10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 51676Sjpk * Common Development and Distribution License (the "License"). 61676Sjpk * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 21132Srobinson 220Sstevel@tonic-gate /* 238868SPeter.Memishian@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 240Sstevel@tonic-gate * Use is subject to license terms. 250Sstevel@tonic-gate */ 260Sstevel@tonic-gate 270Sstevel@tonic-gate #ifndef _SNOOP_H 280Sstevel@tonic-gate #define _SNOOP_H 290Sstevel@tonic-gate 300Sstevel@tonic-gate #include <rpc/types.h> 310Sstevel@tonic-gate #include <sys/pfmod.h> 320Sstevel@tonic-gate #include <sys/time.h> 330Sstevel@tonic-gate #include <sys/types.h> 340Sstevel@tonic-gate #include <sys/socket.h> 351676Sjpk #include <sys/bufmod.h> 360Sstevel@tonic-gate #include <net/if.h> 370Sstevel@tonic-gate #include <netinet/in.h> 380Sstevel@tonic-gate #include <netinet/if_ether.h> 390Sstevel@tonic-gate #include <netinet/in_systm.h> 400Sstevel@tonic-gate #include <netinet/ip.h> 410Sstevel@tonic-gate #include <netinet/ip6.h> 420Sstevel@tonic-gate #include <netinet/ip_icmp.h> 430Sstevel@tonic-gate #include <netinet/icmp6.h> 440Sstevel@tonic-gate #include <net/pppoe.h> 453628Sss150715 #include <libdlpi.h> 460Sstevel@tonic-gate 470Sstevel@tonic-gate #ifdef __cplusplus 480Sstevel@tonic-gate extern "C" { 490Sstevel@tonic-gate #endif 500Sstevel@tonic-gate 510Sstevel@tonic-gate /* 520Sstevel@tonic-gate * Flags to control packet info display 530Sstevel@tonic-gate */ 540Sstevel@tonic-gate #define F_NOW 0x00000001 /* display in realtime */ 550Sstevel@tonic-gate #define F_SUM 0x00000002 /* display summary line */ 560Sstevel@tonic-gate #define F_ALLSUM 0x00000004 /* display all summary lines */ 570Sstevel@tonic-gate #define F_DTAIL 0x00000008 /* display detail lines */ 580Sstevel@tonic-gate #define F_TIME 0x00000010 /* display time */ 590Sstevel@tonic-gate #define F_ATIME 0x00000020 /* display absolute time */ 600Sstevel@tonic-gate #define F_RTIME 0x00000040 /* display relative time */ 610Sstevel@tonic-gate #define F_DROPS 0x00000080 /* display drops */ 620Sstevel@tonic-gate #define F_LEN 0x00000100 /* display pkt length */ 630Sstevel@tonic-gate #define F_NUM 0x00000200 /* display pkt number */ 640Sstevel@tonic-gate #define F_WHO 0x00000400 /* display src/dst */ 650Sstevel@tonic-gate 660Sstevel@tonic-gate #define MAXLINE (1088) /* max len of detail line */ 670Sstevel@tonic-gate 680Sstevel@tonic-gate /* 690Sstevel@tonic-gate * The RPC XID cache structure. 700Sstevel@tonic-gate * When analyzing RPC protocols we 710Sstevel@tonic-gate * have to cache the xid of the RPC 720Sstevel@tonic-gate * request together with the program 730Sstevel@tonic-gate * number, proc, version etc since this 740Sstevel@tonic-gate * information is missing in the reply 750Sstevel@tonic-gate * packet. Using the xid in the reply 760Sstevel@tonic-gate * we can lookup this previously stashed 770Sstevel@tonic-gate * information in the cache. 780Sstevel@tonic-gate * 790Sstevel@tonic-gate * For RPCSEC_GSS flavor, some special processing is 800Sstevel@tonic-gate * needed for the argument interpretation based on its 810Sstevel@tonic-gate * control procedure and service type. This information 820Sstevel@tonic-gate * is stored in the cache table during interpretation of 830Sstevel@tonic-gate * the rpc header and will be referenced later when the rpc 840Sstevel@tonic-gate * argument is interpreted. 850Sstevel@tonic-gate */ 860Sstevel@tonic-gate #define XID_CACHE_SIZE 256 870Sstevel@tonic-gate struct cache_struct { 880Sstevel@tonic-gate int xid_num; /* RPC transaction id */ 890Sstevel@tonic-gate int xid_frame; /* Packet number */ 900Sstevel@tonic-gate int xid_prog; /* RPC program number */ 910Sstevel@tonic-gate int xid_vers; /* RPC version number */ 920Sstevel@tonic-gate int xid_proc; /* RPC procedure number */ 930Sstevel@tonic-gate unsigned int xid_gss_proc; /* control procedure */ 940Sstevel@tonic-gate int xid_gss_service; /* none, integ, priv */ 950Sstevel@tonic-gate } xid_cache[XID_CACHE_SIZE]; 960Sstevel@tonic-gate 970Sstevel@tonic-gate 980Sstevel@tonic-gate /* 990Sstevel@tonic-gate * The following macros advance the pointer passed to them. They 1000Sstevel@tonic-gate * assume they are given a char *. 1010Sstevel@tonic-gate */ 1020Sstevel@tonic-gate #define GETINT8(v, ptr) { \ 1030Sstevel@tonic-gate (v) = (*(ptr)++); \ 1040Sstevel@tonic-gate } 1050Sstevel@tonic-gate 1060Sstevel@tonic-gate #define GETINT16(v, ptr) { \ 1070Sstevel@tonic-gate (v) = *(ptr)++ << 8; \ 1080Sstevel@tonic-gate (v) |= *(ptr)++; \ 1090Sstevel@tonic-gate } 1100Sstevel@tonic-gate 1110Sstevel@tonic-gate #define GETINT32(v, ptr) { \ 1120Sstevel@tonic-gate (v) = *(ptr)++ << 8; \ 1130Sstevel@tonic-gate (v) |= *(ptr)++; (v) <<= 8; \ 1140Sstevel@tonic-gate (v) |= *(ptr)++; (v) <<= 8; \ 1150Sstevel@tonic-gate (v) |= *(ptr)++; \ 1160Sstevel@tonic-gate } 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate /* 1190Sstevel@tonic-gate * Used to print nested protocol layers. For example, an ip datagram included 1200Sstevel@tonic-gate * in an icmp error, or a PPP packet included in an LCP protocol reject.. 1210Sstevel@tonic-gate */ 1220Sstevel@tonic-gate extern char *prot_nest_prefix; 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate extern char *get_sum_line(void); 1250Sstevel@tonic-gate extern char *get_detail_line(int, int); 126*10616SSebastien.Roy@Sun.COM extern int want_packet(uchar_t *, int, int); 1272760Sdg199075 extern void set_vlan_id(int); 1280Sstevel@tonic-gate extern struct timeval prev_time; 1291676Sjpk extern void process_pkt(struct sb_hdr *, char *, int, int); 1300Sstevel@tonic-gate extern char *getflag(int, int, char *, char *); 1310Sstevel@tonic-gate extern void show_header(char *, char *, int); 132*10616SSebastien.Roy@Sun.COM extern void show_count(void); 1330Sstevel@tonic-gate extern void xdr_init(char *, int); 1340Sstevel@tonic-gate extern char *get_line(int, int); 1350Sstevel@tonic-gate extern int get_line_remain(void); 1360Sstevel@tonic-gate extern char getxdr_char(void); 1370Sstevel@tonic-gate extern char showxdr_char(char *); 1380Sstevel@tonic-gate extern uchar_t getxdr_u_char(void); 1390Sstevel@tonic-gate extern uchar_t showxdr_u_char(char *); 1400Sstevel@tonic-gate extern short getxdr_short(void); 1410Sstevel@tonic-gate extern short showxdr_short(char *); 1420Sstevel@tonic-gate extern ushort_t getxdr_u_short(void); 1430Sstevel@tonic-gate extern ushort_t showxdr_u_short(char *); 1440Sstevel@tonic-gate extern long getxdr_long(void); 1450Sstevel@tonic-gate extern long showxdr_long(char *); 1460Sstevel@tonic-gate extern ulong_t getxdr_u_long(void); 1470Sstevel@tonic-gate extern ulong_t showxdr_u_long(char *); 1480Sstevel@tonic-gate extern longlong_t getxdr_longlong(void); 1490Sstevel@tonic-gate extern longlong_t showxdr_longlong(char *); 150132Srobinson extern u_longlong_t getxdr_u_longlong(void); 151132Srobinson extern u_longlong_t showxdr_u_longlong(char *); 1520Sstevel@tonic-gate extern char *getxdr_opaque(char *, int); 1530Sstevel@tonic-gate extern char *getxdr_string(char *, int); 1540Sstevel@tonic-gate extern char *showxdr_string(int, char *); 1550Sstevel@tonic-gate extern char *getxdr_bytes(uint_t *); 1560Sstevel@tonic-gate extern void xdr_skip(int); 1570Sstevel@tonic-gate extern int getxdr_pos(void); 1580Sstevel@tonic-gate extern void setxdr_pos(int); 1590Sstevel@tonic-gate extern char *getxdr_context(char *, int); 1600Sstevel@tonic-gate extern char *showxdr_context(char *); 1610Sstevel@tonic-gate extern enum_t getxdr_enum(void); 1620Sstevel@tonic-gate extern void show_space(void); 1630Sstevel@tonic-gate extern void show_trailer(void); 1640Sstevel@tonic-gate extern char *getxdr_date(void); 1650Sstevel@tonic-gate extern char *showxdr_date(char *); 1660Sstevel@tonic-gate extern char *getxdr_date_ns(void); 1670Sstevel@tonic-gate char *format_time(int64_t sec, uint32_t nsec); 1680Sstevel@tonic-gate extern char *showxdr_date_ns(char *); 1690Sstevel@tonic-gate extern char *getxdr_hex(int); 1700Sstevel@tonic-gate extern char *showxdr_hex(int, char *); 1710Sstevel@tonic-gate extern bool_t getxdr_bool(void); 1720Sstevel@tonic-gate extern bool_t showxdr_bool(char *); 1730Sstevel@tonic-gate extern char *concat_args(char **, int); 1740Sstevel@tonic-gate extern int pf_compile(char *, int); 1750Sstevel@tonic-gate extern void compile(char *, int); 1760Sstevel@tonic-gate extern void load_names(char *); 1771676Sjpk extern void cap_write(struct sb_hdr *, char *, int, int); 1783628Sss150715 extern void cap_open_read(const char *); 1793628Sss150715 extern void cap_open_write(const char *); 1800Sstevel@tonic-gate extern void cap_read(int, int, int, void (*)(), int); 1810Sstevel@tonic-gate extern void cap_close(void); 1828868SPeter.Memishian@Sun.COM extern boolean_t open_datalink(dlpi_handle_t *, const char *); 1838868SPeter.Memishian@Sun.COM extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *, 1843628Sss150715 struct Pf_ext_packetfilt *); 1853628Sss150715 extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int); 1860Sstevel@tonic-gate extern void click(int); 1870Sstevel@tonic-gate extern void show_pktinfo(int, int, char *, char *, struct timeval *, 1880Sstevel@tonic-gate struct timeval *, int, int); 1890Sstevel@tonic-gate extern void show_line(char *); 1900Sstevel@tonic-gate extern char *getxdr_time(void); 1910Sstevel@tonic-gate extern char *showxdr_time(char *); 1921676Sjpk extern char *addrtoname(int, const void *); 1930Sstevel@tonic-gate extern char *show_string(const char *, int, int); 1941676Sjpk extern void pr_err(const char *, ...); 1953628Sss150715 extern void pr_errdlpi(dlpi_handle_t, const char *, int); 1960Sstevel@tonic-gate extern void check_retransmit(char *, ulong_t); 1970Sstevel@tonic-gate extern char *nameof_prog(int); 1980Sstevel@tonic-gate extern char *getproto(int); 1990Sstevel@tonic-gate extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *); 2000Sstevel@tonic-gate extern void protoprint(int, int, ulong_t, int, int, int, char *, int); 2010Sstevel@tonic-gate extern char *getportname(int, in_port_t); 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate extern void interpret_arp(int, struct arphdr *, int); 2040Sstevel@tonic-gate extern void interpret_bparam(int, int, int, int, int, char *, int); 2054904Srs200217 extern void interpret_dns(int, int, const uchar_t *, int, int); 2060Sstevel@tonic-gate extern void interpret_mount(int, int, int, int, int, char *, int); 2070Sstevel@tonic-gate extern void interpret_nfs(int, int, int, int, int, char *, int); 2080Sstevel@tonic-gate extern void interpret_nfs3(int, int, int, int, int, char *, int); 2090Sstevel@tonic-gate extern void interpret_nfs4(int, int, int, int, int, char *, int); 2100Sstevel@tonic-gate extern void interpret_nfs4_cb(int, int, int, int, int, char *, int); 2110Sstevel@tonic-gate extern void interpret_nfs_acl(int, int, int, int, int, char *, int); 2120Sstevel@tonic-gate extern void interpret_nis(int, int, int, int, int, char *, int); 2130Sstevel@tonic-gate extern void interpret_nisbind(int, int, int, int, int, char *, int); 2140Sstevel@tonic-gate extern void interpret_nlm(int, int, int, int, int, char *, int); 2150Sstevel@tonic-gate extern void interpret_pmap(int, int, int, int, int, char *, int); 2160Sstevel@tonic-gate extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int); 2170Sstevel@tonic-gate extern void interpret_rquota(int, int, int, int, int, char *, int); 2180Sstevel@tonic-gate extern void interpret_rstat(int, int, int, int, int, char *, int); 2190Sstevel@tonic-gate extern void interpret_solarnet_fw(int, int, int, int, int, char *, int); 2200Sstevel@tonic-gate extern void interpret_ldap(int, char *, int, int, int); 2210Sstevel@tonic-gate extern void interpret_icmp(int, struct icmp *, int, int); 2220Sstevel@tonic-gate extern void interpret_icmpv6(int, icmp6_t *, int, int); 2231676Sjpk extern int interpret_ip(int, const struct ip *, int); 2241676Sjpk extern int interpret_ipv6(int, const ip6_t *, int); 2250Sstevel@tonic-gate extern int interpret_ppp(int, uchar_t *, int); 2260Sstevel@tonic-gate extern int interpret_pppoe(int, poep_t *, int); 2271676Sjpk struct tcphdr; 2281676Sjpk extern int interpret_tcp(int, struct tcphdr *, int, int); 2291676Sjpk struct udphdr; 2301676Sjpk extern int interpret_udp(int, struct udphdr *, int, int); 2311676Sjpk extern int interpret_esp(int, uint8_t *, int, int); 2321676Sjpk extern int interpret_ah(int, uint8_t *, int, int); 2331676Sjpk struct sctp_hdr; 2341676Sjpk extern void interpret_sctp(int, struct sctp_hdr *, int, int); 2351676Sjpk extern void interpret_mip_cntrlmsg(int, uchar_t *, int); 2361676Sjpk struct dhcp; 2371676Sjpk extern int interpret_dhcp(int, struct dhcp *, int); 2383431Scarlsonj extern int interpret_dhcpv6(int, const uint8_t *, int); 2391676Sjpk struct tftphdr; 2401676Sjpk extern int interpret_tftp(int, struct tftphdr *, int); 2411676Sjpk extern int interpret_http(int, char *, int); 2421676Sjpk struct ntpdata; 2431676Sjpk extern int interpret_ntp(int, struct ntpdata *, int); 2441676Sjpk extern void interpret_netbios_ns(int, uchar_t *, int); 2451676Sjpk extern void interpret_netbios_datagram(int, uchar_t *, int); 2461676Sjpk extern void interpret_netbios_ses(int, uchar_t *, int); 2471676Sjpk extern void interpret_slp(int, char *, int); 2481676Sjpk struct rip; 2491676Sjpk extern int interpret_rip(int, struct rip *, int); 2501676Sjpk struct rip6; 2511676Sjpk extern int interpret_rip6(int, struct rip6 *, int); 2521676Sjpk extern int interpret_socks_call(int, char *, int); 2531676Sjpk extern int interpret_socks_reply(int, char *, int); 25410491SRishi.Srivatsavai@Sun.COM extern int interpret_trill(int, struct ether_header **, char *, int *); 25510491SRishi.Srivatsavai@Sun.COM extern int interpret_isis(int, char *, int, boolean_t); 25610491SRishi.Srivatsavai@Sun.COM extern int interpret_bpdu(int, char *, int); 2570Sstevel@tonic-gate extern void init_ldap(void); 2580Sstevel@tonic-gate extern boolean_t arp_for_ether(char *, struct ether_addr *); 2590Sstevel@tonic-gate extern char *ether_ouiname(uint32_t); 2601676Sjpk extern char *tohex(char *p, int len); 2610Sstevel@tonic-gate extern char *printether(struct ether_addr *); 2620Sstevel@tonic-gate extern char *print_ethertype(int); 2633431Scarlsonj extern const char *arp_htype(int); 264*10616SSebastien.Roy@Sun.COM extern int valid_rpc(char *, int); 2650Sstevel@tonic-gate 2660Sstevel@tonic-gate /* 2670Sstevel@tonic-gate * Describes characteristics of the Media Access Layer. 2680Sstevel@tonic-gate * The mac_type is one of the supported DLPI media 2690Sstevel@tonic-gate * types (see <sys/dlpi.h>). 2700Sstevel@tonic-gate * The mtu_size is the size of the largest frame. 2712760Sdg199075 * network_type_offset is where the network type 2722760Sdg199075 * is located in the link layer header. 2730Sstevel@tonic-gate * The header length is returned by a function to 2740Sstevel@tonic-gate * allow for variable header size - for ethernet it's 2750Sstevel@tonic-gate * just a constant 14 octets. 2760Sstevel@tonic-gate * The interpreter is the function that "knows" how 2770Sstevel@tonic-gate * to interpret the frame. 2782760Sdg199075 * try_kernel_filter tells snoop to first try a kernel 2792760Sdg199075 * filter (because the header size is fixed, or if it could 2802760Sdg199075 * be of variable size where the variable size is easy for a kernel 2812760Sdg199075 * filter to handle, for example, Ethernet and VLAN tags) 2822760Sdg199075 * and only use a user space filter if the filter expression 2832760Sdg199075 * cannot be expressed in kernel space. 2840Sstevel@tonic-gate */ 285*10616SSebastien.Roy@Sun.COM typedef uint_t (interpreter_fn_t)(int, char *, int, int); 286*10616SSebastien.Roy@Sun.COM typedef uint_t (headerlen_fn_t)(char *, size_t); 2870Sstevel@tonic-gate typedef struct interface { 2888023SPhil.Kirk@Sun.COM uint_t mac_type; 2898023SPhil.Kirk@Sun.COM uint_t mtu_size; 2908023SPhil.Kirk@Sun.COM uint_t network_type_offset; 2918023SPhil.Kirk@Sun.COM size_t network_type_len; 2928023SPhil.Kirk@Sun.COM uint_t network_type_ip; 2938023SPhil.Kirk@Sun.COM uint_t network_type_ipv6; 294*10616SSebastien.Roy@Sun.COM headerlen_fn_t *header_len; 295*10616SSebastien.Roy@Sun.COM interpreter_fn_t *interpreter; 2968023SPhil.Kirk@Sun.COM boolean_t try_kernel_filter; 2970Sstevel@tonic-gate } interface_t; 2980Sstevel@tonic-gate 2990Sstevel@tonic-gate extern interface_t INTERFACES[], *interface; 3000Sstevel@tonic-gate extern char *dlc_header; 3011676Sjpk extern char *src_name, *dst_name; 3021676Sjpk extern char *prot_prefix; 3031676Sjpk extern char *prot_nest_prefix; 3041676Sjpk extern char *prot_title; 3051676Sjpk 3061676Sjpk /* Keep track of how many nested IP headers we have. */ 3071676Sjpk extern unsigned int encap_levels, total_encap_levels; 3081676Sjpk 3091676Sjpk extern int quitting; 3108023SPhil.Kirk@Sun.COM extern boolean_t Iflg, Pflg, rflg; 3111676Sjpk 3120Sstevel@tonic-gate /* 3130Sstevel@tonic-gate * Global error recovery routine: used to reset snoop variables after 3140Sstevel@tonic-gate * catastrophic failure. 3150Sstevel@tonic-gate */ 3160Sstevel@tonic-gate void snoop_recover(void); 3170Sstevel@tonic-gate 3180Sstevel@tonic-gate /* 3190Sstevel@tonic-gate * Global alarm handler structure for managing multiple alarms within 3200Sstevel@tonic-gate * snoop. 3210Sstevel@tonic-gate */ 3220Sstevel@tonic-gate typedef struct snoop_handler { 3230Sstevel@tonic-gate struct snoop_handler *s_next; /* next alarm handler */ 3240Sstevel@tonic-gate time_t s_time; /* time to fire */ 3250Sstevel@tonic-gate void (*s_handler)(); /* alarm handler */ 3260Sstevel@tonic-gate } snoop_handler_t; 3270Sstevel@tonic-gate 3280Sstevel@tonic-gate #define SNOOP_MAXRECOVER 20 /* maxium number of recoveries */ 3290Sstevel@tonic-gate #define SNOOP_ALARM_GRAN 3 /* alarm() timeout multiplier */ 3300Sstevel@tonic-gate 3310Sstevel@tonic-gate /* 3320Sstevel@tonic-gate * Global alarm handler management routine. 3330Sstevel@tonic-gate */ 3340Sstevel@tonic-gate extern int snoop_alarm(int s_sec, void (*s_handler)()); 3350Sstevel@tonic-gate 3363220Sdg199075 /* 3373220Sdg199075 * The next two definitions do not take into account the length 3383220Sdg199075 * of the underlying link header. In order to use them, you must 3393220Sdg199075 * add link_header_len to them. The reason it is not done here is 3403220Sdg199075 * that later these macros are used to initialize a table. 3413220Sdg199075 */ 3423220Sdg199075 #define IPV4_TYPE_HEADER_OFFSET 9 3433220Sdg199075 #define IPV6_TYPE_HEADER_OFFSET 6 3443220Sdg199075 3450Sstevel@tonic-gate #ifdef __cplusplus 3460Sstevel@tonic-gate } 3470Sstevel@tonic-gate #endif 3480Sstevel@tonic-gate 3490Sstevel@tonic-gate #endif /* _SNOOP_H */ 350