1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #ifndef _SNOOP_H 28*7c478bd9Sstevel@tonic-gate #define _SNOOP_H 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" /* SunOS */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #include <rpc/types.h> 33*7c478bd9Sstevel@tonic-gate #include <sys/pfmod.h> 34*7c478bd9Sstevel@tonic-gate #include <sys/time.h> 35*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 36*7c478bd9Sstevel@tonic-gate #include <sys/socket.h> 37*7c478bd9Sstevel@tonic-gate #include <net/if.h> 38*7c478bd9Sstevel@tonic-gate #include <netinet/in.h> 39*7c478bd9Sstevel@tonic-gate #include <netinet/if_ether.h> 40*7c478bd9Sstevel@tonic-gate #include <netinet/in_systm.h> 41*7c478bd9Sstevel@tonic-gate #include <netinet/ip.h> 42*7c478bd9Sstevel@tonic-gate #include <netinet/ip6.h> 43*7c478bd9Sstevel@tonic-gate #include <netinet/ip_icmp.h> 44*7c478bd9Sstevel@tonic-gate #include <netinet/icmp6.h> 45*7c478bd9Sstevel@tonic-gate #include <net/pppoe.h> 46*7c478bd9Sstevel@tonic-gate 47*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 48*7c478bd9Sstevel@tonic-gate extern "C" { 49*7c478bd9Sstevel@tonic-gate #endif 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate /* 52*7c478bd9Sstevel@tonic-gate * Flags to control packet info display 53*7c478bd9Sstevel@tonic-gate */ 54*7c478bd9Sstevel@tonic-gate #define F_NOW 0x00000001 /* display in realtime */ 55*7c478bd9Sstevel@tonic-gate #define F_SUM 0x00000002 /* display summary line */ 56*7c478bd9Sstevel@tonic-gate #define F_ALLSUM 0x00000004 /* display all summary lines */ 57*7c478bd9Sstevel@tonic-gate #define F_DTAIL 0x00000008 /* display detail lines */ 58*7c478bd9Sstevel@tonic-gate #define F_TIME 0x00000010 /* display time */ 59*7c478bd9Sstevel@tonic-gate #define F_ATIME 0x00000020 /* display absolute time */ 60*7c478bd9Sstevel@tonic-gate #define F_RTIME 0x00000040 /* display relative time */ 61*7c478bd9Sstevel@tonic-gate #define F_DROPS 0x00000080 /* display drops */ 62*7c478bd9Sstevel@tonic-gate #define F_LEN 0x00000100 /* display pkt length */ 63*7c478bd9Sstevel@tonic-gate #define F_NUM 0x00000200 /* display pkt number */ 64*7c478bd9Sstevel@tonic-gate #define F_WHO 0x00000400 /* display src/dst */ 65*7c478bd9Sstevel@tonic-gate 66*7c478bd9Sstevel@tonic-gate #define MAXLINE (1088) /* max len of detail line */ 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate #define MAX_HDRTRAILER (64) /* max hdr/trailer packet slack */ 69*7c478bd9Sstevel@tonic-gate 70*7c478bd9Sstevel@tonic-gate /* 71*7c478bd9Sstevel@tonic-gate * The RPC XID cache structure. 72*7c478bd9Sstevel@tonic-gate * When analyzing RPC protocols we 73*7c478bd9Sstevel@tonic-gate * have to cache the xid of the RPC 74*7c478bd9Sstevel@tonic-gate * request together with the program 75*7c478bd9Sstevel@tonic-gate * number, proc, version etc since this 76*7c478bd9Sstevel@tonic-gate * information is missing in the reply 77*7c478bd9Sstevel@tonic-gate * packet. Using the xid in the reply 78*7c478bd9Sstevel@tonic-gate * we can lookup this previously stashed 79*7c478bd9Sstevel@tonic-gate * information in the cache. 80*7c478bd9Sstevel@tonic-gate * 81*7c478bd9Sstevel@tonic-gate * For RPCSEC_GSS flavor, some special processing is 82*7c478bd9Sstevel@tonic-gate * needed for the argument interpretation based on its 83*7c478bd9Sstevel@tonic-gate * control procedure and service type. This information 84*7c478bd9Sstevel@tonic-gate * is stored in the cache table during interpretation of 85*7c478bd9Sstevel@tonic-gate * the rpc header and will be referenced later when the rpc 86*7c478bd9Sstevel@tonic-gate * argument is interpreted. 87*7c478bd9Sstevel@tonic-gate */ 88*7c478bd9Sstevel@tonic-gate #define XID_CACHE_SIZE 256 89*7c478bd9Sstevel@tonic-gate struct cache_struct { 90*7c478bd9Sstevel@tonic-gate int xid_num; /* RPC transaction id */ 91*7c478bd9Sstevel@tonic-gate int xid_frame; /* Packet number */ 92*7c478bd9Sstevel@tonic-gate int xid_prog; /* RPC program number */ 93*7c478bd9Sstevel@tonic-gate int xid_vers; /* RPC version number */ 94*7c478bd9Sstevel@tonic-gate int xid_proc; /* RPC procedure number */ 95*7c478bd9Sstevel@tonic-gate unsigned int xid_gss_proc; /* control procedure */ 96*7c478bd9Sstevel@tonic-gate int xid_gss_service; /* none, integ, priv */ 97*7c478bd9Sstevel@tonic-gate } xid_cache[XID_CACHE_SIZE]; 98*7c478bd9Sstevel@tonic-gate 99*7c478bd9Sstevel@tonic-gate 100*7c478bd9Sstevel@tonic-gate /* 101*7c478bd9Sstevel@tonic-gate * The following macros advance the pointer passed to them. They 102*7c478bd9Sstevel@tonic-gate * assume they are given a char *. 103*7c478bd9Sstevel@tonic-gate */ 104*7c478bd9Sstevel@tonic-gate #define GETINT8(v, ptr) { \ 105*7c478bd9Sstevel@tonic-gate (v) = (*(ptr)++); \ 106*7c478bd9Sstevel@tonic-gate } 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate #define GETINT16(v, ptr) { \ 109*7c478bd9Sstevel@tonic-gate (v) = *(ptr)++ << 8; \ 110*7c478bd9Sstevel@tonic-gate (v) |= *(ptr)++; \ 111*7c478bd9Sstevel@tonic-gate } 112*7c478bd9Sstevel@tonic-gate 113*7c478bd9Sstevel@tonic-gate #define GETINT32(v, ptr) { \ 114*7c478bd9Sstevel@tonic-gate (v) = *(ptr)++ << 8; \ 115*7c478bd9Sstevel@tonic-gate (v) |= *(ptr)++; (v) <<= 8; \ 116*7c478bd9Sstevel@tonic-gate (v) |= *(ptr)++; (v) <<= 8; \ 117*7c478bd9Sstevel@tonic-gate (v) |= *(ptr)++; \ 118*7c478bd9Sstevel@tonic-gate } 119*7c478bd9Sstevel@tonic-gate 120*7c478bd9Sstevel@tonic-gate /* 121*7c478bd9Sstevel@tonic-gate * Used to print nested protocol layers. For example, an ip datagram included 122*7c478bd9Sstevel@tonic-gate * in an icmp error, or a PPP packet included in an LCP protocol reject.. 123*7c478bd9Sstevel@tonic-gate */ 124*7c478bd9Sstevel@tonic-gate extern char *prot_nest_prefix; 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gate extern char *get_sum_line(void); 127*7c478bd9Sstevel@tonic-gate extern char *get_detail_line(int, int); 128*7c478bd9Sstevel@tonic-gate extern struct timeval prev_time; 129*7c478bd9Sstevel@tonic-gate extern char *getflag(int, int, char *, char *); 130*7c478bd9Sstevel@tonic-gate extern void show_header(char *, char *, int); 131*7c478bd9Sstevel@tonic-gate extern void xdr_init(char *, int); 132*7c478bd9Sstevel@tonic-gate extern char *get_line(int, int); 133*7c478bd9Sstevel@tonic-gate extern int get_line_remain(void); 134*7c478bd9Sstevel@tonic-gate extern char getxdr_char(void); 135*7c478bd9Sstevel@tonic-gate extern char showxdr_char(char *); 136*7c478bd9Sstevel@tonic-gate extern uchar_t getxdr_u_char(void); 137*7c478bd9Sstevel@tonic-gate extern uchar_t showxdr_u_char(char *); 138*7c478bd9Sstevel@tonic-gate extern short getxdr_short(void); 139*7c478bd9Sstevel@tonic-gate extern short showxdr_short(char *); 140*7c478bd9Sstevel@tonic-gate extern ushort_t getxdr_u_short(void); 141*7c478bd9Sstevel@tonic-gate extern ushort_t showxdr_u_short(char *); 142*7c478bd9Sstevel@tonic-gate extern long getxdr_long(void); 143*7c478bd9Sstevel@tonic-gate extern long showxdr_long(char *); 144*7c478bd9Sstevel@tonic-gate extern ulong_t getxdr_u_long(void); 145*7c478bd9Sstevel@tonic-gate extern ulong_t showxdr_u_long(char *); 146*7c478bd9Sstevel@tonic-gate extern longlong_t getxdr_longlong(void); 147*7c478bd9Sstevel@tonic-gate extern longlong_t showxdr_longlong(char *); 148*7c478bd9Sstevel@tonic-gate extern ulonglong_t getxdr_u_longlong(void); 149*7c478bd9Sstevel@tonic-gate extern ulonglong_t showxdr_u_longlong(char *); 150*7c478bd9Sstevel@tonic-gate extern char *getxdr_opaque(char *, int); 151*7c478bd9Sstevel@tonic-gate extern char *getxdr_string(char *, int); 152*7c478bd9Sstevel@tonic-gate extern char *showxdr_string(int, char *); 153*7c478bd9Sstevel@tonic-gate extern char *getxdr_bytes(uint_t *); 154*7c478bd9Sstevel@tonic-gate extern void xdr_skip(int); 155*7c478bd9Sstevel@tonic-gate extern int getxdr_pos(void); 156*7c478bd9Sstevel@tonic-gate extern void setxdr_pos(int); 157*7c478bd9Sstevel@tonic-gate extern char *getxdr_context(char *, int); 158*7c478bd9Sstevel@tonic-gate extern char *showxdr_context(char *); 159*7c478bd9Sstevel@tonic-gate extern enum_t getxdr_enum(void); 160*7c478bd9Sstevel@tonic-gate extern void show_space(void); 161*7c478bd9Sstevel@tonic-gate extern void show_trailer(void); 162*7c478bd9Sstevel@tonic-gate extern char *getxdr_date(void); 163*7c478bd9Sstevel@tonic-gate extern char *showxdr_date(char *); 164*7c478bd9Sstevel@tonic-gate extern char *getxdr_date_ns(void); 165*7c478bd9Sstevel@tonic-gate char *format_time(int64_t sec, uint32_t nsec); 166*7c478bd9Sstevel@tonic-gate extern char *showxdr_date_ns(char *); 167*7c478bd9Sstevel@tonic-gate extern char *getxdr_hex(int); 168*7c478bd9Sstevel@tonic-gate extern char *showxdr_hex(int, char *); 169*7c478bd9Sstevel@tonic-gate extern bool_t getxdr_bool(void); 170*7c478bd9Sstevel@tonic-gate extern bool_t showxdr_bool(char *); 171*7c478bd9Sstevel@tonic-gate extern char *concat_args(char **, int); 172*7c478bd9Sstevel@tonic-gate extern int pf_compile(char *, int); 173*7c478bd9Sstevel@tonic-gate extern void compile(char *, int); 174*7c478bd9Sstevel@tonic-gate extern void load_names(char *); 175*7c478bd9Sstevel@tonic-gate extern void cap_open_read(char *); 176*7c478bd9Sstevel@tonic-gate extern void cap_open_write(char *); 177*7c478bd9Sstevel@tonic-gate extern void cap_read(int, int, int, void (*)(), int); 178*7c478bd9Sstevel@tonic-gate extern void cap_close(void); 179*7c478bd9Sstevel@tonic-gate extern int check_device(char **, int *); 180*7c478bd9Sstevel@tonic-gate extern void initdevice(char *, ulong_t, ulong_t, struct timeval *, 181*7c478bd9Sstevel@tonic-gate struct Pf_ext_packetfilt *, int); 182*7c478bd9Sstevel@tonic-gate extern void net_read(int, int, void (*)(), int); 183*7c478bd9Sstevel@tonic-gate extern void click(int); 184*7c478bd9Sstevel@tonic-gate extern void show_pktinfo(int, int, char *, char *, struct timeval *, 185*7c478bd9Sstevel@tonic-gate struct timeval *, int, int); 186*7c478bd9Sstevel@tonic-gate extern void show_line(char *); 187*7c478bd9Sstevel@tonic-gate extern char *getxdr_time(void); 188*7c478bd9Sstevel@tonic-gate extern char *showxdr_time(char *); 189*7c478bd9Sstevel@tonic-gate extern char *addrtoname(int, void *); 190*7c478bd9Sstevel@tonic-gate extern char *show_string(const char *, int, int); 191*7c478bd9Sstevel@tonic-gate extern void pr_err(char *, ...); 192*7c478bd9Sstevel@tonic-gate extern void check_retransmit(char *, ulong_t); 193*7c478bd9Sstevel@tonic-gate extern char *nameof_prog(int); 194*7c478bd9Sstevel@tonic-gate extern char *getproto(int); 195*7c478bd9Sstevel@tonic-gate extern uint8_t print_ipv6_extensions(int, uint8_t **, uint8_t *, int *, int *); 196*7c478bd9Sstevel@tonic-gate extern void protoprint(int, int, ulong_t, int, int, int, char *, int); 197*7c478bd9Sstevel@tonic-gate extern char *getportname(int, in_port_t); 198*7c478bd9Sstevel@tonic-gate 199*7c478bd9Sstevel@tonic-gate extern void interpret_arp(int, struct arphdr *, int); 200*7c478bd9Sstevel@tonic-gate extern void interpret_bparam(int, int, int, int, int, char *, int); 201*7c478bd9Sstevel@tonic-gate extern void interpret_dns(int, int, const uchar_t *, int); 202*7c478bd9Sstevel@tonic-gate extern void interpret_mount(int, int, int, int, int, char *, int); 203*7c478bd9Sstevel@tonic-gate extern void interpret_nfs(int, int, int, int, int, char *, int); 204*7c478bd9Sstevel@tonic-gate extern void interpret_nfs3(int, int, int, int, int, char *, int); 205*7c478bd9Sstevel@tonic-gate extern void interpret_nfs4(int, int, int, int, int, char *, int); 206*7c478bd9Sstevel@tonic-gate extern void interpret_nfs4_cb(int, int, int, int, int, char *, int); 207*7c478bd9Sstevel@tonic-gate extern void interpret_nfs_acl(int, int, int, int, int, char *, int); 208*7c478bd9Sstevel@tonic-gate extern void interpret_nis(int, int, int, int, int, char *, int); 209*7c478bd9Sstevel@tonic-gate extern void interpret_nisbind(int, int, int, int, int, char *, int); 210*7c478bd9Sstevel@tonic-gate extern void interpret_nisp_cb(int, int, int, int, int, char *, int); 211*7c478bd9Sstevel@tonic-gate extern void interpret_nisplus(int, int, int, int, int, char *, int); 212*7c478bd9Sstevel@tonic-gate extern void interpret_nlm(int, int, int, int, int, char *, int); 213*7c478bd9Sstevel@tonic-gate extern void interpret_pmap(int, int, int, int, int, char *, int); 214*7c478bd9Sstevel@tonic-gate extern int interpret_reserved(int, int, in_port_t, in_port_t, char *, int); 215*7c478bd9Sstevel@tonic-gate extern void interpret_rquota(int, int, int, int, int, char *, int); 216*7c478bd9Sstevel@tonic-gate extern void interpret_rstat(int, int, int, int, int, char *, int); 217*7c478bd9Sstevel@tonic-gate extern void interpret_solarnet_fw(int, int, int, int, int, char *, int); 218*7c478bd9Sstevel@tonic-gate extern void interpret_ldap(int, char *, int, int, int); 219*7c478bd9Sstevel@tonic-gate extern void interpret_icmp(int, struct icmp *, int, int); 220*7c478bd9Sstevel@tonic-gate extern void interpret_icmpv6(int, icmp6_t *, int, int); 221*7c478bd9Sstevel@tonic-gate extern int interpret_ip(int, struct ip *, int); 222*7c478bd9Sstevel@tonic-gate extern int interpret_ipv6(int, ip6_t *, int); 223*7c478bd9Sstevel@tonic-gate extern int interpret_ppp(int, uchar_t *, int); 224*7c478bd9Sstevel@tonic-gate extern int interpret_pppoe(int, poep_t *, int); 225*7c478bd9Sstevel@tonic-gate extern void init_ldap(void); 226*7c478bd9Sstevel@tonic-gate extern boolean_t arp_for_ether(char *, struct ether_addr *); 227*7c478bd9Sstevel@tonic-gate extern char *ether_ouiname(uint32_t); 228*7c478bd9Sstevel@tonic-gate char *tohex(char *p, int len); 229*7c478bd9Sstevel@tonic-gate extern char *printether(struct ether_addr *); 230*7c478bd9Sstevel@tonic-gate extern char *print_ethertype(int); 231*7c478bd9Sstevel@tonic-gate 232*7c478bd9Sstevel@tonic-gate /* 233*7c478bd9Sstevel@tonic-gate * Describes characteristics of the Media Access Layer. 234*7c478bd9Sstevel@tonic-gate * The mac_type is one of the supported DLPI media 235*7c478bd9Sstevel@tonic-gate * types (see <sys/dlpi.h>). 236*7c478bd9Sstevel@tonic-gate * The mtu_size is the size of the largest frame. 237*7c478bd9Sstevel@tonic-gate * The header length is returned by a function to 238*7c478bd9Sstevel@tonic-gate * allow for variable header size - for ethernet it's 239*7c478bd9Sstevel@tonic-gate * just a constant 14 octets. 240*7c478bd9Sstevel@tonic-gate * The interpreter is the function that "knows" how 241*7c478bd9Sstevel@tonic-gate * to interpret the frame. 242*7c478bd9Sstevel@tonic-gate */ 243*7c478bd9Sstevel@tonic-gate typedef struct interface { 244*7c478bd9Sstevel@tonic-gate uint_t mac_type; 245*7c478bd9Sstevel@tonic-gate uint_t mtu_size; 246*7c478bd9Sstevel@tonic-gate uint_t (*header_len)(char *); 247*7c478bd9Sstevel@tonic-gate uint_t (*interpreter)(int, char *, int, int); 248*7c478bd9Sstevel@tonic-gate uint_t mac_hdr_fixed_size; 249*7c478bd9Sstevel@tonic-gate } interface_t; 250*7c478bd9Sstevel@tonic-gate 251*7c478bd9Sstevel@tonic-gate #define IF_HDR_FIXED 0 252*7c478bd9Sstevel@tonic-gate #define IF_HDR_VAR 1 253*7c478bd9Sstevel@tonic-gate 254*7c478bd9Sstevel@tonic-gate extern interface_t INTERFACES[], *interface; 255*7c478bd9Sstevel@tonic-gate extern char *device; 256*7c478bd9Sstevel@tonic-gate 257*7c478bd9Sstevel@tonic-gate extern char *dlc_header; 258*7c478bd9Sstevel@tonic-gate 259*7c478bd9Sstevel@tonic-gate /* 260*7c478bd9Sstevel@tonic-gate * Global error recovery routine: used to reset snoop variables after 261*7c478bd9Sstevel@tonic-gate * catastrophic failure. 262*7c478bd9Sstevel@tonic-gate */ 263*7c478bd9Sstevel@tonic-gate void snoop_recover(void); 264*7c478bd9Sstevel@tonic-gate 265*7c478bd9Sstevel@tonic-gate /* 266*7c478bd9Sstevel@tonic-gate * Global alarm handler structure for managing multiple alarms within 267*7c478bd9Sstevel@tonic-gate * snoop. 268*7c478bd9Sstevel@tonic-gate */ 269*7c478bd9Sstevel@tonic-gate static struct snoop_handler; 270*7c478bd9Sstevel@tonic-gate typedef struct snoop_handler { 271*7c478bd9Sstevel@tonic-gate struct snoop_handler *s_next; /* next alarm handler */ 272*7c478bd9Sstevel@tonic-gate time_t s_time; /* time to fire */ 273*7c478bd9Sstevel@tonic-gate void (*s_handler)(); /* alarm handler */ 274*7c478bd9Sstevel@tonic-gate } snoop_handler_t; 275*7c478bd9Sstevel@tonic-gate 276*7c478bd9Sstevel@tonic-gate #define SNOOP_MAXRECOVER 20 /* maxium number of recoveries */ 277*7c478bd9Sstevel@tonic-gate #define SNOOP_ALARM_GRAN 3 /* alarm() timeout multiplier */ 278*7c478bd9Sstevel@tonic-gate 279*7c478bd9Sstevel@tonic-gate /* 280*7c478bd9Sstevel@tonic-gate * Global alarm handler management routine. 281*7c478bd9Sstevel@tonic-gate */ 282*7c478bd9Sstevel@tonic-gate extern int snoop_alarm(int s_sec, void (*s_handler)()); 283*7c478bd9Sstevel@tonic-gate 284*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 285*7c478bd9Sstevel@tonic-gate } 286*7c478bd9Sstevel@tonic-gate #endif 287*7c478bd9Sstevel@tonic-gate 288*7c478bd9Sstevel@tonic-gate #endif /* _SNOOP_H */ 289