2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2009 - 2013 Daniel Borkmann.
4 * Copyright 2010 Emmanuel Roullit.
5 * Subject to the GPL, version 2.
16 #include <sys/socket.h>
18 #include <linux/if_packet.h>
19 #include <linux/if_arp.h>
27 #define TCPDUMP_MAGIC 0xa1b2c3d4
28 #define ORIGINAL_TCPDUMP_MAGIC TCPDUMP_MAGIC
29 #define NSEC_TCPDUMP_MAGIC 0xa1b23c4d
30 #define ORIGINAL_TCPDUMP_MAGIC_LL 0xb1b2c3d4 /* Internal dummy just for mapping */
31 #define NSEC_TCPDUMP_MAGIC_LL 0xb1b23c4d /* Internal dummy just for mapping */
32 #define KUZNETZOV_TCPDUMP_MAGIC 0xa1b2cd34
33 #define BORKMANN_TCPDUMP_MAGIC 0xa1e2cb12
35 #define PCAP_VERSION_MAJOR 2
36 #define PCAP_VERSION_MINOR 4
37 #define PCAP_DEFAULT_SNAPSHOT_LEN 65535
39 #define PCAP_TSOURCE_SOFTWARE 1
40 #define PCAP_TSOURCE_SYS_HARDWARE 2
41 #define PCAP_TSOURCE_RAW_HARDWARE 3
45 uint16_t version_major
;
46 uint16_t version_minor
;
58 struct pcap_timeval_ns
{
72 struct pcap_timeval ts
;
77 struct pcap_pkthdr_ns
{
78 struct pcap_timeval_ns ts
;
83 struct pcap_pkthdr_ll
{
84 struct pcap_timeval ts
;
90 struct pcap_pkthdr_ns_ll
{
91 struct pcap_timeval_ns ts
;
97 struct pcap_pkthdr_kuz
{
98 struct pcap_timeval ts
;
106 struct pcap_pkthdr_bkm
{
107 struct pcap_timeval_ns ts
;
118 struct pcap_pkthdr ppo
;
119 struct pcap_pkthdr_ns ppn
;
120 struct pcap_pkthdr_ll ppo_ll
;
121 struct pcap_pkthdr_ns_ll ppn_ll
;
122 struct pcap_pkthdr_kuz ppk
;
123 struct pcap_pkthdr_bkm ppb
;
128 DEFAULT
= ORIGINAL_TCPDUMP_MAGIC
,
129 NSEC
= NSEC_TCPDUMP_MAGIC
,
130 DEFAULT_LL
= ORIGINAL_TCPDUMP_MAGIC_LL
,
131 NSEC_LL
= NSEC_TCPDUMP_MAGIC_LL
,
132 KUZNETZOV
= KUZNETZOV_TCPDUMP_MAGIC
,
133 BORKMANN
= BORKMANN_TCPDUMP_MAGIC
,
135 DEFAULT_SWAPPED
= ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC
),
136 NSEC_SWAPPED
= ___constant_swab32(NSEC_TCPDUMP_MAGIC
),
137 DEFAULT_LL_SWAPPED
= ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC_LL
),
138 NSEC_LL_SWAPPED
= ___constant_swab32(NSEC_TCPDUMP_MAGIC_LL
),
139 KUZNETZOV_SWAPPED
= ___constant_swab32(KUZNETZOV_TCPDUMP_MAGIC
),
140 BORKMANN_SWAPPED
= ___constant_swab32(BORKMANN_TCPDUMP_MAGIC
),
143 enum pcap_ops_groups
{
154 struct pcap_file_ops
{
155 void (*init_once_pcap
)(bool enforce_prio
);
156 int (*pull_fhdr_pcap
)(int fd
, uint32_t *magic
, uint32_t *linktype
);
157 int (*push_fhdr_pcap
)(int fd
, uint32_t magic
, uint32_t linktype
);
158 int (*prepare_access_pcap
)(int fd
, enum pcap_mode mode
, bool jumbo
);
159 ssize_t (*write_pcap
)(int fd
, pcap_pkthdr_t
*phdr
, enum pcap_type type
,
160 const uint8_t *packet
, size_t len
);
161 ssize_t (*read_pcap
)(int fd
, pcap_pkthdr_t
*phdr
, enum pcap_type type
,
162 uint8_t *packet
, size_t len
);
163 void (*prepare_close_pcap
)(int fd
, enum pcap_mode mode
);
164 void (*fsync_pcap
)(int fd
);
167 extern const struct pcap_file_ops pcap_rw_ops __maybe_unused
;
168 extern const struct pcap_file_ops pcap_sg_ops __maybe_unused
;
169 extern const struct pcap_file_ops pcap_mm_ops __maybe_unused
;
171 static inline void sockaddr_to_ll(const struct sockaddr_ll
*sll
,
174 ll
->pkttype
= cpu_to_be16(sll
->sll_pkttype
);
175 ll
->hatype
= cpu_to_be16(sll
->sll_hatype
);
176 ll
->len
= cpu_to_be16(sll
->sll_halen
);
177 ll
->protocol
= sll
->sll_protocol
; /* already be16 */
179 memcpy(ll
->addr
, sll
->sll_addr
, sizeof(ll
->addr
));
182 static inline void ll_to_sockaddr(const struct pcap_ll
*ll
,
183 struct sockaddr_ll
*sll
)
185 sll
->sll_pkttype
= be16_to_cpu(ll
->pkttype
);
186 sll
->sll_hatype
= be16_to_cpu(ll
->hatype
);
187 sll
->sll_halen
= be16_to_cpu(ll
->len
);
188 sll
->sll_protocol
= ll
->protocol
; /* stays be16 */
190 memcpy(sll
->sll_addr
, ll
->addr
, sizeof(ll
->addr
));
193 static inline uint16_t tp_to_pcap_tsource(uint32_t status
)
195 if (status
& TP_STATUS_TS_RAW_HARDWARE
)
196 return PCAP_TSOURCE_RAW_HARDWARE
;
197 else if (status
& TP_STATUS_TS_SYS_HARDWARE
)
198 return PCAP_TSOURCE_SYS_HARDWARE
;
199 else if (status
& TP_STATUS_TS_SOFTWARE
)
200 return PCAP_TSOURCE_SOFTWARE
;
205 static inline int pcap_devtype_to_linktype(int dev_type
)
210 case ARPHRD_LOOPBACK
:
216 return LINKTYPE_EN10MB
;
217 case ARPHRD_IEEE80211_RADIOTAP
:
218 return LINKTYPE_IEEE802_11_RADIOTAP
;
219 case ARPHRD_IEEE80211_PRISM
:
220 case ARPHRD_IEEE80211
:
221 return LINKTYPE_IEEE802_11
;
223 return LINKTYPE_NETLINK
;
225 return LINKTYPE_EN3MB
;
227 return LINKTYPE_AX25
;
229 return LINKTYPE_CHAOS
;
231 return LINKTYPE_PRONET
;
232 case ARPHRD_IEEE802_TR
:
234 return LINKTYPE_IEEE802
;
235 case ARPHRD_INFINIBAND
:
236 return LINKTYPE_INFINIBAND
;
238 return LINKTYPE_ATM_CLIP
;
240 return LINKTYPE_FRELAY
;
242 return LINKTYPE_ARCNET_LINUX
;
247 return LINKTYPE_SLIP
;
251 return LINKTYPE_CAN20B
;
253 return LINKTYPE_ECONET
;
256 return LINKTYPE_C_HDLC
;
258 return LINKTYPE_FDDI
;
259 case ARPHRD_IEEE802154_MONITOR
:
260 case ARPHRD_IEEE802154
:
261 return LINKTYPE_IEEE802_15_4_LINUX
;
263 return LINKTYPE_LINUX_IRDA
;
265 return LINKTYPE_NULL
;
269 static inline bool link_has_sll_hdr(uint32_t link_type
)
272 case LINKTYPE_NETLINK
:
273 case LINKTYPE_LINUX_SLL
:
274 case ___constant_swab32(LINKTYPE_NETLINK
):
275 case ___constant_swab32(LINKTYPE_LINUX_SLL
):
282 static inline int pcap_dev_to_linktype(const char *ifname
)
284 return pcap_devtype_to_linktype(device_type(ifname
));
287 static inline void pcap_check_magic(uint32_t magic
)
291 case ORIGINAL_TCPDUMP_MAGIC
:
292 case NSEC_TCPDUMP_MAGIC
:
293 case KUZNETZOV_TCPDUMP_MAGIC
:
294 case BORKMANN_TCPDUMP_MAGIC
:
296 case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC
):
297 case ___constant_swab32(NSEC_TCPDUMP_MAGIC
):
298 case ___constant_swab32(KUZNETZOV_TCPDUMP_MAGIC
):
299 case ___constant_swab32(BORKMANN_TCPDUMP_MAGIC
):
303 panic("This file has not a valid pcap header\n");
307 static inline bool pcap_magic_is_swapped(uint32_t magic
)
309 bool swapped
= false;
312 case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC
):
313 case ___constant_swab32(NSEC_TCPDUMP_MAGIC
):
314 case ___constant_swab32(KUZNETZOV_TCPDUMP_MAGIC
):
315 case ___constant_swab32(BORKMANN_TCPDUMP_MAGIC
):
322 static inline u32
pcap_get_length(pcap_pkthdr_t
*phdr
, enum pcap_type type
)
325 #define CASE_RET_CAPLEN(what, member, swap, extra) \
327 return (swap ? ___constant_swab32(phdr->member.caplen) : \
328 phdr->member.caplen) - extra
330 CASE_RET_CAPLEN(DEFAULT
, ppo
, 0, 0);
331 CASE_RET_CAPLEN(NSEC
, ppn
, 0, 0);
332 CASE_RET_CAPLEN(DEFAULT_LL
, ppo_ll
, 0, sizeof(struct pcap_ll
));
333 CASE_RET_CAPLEN(NSEC_LL
, ppn_ll
, 0, sizeof(struct pcap_ll
));
334 CASE_RET_CAPLEN(KUZNETZOV
, ppk
, 0, 0);
335 CASE_RET_CAPLEN(BORKMANN
, ppb
, 0, 0);
337 CASE_RET_CAPLEN(DEFAULT_SWAPPED
, ppo
, 1, 0);
338 CASE_RET_CAPLEN(NSEC_SWAPPED
, ppn
, 1, 0);
339 CASE_RET_CAPLEN(DEFAULT_LL_SWAPPED
, ppo_ll
, 1, sizeof(struct pcap_ll
));
340 CASE_RET_CAPLEN(NSEC_LL_SWAPPED
, ppn_ll
, 1, sizeof(struct pcap_ll
));
341 CASE_RET_CAPLEN(KUZNETZOV_SWAPPED
, ppk
, 1, 0);
342 CASE_RET_CAPLEN(BORKMANN_SWAPPED
, ppb
, 1, 0);
349 static inline void pcap_set_length(pcap_pkthdr_t
*phdr
, enum pcap_type type
, u32 len
)
352 #define CASE_SET_CAPLEN(what, member, swap) \
354 phdr->member.caplen = (swap ? ___constant_swab32(len) : len); \
357 CASE_SET_CAPLEN(DEFAULT
, ppo
, 0);
358 CASE_SET_CAPLEN(NSEC
, ppn
, 0);
359 CASE_SET_CAPLEN(DEFAULT_LL
, ppo_ll
, 0);
360 CASE_SET_CAPLEN(NSEC_LL
, ppn_ll
, 0);
361 CASE_SET_CAPLEN(KUZNETZOV
, ppk
, 0);
362 CASE_SET_CAPLEN(BORKMANN
, ppb
, 0);
364 CASE_SET_CAPLEN(DEFAULT_SWAPPED
, ppo
, 1);
365 CASE_SET_CAPLEN(NSEC_SWAPPED
, ppn
, 1);
366 CASE_SET_CAPLEN(DEFAULT_LL_SWAPPED
, ppo_ll
, 1);
367 CASE_SET_CAPLEN(NSEC_LL_SWAPPED
, ppn_ll
, 1);
368 CASE_SET_CAPLEN(KUZNETZOV_SWAPPED
, ppk
, 1);
369 CASE_SET_CAPLEN(BORKMANN_SWAPPED
, ppb
, 1);
376 static inline u32
pcap_get_hdr_length(pcap_pkthdr_t
*phdr
, enum pcap_type type
)
379 #define CASE_RET_HDRLEN(what, member) \
381 return sizeof(phdr->member)
383 CASE_RET_HDRLEN(DEFAULT
, ppo
);
384 CASE_RET_HDRLEN(NSEC
, ppn
);
385 CASE_RET_HDRLEN(DEFAULT_LL
, ppo_ll
);
386 CASE_RET_HDRLEN(NSEC_LL
, ppn_ll
);
387 CASE_RET_HDRLEN(KUZNETZOV
, ppk
);
388 CASE_RET_HDRLEN(BORKMANN
, ppb
);
390 CASE_RET_HDRLEN(DEFAULT_SWAPPED
, ppo
);
391 CASE_RET_HDRLEN(NSEC_SWAPPED
, ppn
);
392 CASE_RET_HDRLEN(DEFAULT_LL_SWAPPED
, ppo_ll
);
393 CASE_RET_HDRLEN(NSEC_LL_SWAPPED
, ppn_ll
);
394 CASE_RET_HDRLEN(KUZNETZOV_SWAPPED
, ppk
);
395 CASE_RET_HDRLEN(BORKMANN_SWAPPED
, ppb
);
402 static inline u32
pcap_get_total_length(pcap_pkthdr_t
*phdr
, enum pcap_type type
)
404 return pcap_get_hdr_length(phdr
, type
) + pcap_get_length(phdr
, type
);
408 __tpacket_hdr_to_pcap_pkthdr(uint32_t sec
, uint32_t nsec
, uint32_t snaplen
,
409 uint32_t len
, uint32_t status
,
410 struct sockaddr_ll
*sll
, pcap_pkthdr_t
*phdr
,
416 phdr
->ppo
.ts
.tv_sec
= sec
;
417 phdr
->ppo
.ts
.tv_usec
= nsec
/ 1000;
418 phdr
->ppo
.caplen
= snaplen
;
420 if (type
== DEFAULT_LL
) {
421 phdr
->ppo
.caplen
+= sizeof(struct pcap_ll
);
422 phdr
->ppo
.len
+= sizeof(struct pcap_ll
);
423 sockaddr_to_ll(sll
, &phdr
->ppo_ll
.ll
);
427 case DEFAULT_SWAPPED
:
428 case DEFAULT_LL_SWAPPED
:
429 phdr
->ppo
.ts
.tv_sec
= ___constant_swab32(sec
);
430 phdr
->ppo
.ts
.tv_usec
= ___constant_swab32(nsec
/ 1000);
431 phdr
->ppo
.caplen
= ___constant_swab32(snaplen
);
432 phdr
->ppo
.len
= ___constant_swab32(len
);
433 if (type
== DEFAULT_LL_SWAPPED
) {
434 phdr
->ppo
.caplen
= ___constant_swab32(snaplen
+ sizeof(struct pcap_ll
));
435 phdr
->ppo
.len
= ___constant_swab32(len
+ sizeof(struct pcap_ll
));
436 sockaddr_to_ll(sll
, &phdr
->ppo_ll
.ll
);
442 phdr
->ppn
.ts
.tv_sec
= sec
;
443 phdr
->ppn
.ts
.tv_nsec
= nsec
;
444 phdr
->ppn
.caplen
= snaplen
;
446 if (type
== NSEC_LL
) {
447 phdr
->ppn
.caplen
+= sizeof(struct pcap_ll
);
448 phdr
->ppn
.len
+= sizeof(struct pcap_ll
);
449 sockaddr_to_ll(sll
, &phdr
->ppn_ll
.ll
);
454 case NSEC_LL_SWAPPED
:
455 phdr
->ppn
.ts
.tv_sec
= ___constant_swab32(sec
);
456 phdr
->ppn
.ts
.tv_nsec
= ___constant_swab32(nsec
);
457 phdr
->ppn
.caplen
= ___constant_swab32(snaplen
);
458 phdr
->ppn
.len
= ___constant_swab32(len
);
459 if (type
== NSEC_LL_SWAPPED
) {
460 phdr
->ppn
.caplen
= ___constant_swab32(snaplen
+ sizeof(struct pcap_ll
));
461 phdr
->ppn
.len
= ___constant_swab32(len
+ sizeof(struct pcap_ll
));
462 sockaddr_to_ll(sll
, &phdr
->ppn_ll
.ll
);
467 phdr
->ppk
.ts
.tv_sec
= sec
;
468 phdr
->ppk
.ts
.tv_usec
= nsec
/ 1000;
469 phdr
->ppk
.caplen
= snaplen
;
471 phdr
->ppk
.ifindex
= sll
->sll_ifindex
;
472 phdr
->ppk
.protocol
= sll
->sll_protocol
;
473 phdr
->ppk
.pkttype
= sll
->sll_pkttype
;
476 case KUZNETZOV_SWAPPED
:
477 phdr
->ppk
.ts
.tv_sec
= ___constant_swab32(sec
);
478 phdr
->ppk
.ts
.tv_usec
= ___constant_swab32(nsec
/ 1000);
479 phdr
->ppk
.caplen
= ___constant_swab32(snaplen
);
480 phdr
->ppk
.len
= ___constant_swab32(len
);
481 phdr
->ppk
.ifindex
= ___constant_swab32(sll
->sll_ifindex
);
482 phdr
->ppk
.protocol
= ___constant_swab16(sll
->sll_protocol
);
483 phdr
->ppk
.pkttype
= sll
->sll_pkttype
;
487 phdr
->ppb
.ts
.tv_sec
= sec
;
488 phdr
->ppb
.ts
.tv_nsec
= nsec
;
489 phdr
->ppb
.caplen
= snaplen
;
491 phdr
->ppb
.tsource
= tp_to_pcap_tsource(status
);
492 phdr
->ppb
.ifindex
= (u16
) sll
->sll_ifindex
;
493 phdr
->ppb
.protocol
= sll
->sll_protocol
;
494 phdr
->ppb
.hatype
= sll
->sll_hatype
;
495 phdr
->ppb
.pkttype
= sll
->sll_pkttype
;
498 case BORKMANN_SWAPPED
:
499 phdr
->ppb
.ts
.tv_sec
= ___constant_swab32(sec
);
500 phdr
->ppb
.ts
.tv_nsec
= ___constant_swab32(nsec
);
501 phdr
->ppb
.caplen
= ___constant_swab32(snaplen
);
502 phdr
->ppb
.len
= ___constant_swab32(len
);
503 phdr
->ppb
.tsource
= ___constant_swab16(tp_to_pcap_tsource(status
));
504 phdr
->ppb
.ifindex
= ___constant_swab16((u16
) sll
->sll_ifindex
);
505 phdr
->ppb
.protocol
= ___constant_swab16(sll
->sll_protocol
);
506 phdr
->ppb
.hatype
= sll
->sll_hatype
;
507 phdr
->ppb
.pkttype
= sll
->sll_pkttype
;
515 /* We need to do this crap here since member offsets are not interleaved,
516 * so hopfully the compiler does his job here. ;-)
519 static inline void tpacket_hdr_to_pcap_pkthdr(struct tpacket2_hdr
*thdr
,
520 struct sockaddr_ll
*sll
,
524 __tpacket_hdr_to_pcap_pkthdr(thdr
->tp_sec
, thdr
->tp_nsec
,
525 thdr
->tp_snaplen
, thdr
->tp_len
,
526 thdr
->tp_status
, sll
, phdr
, type
);
530 static inline void tpacket3_hdr_to_pcap_pkthdr(struct tpacket3_hdr
*thdr
,
531 struct sockaddr_ll
*sll
,
535 __tpacket_hdr_to_pcap_pkthdr(thdr
->tp_sec
, thdr
->tp_nsec
,
536 thdr
->tp_snaplen
, thdr
->tp_len
,
541 static inline void pcap_pkthdr_to_tpacket_hdr(pcap_pkthdr_t
*phdr
,
543 struct tpacket2_hdr
*thdr
,
544 struct sockaddr_ll
*sll
)
549 thdr
->tp_sec
= phdr
->ppo
.ts
.tv_sec
;
550 thdr
->tp_nsec
= phdr
->ppo
.ts
.tv_usec
* 1000;
551 thdr
->tp_snaplen
= phdr
->ppo
.caplen
;
552 thdr
->tp_len
= phdr
->ppo
.len
;
553 if (type
== DEFAULT_LL
) {
554 thdr
->tp_snaplen
-= sizeof(struct pcap_ll
);
555 thdr
->tp_len
-= sizeof(struct pcap_ll
);
557 ll_to_sockaddr(&phdr
->ppo_ll
.ll
, sll
);
561 case DEFAULT_SWAPPED
:
562 case DEFAULT_LL_SWAPPED
:
563 thdr
->tp_sec
= ___constant_swab32(phdr
->ppo
.ts
.tv_sec
);
564 thdr
->tp_nsec
= ___constant_swab32(phdr
->ppo
.ts
.tv_usec
) * 1000;
565 thdr
->tp_snaplen
= ___constant_swab32(phdr
->ppo
.caplen
);
566 thdr
->tp_len
= ___constant_swab32(phdr
->ppo
.len
);
567 if (type
== DEFAULT_LL_SWAPPED
) {
568 thdr
->tp_snaplen
-= sizeof(struct pcap_ll
);
569 thdr
->tp_len
-= sizeof(struct pcap_ll
);
571 ll_to_sockaddr(&phdr
->ppo_ll
.ll
, sll
);
577 thdr
->tp_sec
= phdr
->ppn
.ts
.tv_sec
;
578 thdr
->tp_nsec
= phdr
->ppn
.ts
.tv_nsec
;
579 thdr
->tp_snaplen
= phdr
->ppn
.caplen
;
580 thdr
->tp_len
= phdr
->ppn
.len
;
581 if (type
== NSEC_LL
) {
582 thdr
->tp_snaplen
-= sizeof(struct pcap_ll
);
583 thdr
->tp_len
-= sizeof(struct pcap_ll
);
585 ll_to_sockaddr(&phdr
->ppn_ll
.ll
, sll
);
590 case NSEC_LL_SWAPPED
:
591 thdr
->tp_sec
= ___constant_swab32(phdr
->ppn
.ts
.tv_sec
);
592 thdr
->tp_nsec
= ___constant_swab32(phdr
->ppn
.ts
.tv_nsec
);
593 thdr
->tp_snaplen
= ___constant_swab32(phdr
->ppn
.caplen
);
594 thdr
->tp_len
= ___constant_swab32(phdr
->ppn
.len
);
595 if (type
== NSEC_LL_SWAPPED
) {
596 thdr
->tp_snaplen
-= sizeof(struct pcap_ll
);
597 thdr
->tp_len
-= sizeof(struct pcap_ll
);
599 ll_to_sockaddr(&phdr
->ppn_ll
.ll
, sll
);
604 thdr
->tp_sec
= phdr
->ppk
.ts
.tv_sec
;
605 thdr
->tp_nsec
= phdr
->ppk
.ts
.tv_usec
* 1000;
606 thdr
->tp_snaplen
= phdr
->ppk
.caplen
;
607 thdr
->tp_len
= phdr
->ppk
.len
;
609 sll
->sll_ifindex
= phdr
->ppk
.ifindex
;
610 sll
->sll_protocol
= phdr
->ppk
.protocol
;
611 sll
->sll_pkttype
= phdr
->ppk
.pkttype
;
615 case KUZNETZOV_SWAPPED
:
616 thdr
->tp_sec
= ___constant_swab32(phdr
->ppk
.ts
.tv_sec
);
617 thdr
->tp_nsec
= ___constant_swab32(phdr
->ppk
.ts
.tv_usec
) * 1000;
618 thdr
->tp_snaplen
= ___constant_swab32(phdr
->ppk
.caplen
);
619 thdr
->tp_len
= ___constant_swab32(phdr
->ppk
.len
);
621 sll
->sll_ifindex
= ___constant_swab32(phdr
->ppk
.ifindex
);
622 sll
->sll_protocol
= ___constant_swab16(phdr
->ppk
.protocol
);
623 sll
->sll_pkttype
= phdr
->ppk
.pkttype
;
628 thdr
->tp_sec
= phdr
->ppb
.ts
.tv_sec
;
629 thdr
->tp_nsec
= phdr
->ppb
.ts
.tv_nsec
;
630 thdr
->tp_snaplen
= phdr
->ppb
.caplen
;
631 thdr
->tp_len
= phdr
->ppb
.len
;
633 sll
->sll_ifindex
= phdr
->ppb
.ifindex
;
634 sll
->sll_protocol
= phdr
->ppb
.protocol
;
635 sll
->sll_hatype
= phdr
->ppb
.hatype
;
636 sll
->sll_pkttype
= phdr
->ppb
.pkttype
;
640 case BORKMANN_SWAPPED
:
641 thdr
->tp_sec
= ___constant_swab32(phdr
->ppb
.ts
.tv_sec
);
642 thdr
->tp_nsec
= ___constant_swab32(phdr
->ppb
.ts
.tv_nsec
);
643 thdr
->tp_snaplen
= ___constant_swab32(phdr
->ppb
.caplen
);
644 thdr
->tp_len
= ___constant_swab32(phdr
->ppb
.len
);
646 sll
->sll_ifindex
= ___constant_swab16(phdr
->ppb
.ifindex
);
647 sll
->sll_protocol
= ___constant_swab16(phdr
->ppb
.protocol
);
648 sll
->sll_hatype
= phdr
->ppb
.hatype
;
649 sll
->sll_pkttype
= phdr
->ppb
.pkttype
;
658 #define FEATURE_UNKNOWN (0 << 0)
659 #define FEATURE_TIMEVAL_MS (1 << 0)
660 #define FEATURE_TIMEVAL_NS (1 << 1)
661 #define FEATURE_LEN (1 << 2)
662 #define FEATURE_CAPLEN (1 << 3)
663 #define FEATURE_IFINDEX (1 << 4)
664 #define FEATURE_PROTO (1 << 5)
665 #define FEATURE_HATYPE (1 << 6)
666 #define FEATURE_PKTTYPE (1 << 7)
667 #define FEATURE_TSOURCE (1 << 8)
669 struct pcap_magic_type
{
670 const uint32_t magic
;
672 const uint16_t features
;
675 static const struct pcap_magic_type pcap_magic_types
[] __maybe_unused
= {
677 .magic
= ORIGINAL_TCPDUMP_MAGIC
,
678 .desc
= "tcpdump-capable pcap",
679 .features
= FEATURE_TIMEVAL_MS
|
683 .magic
= NSEC_TCPDUMP_MAGIC
,
684 .desc
= "tcpdump-capable pcap with ns resolution",
685 .features
= FEATURE_TIMEVAL_NS
|
689 .magic
= KUZNETZOV_TCPDUMP_MAGIC
,
690 .desc
= "Alexey Kuznetzov's pcap",
691 .features
= FEATURE_TIMEVAL_MS
|
698 .magic
= BORKMANN_TCPDUMP_MAGIC
,
699 .desc
= "netsniff-ng pcap",
700 .features
= FEATURE_TIMEVAL_NS
|
711 static inline void pcap_dump_type_features(void)
715 for (i
= 0; i
< array_size(pcap_magic_types
); ++i
) {
716 printf("%s:\n", pcap_magic_types
[i
].desc
);
717 printf(" magic: 0x%x (swapped: 0x%x)\n",
718 pcap_magic_types
[i
].magic
,
719 ___constant_swab32(pcap_magic_types
[i
].magic
));
720 printf(" features:\n");
722 if (pcap_magic_types
[i
].features
== FEATURE_UNKNOWN
) {
723 printf(" unknown\n");
727 if (pcap_magic_types
[i
].features
& FEATURE_TIMEVAL_MS
)
728 printf(" timeval in us\n");
729 if (pcap_magic_types
[i
].features
& FEATURE_TIMEVAL_NS
)
730 printf(" timeval in ns\n");
731 if (pcap_magic_types
[i
].features
& FEATURE_TSOURCE
)
732 printf(" timestamp source\n");
733 if (pcap_magic_types
[i
].features
& FEATURE_LEN
)
734 printf(" packet length\n");
735 if (pcap_magic_types
[i
].features
& FEATURE_CAPLEN
)
736 printf(" packet cap-length\n");
737 if (pcap_magic_types
[i
].features
& FEATURE_IFINDEX
)
738 printf(" packet ifindex\n");
739 if (pcap_magic_types
[i
].features
& FEATURE_PROTO
)
740 printf(" packet protocol\n");
741 if (pcap_magic_types
[i
].features
& FEATURE_HATYPE
)
742 printf(" hardware type\n");
743 if (pcap_magic_types
[i
].features
& FEATURE_PKTTYPE
)
744 printf(" packet type\n");
748 static const char *pcap_ops_group_to_str
[] __maybe_unused
= {
749 [PCAP_OPS_RW
] = "read/write",
750 [PCAP_OPS_SG
] = "scatter-gather",
751 [PCAP_OPS_MM
] = "mmap",
754 static const struct pcap_file_ops
*pcap_ops
[] __maybe_unused
= {
755 [PCAP_OPS_RW
] = &pcap_rw_ops
,
756 [PCAP_OPS_SG
] = &pcap_sg_ops
,
757 [PCAP_OPS_MM
] = &pcap_mm_ops
,
760 static inline void pcap_prepare_header(struct pcap_filehdr
*hdr
, uint32_t magic
,
761 uint32_t linktype
, int32_t thiszone
,
764 bool swapped
= pcap_magic_is_swapped(magic
);
766 /* As *_LL types are just internal, we need to remap pcap
767 * magics to actually valid types.
770 case ORIGINAL_TCPDUMP_MAGIC_LL
:
771 magic
= ORIGINAL_TCPDUMP_MAGIC
;
773 case NSEC_TCPDUMP_MAGIC_LL
:
774 magic
= NSEC_TCPDUMP_MAGIC
;
776 case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC_LL
):
777 magic
= ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC
);
779 case ___constant_swab32(NSEC_TCPDUMP_MAGIC_LL
):
780 magic
= ___constant_swab32(NSEC_TCPDUMP_MAGIC
);
785 hdr
->version_major
= swapped
? ___constant_swab16(PCAP_VERSION_MAJOR
) : PCAP_VERSION_MAJOR
;
786 hdr
->version_minor
= swapped
? ___constant_swab16(PCAP_VERSION_MINOR
) : PCAP_VERSION_MINOR
;
787 hdr
->thiszone
= swapped
? (int32_t) ___constant_swab32(thiszone
) : thiszone
;
789 hdr
->snaplen
= swapped
? ___constant_swab32(snaplen
) : snaplen
;
790 hdr
->linktype
= swapped
? ___constant_swab32(linktype
) : linktype
;
793 static const bool pcap_supported_linktypes
[LINKTYPE_MAX
] __maybe_unused
= {
794 /* tunX captures from wireshark/tcpdump, non-portable */
795 [101] = true, [102] = true, [103] = true,
796 [LINKTYPE_NULL
] = true,
797 [LINKTYPE_EN10MB
] = true,
798 [LINKTYPE_EN3MB
] = true,
799 [LINKTYPE_AX25
] = true,
800 [LINKTYPE_PRONET
] = true,
801 [LINKTYPE_CHAOS
] = true,
802 [LINKTYPE_IEEE802
] = true,
803 [LINKTYPE_SLIP
] = true,
804 [LINKTYPE_PPP
] = true,
805 [LINKTYPE_FDDI
] = true,
806 [LINKTYPE_ATM_CLIP
] = true,
807 [LINKTYPE_C_HDLC
] = true,
808 [LINKTYPE_IEEE802_11
] = true,
809 [LINKTYPE_IEEE802_11_RADIOTAP
] = true,
810 [LINKTYPE_FRELAY
] = true,
811 [LINKTYPE_ECONET
] = true,
812 [LINKTYPE_ARCNET_LINUX
] = true,
813 [LINKTYPE_LINUX_IRDA
] = true,
814 [LINKTYPE_CAN20B
] = true,
815 [LINKTYPE_IEEE802_15_4_LINUX
] = true,
816 [LINKTYPE_INFINIBAND
] = true,
817 [LINKTYPE_NETLINK
] = true,
818 [LINKTYPE_LINUX_SLL
] = true,
821 static inline void pcap_validate_header(struct pcap_filehdr
*hdr
)
826 pcap_check_magic(hdr
->magic
);
828 linktype
= pcap_magic_is_swapped(hdr
->magic
) ? bswap_32(hdr
->linktype
) : hdr
->linktype
;
829 if (linktype
< LINKTYPE_MAX
)
830 good
= pcap_supported_linktypes
[linktype
];
833 panic("This file has an unsupported pcap link type (%d)!\n", linktype
);
834 if (unlikely(hdr
->version_major
!= PCAP_VERSION_MAJOR
) &&
835 ___constant_swab16(hdr
->version_major
) != PCAP_VERSION_MAJOR
)
836 panic("This file has an invalid pcap major version (must be %d)\n", PCAP_VERSION_MAJOR
);
837 if (unlikely(hdr
->version_minor
!= PCAP_VERSION_MINOR
) &&
838 ___constant_swab16(hdr
->version_minor
) != PCAP_VERSION_MINOR
)
839 panic("This file has an invalid pcap minor version (must be %d)\n", PCAP_VERSION_MINOR
);
841 /* Remap to internal *_LL types in case of LINKTYPE_LINUX_SLL. */
842 if (linktype
== LINKTYPE_LINUX_SLL
|| linktype
== LINKTYPE_NETLINK
) {
843 switch (hdr
->magic
) {
844 case ORIGINAL_TCPDUMP_MAGIC
:
845 hdr
->magic
= ORIGINAL_TCPDUMP_MAGIC_LL
;
847 case NSEC_TCPDUMP_MAGIC
:
848 hdr
->magic
= NSEC_TCPDUMP_MAGIC_LL
;
850 case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC
):
851 hdr
->magic
= ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC_LL
);
853 case ___constant_swab32(NSEC_TCPDUMP_MAGIC
):
854 hdr
->magic
= ___constant_swab32(NSEC_TCPDUMP_MAGIC_LL
);
860 static int pcap_generic_pull_fhdr(int fd
, uint32_t *magic
,
861 uint32_t *linktype
) __maybe_unused
;
863 static int pcap_generic_pull_fhdr(int fd
, uint32_t *magic
, uint32_t *linktype
)
866 struct pcap_filehdr hdr
;
868 ret
= read(fd
, &hdr
, sizeof(hdr
));
869 if (unlikely(ret
!= sizeof(hdr
)))
872 pcap_validate_header(&hdr
);
875 *linktype
= hdr
.linktype
;
880 static int pcap_generic_push_fhdr(int fd
, uint32_t magic
,
881 uint32_t linktype
) __maybe_unused
;
883 static int pcap_generic_push_fhdr(int fd
, uint32_t magic
, uint32_t linktype
)
886 struct pcap_filehdr hdr
;
888 memset(&hdr
, 0, sizeof(hdr
));
890 pcap_prepare_header(&hdr
, magic
, linktype
, 0, PCAP_DEFAULT_SNAPSHOT_LEN
);
892 ret
= write_or_die(fd
, &hdr
, sizeof(hdr
));
893 if (unlikely(ret
!= sizeof(hdr
)))
894 panic("Failed to write pkt file header!\n");
899 #endif /* PCAP_IO_H */
