search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
netsniff-ng: pcap: fix multi-file dump with dropped privs
[netsniff-ng.git] / src / pcap.h
blob152488f63728d0b0b61b6f4425f3d879b5e916c8
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Copyright 2010 Emmanuel Roullit.
6 * Subject to the GPL, version 2.
7 */
8
9 #ifndef PCAP_H
10 #define PCAP_H
11
12 #include <unistd.h>
13 #include <stdint.h>
14 #include <errno.h>
15 #include <sys/time.h>
16 #include <linux/if_packet.h>
17
18 #include "built_in.h"
19 #include "die.h"
20
21 #define TCPDUMP_MAGIC 0xa1b2c3d4
22 #define PCAP_VERSION_MAJOR 2
23 #define PCAP_VERSION_MINOR 4
24 #define PCAP_DEFAULT_SNAPSHOT_LEN 65535
25
26 #define LINKTYPE_NULL 0 /* BSD loopback encapsulation */
27 #define LINKTYPE_EN10MB 1 /* Ethernet (10Mb) */
28 #define LINKTYPE_EN3MB 2 /* Experimental Ethernet (3Mb) */
29 #define LINKTYPE_AX25 3 /* Amateur Radio AX.25 */
30 #define LINKTYPE_PRONET 4 /* Proteon ProNET Token Ring */
31 #define LINKTYPE_CHAOS 5 /* Chaos */
32 #define LINKTYPE_IEEE802 6 /* 802.5 Token Ring */
33 #define LINKTYPE_ARCNET 7 /* ARCNET, with BSD-style header */
34 #define LINKTYPE_SLIP 8 /* Serial Line IP */
35 #define LINKTYPE_PPP 9 /* Point-to-point Protocol */
36 #define LINKTYPE_FDDI 10 /* FDDI */
37 #define LINKTYPE_IEEE802_11 105 /* IEEE 802.11 wireless */
38
39 struct pcap_filehdr {
40 uint32_t magic;
41 uint16_t version_major;
42 uint16_t version_minor;
43 int32_t thiszone;
44 uint32_t sigfigs;
45 uint32_t snaplen;
46 uint32_t linktype;
47 };
48
49 struct pcap_timeval {
50 int32_t tv_sec;
51 int32_t tv_usec;
52 };
53
54 struct pcap_nsf_pkthdr {
55 struct timeval ts;
56 uint32_t caplen;
57 uint32_t len;
58 };
59
60 struct pcap_pkthdr {
61 struct pcap_timeval ts;
62 uint32_t caplen;
63 uint32_t len;
64 };
65
66 static inline void tpacket_hdr_to_pcap_pkthdr(struct tpacket2_hdr *thdr,
67 struct pcap_pkthdr *phdr)
68 {
69 phdr->ts.tv_sec = thdr->tp_sec;
70 phdr->ts.tv_usec = (thdr->tp_nsec / 1000);
71 phdr->caplen = thdr->tp_snaplen;
72 /* FIXME */
73 /* phdr->len = thdr->tp_len; */
74 phdr->len = thdr->tp_snaplen;
75 }
76
77 static inline void pcap_pkthdr_to_tpacket_hdr(struct pcap_pkthdr *phdr,
78 struct tpacket2_hdr *thdr)
79 {
80 thdr->tp_sec = phdr->ts.tv_sec;
81 thdr->tp_nsec = phdr->ts.tv_usec * 1000;
82 thdr->tp_snaplen = phdr->caplen;
83 thdr->tp_len = phdr->len;
84 }
85
86 enum pcap_ops_groups {
87 PCAP_OPS_RW = 0,
88 #define PCAP_OPS_RW PCAP_OPS_RW
89 PCAP_OPS_SG,
90 #define PCAP_OPS_SG PCAP_OPS_SG
91 PCAP_OPS_MMAP,
92 #define PCAP_OPS_MMAP PCAP_OPS_MMAP
93 __PCAP_OPS_MAX,
94 };
95 #define PCAP_OPS_MAX (__PCAP_OPS_MAX - 1)
96 #define PCAP_OPS_SIZ (__PCAP_OPS_MAX)
97
98 enum pcap_mode {
99 PCAP_MODE_READ = 0,
100 PCAP_MODE_WRITE,
101 };
102
103 struct pcap_file_ops {
104 const char *name;
105 int (*pull_file_header)(int fd, uint32_t *linktype);
106 int (*push_file_header)(int fd, uint32_t linktype);
107 int (*prepare_writing_pcap)(int fd);
108 ssize_t (*write_pcap_pkt)(int fd, struct pcap_pkthdr *hdr,
109 uint8_t *packet, size_t len);
110 void (*fsync_pcap)(int fd);
111 int (*prepare_reading_pcap)(int fd);
112 ssize_t (*read_pcap_pkt)(int fd, struct pcap_pkthdr *hdr,
113 uint8_t *packet, size_t len);
114 void (*prepare_close_pcap)(int fd, enum pcap_mode mode);
115 };
116
117 extern const struct pcap_file_ops *pcap_ops[PCAP_OPS_SIZ];
118
119 extern int pcap_ops_group_register(const struct pcap_file_ops *ops,
120 enum pcap_ops_groups group);
121 extern void pcap_ops_group_unregister(enum pcap_ops_groups group);
122
123 static inline const struct pcap_file_ops *
124 pcap_ops_group_get(enum pcap_ops_groups group)
125 {
126 return pcap_ops[group];
127 }
128
129 static inline void pcap_prepare_header(struct pcap_filehdr *hdr,
130 uint32_t linktype,
131 int32_t thiszone, uint32_t snaplen)
132 {
133 hdr->magic = TCPDUMP_MAGIC;
134 hdr->version_major = PCAP_VERSION_MAJOR;
135 hdr->version_minor = PCAP_VERSION_MINOR;
136 hdr->thiszone = thiszone;
137 hdr->sigfigs = 0;
138 hdr->snaplen = snaplen;
139 hdr->linktype = linktype;
140 }
141
142 static inline void pcap_validate_header(struct pcap_filehdr *hdr)
143 {
144 if (unlikely(hdr->magic != TCPDUMP_MAGIC ||
145 hdr->version_major != PCAP_VERSION_MAJOR ||
146 hdr->version_minor != PCAP_VERSION_MINOR ||
147 (hdr->linktype != LINKTYPE_EN10MB &&
148 hdr->linktype != LINKTYPE_IEEE802_11)))
149 panic("This file has not a valid pcap header\n");
150 }
151
152 extern int init_pcap_mmap(int jumbo_support);
153 extern int init_pcap_rw(int jumbo_support);
154 extern int init_pcap_sg(int jumbo_support);
155
156 extern void cleanup_pcap_mmap(void);
157 extern void cleanup_pcap_rw(void);
158 extern void cleanup_pcap_sg(void);
159
160 static inline int init_pcap(enum pcap_ops_groups ops, int jumbo_support)
161 {
162 switch (ops) {
163 case PCAP_OPS_RW:
164 init_pcap_rw(jumbo_support);
165 break;
166 case PCAP_OPS_SG:
167 init_pcap_sg(jumbo_support);
168 break;
169 case PCAP_OPS_MMAP:
170 init_pcap_mmap(jumbo_support);
171 break;
172 default:
173 bug();
174 }
175
176 return 0;
177 }
178
179 static inline void cleanup_pcap(void)
180 {
181 cleanup_pcap_rw();
182 cleanup_pcap_sg();
183 cleanup_pcap_mmap();
184 }
185
186 #endif /* PCAP_H */
netsniff-ng toolkit, the packet sniffing beast, staging tree