xref: /netbsd-src/external/bsd/ipf/dist/ipsd/snit.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: snit.c,v 1.1.1.1 2012/03/23 21:20:06 christos Exp $	*/
2 
3 /*
4  * (C)opyright 1992-1998 Darren Reed. (from tcplog)
5  *
6  * See the IPFILTER.LICENCE file for details on licencing.
7  *
8  */
9 
10 #include <stdio.h>
11 #include <netdb.h>
12 #include <ctype.h>
13 #include <signal.h>
14 #include <errno.h>
15 #include <sys/types.h>
16 #include <sys/time.h>
17 #include <sys/timeb.h>
18 #include <sys/socket.h>
19 #include <sys/file.h>
20 #include <sys/ioctl.h>
21 #include <net/nit.h>
22 #include <sys/fcntlcom.h>
23 #include <sys/dir.h>
24 #include <net/nit_if.h>
25 #include <net/nit_pf.h>
26 #include <net/nit_buf.h>
27 #include <net/packetfilt.h>
28 #include <sys/stropts.h>
29 
30 #include <net/if.h>
31 #include <netinet/in.h>
32 #include <netinet/in_systm.h>
33 #include <netinet/ip.h>
34 #include <netinet/if_ether.h>
35 #include <netinet/ip_var.h>
36 #include <netinet/udp.h>
37 #include <netinet/udp_var.h>
38 #include <netinet/tcp.h>
39 #include <netinet/tcpip.h>
40 
41 #ifndef	lint
42 static	char	snitid[] = "@(#)snit.c	1.2 12/3/95 (C)1995 Darren Reed";
43 #endif
44 
45 #define BUFSPACE	32768
46 
47 /*
48  * Be careful to only include those defined in the flags option for the
49  * interface are included in the header size.
50  */
51 #define BUFHDR_SIZE  (sizeof(struct nit_bufhdr))
52 #define NIT_HDRSIZE  (BUFHDR_SIZE)
53 
54 static	int	timeout;
55 
56 
57 int	ack_recv(ep)
58 	char	*ep;
59 {
60 	struct	tcpiphdr	tip;
61 	struct	tcphdr	*tcp;
62 	struct	ip	*ip;
63 
64 	ip = (struct ip *)&tip;
65 	tcp = (struct tcphdr *)(ip + 1);
66 	bcopy(ep + 14, (char *)ip, sizeof(*ip));
67 	bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
68 	if (ip->ip_off & 0x1fff != 0)
69 		return 0;
70 	if (0 == detect(ip, tcp))
71 		return 1;
72 	return 0;
73 }
74 
75 
76 int	readloop(fd, dst)
77 	int 	fd;
78 	struct	in_addr dst;
79 {
80 	static	u_char	buf[BUFSPACE];
81 	register u_char	*bp, *cp, *bufend;
82 	register struct	nit_bufhdr	*hp;
83 	register int	cc;
84 	time_t	now = time(NULL);
85 	int	done = 0;
86 
87 	while ((cc = read(fd, buf, BUFSPACE-1)) >= 0) {
88 		if (!cc)
89 			if ((time(NULL) - now) > timeout)
90 				return done;
91 			else
92 				continue;
93 		bp = buf;
94 		bufend = buf + cc;
95 		/*
96 		 * loop through each snapshot in the chunk
97 		 */
98 		while (bp < bufend) {
99 			cp = (u_char *)((char *)bp + NIT_HDRSIZE);
100 			/*
101 			 * get past NIT buffer
102 			 */
103 			hp = (struct nit_bufhdr *)bp;
104 			/*
105 			 * next snapshot
106 			 */
107 			bp += hp->nhb_totlen;
108 			done += ack_recv(cp);
109 		}
110 		return done;
111 	}
112 	perror("read");
113 	exit(-1);
114 }
115 
116 int	initdevice(device, tout)
117 	char	*device;
118 	int	tout;
119 {
120 	struct	strioctl si;
121 	struct	timeval to;
122 	struct	ifreq ifr;
123 	struct	packetfilt pfil;
124 	u_long	if_flags;
125 	u_short	*fwp = pfil.Pf_Filter;
126 	int	ret, offset, fd, snaplen= 76, chunksize = BUFSPACE;
127 
128 	if ((fd = open("/dev/nit", O_RDWR)) < 0)
129 	    {
130 		perror("/dev/nit");
131 		exit(-1);
132 	    }
133 
134 	/*
135 	 * Create some filter rules for our TCP watcher. We only want ethernet
136 	 * pacets which are IP protocol and only the TCP packets from IP.
137 	 */
138 	offset = 6;
139 	*fwp++ = ENF_PUSHWORD + offset;
140 	*fwp++ = ENF_PUSHLIT | ENF_CAND;
141 	*fwp++ = htons(ETHERTYPE_IP);
142 	*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
143 	*fwp++ = ENF_PUSHLIT | ENF_AND;
144 	*fwp++ = htons(0x00ff);
145 	*fwp++ = ENF_PUSHLIT | ENF_COR;
146 	*fwp++ = htons(IPPROTO_TCP);
147 	*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
148 	*fwp++ = ENF_PUSHLIT | ENF_AND;
149 	*fwp++ = htons(0x00ff);
150 	*fwp++ = ENF_PUSHLIT | ENF_CAND;
151 	*fwp++ = htons(IPPROTO_UDP);
152 	pfil.Pf_FilterLen = fwp - &pfil.Pf_Filter[0];
153 	/*
154 	 * put filter in place.
155 	 */
156 	if (ioctl(fd, I_PUSH, "pf") == -1)
157 	    {
158 		perror("ioctl: I_PUSH pf");
159 		exit(1);
160 	    }
161 	if (ioctl(fd, NIOCSETF, &pfil) == -1)
162 	    {
163 		perror("ioctl: NIOCSETF");
164 		exit(1);
165 	    }
166 	/*
167 	 * arrange to get messages from the NIT STREAM and use NIT_BUF option
168 	 */
169 	ioctl(fd, I_SRDOPT, (char*)RMSGD);
170 	ioctl(fd, I_PUSH, "nbuf");
171 	/*
172 	 * set the timeout
173 	 */
174 	timeout = tout;
175 	si.ic_timout = 1;
176 	to.tv_sec = 1;
177 	to.tv_usec = 0;
178 	si.ic_cmd = NIOCSTIME;
179 	si.ic_len = sizeof(to);
180 	si.ic_dp = (char*)&to;
181 	if (ioctl(fd, I_STR, (char*)&si) == -1)
182 	    {
183 		perror("ioctl: NIT timeout");
184 		exit(-1);
185 	    }
186 	/*
187 	 * set the chunksize
188 	 */
189 	si.ic_cmd = NIOCSCHUNK;
190 	si.ic_len = sizeof(chunksize);
191 	si.ic_dp = (char*)&chunksize;
192 	if (ioctl(fd, I_STR, (char*)&si) == -1)
193 		perror("ioctl: NIT chunksize");
194 	if (ioctl(fd, NIOCGCHUNK, (char*)&chunksize) == -1)
195 	    {
196 		perror("ioctl: NIT chunksize");
197 		exit(-1);
198 	    }
199 	printf("NIT buffer size: %d\n", chunksize);
200 
201 	/*
202 	 * request the interface
203 	 */
204 	strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
205 	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' ';
206 	si.ic_cmd = NIOCBIND;
207 	si.ic_len = sizeof(ifr);
208 	si.ic_dp = (char*)&ifr;
209 	if (ioctl(fd, I_STR, (char*)&si) == -1)
210 	    {
211 		perror(ifr.ifr_name);
212 		exit(1);
213 	    }
214 
215 	/*
216 	 * set the snapshot length
217 	 */
218 	si.ic_cmd = NIOCSSNAP;
219 	si.ic_len = sizeof(snaplen);
220 	si.ic_dp = (char*)&snaplen;
221 	if (ioctl(fd, I_STR, (char*)&si) == -1)
222 	    {
223 		perror("ioctl: NIT snaplen");
224 		exit(1);
225 	    }
226 	(void) ioctl(fd, I_FLUSH, (char*)FLUSHR);
227 	return fd;
228 }
229