search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / cmd-inet / usr.sbin / snoop / snoop.c
blob30382328433ba9e1d9fefdd6006e2359d60b14c4
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <stdio.h>
28 #include <unistd.h>
29 #include <stropts.h>
30 #include <string.h>
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include <stdarg.h>
34 #include <setjmp.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <sys/types.h>
38 #include <sys/time.h>
39 #include <signal.h>
40 #include <sys/mman.h>
41 #include <assert.h>
42 #include <sys/sysmacros.h>
43
44 #include <sys/socket.h>
45 #include <sys/pfmod.h>
46 #include <net/if.h>
47 #include <netinet/in_systm.h>
48 #include <netinet/in.h>
49 #include <netinet/if_ether.h>
50 #include <netdb.h>
51
52 #include "snoop.h"
53
54 static int snaplen;
55
56 /* Global error recovery variables */
57 sigjmp_buf jmp_env, ojmp_env; /* error recovery jmp buf */
58 int snoop_nrecover; /* number of recoveries on curr pkt */
59 int quitting; /* user termination flag */
60
61 static struct snoop_handler *snoop_hp; /* global alarm handler head */
62 static struct snoop_handler *snoop_tp; /* global alarm handler tail */
63 static time_t snoop_nalarm; /* time of next alarm */
64
65 /* protected interpreter output areas */
66 #define MAXSUM 8
67 #define REDZONE 64
68 static char *sumline[MAXSUM];
69 static char *detail_line;
70 static char *line;
71 static char *encap;
72
73 static int audio;
74 int maxcount; /* maximum no of packets to capture */
75 int count; /* count of packets captured */
76 static int sumcount;
77 int x_offset = -1;
78 int x_length = 0x7fffffff;
79 FILE *namefile;
80 boolean_t Pflg;
81 boolean_t Iflg;
82 boolean_t qflg;
83 boolean_t rflg;
84 #ifdef DEBUG
85 boolean_t zflg;
86 #endif
87 struct Pf_ext_packetfilt pf;
88
89 static int vlanid = 0;
90
91 static void usage(void);
92 static void snoop_sigrecover(int sig, siginfo_t *info, void *p);
93 static char *protmalloc(size_t);
94 static void resetperm(void);
95
96 int
97 main(int argc, char **argv)
98 {
99 int c;
100 int filter = 0;
101 int flags = F_SUM;
102 struct Pf_ext_packetfilt *fp = NULL;
103 char *icapfile = NULL;
104 char *ocapfile = NULL;
105 boolean_t nflg = B_FALSE;
106 boolean_t Nflg = B_FALSE;
107 int Cflg = 0;
108 boolean_t Uflg = B_FALSE;
109 int first = 1;
110 int last = 0x7fffffff;
111 boolean_t use_kern_pf;
112 char *p, *p2;
113 char names[MAXPATHLEN + 1];
114 char self[MAXHOSTNAMELEN + 1];
115 char *argstr = NULL;
116 void (*proc)();
117 char *audiodev;
118 int ret;
119 struct sigaction sigact;
120 stack_t sigstk;
121 char *output_area;
122 int nbytes;
123 char *datalink = NULL;
124 dlpi_handle_t dh;
125
126 names[0] = '\0';
127 /*
128 * Global error recovery: Prepare for interpreter failures
129 * with corrupted packets or confused interpreters.
130 * Allocate protected output and stack areas, with generous
131 * red-zones.
132 */
133 nbytes = (MAXSUM + 3) * (MAXLINE + REDZONE);
134 output_area = protmalloc(nbytes);
135 if (output_area == NULL) {
136 perror("Warning: mmap");
137 exit(1);
138 }
139
140 /* Allocate protected output areas */
141 for (ret = 0; ret < MAXSUM; ret++) {
142 sumline[ret] = (char *)output_area;
143 output_area += (MAXLINE + REDZONE);
144 }
145 detail_line = output_area;
146 output_area += MAXLINE + REDZONE;
147 line = output_area;
148 output_area += MAXLINE + REDZONE;
149 encap = output_area;
150 output_area += MAXLINE + REDZONE;
151
152 /* Initialize an alternate signal stack to increase robustness */
153 if ((sigstk.ss_sp = (char *)malloc(SIGSTKSZ+REDZONE)) == NULL) {
154 perror("Warning: malloc");
155 exit(1);
156 }
157 sigstk.ss_size = SIGSTKSZ;
158 sigstk.ss_flags = 0;
159 if (sigaltstack(&sigstk, (stack_t *)NULL) < 0) {
160 perror("Warning: sigaltstack");
161 exit(1);
162 }
163
164 /* Initialize a master signal handler */
165 sigact.sa_handler = NULL;
166 sigact.sa_sigaction = snoop_sigrecover;
167 (void) sigemptyset(&sigact.sa_mask);
168 sigact.sa_flags = SA_ONSTACK|SA_SIGINFO;
169
170 /* Register master signal handler */
171 if (sigaction(SIGHUP, &sigact, NULL) < 0) {
172 perror("Warning: sigaction");
173 exit(1);
174 }
175 if (sigaction(SIGINT, &sigact, NULL) < 0) {
176 perror("Warning: sigaction");
177 exit(1);
178 }
179 if (sigaction(SIGQUIT, &sigact, NULL) < 0) {
180 perror("Warning: sigaction");
181 exit(1);
182 }
183 if (sigaction(SIGILL, &sigact, NULL) < 0) {
184 perror("Warning: sigaction");
185 exit(1);
186 }
187 if (sigaction(SIGTRAP, &sigact, NULL) < 0) {
188 perror("Warning: sigaction");
189 exit(1);
190 }
191 if (sigaction(SIGIOT, &sigact, NULL) < 0) {
192 perror("Warning: sigaction");
193 exit(1);
194 }
195 if (sigaction(SIGEMT, &sigact, NULL) < 0) {
196 perror("Warning: sigaction");
197 exit(1);
198 }
199 if (sigaction(SIGFPE, &sigact, NULL) < 0) {
200 perror("Warning: sigaction");
201 exit(1);
202 }
203 if (sigaction(SIGBUS, &sigact, NULL) < 0) {
204 perror("Warning: sigaction");
205 exit(1);
206 }
207 if (sigaction(SIGSEGV, &sigact, NULL) < 0) {
208 perror("Warning: sigaction");
209 exit(1);
210 }
211 if (sigaction(SIGSYS, &sigact, NULL) < 0) {
212 perror("Warning: sigaction");
213 exit(1);
214 }
215 if (sigaction(SIGALRM, &sigact, NULL) < 0) {
216 perror("Warning: sigaction");
217 exit(1);
218 }
219 if (sigaction(SIGTERM, &sigact, NULL) < 0) {
220 perror("Warning: sigaction");
221 exit(1);
222 }
223
224 /* Prepare for failure during program initialization/exit */
225 if (sigsetjmp(jmp_env, 1)) {
226 exit(1);
227 }
228 (void) setvbuf(stdout, NULL, _IOLBF, BUFSIZ);
229
230 while ((c = getopt(argc, argv, "at:CPDSi:o:Nn:s:d:I:vVp:f:c:x:U?rqz"))
231 != EOF) {
232 switch (c) {
233 case 'a':
234 audiodev = getenv("AUDIODEV");
235 if (audiodev == NULL)
236 audiodev = "/dev/audio";
237 audio = open(audiodev, O_WRONLY);
238 if (audio < 0) {
239 pr_err("Audio device %s: %m",
240 audiodev);
241 exit(1);
242 }
243 break;
244 case 't':
245 flags |= F_TIME;
246 switch (*optarg) {
247 case 'r': flags |= F_RTIME; break;
248 case 'a': flags |= F_ATIME; break;
249 case 'd': break;
250 default: usage();
251 }
252 break;
253 case 'I':
254 if (datalink != NULL)
255 usage();
256 Iflg = B_TRUE;
257 datalink = optarg;
258 break;
259 case 'P':
260 Pflg = B_TRUE;
261 break;
262 case 'D':
263 flags |= F_DROPS;
264 break;
265 case 'S':
266 flags |= F_LEN;
267 break;
268 case 'i':
269 icapfile = optarg;
270 break;
271 case 'o':
272 ocapfile = optarg;
273 break;
274 case 'N':
275 Nflg = B_TRUE;
276 break;
277 case 'n':
278 nflg = B_TRUE;
279 (void) strlcpy(names, optarg, MAXPATHLEN);
280 break;
281 case 's':
282 snaplen = atoi(optarg);
283 break;
284 case 'd':
285 if (Iflg)
286 usage();
287 datalink = optarg;
288 break;
289 case 'v':
290 flags &= ~(F_SUM);
291 flags |= F_DTAIL;
292 break;
293 case 'V':
294 flags |= F_ALLSUM;
295 break;
296 case 'p':
297 p = optarg;
298 p2 = strpbrk(p, ",:-");
299 if (p2 == NULL) {
300 first = last = atoi(p);
301 } else {
302 *p2++ = '\0';
303 first = atoi(p);
304 last = atoi(p2);
305 }
306 break;
307 case 'f':
308 (void) gethostname(self, MAXHOSTNAMELEN);
309 p = strchr(optarg, ':');
310 if (p) {
311 *p = '\0';
312 if (strcmp(optarg, self) == 0 ||
313 strcmp(p+1, self) == 0)
314 (void) fprintf(stderr,
315 "Warning: cannot capture packets from %s\n",
316 self);
317 *p = ' ';
318 } else if (strcmp(optarg, self) == 0)
319 (void) fprintf(stderr,
320 "Warning: cannot capture packets from %s\n",
321 self);
322 argstr = optarg;
323 break;
324 case 'x':
325 p = optarg;
326 p2 = strpbrk(p, ",:-");
327 if (p2 == NULL) {
328 x_offset = atoi(p);
329 x_length = -1;
330 } else {
331 *p2++ = '\0';
332 x_offset = atoi(p);
333 x_length = atoi(p2);
334 }
335 break;
336 case 'c':
337 maxcount = atoi(optarg);
338 break;
339 case 'C':
340 Cflg = B_TRUE;
341 break;
342 case 'q':
343 qflg = B_TRUE;
344 break;
345 case 'r':
346 rflg = B_TRUE;
347 break;
348 case 'U':
349 Uflg = B_TRUE;
350 break;
351 #ifdef DEBUG
352 case 'z':
353 zflg = B_TRUE;
354 break;
355 #endif /* DEBUG */
356 case '?':
357 default:
358 usage();
359 }
360 }
361
362 if (argc > optind)
363 argstr = (char *)concat_args(&argv[optind], argc - optind);
364
365 /*
366 * Need to know before we decide on filtering method some things
367 * about the interface. So, go ahead and do part of the initialization
368 * now so we have that data. Note that if no datalink is specified,
369 * open_datalink() selects one and returns it. In an ideal world,
370 * it might be nice if the "correct" interface for the filter
371 * requested was chosen, but that's too hard.
372 */
373 if (!icapfile) {
374 use_kern_pf = open_datalink(&dh, datalink);
375 } else {
376 use_kern_pf = B_FALSE;
377 cap_open_read(icapfile);
378
379 if (!nflg) {
380 names[0] = '\0';
381 (void) strlcpy(names, icapfile, MAXPATHLEN);
382 (void) strlcat(names, ".names", MAXPATHLEN);
383 }
384 }
385
386 if (Uflg)
387 use_kern_pf = B_FALSE;
388
389 /* attempt to read .names file if it exists before filtering */
390 if ((!Nflg) && names[0] != '\0') {
391 if (access(names, F_OK) == 0) {
392 load_names(names);
393 } else if (nflg) {
394 (void) fprintf(stderr, "%s not found\n", names);
395 exit(1);
396 }
397 }
398
399 if (argstr) {
400 if (use_kern_pf) {
401 ret = pf_compile(argstr, Cflg);
402 switch (ret) {
403 case 0:
404 filter++;
405 compile(argstr, Cflg);
406 break;
407 case 1:
408 fp = &pf;
409 break;
410 case 2:
411 fp = &pf;
412 filter++;
413 break;
414 }
415 } else {
416 filter++;
417 compile(argstr, Cflg);
418 }
419
420 if (Cflg)
421 exit(0);
422 }
423
424 if (flags & F_SUM)
425 flags |= F_WHO;
426
427 /*
428 * If the -o flag is set then capture packets
429 * directly to a file. Don't attempt to
430 * interpret them on the fly (F_NOW).
431 * Note: capture to file is much less likely
432 * to drop packets since we don't spend cpu
433 * cycles running through the interpreters
434 * and possibly hanging in address-to-name
435 * mappings through the name service.
436 */
437 if (ocapfile) {
438 cap_open_write(ocapfile);
439 proc = cap_write;
440 } else {
441 flags |= F_NOW;
442 proc = process_pkt;
443 }
444
445
446 /*
447 * If the -i flag is set then get packets from
448 * the log file which has been previously captured
449 * with the -o option.
450 */
451 if (icapfile) {
452 names[0] = '\0';
453 (void) strlcpy(names, icapfile, MAXPATHLEN);
454 (void) strlcat(names, ".names", MAXPATHLEN);
455
456 if (Nflg) {
457 namefile = fopen(names, "w");
458 if (namefile == NULL) {
459 perror(names);
460 exit(1);
461 }
462 flags = 0;
463 (void) fprintf(stderr,
464 "Creating name file %s\n", names);
465 }
466
467 if (flags & F_DTAIL)
468 flags = F_DTAIL;
469 else
470 flags |= F_NUM | F_TIME;
471
472 resetperm();
473 cap_read(first, last, filter, proc, flags);
474
475 if (Nflg)
476 (void) fclose(namefile);
477
478 } else {
479 const int chunksize = 8 * 8192;
480 struct timeval timeout;
481
482 /*
483 * If listening to packets on audio
484 * then set the buffer timeout down
485 * to 1/10 sec. A higher value
486 * makes the audio "bursty".
487 */
488 if (audio) {
489 timeout.tv_sec = 0;
490 timeout.tv_usec = 100000;
491 } else {
492 timeout.tv_sec = 1;
493 timeout.tv_usec = 0;
494 }
495
496 init_datalink(dh, snaplen, chunksize, &timeout, fp);
497 if (! qflg && ocapfile)
498 show_count();
499 resetperm();
500 net_read(dh, chunksize, filter, proc, flags);
501 dlpi_close(dh);
502
503 if (!(flags & F_NOW))
504 (void) printf("\n");
505 }
506
507 if (ocapfile)
508 cap_close();
509
510 return (0);
511 }
512
513 static int tone[] = {
514 0x076113, 0x153333, 0x147317, 0x144311, 0x147315, 0x050353, 0x037103, 0x051106,
515 0x157155, 0x142723, 0x133273, 0x134664, 0x051712, 0x024465, 0x026447, 0x072473,
516 0x136715, 0x126257, 0x135256, 0x047344, 0x034476, 0x027464, 0x036062, 0x133334,
517 0x127256, 0x130660, 0x136262, 0x040724, 0x016446, 0x025437, 0x137171, 0x127672,
518 0x124655, 0x134654, 0x032741, 0x021447, 0x037450, 0x125675, 0x127650, 0x077277,
519 0x046514, 0x036077, 0x035471, 0x147131, 0x136272, 0x162720, 0x166151, 0x037527,
520 };
521
522 /*
523 * Make a sound on /dev/audio according to the length of the packet. The
524 * amount of waveform used is a function of packet length e.g. a series
525 * of small packets is heard as clicks, whereas a series of NFS packets in
526 * an 8k read sounds like a "WHAAAARP".
527 */
528 void
529 click(int len)
530 {
531 len /= 8;
532 len = len ? len : 4;
533
534 if (audio) {
535 (void) write(audio, tone, len);
536 }
537 }
538
539 /* Display a count of packets */
540 void
541 show_count()
542 {
543 static int prev = -1;
544
545 if (count == prev)
546 return;
547
548 prev = count;
549 (void) fprintf(stderr, "\r%d ", count);
550 }
551
552 #define ENCAP_LEN 16 /* Hold "(NN encap)" */
553
554 /*
555 * Display data that's external to the packet.
556 * This constitutes the first half of the summary
557 * line display.
558 */
559 void
560 show_pktinfo(int flags, int num, char *src, char *dst, struct timeval *ptvp,
561 struct timeval *tvp, int drops, int len)
562 {
563 struct tm *tm;
564 static struct timeval tvp0;
565 int sec, usec;
566 char *lp = line;
567 int i, start;
568
569 if (flags & F_NUM) {
570 (void) sprintf(lp, "%3d ", num);
571 lp += strlen(lp);
572 }
573 tm = localtime(&tvp->tv_sec);
574
575 if (flags & F_TIME) {
576 if (flags & F_ATIME) {
577 (void) sprintf(lp, "%02d:%02d:%02d.%05d ",
578 tm->tm_hour, tm->tm_min, tm->tm_sec,
579 (int)tvp->tv_usec / 10);
580 lp += strlen(lp);
581 } else {
582 if (flags & F_RTIME) {
583 if (tvp0.tv_sec == 0) {
584 tvp0.tv_sec = tvp->tv_sec;
585 tvp0.tv_usec = tvp->tv_usec;
586 }
587 ptvp = &tvp0;
588 }
589 sec = tvp->tv_sec - ptvp->tv_sec;
590 usec = tvp->tv_usec - ptvp->tv_usec;
591 if (usec < 0) {
592 usec += 1000000;
593 sec -= 1;
594 }
595 (void) sprintf(lp, "%3d.%05d ", sec, usec / 10);
596 lp += strlen(lp);
597 }
598 }
599
600 if ((flags & F_SUM) && !(flags & F_ALLSUM) && (vlanid != 0)) {
601 (void) snprintf(lp, MAXLINE, "VLAN#%i: ", vlanid);
602 lp += strlen(lp);
603 }
604
605 if (flags & F_WHO) {
606 (void) sprintf(lp, "%12s -> %-12s ", src, dst);
607 lp += strlen(lp);
608 }
609
610 if (flags & F_DROPS) {
611 (void) sprintf(lp, "drops: %d ", drops);
612 lp += strlen(lp);
613 }
614
615 if (flags & F_LEN) {
616 (void) sprintf(lp, "length: %4d ", len);
617 lp += strlen(lp);
618 }
619
620 if (flags & F_SUM) {
621 if (flags & F_ALLSUM)
622 (void) printf("________________________________\n");
623
624 start = flags & F_ALLSUM ? 0 : sumcount - 1;
625 (void) sprintf(encap, " (%d encap)", total_encap_levels - 1);
626 (void) printf("%s%s%s\n", line, sumline[start],
627 ((flags & F_ALLSUM) || (total_encap_levels == 1)) ? "" :
628 encap);
629
630 for (i = start + 1; i < sumcount; i++)
631 (void) printf("%s%s\n", line, sumline[i]);
632
633 sumcount = 0;
634 }
635
636 if (flags & F_DTAIL) {
637 (void) printf("%s\n\n", detail_line);
638 detail_line[0] = '\0';
639 }
640 }
641
642 /*
643 * The following three routines are called back
644 * from the interpreters to display their stuff.
645 * The theory is that when snoop becomes a window
646 * based tool we can just supply a new version of
647 * get_sum_line and get_detail_line and not have
648 * to touch the interpreters at all.
649 */
650 char *
651 get_sum_line()
652 {
653 int tsumcount = sumcount;
654
655 if (sumcount >= MAXSUM) {
656 sumcount = 0; /* error recovery */
657 pr_err(
658 "get_sum_line: sumline overflow (sumcount=%d, MAXSUM=%d)\n",
659 tsumcount, MAXSUM);
660 }
661
662 sumline[sumcount][0] = '\0';
663 return (sumline[sumcount++]);
664 }
665
666 /*ARGSUSED*/
667 char *
668 get_detail_line(int off, int len)
669 {
670 if (detail_line[0]) {
671 (void) printf("%s\n", detail_line);
672 detail_line[0] = '\0';
673 }
674 return (detail_line);
675 }
676
677 /*
678 * This function exists to make sure that VLAN information is
679 * prepended to summary lines displayed. The problem this function
680 * solves is how to display VLAN information while in summary mode.
681 * Each interpretor uses the get_sum_line and get_detail_line functions
682 * to get a character buffer to display information to the user.
683 * get_sum_line is the important one here. Each call to get_sum_line
684 * gets a buffer which stores one line of information. In summary mode,
685 * the last line generated is the line printed. Instead of changing each
686 * interpreter to add VLAN information to the summary line, the ethernet
687 * interpreter changes to call this function and set an ID. If the ID is not
688 * zero and snoop is in default summary mode, snoop displays the
689 * VLAN information at the beginning of the output line. Otherwise,
690 * no VLAN information is displayed.
691 */
692 void
693 set_vlan_id(int id)
694 {
695 vlanid = id;
696 }
697
698 /*
699 * Print an error.
700 * Works like printf (fmt string and variable args)
701 * except that it will substitute an error message
702 * for a "%m" string (like syslog) and it calls
703 * long_jump - it doesn't return to where it was
704 * called from - it goes to the last setjmp().
705 */
706 /* VARARGS1 */
707 void
708 pr_err(const char *fmt, ...)
709 {
710 va_list ap;
711 char buf[1024], *p2;
712 const char *p1;
713
714 (void) strcpy(buf, "snoop: ");
715 p2 = buf + strlen(buf);
716
717 /*
718 * Note that we terminate the buffer with '\n' and '\0'.
719 */
720 for (p1 = fmt; *p1 != '\0' && p2 < buf + sizeof (buf) - 2; p1++) {
721 if (*p1 == '%' && *(p1+1) == 'm') {
722 const char *errstr;
723
724 if ((errstr = strerror(errno)) != NULL) {
725 *p2 = '\0';
726 (void) strlcat(buf, errstr, sizeof (buf));
727 p2 += strlen(p2);
728 }
729 p1++;
730 } else {
731 *p2++ = *p1;
732 }
733 }
734 if (p2 > buf && *(p2-1) != '\n')
735 *p2++ = '\n';
736 *p2 = '\0';
737
738 va_start(ap, fmt);
739 /* LINTED: E_SEC_PRINTF_VAR_FMT */
740 (void) vfprintf(stderr, buf, ap);
741 va_end(ap);
742 snoop_sigrecover(-1, NULL, NULL); /* global error recovery */
743 }
744
745 /*
746 * Store a copy of linkname associated with the DLPI handle.
747 * Save errno before closing the dlpi handle so that the
748 * correct error value is used if 'err' is a system error.
749 */
750 void
751 pr_errdlpi(dlpi_handle_t dh, const char *cmd, int err)
752 {
753 int save_errno = errno;
754 char linkname[DLPI_LINKNAME_MAX];
755
756 (void) strlcpy(linkname, dlpi_linkname(dh), sizeof (linkname));
757
758 dlpi_close(dh);
759 errno = save_errno;
760
761 pr_err("%s on \"%s\": %s", cmd, linkname, dlpi_strerror(err));
762 }
763
764 /*
765 * Ye olde usage proc
766 * PLEASE keep this up to date!
767 * Naive users *love* this stuff.
768 */
769 static void
770 usage(void)
771 {
772 (void) fprintf(stderr, "\nUsage: snoop\n");
773 (void) fprintf(stderr,
774 "\t[ -a ] # Listen to packets on audio\n");
775 (void) fprintf(stderr,
776 "\t[ -d link ] # Listen on named link\n");
777 (void) fprintf(stderr,
778 "\t[ -s snaplen ] # Truncate packets\n");
779 (void) fprintf(stderr,
780 "\t[ -I IP interface ] # Listen on named IP interface\n");
781 (void) fprintf(stderr,
782 "\t[ -c count ] # Quit after count packets\n");
783 (void) fprintf(stderr,
784 "\t[ -P ] # Turn OFF promiscuous mode\n");
785 (void) fprintf(stderr,
786 "\t[ -D ] # Report dropped packets\n");
787 (void) fprintf(stderr,
788 "\t[ -S ] # Report packet size\n");
789 (void) fprintf(stderr,
790 "\t[ -i file ] # Read previously captured packets\n");
791 (void) fprintf(stderr,
792 "\t[ -o file ] # Capture packets in file\n");
793 (void) fprintf(stderr,
794 "\t[ -n file ] # Load addr-to-name table from file\n");
795 (void) fprintf(stderr,
796 "\t[ -N ] # Create addr-to-name table\n");
797 (void) fprintf(stderr,
798 "\t[ -t r|a|d ] # Time: Relative, Absolute or Delta\n");
799 (void) fprintf(stderr,
800 "\t[ -v ] # Verbose packet display\n");
801 (void) fprintf(stderr,
802 "\t[ -V ] # Show all summary lines\n");
803 (void) fprintf(stderr,
804 "\t[ -p first[,last] ] # Select packet(s) to display\n");
805 (void) fprintf(stderr,
806 "\t[ -x offset[,length] ] # Hex dump from offset for length\n");
807 (void) fprintf(stderr,
808 "\t[ -C ] # Print packet filter code\n");
809 (void) fprintf(stderr,
810 "\t[ -q ] # Suppress printing packet count\n");
811 (void) fprintf(stderr,
812 "\t[ -r ] # Do not resolve address to name\n");
813 (void) fprintf(stderr,
814 "\n\t[ filter expression ]\n");
815 (void) fprintf(stderr, "\nExample:\n");
816 (void) fprintf(stderr, "\tsnoop -o saved host fred\n\n");
817 (void) fprintf(stderr, "\tsnoop -i saved -tr -v -p19\n");
818 exit(1);
819 }
820
821 /*
822 * sdefault: default global alarm handler. Causes the current packet
823 * to be skipped.
824 */
825 static void
826 sdefault(void)
827 {
828 snoop_nrecover = SNOOP_MAXRECOVER;
829 }
830
831 /*
832 * snoop_alarm: register or unregister an alarm handler to be called after
833 * s_sec seconds. Because snoop wasn't written to tolerate random signal
834 * delivery, periodic SIGALRM delivery (or SA_RESTART) cannot be used.
835 *
836 * s_sec argument of 0 seconds unregisters the handler.
837 * s_handler argument of NULL registers default handler sdefault(), or
838 * unregisters all signal handlers (for error recovery).
839 *
840 * Variables must be volatile to force the compiler to not optimize
841 * out the signal blocking.
842 */
843 /*ARGSUSED*/
844 int
845 snoop_alarm(int s_sec, void (*s_handler)())
846 {
847 volatile time_t now;
848 volatile time_t nalarm = 0;
849 volatile struct snoop_handler *sh = NULL;
850 volatile struct snoop_handler *hp, *tp, *next;
851 volatile sigset_t s_mask;
852 volatile int ret = -1;
853
854 (void) sigemptyset((sigset_t *)&s_mask);
855 (void) sigaddset((sigset_t *)&s_mask, SIGALRM);
856 if (s_sec < 0)
857 return (-1);
858
859 /* register an alarm handler */
860 now = time(NULL);
861 if (s_sec) {
862 sh = malloc(sizeof (struct snoop_handler));
863 sh->s_time = now + s_sec;
864 if (s_handler == NULL)
865 s_handler = sdefault;
866 sh->s_handler = s_handler;
867 sh->s_next = NULL;
868 (void) sigprocmask(SIG_BLOCK, (sigset_t *)&s_mask, NULL);
869 if (snoop_hp == NULL) {
870 snoop_hp = snoop_tp = (struct snoop_handler *)sh;
871
872 snoop_nalarm = sh->s_time;
873 (void) alarm(sh->s_time - now);
874 } else {
875 snoop_tp->s_next = (struct snoop_handler *)sh;
876 snoop_tp = (struct snoop_handler *)sh;
877
878 if (sh->s_time < snoop_nalarm) {
879 snoop_nalarm = sh->s_time;
880 (void) alarm(sh->s_time - now);
881 }
882 }
883 (void) sigprocmask(SIG_UNBLOCK, (sigset_t *)&s_mask, NULL);
884
885 return (0);
886 }
887
888 /* unregister an alarm handler */
889 (void) sigprocmask(SIG_BLOCK, (sigset_t *)&s_mask, NULL);
890 tp = (struct snoop_handler *)&snoop_hp;
891 for (hp = snoop_hp; hp; hp = next) {
892 next = hp->s_next;
893 if (s_handler == NULL || hp->s_handler == s_handler) {
894 ret = 0;
895 tp->s_next = hp->s_next;
896 if (snoop_tp == hp) {
897 if (tp == (struct snoop_handler *)&snoop_hp)
898 snoop_tp = NULL;
899 else
900 snoop_tp = (struct snoop_handler *)tp;
901 }
902 free((void *)hp);
903 } else {
904 if (nalarm == 0 || nalarm > hp->s_time)
905 nalarm = now < hp->s_time ? hp->s_time :
906 now + 1;
907 tp = hp;
908 }
909 }
910 /*
911 * Stop or adjust timer
912 */
913 if (snoop_hp == NULL) {
914 snoop_nalarm = 0;
915 (void) alarm(0);
916 } else if (nalarm > 0 && nalarm < snoop_nalarm) {
917 snoop_nalarm = nalarm;
918 (void) alarm(nalarm - now);
919 }
920
921 (void) sigprocmask(SIG_UNBLOCK, (sigset_t *)&s_mask, NULL);
922 return (ret);
923 }
924
925 /*
926 * snoop_recover: reset snoop's output area, and any internal variables,
927 * to allow continuation.
928 * XXX: make this an interface such that each interpreter can
929 * register a reset routine.
930 */
931 void
932 snoop_recover(void)
933 {
934 int i;
935
936 /* Error recovery: reset output_area and associated variables */
937 for (i = 0; i < MAXSUM; i++)
938 sumline[i][0] = '\0';
939 detail_line[0] = '\0';
940 line[0] = '\0';
941 encap[0] = '\0';
942 sumcount = 0;
943
944 /* stacking/unstacking cannot be relied upon */
945 encap_levels = 0;
946 total_encap_levels = 1;
947
948 /* remove any pending timeouts */
949 (void) snoop_alarm(0, NULL);
950 }
951
952 /*
953 * snoop_sigrecover: global sigaction routine to manage recovery
954 * from catastrophic interpreter failures while interpreting
955 * corrupt trace files/packets. SIGALRM timeouts, program errors,
956 * and user termination are all handled. In the case of a corrupt
957 * packet or confused interpreter, the packet will be skipped, and
958 * execution will continue in scan().
959 *
960 * Global alarm handling (see snoop_alarm()) is managed here.
961 *
962 * Variables must be volatile to force the compiler to not optimize
963 * out the signal blocking.
964 */
965 /*ARGSUSED*/
966 static void
967 snoop_sigrecover(int sig, siginfo_t *info, void *p)
968 {
969 volatile time_t now;
970 volatile time_t nalarm = 0;
971 volatile struct snoop_handler *hp;
972
973 /*
974 * Invoke any registered alarms. This involves first calculating
975 * the time for the next alarm, setting it up, then progressing
976 * through handler invocations. Note that since handlers may
977 * use siglongjmp(), in the worst case handlers may be serviced
978 * at a later time.
979 */
980 if (sig == SIGALRM) {
981 now = time(NULL);
982 /* Calculate next alarm time */
983 for (hp = snoop_hp; hp; hp = hp->s_next) {
984 if (hp->s_time) {
985 if ((hp->s_time - now) > 0) {
986 if (nalarm == 0 || nalarm > hp->s_time)
987 nalarm = now < hp->s_time ?
988 hp->s_time : now + 1;
989 }
990 }
991 }
992 /* Setup next alarm */
993 if (nalarm) {
994 snoop_nalarm = nalarm;
995 (void) alarm(nalarm - now);
996 } else {
997 snoop_nalarm = 0;
998 }
999
1000 /* Invoke alarm handlers (may not return) */
1001 for (hp = snoop_hp; hp; hp = hp->s_next) {
1002 if (hp->s_time) {
1003 if ((now - hp->s_time) >= 0) {
1004 hp->s_time = 0; /* only invoke once */
1005 if (hp->s_handler)
1006 hp->s_handler();
1007 }
1008 }
1009 }
1010 } else {
1011 snoop_nrecover++;
1012 }
1013
1014 /*
1015 * Exit if a signal has occurred after snoop has begun the process
1016 * of quitting.
1017 */
1018 if (quitting)
1019 exit(1);
1020
1021 /*
1022 * If an alarm handler has timed out, and snoop_nrecover has
1023 * reached SNOOP_MAXRECOVER, skip to the next packet.
1024 *
1025 * If any other signal has occurred, and snoop_nrecover has
1026 * reached SNOOP_MAXRECOVER, give up.
1027 */
1028 if (sig == SIGALRM) {
1029 if (ioctl(STDOUT_FILENO, I_CANPUT, 0) == 0) {
1030 /*
1031 * We've stalled on output, which is not a critical
1032 * failure. Reset the recovery counter so we do not
1033 * consider this a persistent failure, and return so
1034 * we do not skip this packet.
1035 */
1036 snoop_nrecover = 0;
1037 return;
1038 }
1039 if (snoop_nrecover >= SNOOP_MAXRECOVER) {
1040 (void) fprintf(stderr,
1041 "snoop: WARNING: skipping from packet %d\n",
1042 count);
1043 snoop_nrecover = 0;
1044 } else {
1045 /* continue trying */
1046 return;
1047 }
1048 } else if (snoop_nrecover >= SNOOP_MAXRECOVER) {
1049 (void) fprintf(stderr,
1050 "snoop: ERROR: cannot recover from packet %d\n", count);
1051 exit(1);
1052 }
1053
1054 #ifdef DEBUG
1055 (void) fprintf(stderr, "snoop_sigrecover(%d, %p, %p)\n", sig, info, p);
1056 #endif /* DEBUG */
1057
1058 /*
1059 * Prepare to quit. This allows final processing to occur
1060 * after first terminal interruption.
1061 */
1062 if (sig == SIGTERM || sig == SIGHUP || sig == SIGINT) {
1063 quitting = 1;
1064 return;
1065 } else if (sig != -1 && sig != SIGALRM) {
1066 /* Inform user that snoop has taken a fault */
1067 (void) fprintf(stderr,
1068 "WARNING: received signal %d from packet %d\n",
1069 sig, count);
1070 }
1071
1072 /* Reset interpreter variables */
1073 snoop_recover();
1074
1075 /* Continue in scan() with the next packet */
1076 siglongjmp(jmp_env, 1);
1077 /*NOTREACHED*/
1078 }
1079
1080 /*
1081 * Protected malloc for global error recovery: prepare for interpreter
1082 * failures with corrupted packets or confused interpreters. Dynamically
1083 * allocate `nbytes' bytes, and sandwich it between two PROT_NONE pages to
1084 * catch writes outside of the allocated region.
1085 */
1086 static char *
1087 protmalloc(size_t nbytes)
1088 {
1089 caddr_t start;
1090 int psz = sysconf(_SC_PAGESIZE);
1091
1092 nbytes = P2ROUNDUP(nbytes, psz);
1093 start = mmap(NULL, nbytes + psz * 2, PROT_READ|PROT_WRITE,
1094 MAP_PRIVATE|MAP_ANON, -1, 0);
1095 if (start == MAP_FAILED) {
1096 perror("Error: protmalloc: mmap");
1097 return (NULL);
1098 }
1099 assert(IS_P2ALIGNED(start, psz));
1100 if (mprotect(start, 1, PROT_NONE) == -1)
1101 perror("Warning: mprotect");
1102
1103 start += psz;
1104 if (mprotect(start + nbytes, 1, PROT_NONE) == -1)
1105 perror("Warning: mprotect");
1106
1107 return (start);
1108 }
1109
1110 /*
1111 * resetperm - reduce security vulnerabilities by resetting
1112 * owner/group/permissions. Always attempt setuid() - if we have
1113 * permission to drop our privilege level, do so.
1114 */
1115 void
1116 resetperm(void)
1117 {
1118 if (geteuid() == 0) {
1119 (void) setgid(GID_NOBODY);
1120 (void) setuid(UID_NOBODY);
1121 }
1122 }
unleashed repo fork