297c478bdstevel@tonic-gate#ifndef	_SNOOP_H
307c478bdstevel@tonic-gate#define	_SNOOP_H
327c478bdstevel@tonic-gate#include <rpc/types.h>
337c478bdstevel@tonic-gate#include <sys/pfmod.h>
347c478bdstevel@tonic-gate#include <sys/time.h>
357c478bdstevel@tonic-gate#include <sys/types.h>
367c478bdstevel@tonic-gate#include <sys/socket.h>
3745916cdjpk#include <sys/bufmod.h>
387c478bdstevel@tonic-gate#include <net/if.h>
397c478bdstevel@tonic-gate#include <netinet/in.h>
407c478bdstevel@tonic-gate#include <netinet/if_ether.h>
417c478bdstevel@tonic-gate#include <netinet/in_systm.h>
427c478bdstevel@tonic-gate#include <netinet/ip.h>
437c478bdstevel@tonic-gate#include <netinet/ip6.h>
447c478bdstevel@tonic-gate#include <netinet/ip_icmp.h>
457c478bdstevel@tonic-gate#include <netinet/icmp6.h>
467c478bdstevel@tonic-gate#include <net/pppoe.h>
47c7e4935ss#include <libdlpi.h>
48741913fGordon Ross#include <note.h>
507c478bdstevel@tonic-gate#ifdef __cplusplus
517c478bdstevel@tonic-gateextern "C" {
557c478bdstevel@tonic-gate * Flags to control packet info display
567c478bdstevel@tonic-gate */
577c478bdstevel@tonic-gate#define	F_NOW		0x00000001	/* display in realtime */
587c478bdstevel@tonic-gate#define	F_SUM		0x00000002	/* display summary line */
597c478bdstevel@tonic-gate#define	F_ALLSUM	0x00000004	/* display all summary lines */
607c478bdstevel@tonic-gate#define	F_DTAIL		0x00000008	/* display detail lines */
617c478bdstevel@tonic-gate#define	F_TIME		0x00000010	/* display time */
627c478bdstevel@tonic-gate#define	F_ATIME		0x00000020	/* display absolute time */
637c478bdstevel@tonic-gate#define	F_RTIME		0x00000040	/* display relative time */
647c478bdstevel@tonic-gate#define	F_DROPS		0x00000080	/* display drops */
657c478bdstevel@tonic-gate#define	F_LEN		0x00000100	/* display pkt length */
667c478bdstevel@tonic-gate#define	F_NUM		0x00000200	/* display pkt number */
677c478bdstevel@tonic-gate#define	F_WHO		0x00000400	/* display src/dst */
697c478bdstevel@tonic-gate#define	MAXLINE		(1088)		/* max len of detail line */
725b8f338Toomas Soome * Transient port structure. See TFTP interpreter.
735b8f338Toomas Soome */
745b8f338Toomas Soomestruct ttable {
755b8f338Toomas Soome	int t_port;
765b8f338Toomas Soome	int blksize;
775b8f338Toomas Soome	int (*t_proc)(int, void *, int);
785b8f338Toomas Soome};
795b8f338Toomas Soome
805b8f338Toomas Soomeextern int add_transient(int port, int (*proc)(int, void *, int));
815b8f338Toomas Soomeextern struct ttable *is_transient(int port);
825b8f338Toomas Soomeextern void del_transient(int port);
835b8f338Toomas Soome
845b8f338Toomas Soome/*
857c478bdstevel@tonic-gate * The RPC XID cache structure.
867c478bdstevel@tonic-gate * When analyzing RPC protocols we
877c478bdstevel@tonic-gate * have to cache the xid of the RPC
887c478bdstevel@tonic-gate * request together with the program
897c478bdstevel@tonic-gate * number, proc, version etc since this
907c478bdstevel@tonic-gate * information is missing in the reply
917c478bdstevel@tonic-gate * packet.  Using the xid in the reply
927c478bdstevel@tonic-gate * we can lookup this previously stashed
937c478bdstevel@tonic-gate * information in the cache.
947c478bdstevel@tonic-gate *
957c478bdstevel@tonic-gate * For RPCSEC_GSS flavor, some special processing is
967c478bdstevel@tonic-gate * needed for the argument interpretation based on its
977c478bdstevel@tonic-gate * control procedure and service type.  This information
987c478bdstevel@tonic-gate * is stored in the cache table during interpretation of
997c478bdstevel@tonic-gate * the rpc header and will be referenced later when the rpc
1007c478bdstevel@tonic-gate * argument is interpreted.
1017c478bdstevel@tonic-gate */
1027c478bdstevel@tonic-gate#define	XID_CACHE_SIZE 256
1037c478bdstevel@tonic-gatestruct cache_struct {
1047c478bdstevel@tonic-gate	int xid_num;	/* RPC transaction id */
1057c478bdstevel@tonic-gate	int xid_frame;	/* Packet number */
1067c478bdstevel@tonic-gate	int xid_prog;	/* RPC program number */
1077c478bdstevel@tonic-gate	int xid_vers;	/* RPC version number */
1087c478bdstevel@tonic-gate	int xid_proc;	/* RPC procedure number */
1097c478bdstevel@tonic-gate	unsigned int xid_gss_proc; /* control procedure */
1107c478bdstevel@tonic-gate	int xid_gss_service; /* none, integ, priv */
1117c478bdstevel@tonic-gate} xid_cache[XID_CACHE_SIZE];
1157c478bdstevel@tonic-gate * The following macros advance the pointer passed to them.  They
1167c478bdstevel@tonic-gate * assume they are given a char *.
1177c478bdstevel@tonic-gate */
1187c478bdstevel@tonic-gate#define	GETINT8(v, ptr) { \
1197c478bdstevel@tonic-gate	(v) = (*(ptr)++); \
1227c478bdstevel@tonic-gate#define	GETINT16(v, ptr) { \
1237c478bdstevel@tonic-gate	(v) = *(ptr)++ << 8; \
1247c478bdstevel@tonic-gate	(v) |= *(ptr)++; \
1277c478bdstevel@tonic-gate#define	GETINT32(v, ptr) { \
1287c478bdstevel@tonic-gate	(v) = *(ptr)++ << 8; \
1297c478bdstevel@tonic-gate	(v) |= *(ptr)++; (v) <<= 8; \
1307c478bdstevel@tonic-gate	(v) |= *(ptr)++; (v) <<= 8; \
1317c478bdstevel@tonic-gate	(v) |= *(ptr)++; \
1357c478bdstevel@tonic-gate * Used to print nested protocol layers.  For example, an ip datagram included
1367c478bdstevel@tonic-gate * in an icmp error, or a PPP packet included in an LCP protocol reject..
1377c478bdstevel@tonic-gate */
1387c478bdstevel@tonic-gateextern char *prot_nest_prefix;
1407c478bdstevel@tonic-gateextern char *get_sum_line(void);
1417c478bdstevel@tonic-gateextern char *get_detail_line(int, int);
1422b24ab6Sebastien Royextern int want_packet(uchar_t *, int, int);
143605445ddgextern void set_vlan_id(int);
1447c478bdstevel@tonic-gateextern struct timeval prev_time;
14545916cdjpkextern void process_pkt(struct sb_hdr *, char *, int, int);
1467c478bdstevel@tonic-gateextern char *getflag(int, int, char *, char *);
1477c478bdstevel@tonic-gateextern void show_header(char *, char *, int);
1482b24ab6Sebastien Royextern void show_count(void);
1497c478bdstevel@tonic-gateextern void xdr_init(char *, int);
1507c478bdstevel@tonic-gateextern char *get_line(int, int);
1517c478bdstevel@tonic-gateextern int get_line_remain(void);
1527c478bdstevel@tonic-gateextern char getxdr_char(void);
1537c478bdstevel@tonic-gateextern char showxdr_char(char *);
1547c478bdstevel@tonic-gateextern uchar_t getxdr_u_char(void);
1557c478bdstevel@tonic-gateextern uchar_t showxdr_u_char(char *);
1567c478bdstevel@tonic-gateextern short getxdr_short(void);
1577c478bdstevel@tonic-gateextern short showxdr_short(char *);
1587c478bdstevel@tonic-gateextern ushort_t getxdr_u_short(void);
1597c478bdstevel@tonic-gateextern ushort_t showxdr_u_short(char *);
1607c478bdstevel@tonic-gateextern long getxdr_long(void);
1617c478bdstevel@tonic-gateextern long showxdr_long(char *);
1627c478bdstevel@tonic-gateextern ulong_t getxdr_u_long(void);
1637c478bdstevel@tonic-gateextern ulong_t showxdr_u_long(char *);
1647c478bdstevel@tonic-gateextern longlong_t getxdr_longlong(void);
1657c478bdstevel@tonic-gateextern longlong_t showxdr_longlong(char *);
16661961e0robinsonextern u_longlong_t getxdr_u_longlong(void);
16761961e0robinsonextern u_longlong_t showxdr_u_longlong(char *);
1687c478bdstevel@tonic-gateextern char *getxdr_opaque(char *, int);
1697c478bdstevel@tonic-gateextern char *getxdr_string(char *, int);
1707c478bdstevel@tonic-gateextern char *showxdr_string(int, char *);
1717c478bdstevel@tonic-gateextern char *getxdr_bytes(uint_t *);
1727c478bdstevel@tonic-gateextern void xdr_skip(int);
1737c478bdstevel@tonic-gateextern int getxdr_pos(void);
1747c478bdstevel@tonic-gateextern void setxdr_pos(int);
1757c478bdstevel@tonic-gateextern char *getxdr_context(char *, int);
1767c478bdstevel@tonic-gateextern char *showxdr_context(char *);
1777c478bdstevel@tonic-gateextern enum_t getxdr_enum(void);
1787c478bdstevel@tonic-gateextern void show_space(void);
1797c478bdstevel@tonic-gateextern void show_trailer(void);
1807c478bdstevel@tonic-gateextern char *getxdr_date(void);
1817c478bdstevel@tonic-gateextern char *showxdr_date(char *);
1827c478bdstevel@tonic-gateextern char *getxdr_date_ns(void);
1837c478bdstevel@tonic-gatechar *format_time(int64_t sec, uint32_t nsec);
1847c478bdstevel@tonic-gateextern char *showxdr_date_ns(char *);
1857c478bdstevel@tonic-gateextern char *getxdr_hex(int);
1867c478bdstevel@tonic-gateextern char *showxdr_hex(int, char *);
1877c478bdstevel@tonic-gateextern bool_t getxdr_bool(void);
1887c478bdstevel@tonic-gateextern bool_t showxdr_bool(char *);
1897c478bdstevel@tonic-gateextern char *concat_args(char **, int);
1907c478bdstevel@tonic-gateextern int pf_compile(char *, int);
1917c478bdstevel@tonic-gateextern void compile(char *, int);
1927c478bdstevel@tonic-gateextern void load_names(char *);
19345916cdjpkextern void cap_write(struct sb_hdr *, char *, int, int);
194c7e4935ssextern void cap_open_read(const char *);
195c7e4935ssextern void cap_open_write(const char *);
1967c478bdstevel@tonic-gateextern void cap_read(int, int, int, void (*)(), int);
1977c478bdstevel@tonic-gateextern void cap_close(void);
198b78ff64meemextern boolean_t open_datalink(dlpi_handle_t *, const char *);
199b78ff64meemextern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *,
200c7e4935ss    struct Pf_ext_packetfilt *);
201c7e4935ssextern void net_read(dlpi_handle_t, size_t, int, void (*)(), int);
2027c478bdstevel@tonic-gateextern void click(int);
2037c478bdstevel@tonic-gateextern void show_pktinfo(int, int, char *, char *, struct timeval *,
2047c478bdstevel@tonic-gate		struct timeval *, int, int);
2057c478bdstevel@tonic-gateextern void show_line(char *);
206741913fGordon Ross/*PRINTFLIKE1*/
207741913fGordon Rossextern void show_printf(char *fmt, ...)
208741913fGordon Ross    __PRINTFLIKE(1);
2097c478bdstevel@tonic-gateextern char *getxdr_time(void);
2107c478bdstevel@tonic-gateextern char *showxdr_time(char *);
21145916cdjpkextern char *addrtoname(int, const void *);
2127c478bdstevel@tonic-gateextern char *show_string(const char *, int, int);
21345916cdjpkextern void pr_err(const char *, ...);
214c7e4935ssextern void pr_errdlpi(dlpi_handle_t, const char *, int);
2157c478bdstevel@tonic-gateextern void check_retransmit(char *, ulong_t);
2167c478bdstevel@tonic-gateextern char *nameof_prog(int);
2177c478bdstevel@tonic-gateextern char *getproto(int);
2187c478bdstevel@tonic-gateextern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *);
2197c478bdstevel@tonic-gateextern void protoprint(int, int, ulong_t, int, int, int, char *, int);
2207c478bdstevel@tonic-gateextern char *getportname(int, in_port_t);
2227c478bdstevel@tonic-gateextern void interpret_arp(int, struct arphdr *, int);
2237c478bdstevel@tonic-gateextern void interpret_bparam(int, int, int, int, int, char *, int);
2244b22b93rsextern void interpret_dns(int, int, const uchar_t *, int, int);
2257c478bdstevel@tonic-gateextern void interpret_mount(int, int, int, int, int, char *, int);
2267c478bdstevel@tonic-gateextern void interpret_nfs(int, int, int, int, int, char *, int);
2277c478bdstevel@tonic-gateextern void interpret_nfs3(int, int, int, int, int, char *, int);
2287c478bdstevel@tonic-gateextern void interpret_nfs4(int, int, int, int, int, char *, int);
2297c478bdstevel@tonic-gateextern void interpret_nfs4_cb(int, int, int, int, int, char *, int);
2307c478bdstevel@tonic-gateextern void interpret_nfs_acl(int, int, int, int, int, char *, int);
2317c478bdstevel@tonic-gateextern void interpret_nis(int, int, int, int, int, char *, int);
2327c478bdstevel@tonic-gateextern void interpret_nisbind(int, int, int, int, int, char *, int);
2337c478bdstevel@tonic-gateextern void interpret_nlm(int, int, int, int, int, char *, int);
2347c478bdstevel@tonic-gateextern void interpret_pmap(int, int, int, int, int, char *, int);
2357c478bdstevel@tonic-gateextern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int);
2367c478bdstevel@tonic-gateextern void interpret_rquota(int, int, int, int, int, char *, int);
2377c478bdstevel@tonic-gateextern void interpret_rstat(int, int, int, int, int, char *, int);
2387c478bdstevel@tonic-gateextern void interpret_solarnet_fw(int, int, int, int, int, char *, int);
2397c478bdstevel@tonic-gateextern void interpret_ldap(int, char *, int, int, int);
2407c478bdstevel@tonic-gateextern void interpret_icmp(int, struct icmp *, int, int);
2417c478bdstevel@tonic-gateextern void interpret_icmpv6(int, icmp6_t *, int, int);
24245916cdjpkextern int interpret_ip(int, const struct ip *, int);
24345916cdjpkextern int interpret_ipv6(int, const ip6_t *, int);
2447c478bdstevel@tonic-gateextern int interpret_ppp(int, uchar_t *, int);
2457c478bdstevel@tonic-gateextern int interpret_pppoe(int, poep_t *, int);
24645916cdjpkstruct tcphdr;
24745916cdjpkextern int interpret_tcp(int, struct tcphdr *, int, int);
24845916cdjpkstruct udphdr;
24945916cdjpkextern int interpret_udp(int, struct udphdr *, int, int);
25045916cdjpkextern int interpret_esp(int, uint8_t *, int, int);
25145916cdjpkextern int interpret_ah(int, uint8_t *, int, int);
25245916cdjpkstruct sctp_hdr;
25345916cdjpkextern void interpret_sctp(int, struct sctp_hdr *, int, int);
25445916cdjpkextern void interpret_mip_cntrlmsg(int, uchar_t *, int);
25545916cdjpkstruct dhcp;
25645916cdjpkextern int interpret_dhcp(int, struct dhcp *, int);
257d04ccbbcarlsonjextern int interpret_dhcpv6(int, const uint8_t *, int);
25845916cdjpkstruct tftphdr;
2595b8f338Toomas Soomeextern int interpret_tftp(int, void *, int);
26045916cdjpkextern int interpret_http(int, char *, int);
26145916cdjpkstruct ntpdata;
26245916cdjpkextern int interpret_ntp(int, struct ntpdata *, int);
26345916cdjpkextern void interpret_netbios_ns(int, uchar_t *, int);
26445916cdjpkextern void interpret_netbios_datagram(int, uchar_t *, int);
26545916cdjpkextern void interpret_netbios_ses(int, uchar_t *, int);
266d6913e0Toomas Soomeextern int interpret_slp(int, void *, int);
26745916cdjpkstruct rip;
26845916cdjpkextern int interpret_rip(int, struct rip *, int);
26945916cdjpkstruct rip6;
27045916cdjpkextern int interpret_rip6(int, struct rip6 *, int);
27145916cdjpkextern int interpret_socks_call(int, char *, int);
27245916cdjpkextern int interpret_socks_reply(int, char *, int);
2734eaa471Rishi Srivatsavaiextern int interpret_trill(int, struct ether_header **, char *, int *);
2744eaa471Rishi Srivatsavaiextern int interpret_isis(int, char *, int, boolean_t);
2754eaa471Rishi Srivatsavaiextern int interpret_bpdu(int, char *, int);
2767c478bdstevel@tonic-gateextern void init_ldap(void);
2777c478bdstevel@tonic-gateextern boolean_t arp_for_ether(char *, struct ether_addr *);
2787c478bdstevel@tonic-gateextern char *ether_ouiname(uint32_t);
27945916cdjpkextern char *tohex(char *p, int len);
2807c478bdstevel@tonic-gateextern char *printether(struct ether_addr *);
2817c478bdstevel@tonic-gateextern char *print_ethertype(int);
282d04ccbbcarlsonjextern const char *arp_htype(int);
2832b24ab6Sebastien Royextern int valid_rpc(char *, int);
2867c478bdstevel@tonic-gate * Describes characteristics of the Media Access Layer.
2877c478bdstevel@tonic-gate * The mac_type is one of the supported DLPI media
2887c478bdstevel@tonic-gate * types (see <sys/dlpi.h>).
2897c478bdstevel@tonic-gate * The mtu_size is the size of the largest frame.
290605445ddg * network_type_offset is where the network type
291605445ddg * is located in the link layer header.
2927c478bdstevel@tonic-gate * The header length is returned by a function to
2937c478bdstevel@tonic-gate * allow for variable header size - for ethernet it's
2947c478bdstevel@tonic-gate * just a constant 14 octets.
2957c478bdstevel@tonic-gate * The interpreter is the function that "knows" how
2967c478bdstevel@tonic-gate * to interpret the frame.
297605445ddg * try_kernel_filter tells snoop to first try a kernel
298605445ddg * filter (because the header size is fixed, or if it could
299605445ddg * be of variable size where the variable size is easy for a kernel
300605445ddg * filter to handle, for example, Ethernet and VLAN tags)
301605445ddg * and only use a user space filter if the filter expression
302605445ddg * cannot be expressed in kernel space.
3037c478bdstevel@tonic-gate */
3042b24ab6Sebastien Roytypedef uint_t (interpreter_fn_t)(int, char *, int, int);
3052b24ab6Sebastien Roytypedef uint_t (headerlen_fn_t)(char *, size_t);
3067c478bdstevel@tonic-gatetypedef struct interface {
307b127ac4Philip Kirk	uint_t		mac_type;
308b127ac4Philip Kirk	uint_t		mtu_size;
3095b8f338Toomas Soome	uint_t		network_type_offset;
310b127ac4Philip Kirk	size_t		network_type_len;
311b127ac4Philip Kirk	uint_t		network_type_ip;
312b127ac4Philip Kirk	uint_t		network_type_ipv6;
3132b24ab6Sebastien Roy	headerlen_fn_t	*header_len;
3142b24ab6Sebastien Roy	interpreter_fn_t *interpreter;
315b127ac4Philip Kirk	boolean_t	try_kernel_filter;
3167c478bdstevel@tonic-gate} interface_t;
3187c478bdstevel@tonic-gateextern interface_t INTERFACES[], *interface;
3197c478bdstevel@tonic-gateextern char *dlc_header;
32045916cdjpkextern char *src_name, *dst_name;
32145916cdjpkextern char *prot_prefix;
32245916cdjpkextern char *prot_nest_prefix;
32345916cdjpkextern char *prot_title;
32545916cdjpk/* Keep track of how many nested IP headers we have. */
32645916cdjpkextern unsigned int encap_levels, total_encap_levels;
32845916cdjpkextern int quitting;
329b127ac4Philip Kirkextern boolean_t Iflg, Pflg, rflg;
3327c478bdstevel@tonic-gate * Global error recovery routine: used to reset snoop variables after
3337c478bdstevel@tonic-gate * catastrophic failure.
3347c478bdstevel@tonic-gate */
3357c478bdstevel@tonic-gatevoid snoop_recover(void);
3387c478bdstevel@tonic-gate * Global alarm handler structure for managing multiple alarms within
3397c478bdstevel@tonic-gate * snoop.
3407c478bdstevel@tonic-gate */
3417c478bdstevel@tonic-gatetypedef struct snoop_handler {
3427c478bdstevel@tonic-gate	struct snoop_handler *s_next;		/* next alarm handler */
3437c478bdstevel@tonic-gate	time_t s_time;				/* time to fire */
3447c478bdstevel@tonic-gate	void (*s_handler)();			/* alarm handler */
3457c478bdstevel@tonic-gate} snoop_handler_t;
3477c478bdstevel@tonic-gate#define	SNOOP_MAXRECOVER	20	/* maxium number of recoveries */
3487c478bdstevel@tonic-gate#define	SNOOP_ALARM_GRAN	3	/* alarm() timeout multiplier */
3517c478bdstevel@tonic-gate * Global alarm handler management routine.
3527c478bdstevel@tonic-gate */
3537c478bdstevel@tonic-gateextern int snoop_alarm(int s_sec, void (*s_handler)());
3560990bc3dg * The next two definitions do not take into account the length
3570990bc3dg * of the underlying link header.  In order to use them, you must
3580990bc3dg * add link_header_len to them.  The reason it is not done here is
3590990bc3dg * that later these macros are used to initialize a table.
3600990bc3dg */
3610990bc3dg#define	IPV4_TYPE_HEADER_OFFSET 9
3620990bc3dg#define	IPV6_TYPE_HEADER_OFFSET 6
3647c478bdstevel@tonic-gate#ifdef __cplusplus
3687c478bdstevel@tonic-gate#endif	/* _SNOOP_H */