the xid of the RPC 72 * request together with the program 73 * number, proc, version etc since this 74 * information is missing in the reply 75 * packet. Using the xid in the reply 76 * we can lookup this previously stashed 77 * information in the cache. 78 * 79 * For RPCSEC_GSS flavor, some special processing is 80 * needed for the argument interpretation based on its 81 * control procedure and service type. This information 82 * is stored in the cache table during interpretation of 83 * the rpc header and will be referenced later when the rpc 84 * argument is interpreted. 85 */ 86 #define XID_CACHE_SIZE 256 87 struct cache_struct { 88 int xid_num; /* RPC transaction id */ 89 int xid_frame; /* Packet number */ 90 int xid_prog; /* RPC program number */ 91 int xid_vers; /* RPC version number */ 92 int xid_proc; /* RPC procedure number */ 93 unsigned int xid_gss_proc; /* control procedure */ 94 int xid_gss_service; /* none, integ, priv */ 95 } xid_cache[XID_CACHE_SIZE]; 96 97 98 /* 99 * The following macros advance the pointer passed to them. They 100 * assume they are given a char *. 101 */ 102 #define GETINT8(v, ptr) { \ 103 (v) = (*(ptr)++); \ 104 } 105 106 #define GETINT16(v, ptr) { \ 107 (v) = *(ptr)++ << 8; \ 108 (v) |= *(ptr)++; \ 109 } 110 111 #define GETINT32(v, ptr) { \ 112 (v) = *(ptr)++ << 8; \ 113 (v) |= *(ptr)++; (v) <<= 8; \ 114 (v) |= *(ptr)++; (v) <<= 8; \ 115 (v) |= *(ptr)++; \ 116 } 117 118 /* 119 * Used to print nested protocol layers. For example, an ip datagram included 120 * in an icmp error, or a PPP packet included in an LCP protocol reject.. 121 */ 122 extern char *prot_nest_prefix; 123 124 extern char *get_sum_line(void); 125 extern char *get_detail_line(int, int); 126 extern int want_packet(uchar_t *, int, int); 127 extern void set_vlan_id(int); 128 extern struct timeval prev_time; 129 extern void process_pkt(struct sb_hdr *, char *, int, int); 130 extern char *getflag(int, int, char *, char *); 131 extern void show_header(char *, char *, int); 132 extern void show_count(void); 133 extern void xdr_init(char *, int); 134 extern char *get_line(int, int); 135 extern int get_line_remain(void); 136 extern char getxdr_char(void); 137 extern char showxdr_char(char *); 138 extern uchar_t getxdr_u_char(void); 139 extern uchar_t showxdr_u_char(char *); 140 extern short getxdr_short(void); 141 extern short showxdr_short(char *); 142 extern ushort_t getxdr_u_short(void); 143 extern ushort_t showxdr_u_short(char *); 144 extern long getxdr_long(void); 145 extern long showxdr_long(char *); 146 extern ulong_t getxdr_u_long(void); 147 extern ulong_t showxdr_u_long(char *); 148 extern longlong_t getxdr_longlong(void); 149 extern longlong_t showxdr_longlong(char *); 150 extern u_longlong_t getxdr_u_longlong(void); 151 extern u_longlong_t showxdr_u_longlong(char *); 152 extern char *getxdr_opaque(char *, int); 153 extern char *getxdr_string(char *, int); 154 extern char *showxdr_string(int, char *); 155 extern char *getxdr_bytes(uint_t *); 156 extern void xdr_skip(int); 157 extern int getxdr_pos(void); 158 extern void setxdr_pos(int); 159 extern char *getxdr_context(char *, int); 160 extern char *showxdr_context(char *); 161 extern enum_t getxdr_enum(void); 162 extern void show_space(void); 163 extern void show_trailer(void); 164 extern char *getxdr_date(void); 165 extern char *showxdr_date(char *); 166 extern char *getxdr_date_ns(void); 167 char *format_time(int64_t sec, uint32_t nsec); 168 extern char *showxdr_date_ns(char *); 169 extern char *getxdr_hex(int); 170 extern char *showxdr_hex(int, char *); 171 extern bool_t getxdr_bool(void); 172 extern bool_t showxdr_bool(char *); 173 extern char *concat_args(char **, int); 174 extern int pf_compile(char *, int); 175 extern void compile(char *, int); 176 extern void load_names(char *); 177 extern void cap_write(struct sb_hdr *, char *, int, int); 178 extern void cap_open_read(const char *); 179 extern void cap_open_write(const char *); 180 extern void cap_read(int, int, int, void (*)(), int); 181 extern void cap_close(void); 182 extern boolean_t open_datalink(dlpi_handle_t *, const char *); 183 extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *, 184 struct Pf_ext_packetfilt *); 185 extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int); 186 extern void click(int); 187 extern void show_pktinfo(int, int, char *, char *, struct timeval *, 188 struct timeval *, int, int); 189 extern void show_line(char *); 190 extern char *getxdr_time(void); 191 extern char *showxdr_time(char *); 192 extern char *addrtoname(int, const void *); 193 extern char *show_string(const char *, int, int); 194 extern void pr_err(const char *, ...); 195 extern void pr_errdlpi(dlpi_handle_t, const char *, int); 196 extern void check_retransmit(char *, ulong_t); 197 extern char *nameof_prog(int); 198 extern char *getproto(int); 199 extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *); 200 extern void protoprint(int, int, ulong_t, int, int, int, char *, int); 201 extern char *getportname(int, in_port_t); 202 203 extern void interpret_arp(int, struct arphdr *, int); 204 extern void interpret_bparam(int, int, int, int, int, char *, int); 205 extern void interpret_dns(int, int, const uchar_t *, int, int); 206 extern void interpret_mount(int, int, int, int, int, char *, int); 207 extern void interpret_nfs(int, int, int, int, int, char *, int); 208 extern void interpret_nfs3(int, int, int, int, int, char *, int); 209 extern void interpret_nfs4(int, int, int, int, int, char *, int); 210 extern void interpret_nfs4_cb(int, int, int, int, int, char *, int); 211 extern void interpret_nfs_acl(int, int, int, int, int, char *, int); 212 extern void interpret_nis(int, int, int, int, int, char *, int); 213 extern void interpret_nisbind(int, int, int, int, int, char *, int); 214 extern void interpret_nisp_cb(int, int, int, int, int, char *, int); 215 extern void interpret_nisplus(int, int, int, int, int, char *, int); 216 extern void interpret_nlm(int, int, int, int, int, char *, int); 217 extern void interpret_pmap(int, int, int, int, int, char *, int); 218 extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int); 219 extern void interpret_rquota(int, int, int, int, int, char *, int); 220 extern void interpret_rstat(int, int, int, int, int, char *, int); 221 extern void interpret_solarnet_fw(int, int, int, int, int, char *, int); 222 extern void interpret_ldap(int, char *, int, int, int); 223 extern void interpret_icmp(int, struct icmp *, int, int); 224 extern void interpret_icmpv6(int, icmp6_t *, int, int); 225 extern int interpret_ip(int, const struct ip *, int); 226 extern int interpret_ipv6(int, const ip6_t *, int); 227 extern int interpret_ppp(int, uchar_t *, int); 228 extern int interpret_pppoe(int, poep_t *, int); 229 struct tcphdr; 230 extern int interpret_tcp(int, struct tcphdr *, int, int); 231 struct udphdr; 232 extern int interpret_udp(int, struct udphdr *, int, int); 233 extern int interpret_esp(int, uint8_t *, int, int); 234 extern int interpret_ah(int, uint8_t *, int, int); 235 struct sctp_hdr; 236 extern void interpret_sctp(int, struct sctp_hdr *, int, int); 237 extern void interpret_mip_cntrlmsg(int, uchar_t *, int); 238 struct dhcp; 239 extern int interpret_dhcp(int, struct dhcp *, int); 240 extern int interpret_dhcpv6(int, const uint8_t *, int); 241 struct tftphdr; 242 extern int interpret_tftp(int, struct tftphdr *, int); 243 extern int interpret_http(int, char *, int); 244 struct ntpdata; 245 extern int interpret_ntp(int, struct ntpdata *, int); 246 extern void interpret_netbios_ns(int, uchar_t *, int); 247 extern void interpret_netbios_datagram(int, uchar_t *, int); 248 extern void interpret_netbios_ses(int, uchar_t *, int); 249 extern void interpret_slp(int, char *, int); 250 struct rip; 251 extern int interpret_rip(int, struct rip *, int); 252 struct rip6; 253 extern int interpret_rip6(int, struct rip6 *, int); 254 extern int interpret_socks_call(int, char *, int); 255 extern int interpret_socks_reply(int, char *, int); 256 extern int interpret_trill(int, struct ether_header **, char *, int *); 257 extern int interpret_isis(int, char *, int, boolean_t); 258 extern int interpret_bpdu(int, char *, int); 259 extern void init_ldap(void); 260 extern boolean_t arp_for_ether(char *, struct ether_addr *); 261 extern char *ether_ouiname(uint32_t); 262 extern char *tohex(char *p, int len); 263 extern char *printether(struct ether_addr *); 264 extern char *print_ethertype(int); 265 extern const char *arp_htype(int); 266 extern int valid_rpc(char *, int); 267 268 /* 269 * Describes characteristics of the Media Access Layer. 270 * The mac_type is one of the supported DLPI media 271 * types (see <sys/dlpi.h>). 272 * The mtu_size is the size of the largest frame. 273 * network_type_offset is where the network type 274 * is located in the link layer header. 275 * The header length is returned by a function to 276 * allow for variable header size - for ethernet it's 277 * just a constant 14 octets. 278 * The interpreter is the function that "knows" how 279 * to interpret the frame. 280 * try_kernel_filter tells snoop to first try a kernel 281 * filter (because the header size is fixed, or if it could 282 * be of variable size where the variable size is easy for a kernel 283 * filter to handle, for example, Ethernet and VLAN tags) 284 * and only use a user space filter if the filter expression 285 * cannot be expressed in kernel space. 286 */ 287 typedef uint_t (interpreter_fn_t)(int, char *, int, int); 288 typedef uint_t (headerlen_fn_t)(char *, size_t); 289 typedef struct interface { 290 uint_t mac_type; 291 uint_t mtu_size; 292 uint_t network_type_offset; 293 size_t network_type_len; 294 uint_t network_type_ip; 295 uint_t network_type_ipv6; 296 headerlen_fn_t *header_len; 297 interpreter_fn_t *interpreter; 298 boolean_t try_kernel_filter; 299 } interface_t; 300 301 extern interface_t INTERFACES[], *interface; 302 extern char *dlc_header; 303 extern char *src_name, *dst_name; 304 extern char *prot_prefix; 305 extern char *prot_nest_prefix; 306 extern char *prot_title; 307 308 /* Keep track of how many nested IP headers we have. */ 309 extern unsigned int encap_levels, total_encap_levels; 310 311 extern int quitting; 312 extern boolean_t Iflg, Pflg, rflg; 313 314 /* 315 * Global error recovery routine: used to reset snoop variables after 316 * catastrophic failure. 317 */ 318 void snoop_recover(void); 319 320 /* 321 * Global alarm handler structure for managing multiple alarms within 322 * snoop. 323 */ 324 typedef struct snoop_handler { 325 struct snoop_handler *s_next; /* next alarm handler */ 326 time_t s_time; /* time to fire */ 327 void (*s_handler)(); /* alarm handler */ 328 } snoop_handler_t; 329 330 #define SNOOP_MAXRECOVER 20 /* maxium number of recoveries */ 331 #define SNOOP_ALARM_GRAN 3 /* alarm() timeout multiplier */ 332 333 /* 334 * Global alarm handler management routine. 335 */ 336 extern int snoop_alarm(int s_sec, void (*s_handler)()); 337 338 /* 339 * The next two definitions do not take into account the length 340 * of the underlying link header. In order to use them, you must 341 * add link_header_len to them. The reason it is not done here is 342 * that later these macros are used to initialize a table. 343 */ 344 #define IPV4_TYPE_HEADER_OFFSET 9 345 #define IPV6_TYPE_HEADER_OFFSET 6 346 347 #ifdef __cplusplus 348 } 349 #endif 350 351 #endif /* _SNOOP_H */ 352
Indexes created Fri Nov 27 03:38:04 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.