blob: 2eb0ae81702cee762ae5c78256fdddae9cf65049 [file] [log] [blame] [raw]
/*
* Copyright (C) 2000-2007 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id$
*/
#include "ipf.h"
#include "pcap-ipf.h"
#include "bpf-ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)$Id$";
#endif
struct llc {
int lc_type;
int lc_sz; /* LLC header length */
int lc_to; /* LLC Type offset */
int lc_tl; /* LLC Type length */
};
/*
* While many of these maybe the same, some do have different header formats
* which make this useful.
*/
static struct llc llcs[] = {
{ DLT_NULL, 0, 0, 0 },
{ DLT_EN10MB, 14, 12, 2 },
{ DLT_EN3MB, 0, 0, 0 },
{ DLT_AX25, 0, 0, 0 },
{ DLT_PRONET, 0, 0, 0 },
{ DLT_CHAOS, 0, 0, 0 },
{ DLT_IEEE802, 0, 0, 0 },
{ DLT_ARCNET, 0, 0, 0 },
{ DLT_SLIP, 0, 0, 0 },
{ DLT_PPP, 0, 0, 0 },
{ DLT_FDDI, 0, 0, 0 },
#ifdef DLT_ATMRFC1483
{ DLT_ATMRFC1483, 0, 0, 0 },
#endif
{ DLT_RAW, 0, 0, 0 },
#ifdef DLT_ENC
{ DLT_ENC, 0, 0, 0 },
#endif
#ifdef DLT_SLIP_BSDOS
{ DLT_SLIP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_PPP_BSDOS
{ DLT_PPP_BSDOS, 0, 0, 0 },
#endif
#ifdef DLT_HIPPI
{ DLT_HIPPI, 0, 0, 0 },
#endif
#ifdef DLT_HDLC
{ DLT_HDLC, 0, 0, 0 },
#endif
#ifdef DLT_PPP_SERIAL
{ DLT_PPP_SERIAL, 4, 4, 0 },
#endif
#ifdef DLT_PPP_ETHER
{ DLT_PPP_ETHER, 8, 8, 0 },
#endif
#ifdef DLT_ECONET
{ DLT_ECONET, 0, 0, 0 },
#endif
{ -1, -1, -1, -1 }
};
static int pcap_open __P((char *));
static int pcap_close __P((void));
static int pcap_readip __P((mb_t *, char **, int *));
static void swap_hdr __P((pcaphdr_t *));
static int pcap_read_rec __P((struct pcap_pkthdr *));
static int pfd = -1, swapped = 0;
static struct llc *llcp = NULL;
struct ipread pcap = { pcap_open, pcap_close, pcap_readip, 0 };
#define SWAPLONG(y) \
((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
#define SWAPSHORT(y) \
( (((y)&0xff)<<8) | (((y)&0xff00)>>8) )
static void swap_hdr(p)
pcaphdr_t *p;
{
p->pc_v_maj = SWAPSHORT(p->pc_v_maj);
p->pc_v_min = SWAPSHORT(p->pc_v_min);
p->pc_zone = SWAPLONG(p->pc_zone);
p->pc_sigfigs = SWAPLONG(p->pc_sigfigs);
p->pc_slen = SWAPLONG(p->pc_slen);
p->pc_type = SWAPLONG(p->pc_type);
}
static int pcap_open(fname)
char *fname;
{
pcaphdr_t ph;
int fd, i;
if (pfd != -1)
return pfd;
if (!strcmp(fname, "-"))
fd = 0;
else if ((fd = open(fname, O_RDONLY)) == -1)
return -1;
if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph))
return -2;
if (ph.pc_id != TCPDUMP_MAGIC) {
if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) {
(void) close(fd);
return -2;
}
swapped = 1;
swap_hdr(&ph);
}
if (ph.pc_v_maj != PCAP_VERSION_MAJ) {
(void) close(fd);
return -2;
}
for (i = 0; llcs[i].lc_type != -1; i++)
if (llcs[i].lc_type == ph.pc_type) {
llcp = llcs + i;
break;
}
if (llcp == NULL) {
(void) close(fd);
return -2;
}
pfd = fd;
printf("opened pcap file %s:\n", fname);
printf("\tid: %08x version: %d.%d type: %d snap %d\n",
ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen);
return fd;
}
static int pcap_close()
{
return close(pfd);
}
/*
* read in the header (and validate) which should be the first record
* in a pcap file.
*/
static int pcap_read_rec(rec)
struct pcap_pkthdr *rec;
{
int n, p, i;
char *s;
s = (char *)rec;
n = sizeof(*rec);
while (n > 0) {
i = read(pfd, (char *)rec, sizeof(*rec));
if (i <= 0)
return -2;
s += i;
n -= i;
}
if (swapped) {
rec->ph_clen = SWAPLONG(rec->ph_clen);
rec->ph_len = SWAPLONG(rec->ph_len);
rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec);
rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec);
}
p = rec->ph_clen;
n = MIN(p, rec->ph_len);
if (!n || n < 0)
return -3;
if (p < 0 || p > 65536)
return -4;
return p;
}
#ifdef notyet
/*
* read an entire pcap packet record. only the data part is copied into
* the available buffer, with the number of bytes copied returned.
*/
static int pcap_read(buf, cnt)
char *buf;
int cnt;
{
struct pcap_pkthdr rec;
static char *bufp = NULL;
int i, n;
if ((i = pcap_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
if (read(pfd, bufp, i) != i)
return -2;
n = MIN(i, cnt);
bcopy(bufp, buf, n);
return n;
}
#endif
/*
* return only an IP packet read into buf
*/
static int pcap_readip(mb, ifn, dir)
mb_t *mb;
char **ifn;
int *dir;
{
static char *bufp = NULL;
struct pcap_pkthdr rec;
struct llc *l;
char *s, ty[4];
int i, j, n;
char *buf;
int cnt;
buf = (char *)mb->mb_buf;
cnt = sizeof(mb->mb_buf);
l = llcp;
/* do { */
if ((i = pcap_read_rec(&rec)) <= 0)
return i;
if (!bufp)
bufp = malloc(i);
else
bufp = realloc(bufp, i);
s = bufp;
for (j = i, n = 0; j > 0; ) {
n = read(pfd, s, j);
if (n <= 0)
return -2;
j -= n;
s += n;
}
s = bufp;
i -= l->lc_sz;
s += l->lc_to;
bcopy(s, ty, l->lc_tl);
s += l->lc_tl;
/* } while (ty[0] != 0x8 && ty[1] != 0); */
n = MIN(i, cnt);
bcopy(s, buf, n);
mb->mb_len = n;
return n;
}