1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 *
26 * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
27 */
28
29#ifndef	_SNOOP_H
30#define	_SNOOP_H
31
32#include <rpc/types.h>
33#include <sys/pfmod.h>
34#include <sys/time.h>
35#include <sys/types.h>
36#include <sys/socket.h>
37#include <sys/bufmod.h>
38#include <net/if.h>
39#include <netinet/in.h>
40#include <netinet/if_ether.h>
41#include <netinet/in_systm.h>
42#include <netinet/ip.h>
43#include <netinet/ip6.h>
44#include <netinet/ip_icmp.h>
45#include <netinet/icmp6.h>
46#include <net/pppoe.h>
47#include <libdlpi.h>
48#include <note.h>
49
50#ifdef __cplusplus
51extern "C" {
52#endif
53
54/*
55 * Flags to control packet info display
56 */
57#define	F_NOW		0x00000001	/* display in realtime */
58#define	F_SUM		0x00000002	/* display summary line */
59#define	F_ALLSUM	0x00000004	/* display all summary lines */
60#define	F_DTAIL		0x00000008	/* display detail lines */
61#define	F_TIME		0x00000010	/* display time */
62#define	F_ATIME		0x00000020	/* display absolute time */
63#define	F_RTIME		0x00000040	/* display relative time */
64#define	F_DROPS		0x00000080	/* display drops */
65#define	F_LEN		0x00000100	/* display pkt length */
66#define	F_NUM		0x00000200	/* display pkt number */
67#define	F_WHO		0x00000400	/* display src/dst */
68
69#define	MAXLINE		(1088)		/* max len of detail line */
70
71/*
72 * Transient port structure. See TFTP interpreter.
73 */
74struct ttable {
75	int t_port;
76	int blksize;
77	int (*t_proc)(int, void *, int);
78};
79
80extern int add_transient(int port, int (*proc)(int, void *, int));
81extern struct ttable *is_transient(int port);
82extern void del_transient(int port);
83
84/*
85 * The RPC XID cache structure.
86 * When analyzing RPC protocols we
87 * have to cache the xid of the RPC
88 * request together with the program
89 * number, proc, version etc since this
90 * information is missing in the reply
91 * packet.  Using the xid in the reply
92 * we can lookup this previously stashed
93 * information in the cache.
94 *
95 * For RPCSEC_GSS flavor, some special processing is
96 * needed for the argument interpretation based on its
97 * control procedure and service type.  This information
98 * is stored in the cache table during interpretation of
99 * the rpc header and will be referenced later when the rpc
100 * argument is interpreted.
101 */
102#define	XID_CACHE_SIZE 256
103struct cache_struct {
104	int xid_num;	/* RPC transaction id */
105	int xid_frame;	/* Packet number */
106	int xid_prog;	/* RPC program number */
107	int xid_vers;	/* RPC version number */
108	int xid_proc;	/* RPC procedure number */
109	unsigned int xid_gss_proc; /* control procedure */
110	int xid_gss_service; /* none, integ, priv */
111} xid_cache[XID_CACHE_SIZE];
112
113
114/*
115 * The following macros advance the pointer passed to them.  They
116 * assume they are given a char *.
117 */
118#define	GETINT8(v, ptr) { \
119	(v) = (*(ptr)++); \
120}
121
122#define	GETINT16(v, ptr) { \
123	(v) = *(ptr)++ << 8; \
124	(v) |= *(ptr)++; \
125}
126
127#define	GETINT32(v, ptr) { \
128	(v) = *(ptr)++ << 8; \
129	(v) |= *(ptr)++; (v) <<= 8; \
130	(v) |= *(ptr)++; (v) <<= 8; \
131	(v) |= *(ptr)++; \
132}
133
134/*
135 * Used to print nested protocol layers.  For example, an ip datagram included
136 * in an icmp error, or a PPP packet included in an LCP protocol reject..
137 */
138extern char *prot_nest_prefix;
139
140extern char *get_sum_line(void);
141extern char *get_detail_line(int, int);
142extern int want_packet(uchar_t *, int, int);
143extern void set_vlan_id(int);
144extern struct timeval prev_time;
145extern void process_pkt(struct sb_hdr *, char *, int, int);
146extern char *getflag(int, int, char *, char *);
147extern void show_header(char *, char *, int);
148extern void show_count(void);
149extern void xdr_init(char *, int);
150extern char *get_line(int, int);
151extern int get_line_remain(void);
152extern char getxdr_char(void);
153extern char showxdr_char(char *);
154extern uchar_t getxdr_u_char(void);
155extern uchar_t showxdr_u_char(char *);
156extern short getxdr_short(void);
157extern short showxdr_short(char *);
158extern ushort_t getxdr_u_short(void);
159extern ushort_t showxdr_u_short(char *);
160extern long getxdr_long(void);
161extern long showxdr_long(char *);
162extern ulong_t getxdr_u_long(void);
163extern ulong_t showxdr_u_long(char *);
164extern longlong_t getxdr_longlong(void);
165extern longlong_t showxdr_longlong(char *);
166extern u_longlong_t getxdr_u_longlong(void);
167extern u_longlong_t showxdr_u_longlong(char *);
168extern char *getxdr_opaque(char *, int);
169extern char *getxdr_string(char *, int);
170extern char *showxdr_string(int, char *);
171extern char *getxdr_bytes(uint_t *);
172extern void xdr_skip(int);
173extern int getxdr_pos(void);
174extern void setxdr_pos(int);
175extern char *getxdr_context(char *, int);
176extern char *showxdr_context(char *);
177extern enum_t getxdr_enum(void);
178extern void show_space(void);
179extern void show_trailer(void);
180extern char *getxdr_date(void);
181extern char *showxdr_date(char *);
182extern char *getxdr_date_ns(void);
183char *format_time(int64_t sec, uint32_t nsec);
184extern char *showxdr_date_ns(char *);
185extern char *getxdr_hex(int);
186extern char *showxdr_hex(int, char *);
187extern bool_t getxdr_bool(void);
188extern bool_t showxdr_bool(char *);
189extern char *concat_args(char **, int);
190extern int pf_compile(char *, int);
191extern void compile(char *, int);
192extern void load_names(char *);
193extern void cap_write(struct sb_hdr *, char *, int, int);
194extern void cap_open_read(const char *);
195extern void cap_open_write(const char *);
196extern void cap_read(int, int, int, void (*)(), int);
197extern void cap_close(void);
198extern boolean_t open_datalink(dlpi_handle_t *, const char *);
199extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *,
200    struct Pf_ext_packetfilt *);
201extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int);
202extern void click(int);
203extern void show_pktinfo(int, int, char *, char *, struct timeval *,
204		struct timeval *, int, int);
205extern void show_line(char *);
206/*PRINTFLIKE1*/
207extern void show_printf(char *fmt, ...)
208    __PRINTFLIKE(1);
209extern char *getxdr_time(void);
210extern char *showxdr_time(char *);
211extern char *addrtoname(int, const void *);
212extern char *show_string(const char *, int, int);
213extern void pr_err(const char *, ...);
214extern void pr_errdlpi(dlpi_handle_t, const char *, int);
215extern void check_retransmit(char *, ulong_t);
216extern char *nameof_prog(int);
217extern char *getproto(int);
218extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *);
219extern void protoprint(int, int, ulong_t, int, int, int, char *, int);
220extern char *getportname(int, in_port_t);
221
222extern void interpret_arp(int, struct arphdr *, int);
223extern void interpret_bparam(int, int, int, int, int, char *, int);
224extern void interpret_dns(int, int, const uchar_t *, int, int);
225extern void interpret_mount(int, int, int, int, int, char *, int);
226extern void interpret_nfs(int, int, int, int, int, char *, int);
227extern void interpret_nfs3(int, int, int, int, int, char *, int);
228extern void interpret_nfs4(int, int, int, int, int, char *, int);
229extern void interpret_nfs4_cb(int, int, int, int, int, char *, int);
230extern void interpret_nfs_acl(int, int, int, int, int, char *, int);
231extern void interpret_nis(int, int, int, int, int, char *, int);
232extern void interpret_nisbind(int, int, int, int, int, char *, int);
233extern void interpret_nlm(int, int, int, int, int, char *, int);
234extern void interpret_pmap(int, int, int, int, int, char *, int);
235extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int);
236extern void interpret_rquota(int, int, int, int, int, char *, int);
237extern void interpret_rstat(int, int, int, int, int, char *, int);
238extern void interpret_solarnet_fw(int, int, int, int, int, char *, int);
239extern void interpret_ldap(int, char *, int, int, int);
240extern void interpret_icmp(int, struct icmp *, int, int);
241extern void interpret_icmpv6(int, icmp6_t *, int, int);
242extern int interpret_ip(int, const struct ip *, int);
243extern int interpret_ipv6(int, const ip6_t *, int);
244extern int interpret_ppp(int, uchar_t *, int);
245extern int interpret_pppoe(int, poep_t *, int);
246struct tcphdr;
247extern int interpret_tcp(int, struct tcphdr *, int, int);
248struct udphdr;
249extern int interpret_udp(int, struct udphdr *, int, int);
250extern int interpret_esp(int, uint8_t *, int, int);
251extern int interpret_ah(int, uint8_t *, int, int);
252struct sctp_hdr;
253extern void interpret_sctp(int, struct sctp_hdr *, int, int);
254extern void interpret_mip_cntrlmsg(int, uchar_t *, int);
255struct dhcp;
256extern int interpret_dhcp(int, struct dhcp *, int);
257extern int interpret_dhcpv6(int, const uint8_t *, int);
258struct tftphdr;
259extern int interpret_tftp(int, void *, int);
260extern int interpret_http(int, char *, int);
261struct ntpdata;
262extern int interpret_ntp(int, struct ntpdata *, int);
263extern void interpret_netbios_ns(int, uchar_t *, int);
264extern void interpret_netbios_datagram(int, uchar_t *, int);
265extern void interpret_netbios_ses(int, uchar_t *, int);
266extern int interpret_slp(int, void *, int);
267struct rip;
268extern int interpret_rip(int, struct rip *, int);
269struct rip6;
270extern int interpret_rip6(int, struct rip6 *, int);
271extern int interpret_socks_call(int, char *, int);
272extern int interpret_socks_reply(int, char *, int);
273extern int interpret_trill(int, struct ether_header **, char *, int *);
274extern int interpret_isis(int, char *, int, boolean_t);
275extern int interpret_bpdu(int, char *, int);
276extern void init_ldap(void);
277extern boolean_t arp_for_ether(char *, struct ether_addr *);
278extern char *ether_ouiname(uint32_t);
279extern char *tohex(char *p, int len);
280extern char *printether(struct ether_addr *);
281extern char *print_ethertype(int);
282extern const char *arp_htype(int);
283extern int valid_rpc(char *, int);
284
285/*
286 * Describes characteristics of the Media Access Layer.
287 * The mac_type is one of the supported DLPI media
288 * types (see <sys/dlpi.h>).
289 * The mtu_size is the size of the largest frame.
290 * network_type_offset is where the network type
291 * is located in the link layer header.
292 * The header length is returned by a function to
293 * allow for variable header size - for ethernet it's
294 * just a constant 14 octets.
295 * The interpreter is the function that "knows" how
296 * to interpret the frame.
297 * try_kernel_filter tells snoop to first try a kernel
298 * filter (because the header size is fixed, or if it could
299 * be of variable size where the variable size is easy for a kernel
300 * filter to handle, for example, Ethernet and VLAN tags)
301 * and only use a user space filter if the filter expression
302 * cannot be expressed in kernel space.
303 */
304typedef uint_t (interpreter_fn_t)(int, char *, int, int);
305typedef uint_t (headerlen_fn_t)(char *, size_t);
306typedef struct interface {
307	uint_t		mac_type;
308	uint_t		mtu_size;
309	uint_t		network_type_offset;
310	size_t		network_type_len;
311	uint_t		network_type_ip;
312	uint_t		network_type_ipv6;
313	headerlen_fn_t	*header_len;
314	interpreter_fn_t *interpreter;
315	boolean_t	try_kernel_filter;
316} interface_t;
317
318extern interface_t INTERFACES[], *interface;
319extern char *dlc_header;
320extern char *src_name, *dst_name;
321extern char *prot_prefix;
322extern char *prot_nest_prefix;
323extern char *prot_title;
324
325/* Keep track of how many nested IP headers we have. */
326extern unsigned int encap_levels, total_encap_levels;
327
328extern int quitting;
329extern boolean_t Iflg, Pflg, rflg;
330
331/*
332 * Global error recovery routine: used to reset snoop variables after
333 * catastrophic failure.
334 */
335void snoop_recover(void);
336
337/*
338 * Global alarm handler structure for managing multiple alarms within
339 * snoop.
340 */
341typedef struct snoop_handler {
342	struct snoop_handler *s_next;		/* next alarm handler */
343	time_t s_time;				/* time to fire */
344	void (*s_handler)();			/* alarm handler */
345} snoop_handler_t;
346
347#define	SNOOP_MAXRECOVER	20	/* maxium number of recoveries */
348#define	SNOOP_ALARM_GRAN	3	/* alarm() timeout multiplier */
349
350/*
351 * Global alarm handler management routine.
352 */
353extern int snoop_alarm(int s_sec, void (*s_handler)());
354
355/*
356 * The next two definitions do not take into account the length
357 * of the underlying link header.  In order to use them, you must
358 * add link_header_len to them.  The reason it is not done here is
359 * that later these macros are used to initialize a table.
360 */
361#define	IPV4_TYPE_HEADER_OFFSET 9
362#define	IPV6_TYPE_HEADER_OFFSET 6
363
364#ifdef __cplusplus
365}
366#endif
367
368#endif	/* _SNOOP_H */
369