contrib/ipfilter/ipsd/sbpf.c

   1 /*
   2  * (C)opyright 1995-1998 Darren Reed. (from tcplog)
   3  *
   4  * See the IPFILTER.LICENCE file for details on licencing.
   5  *
   6  */
   7 #include <stdio.h>
   8 #include <netdb.h>
   9 #include <ctype.h>
  10 #include <signal.h>
  11 #include <errno.h>
  12 #include <sys/types.h>
  13 #include <sys/param.h>
  14 #include <sys/mbuf.h>
  15 #include <sys/time.h>
  16 #include <sys/timeb.h>
  17 #include <sys/socket.h>
  18 #include <sys/file.h>
  19 #include <sys/ioctl.h>
  20 #if BSD < 199103
  21 #include <sys/fcntlcom.h>
  22 #endif
  23 #include <sys/dirent.h>
  24 #include <net/bpf.h>
  25
  26 #include <net/if.h>
  27 #include <netinet/in.h>
  28 #include <netinet/in_systm.h>
  29 #include <netinet/ip.h>
  30 #include <netinet/if_ether.h>
  31 #include <netinet/ip_var.h>
  32 #include <netinet/udp.h>
  33 #include <netinet/udp_var.h>
  34 #include <netinet/tcp.h>
  35 #include <netinet/tcpip.h>
  36 #include "ip_compat.h"
  37
  38 #ifndef lint
  39 static  char    sbpf[] = "@(#)sbpf.c    1.2 12/3/95 (C)1995 Darren Reed";
  40 #endif
  41
  42 /*
  43 (000) ldh      [12]
  44 (001) jeq      #0x800      jt 2 jf 5
  45 (002) ldb      [23]
  46 (003) jeq      #0x6          jt 4       jf 5
  47 (004) ret      #68
  48 (005) ret      #0
  49 */
  50 struct  bpf_insn filter[] = {
  51 /* 0. */        { BPF_LD|BPF_H|BPF_ABS,         0, 0, 12 },
  52 /* 1. */        { BPF_JMP|BPF_JEQ,              0, 3, 0x0800 },
  53 /* 2. */        { BPF_LD|BPF_B|BPF_ABS,         0, 0, 23 },
  54 /* 3. */        { BPF_JMP|BPF_JEQ,              0, 1, 0x06 },
  55 /* 4. */        { BPF_RET,                      0, 0, 68 },
  56 /* 5. */        { BPF_RET,                      0, 0, 0 }
  57 };
  58 /*
  59  * the code herein is dervied from libpcap.
  60  */
  61 static  u_char  *buf = NULL;
  62 static  u_int   bufsize = 32768, timeout = 1;
  63
  64
  65 int     ack_recv(ep)
  66 char    *ep;
  67 {
  68         struct  tcpiphdr        tip;
  69         tcphdr_t        *tcp;
  70         ip_t    *ip;
  71
  72         ip = (ip_t *)&tip;
  73         tcp = (tcphdr_t *)(ip + 1);
  74         bcopy(ep + 14, (char *)ip, sizeof(*ip));
  75         bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
  76         if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP)
  77                 return -1;
  78         if (ip->ip_p & 0x1fff != 0)
  79                 return 0;
  80         if (0 == detect(ip, tcp))
  81                 return 1;
  82         return 0;
  83 }
  84
  85
  86 int     readloop(fd, port, dst)
  87 int     fd, port;
  88 struct  in_addr dst;
  89 {
  90         register u_char *bp, *cp, *bufend;
  91         register struct bpf_hdr *bh;
  92         register int    cc;
  93         time_t  in = time(NULL);
  94         int     done = 0;
  95
  96         while ((cc = read(fd, buf, bufsize)) >= 0) {
  97                 if (!cc && (time(NULL) - in) > timeout)
  98                         return done;
  99                 bp = buf;
 100                 bufend = buf + cc;
 101                 /*
 102                  * loop through each snapshot in the chunk
 103                  */
 104                 while (bp < bufend) {
 105                         bh = (struct bpf_hdr *)bp;
 106                         cp = bp + bh->bh_hdrlen;
 107                         done += ack_recv(cp);
 108                         bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen);
 109                 }
 110                 return done;
 111         }
 112         perror("read");
 113         exit(-1);
 114 }
 115
 116 int     initdevice(device, tout)
 117 char    *device;
 118 int     tout;
 119 {
 120         struct  bpf_program prog;
 121         struct  bpf_version bv;
 122         struct  timeval to;
 123         struct  ifreq ifr;
 124         char    bpfname[16];
 125         int     fd, i;
 126
 127         for (i = 0; i < 16; i++)
 128             {
 129                 (void) sprintf(bpfname, "/dev/bpf%d", i);
 130                 if ((fd = open(bpfname, O_RDWR)) >= 0)
 131                         break;
 132             }
 133         if (i == 16)
 134             {
 135                 fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
 136                 return -1;
 137             }
 138
 139         if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
 140             {
 141                 perror("BIOCVERSION");
 142                 return -1;
 143             }
 144         if (bv.bv_major != BPF_MAJOR_VERSION ||
 145             bv.bv_minor < BPF_MINOR_VERSION)
 146             {
 147                 fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n",
 148                         bv.bv_major, bv.bv_minor);
 149                 fprintf(stderr, "current version: %d.%d\n",
 150                         BPF_MAJOR_VERSION, BPF_MINOR_VERSION);
 151                 return -1;
 152             }
 153
 154         (void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
 155         if (ioctl(fd, BIOCSETIF, &ifr) == -1)
 156             {
 157                 fprintf(stderr, "%s(%d):", ifr.ifr_name, fd);
 158                 perror("BIOCSETIF");
 159                 exit(1);
 160             }
 161         /*
 162          * set the timeout
 163          */
 164         timeout = tout;
 165         to.tv_sec = 1;
 166         to.tv_usec = 0;
 167         if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1)
 168             {
 169                 perror("BIOCSRTIMEOUT");
 170                 exit(-1);
 171             }
 172         /*
 173          * get kernel buffer size
 174          */
 175         if (ioctl(fd, BIOCSBLEN, &bufsize) == -1)
 176                 perror("BIOCSBLEN");
 177         if (ioctl(fd, BIOCGBLEN, &bufsize) == -1)
 178             {
 179                 perror("BIOCGBLEN");
 180                 exit(-1);
 181             }
 182         printf("BPF buffer size: %d\n", bufsize);
 183         buf = (u_char*)malloc(bufsize);
 184
 185         prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn);
 186         prog.bf_insns = filter;
 187         if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1)
 188             {
 189                 perror("BIOCSETF");
 190                 exit(-1);
 191             }
 192         (void) ioctl(fd, BIOCFLUSH, 0);
 193         return fd;
 194 }