| /* |
| * (C)opyright 1995-1998 Darren Reed. (from tcplog) |
| * |
| * See the IPFILTER.LICENCE file for details on licencing. |
| * |
| */ |
| #include <stdio.h> |
| #include <netdb.h> |
| #include <ctype.h> |
| #include <signal.h> |
| #include <errno.h> |
| #include <sys/types.h> |
| #include <sys/param.h> |
| #include <sys/mbuf.h> |
| #include <sys/time.h> |
| #include <sys/timeb.h> |
| #include <sys/socket.h> |
| #include <sys/file.h> |
| #include <sys/ioctl.h> |
| #if BSD < 199103 |
| #include <sys/fcntlcom.h> |
| #endif |
| #include <sys/dir.h> |
| #include <net/bpf.h> |
| |
| #include <net/if.h> |
| #include <netinet/in.h> |
| #include <netinet/in_systm.h> |
| #include <netinet/ip.h> |
| #include <netinet/if_ether.h> |
| #include <netinet/ip_var.h> |
| #include <netinet/udp.h> |
| #include <netinet/udp_var.h> |
| #include <netinet/tcp.h> |
| #include <netinet/tcpip.h> |
| #include "ip_compat.h" |
| |
| #ifndef lint |
| static char sbpf[] = "@(#)sbpf.c 1.2 12/3/95 (C)1995 Darren Reed"; |
| #endif |
| |
| /* |
| (000) ldh [12] |
| (001) jeq #0x800 jt 2 jf 5 |
| (002) ldb [23] |
| (003) jeq #0x6 jt 4 jf 5 |
| (004) ret #68 |
| (005) ret #0 |
| */ |
| struct bpf_insn filter[] = { |
| /* 0. */ { BPF_LD|BPF_H|BPF_ABS, 0, 0, 12 }, |
| /* 1. */ { BPF_JMP|BPF_JEQ, 0, 3, 0x0800 }, |
| /* 2. */ { BPF_LD|BPF_B|BPF_ABS, 0, 0, 23 }, |
| /* 3. */ { BPF_JMP|BPF_JEQ, 0, 1, 0x06 }, |
| /* 4. */ { BPF_RET, 0, 0, 68 }, |
| /* 5. */ { BPF_RET, 0, 0, 0 } |
| }; |
| /* |
| * the code herein is dervied from libpcap. |
| */ |
| static u_char *buf = NULL; |
| static u_int bufsize = 32768, timeout = 1; |
| |
| |
| int ack_recv(ep) |
| char *ep; |
| { |
| struct tcpiphdr tip; |
| tcphdr_t *tcp; |
| ip_t *ip; |
| |
| ip = (ip_t *)&tip; |
| tcp = (tcphdr_t *)(ip + 1); |
| bcopy(ep + 14, (char *)ip, sizeof(*ip)); |
| bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); |
| if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP) |
| return -1; |
| if (ip->ip_p & 0x1fff != 0) |
| return 0; |
| if (0 == detect(ip, tcp)) |
| return 1; |
| return 0; |
| } |
| |
| |
| int readloop(fd, port, dst) |
| int fd, port; |
| struct in_addr dst; |
| { |
| register u_char *bp, *cp, *bufend; |
| register struct bpf_hdr *bh; |
| register int cc; |
| time_t in = time(NULL); |
| int done = 0; |
| |
| while ((cc = read(fd, buf, bufsize)) >= 0) { |
| if (!cc && (time(NULL) - in) > timeout) |
| return done; |
| bp = buf; |
| bufend = buf + cc; |
| /* |
| * loop through each snapshot in the chunk |
| */ |
| while (bp < bufend) { |
| bh = (struct bpf_hdr *)bp; |
| cp = bp + bh->bh_hdrlen; |
| done += ack_recv(cp); |
| bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen); |
| } |
| return done; |
| } |
| perror("read"); |
| exit(-1); |
| } |
| |
| int initdevice(device, tout) |
| char *device; |
| int tout; |
| { |
| struct bpf_program prog; |
| struct bpf_version bv; |
| struct timeval to; |
| struct ifreq ifr; |
| char bpfname[16]; |
| int fd, i; |
| |
| for (i = 0; i < 16; i++) |
| { |
| (void) sprintf(bpfname, "/dev/bpf%d", i); |
| if ((fd = open(bpfname, O_RDWR)) >= 0) |
| break; |
| } |
| if (i == 16) |
| { |
| fprintf(stderr, "no bpf devices available as /dev/bpfxx\n"); |
| return -1; |
| } |
| |
| if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) |
| { |
| perror("BIOCVERSION"); |
| return -1; |
| } |
| if (bv.bv_major != BPF_MAJOR_VERSION || |
| bv.bv_minor < BPF_MINOR_VERSION) |
| { |
| fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n", |
| bv.bv_major, bv.bv_minor); |
| fprintf(stderr, "current version: %d.%d\n", |
| BPF_MAJOR_VERSION, BPF_MINOR_VERSION); |
| return -1; |
| } |
| |
| (void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); |
| if (ioctl(fd, BIOCSETIF, &ifr) == -1) |
| { |
| fprintf(stderr, "%s(%d):", ifr.ifr_name, fd); |
| perror("BIOCSETIF"); |
| exit(1); |
| } |
| /* |
| * set the timeout |
| */ |
| timeout = tout; |
| to.tv_sec = 1; |
| to.tv_usec = 0; |
| if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1) |
| { |
| perror("BIOCSRTIMEOUT"); |
| exit(-1); |
| } |
| /* |
| * get kernel buffer size |
| */ |
| if (ioctl(fd, BIOCSBLEN, &bufsize) == -1) |
| perror("BIOCSBLEN"); |
| if (ioctl(fd, BIOCGBLEN, &bufsize) == -1) |
| { |
| perror("BIOCGBLEN"); |
| exit(-1); |
| } |
| printf("BPF buffer size: %d\n", bufsize); |
| buf = (u_char*)malloc(bufsize); |
| |
| prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn); |
| prog.bf_insns = filter; |
| if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1) |
| { |
| perror("BIOCSETF"); |
| exit(-1); |
| } |
| (void) ioctl(fd, BIOCFLUSH, 0); |
| return fd; |
| } |