iftop.c 21.3 KB
Newer Older
pdw's avatar
pdw committed
1 2 3 4 5
/*
 * iftop.c:
 *
 */

chris's avatar
chris committed
6 7
#include "integers.h"

pdw's avatar
pdw committed
8 9 10
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
11
#include <sys/types.h>
chris's avatar
chris committed
12
#include <sys/ioctl.h>
13
#include <sys/socket.h>
chris's avatar
chris committed
14
#include <net/if.h>
15 16
/* include <net/bpf.h> -- this was added by the PFLOG patch but seems
 * superfluous and breaks on Slackware */
17 18 19 20 21 22 23
#if defined(HAVE_PCAP_H)
#   include <pcap.h>
#elif defined(HAVE_PCAP_PCAP_H)
#   include <pcap/pcap.h>
#else
#   error No pcap.h
#endif
24

pdw's avatar
pdw committed
25 26 27 28
#include <pthread.h>
#include <curses.h>
#include <signal.h>
#include <string.h>
chris's avatar
chris committed
29
#include <unistd.h>
30
#include <locale.h>
pdw's avatar
pdw committed
31 32 33 34 35

#include "iftop.h"
#include "addr_hash.h"
#include "resolver.h"
#include "ui.h"
pdw's avatar
pdw committed
36
#include "options.h"
chris's avatar
chris committed
37
#ifdef DLT_LINUX_SLL
38
#include "sll.h"
chris's avatar
chris committed
39
#endif /* DLT_LINUX_SLL */
pdw's avatar
pdw committed
40
#include "threadprof.h"
41 42 43
#include "ether.h"
#include "ip.h"
#include "tcp.h"
pdw's avatar
pdw committed
44 45 46 47
#include "token.h"
#include "llc.h"
#include "extract.h"
#include "ethertype.h"
pdw's avatar
pdw committed
48
#include "cfgfile.h"
pdw's avatar
pdw committed
49
#include "ppp.h"
pdw's avatar
pdw committed
50

51
#include <netinet/ip6.h>
pdw's avatar
pdw committed
52

53 54 55 56 57 58
/* ethernet address of interface. */
int have_hw_addr = 0;
unsigned char if_hw_addr[6];    

/* IP address of interface */
int have_ip_addr = 0;
59
int have_ip6_addr = 0;
60
struct in_addr if_ip_addr;
61
struct in6_addr if_ip6_addr;
pdw's avatar
pdw committed
62

pdw's avatar
pdw committed
63 64
extern options_t options;

pdw's avatar
pdw committed
65
hash_type* history;
pdw's avatar
pdw committed
66
history_type history_totals;
pdw's avatar
pdw committed
67 68 69 70 71
time_t last_timestamp;
int history_pos = 0;
int history_len = 1;
pthread_mutex_t tick_mutex;

72
pcap_t* pd; /* pcap descriptor */
chris's avatar
chris committed
73
struct bpf_program pcap_filter;
74 75
pcap_handler packet_handler;

chris's avatar
chris committed
76 77 78 79 80 81
sig_atomic_t foad;

static void finish(int sig) {
    foad = sig;
}

pdw's avatar
pdw committed
82 83


pdw's avatar
pdw committed
84

pdw's avatar
pdw committed
85 86
/* Only need ethernet (plus optional 4 byte VLAN) and IP headers (48) + first 2
 * bytes of tcp/udp header */
87
/* Increase with a further 20 to account for IPv6 header length.  */
pdw's avatar
pdw committed
88
/* IEEE 802.11 radiotap throws in a variable length header plus 8 (radiotap
89
 * header header) plus 34 (802.11 MAC) plus 40 (IPv6) = 78, plus whatever's in
pdw's avatar
pdw committed
90
 * the radiotap payload */
91 92
/*#define CAPTURE_LENGTH 92 */
#define CAPTURE_LENGTH 256
pdw's avatar
pdw committed
93 94 95 96

void init_history() {
    history = addr_hash_create();
    last_timestamp = time(NULL);
pdw's avatar
pdw committed
97
    memset(&history_totals, 0, sizeof history_totals);
pdw's avatar
pdw committed
98 99 100 101
}

history_type* history_create() {
    history_type* h;
chris's avatar
chris committed
102
    h = xcalloc(1, sizeof *h);
pdw's avatar
pdw committed
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
    return h;
}

void history_rotate() {
    hash_node_type* n = NULL;
    history_pos = (history_pos + 1) % HISTORY_LENGTH;
    hash_next_item(history, &n);
    while(n != NULL) {
        hash_node_type* next = n;
        history_type* d = (history_type*)n->rec;
        hash_next_item(history, &next);

        if(d->last_write == history_pos) {
            addr_pair key = *(addr_pair*)(n->key);
            hash_delete(history, &key);
pdw's avatar
pdw committed
118
            free(d);
pdw's avatar
pdw committed
119 120 121 122 123 124 125
        }
        else {
            d->recv[history_pos] = 0;
            d->sent[history_pos] = 0;
        }
        n = next; 
    }
pdw's avatar
pdw committed
126 127 128 129

    history_totals.sent[history_pos] = 0;
    history_totals.recv[history_pos] = 0;

pdw's avatar
pdw committed
130 131 132 133 134 135
    if(history_len < HISTORY_LENGTH) {
        history_len++;
    }
}


136
void tick(int print) {
pdw's avatar
pdw committed
137 138 139 140 141 142
    time_t t;

    pthread_mutex_lock(&tick_mutex);
   
    t = time(NULL);
    if(t - last_timestamp >= RESOLUTION) {
pdw's avatar
pdw committed
143
        analyse_data();
pdw's avatar
pdw committed
144 145 146 147
        ui_print();
        history_rotate();
        last_timestamp = t;
    }
pdw's avatar
pdw committed
148 149
    else {
      ui_tick(print);
150
    }
pdw's avatar
pdw committed
151 152 153 154

    pthread_mutex_unlock(&tick_mutex);
}

pdw's avatar
pdw committed
155 156 157 158 159 160
int in_filter_net(struct in_addr addr) {
    int ret;
    ret = ((addr.s_addr & options.netfiltermask.s_addr) == options.netfilternet.s_addr);
    return ret;
}

161
int __inline__ ip_addr_match(struct in_addr addr) {
162 163 164
    return addr.s_addr == if_ip_addr.s_addr;
}

165 166 167 168
int __inline__ ip6_addr_match(struct in6_addr *addr) {
    return IN6_ARE_ADDR_EQUAL(addr, &if_ip6_addr);
}

169 170 171 172 173 174 175 176
/**
 * Creates an addr_pair from an ip (and tcp/udp) header, swapping src and dst
 * if required
 */
void assign_addr_pair(addr_pair* ap, struct ip* iptr, int flip) {
  unsigned short int src_port = 0;
  unsigned short int dst_port = 0;

177 178 179 180 181
  /* Arrange for predictable values. */
  memset(ap, '\0', sizeof(*ap));

  if(IP_V(iptr) == 4) {
    ap->af = AF_INET;
182
  /* Does this protocol use ports? */
pdw's avatar
pdw committed
183
  if(iptr->ip_p == IPPROTO_TCP || iptr->ip_p == IPPROTO_UDP) {
184 185 186
    /* We take a slight liberty here by treating UDP the same as TCP */

    /* Find the TCP/UDP header */
187 188 189
    struct tcphdr* thdr = ((void*)iptr) + IP_HL(iptr) * 4;
    src_port = ntohs(thdr->th_sport);
    dst_port = ntohs(thdr->th_dport);
190 191 192 193 194 195 196 197 198 199 200 201 202 203
  }

  if(flip == 0) {
    ap->src = iptr->ip_src;
    ap->src_port = src_port;
    ap->dst = iptr->ip_dst;
    ap->dst_port = dst_port;
  }
  else {
    ap->src = iptr->ip_dst;
    ap->src_port = dst_port;
    ap->dst = iptr->ip_src;
    ap->dst_port = src_port;
  }
204 205 206 207 208 209 210 211 212 213 214 215 216
  } /* IPv4 */
  else if (IP_V(iptr) == 6) {
    /* IPv6 packet seen. */
    struct ip6_hdr *ip6tr = (struct ip6_hdr *) iptr;

    ap->af = AF_INET6;

    if( (ip6tr->ip6_nxt == IPPROTO_TCP) || (ip6tr->ip6_nxt == IPPROTO_UDP) ) {
      struct tcphdr *thdr = ((void *) ip6tr) + 40;

      src_port = ntohs(thdr->th_sport);
      dst_port = ntohs(thdr->th_dport);
    }
217

218 219 220 221 222 223 224 225 226 227 228 229 230
    if(flip == 0) {
      memcpy(&ap->src6, &ip6tr->ip6_src, sizeof(ap->src6));
      ap->src_port = src_port;
      memcpy(&ap->dst6, &ip6tr->ip6_dst, sizeof(ap->dst6));
      ap->dst_port = dst_port;
    }
    else {
      memcpy(&ap->src6, &ip6tr->ip6_dst, sizeof(ap->src6));
      ap->src_port = dst_port;
      memcpy(&ap->dst6, &ip6tr->ip6_src, sizeof(ap->dst6));
      ap->dst_port = src_port;
    }
  }
231 232
}

233
static void handle_ip_packet(struct ip* iptr, int hw_dir)
pdw's avatar
pdw committed
234
{
pdw's avatar
pdw committed
235
    int direction = 0; /* incoming */
236
    history_type* ht;
237
    union {
pdw's avatar
pdw committed
238 239
      history_type **ht_pp;
      void **void_pp;
240
    } u_ht = { &ht };
241
    addr_pair ap;
242 243 244 245 246 247 248
    unsigned int len = 0;
    struct in6_addr scribdst;   /* Scratch pad. */
    struct in6_addr scribsrc;   /* Scratch pad. */
    /* Reinterpret packet type. */
    struct ip6_hdr* ip6tr = (struct ip6_hdr *) iptr;

    memset(&ap, '\0', sizeof(ap));
249

250 251
    if( (IP_V(iptr) ==4 && options.netfilter == 0)
            || (IP_V(iptr) == 6 && options.netfilter6 == 0) ) { 
252 253 254 255 256
        /*
         * Net filter is off, so assign direction based on MAC address
         */
        if(hw_dir == 1) {
            /* Packet leaving this interface. */
257
            assign_addr_pair(&ap, iptr, 0);
258
            direction = 1;
pdw's avatar
pdw committed
259
        }
260 261
        else if(hw_dir == 0) {
            /* Packet incoming */
262 263
            assign_addr_pair(&ap, iptr, 1);
            direction = 0;
pdw's avatar
pdw committed
264
        }
265 266 267
        /* Packet direction is not given away by h/ware layer.  Try IP
         * layer
         */
268
        else if((IP_V(iptr) == 4) && have_ip_addr && ip_addr_match(iptr->ip_src)) {
269 270 271 272
            /* outgoing */
            assign_addr_pair(&ap, iptr, 0);
            direction = 1;
        }
273 274 275 276 277 278 279 280 281 282 283
        else if((IP_V(iptr) == 4) && have_ip_addr && ip_addr_match(iptr->ip_dst)) {
            /* incoming */
            assign_addr_pair(&ap, iptr, 1);
            direction = 0;
        }
        else if((IP_V(iptr) == 6) && have_ip6_addr && ip6_addr_match(&ip6tr->ip6_src)) {
            /* outgoing */
            assign_addr_pair(&ap, iptr, 0);
            direction = 1;
        }
        else if((IP_V(iptr) == 6) && have_ip6_addr && ip6_addr_match(&ip6tr->ip6_dst)) {
284 285 286 287
            /* incoming */
            assign_addr_pair(&ap, iptr, 1);
            direction = 0;
        }
288
        /*
289 290 291 292
         * Cannot determine direction from hardware or IP levels.  Therefore 
         * assume that it was a packet between two other machines, assign
         * source and dest arbitrarily (by numerical value) and account as 
         * incoming.
293
         */
294 295 296
	else if (options.promiscuous_but_choosy) {
	    return;		/* junk it */
	}
297
        else if((IP_V(iptr) == 4) && (iptr->ip_src.s_addr < iptr->ip_dst.s_addr)) {
pdw's avatar
pdw committed
298
            assign_addr_pair(&ap, iptr, 1);
299
            direction = 0;
pdw's avatar
pdw committed
300
        }
301
        else if(IP_V(iptr) == 4) {
302 303
            assign_addr_pair(&ap, iptr, 0);
            direction = 0;
pdw's avatar
pdw committed
304
        }
305
        /* Drop other uncertain packages. */
306
    }
307 308

    if(IP_V(iptr) == 4 && options.netfilter != 0) {
309 310 311
        /* 
         * Net filter on, assign direction according to netmask 
         */ 
312
        if(in_filter_net(iptr->ip_src) && !in_filter_net(iptr->ip_dst)) {
313
            /* out of network */
314
            assign_addr_pair(&ap, iptr, 0);
315 316
            direction = 1;
        }
317
        else if(in_filter_net(iptr->ip_dst) && !in_filter_net(iptr->ip_src)) {
318
            /* into network */
319 320
            assign_addr_pair(&ap, iptr, 1);
            direction = 0;
pdw's avatar
pdw committed
321 322
        }
        else {
323 324
            /* drop packet */
            return ;
pdw's avatar
pdw committed
325
        }
326 327
    }

328 329 330 331 332 333 334 335 336
    if(IP_V(iptr) == 6 && options.netfilter6 != 0) {
        /*
         * Net filter IPv6 active.
         */
        int j;
        //else if((IP_V(iptr) == 6) && have_ip6_addr && ip6_addr_match(&ip6tr->ip6_dst)) {
        /* First reduce the participating addresses using the netfilter prefix.
         * We need scratch pads to do this.
         */
337 338 339 340 341
        for (j=0; j < 16; ++j) {
            scribdst.s6_addr[j] = ip6tr->ip6_dst.s6_addr[j]
                                        & options.netfilter6mask.s6_addr[j];
            scribsrc.s6_addr[j] = ip6tr->ip6_src.s6_addr[j]
                                        & options.netfilter6mask.s6_addr[j];
342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394
        }

        /* Now look for any hits. */
        //if(in_filter_net(iptr->ip_src) && !in_filter_net(iptr->ip_dst)) {
        if (IN6_ARE_ADDR_EQUAL(&scribsrc, &options.netfilter6net)
                && ! IN6_ARE_ADDR_EQUAL(&scribdst, &options.netfilter6net)) {
            /* out of network */
            assign_addr_pair(&ap, iptr, 0);
            direction = 1;
        }
        //else if(in_filter_net(iptr->ip_dst) && !in_filter_net(iptr->ip_src)) {
        else if (! IN6_ARE_ADDR_EQUAL(&scribsrc, &options.netfilter6net)
                    && IN6_ARE_ADDR_EQUAL(&scribdst, &options.netfilter6net)) {
            /* into network */
            assign_addr_pair(&ap, iptr, 1);
            direction = 0;
        }
        else {
            /* drop packet */
            return ;
        }
    }

#if 1
    /* Test if link-local IPv6 packets should be dropped. */
    if( IP_V(iptr) == 6 && !options.link_local
            && (IN6_IS_ADDR_LINKLOCAL(&ip6tr->ip6_dst)
                || IN6_IS_ADDR_LINKLOCAL(&ip6tr->ip6_src)) )
        return;
#endif

    /* Do address resolving. */
    switch (IP_V(iptr)) {
      case 4:
          ap.protocol = iptr->ip_p;
          /* Add the addresses to be resolved */
          /* The IPv4 address is embedded in a in6_addr structure,
           * so it need be copied, and delivered to resolve(). */
          memset(&scribdst, '\0', sizeof(scribdst));
          memcpy(&scribdst, &iptr->ip_dst, sizeof(struct in_addr));
          resolve(ap.af, &scribdst, NULL, 0);
          memset(&scribsrc, '\0', sizeof(scribsrc));
          memcpy(&scribsrc, &iptr->ip_src, sizeof(struct in_addr));
          resolve(ap.af, &scribsrc, NULL, 0);
          break;
      case 6:
          ap.protocol = ip6tr->ip6_nxt;
          /* Add the addresses to be resolved */
          resolve(ap.af, &ip6tr->ip6_dst, NULL, 0);
          resolve(ap.af, &ip6tr->ip6_src, NULL, 0);
      default:
          break;
    }
395

396

397
    if(hash_find(history, &ap, u_ht.void_pp) == HASH_STATUS_KEY_NOT_FOUND) {
398 399 400 401
        ht = history_create();
        hash_insert(history, &ap, ht);
    }

402 403 404 405 406 407 408 409 410 411
    /* Do accounting. */
    switch (IP_V(iptr)) {
      case 4:
          len = ntohs(iptr->ip_len);
          break;
      case 6:
          len = ntohs(ip6tr->ip6_plen) + 40;
      default:
          break;
    }
412 413 414

    /* Update record */
    ht->last_write = history_pos;
415 416 417
    if( ((IP_V(iptr) == 4) && (iptr->ip_src.s_addr == ap.src.s_addr))
       || ((IP_V(iptr) == 6) && !memcmp(&ip6tr->ip6_src, &ap.src6, sizeof(ap.src6))) )
    {
418
        ht->sent[history_pos] += len;
pdw's avatar
pdw committed
419
        ht->total_sent += len;
420 421 422
    }
    else {
        ht->recv[history_pos] += len;
pdw's avatar
pdw committed
423
        ht->total_recv += len;
424
    }
pdw's avatar
pdw committed
425

426 427
    if(direction == 0) {
        /* incoming */
pdw's avatar
pdw committed
428
        history_totals.recv[history_pos] += len;
pdw's avatar
pdw committed
429
        history_totals.total_recv += len;
pdw's avatar
pdw committed
430
    }
431
    else {
pdw's avatar
pdw committed
432
        history_totals.sent[history_pos] += len;
pdw's avatar
pdw committed
433
        history_totals.total_sent += len;
434 435
    }
    
pdw's avatar
pdw committed
436 437
}

chris's avatar
chris committed
438
static void handle_raw_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
439 440 441 442
{
    handle_ip_packet((struct ip*)packet, -1);
}

443
#ifdef DLT_PFLOG
444 445 446 447 448 449 450 451 452 453
static void handle_pflog_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
{
	register u_int length = pkthdr->len;
	u_int hdrlen;
	const struct pfloghdr *hdr;
	
	hdr = (struct pfloghdr *)packet;
	hdrlen = BPF_WORDALIGN(hdr->length);
	length -= hdrlen;
	packet += hdrlen;
pdw's avatar
pdw committed
454
	handle_ip_packet((struct ip*)packet, -1);
455
}
456
#endif
457

458
static void handle_null_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
459 460 461 462
{
    handle_ip_packet((struct ip*)(packet + 4), -1);
}

pdw's avatar
pdw committed
463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483
static void handle_llc_packet(const struct llc* llc, int dir) {

    struct ip* ip = (struct ip*)((void*)llc + sizeof(struct llc));

    /* Taken from tcpdump/print-llc.c */
    if(llc->ssap == LLCSAP_SNAP && llc->dsap == LLCSAP_SNAP
       && llc->llcui == LLC_UI) {
        u_int32_t orgcode;
        register u_short et;
        orgcode = EXTRACT_24BITS(&llc->llc_orgcode[0]);
        et = EXTRACT_16BITS(&llc->llc_ethertype[0]);
        switch(orgcode) {
          case OUI_ENCAP_ETHER:
          case OUI_CISCO_90:
            handle_ip_packet(ip, dir);
            break;
          case OUI_APPLETALK:
            if(et == ETHERTYPE_ATALK) {
              handle_ip_packet(ip, dir);
            }
            break;
chris's avatar
chris committed
484
          default:;
pdw's avatar
pdw committed
485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515
            /* Not a lot we can do */
        }
    }
}

static void handle_tokenring_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
{
    struct token_header *trp;
    int dir = -1;
    trp = (struct token_header *)packet;

    if(IS_SOURCE_ROUTED(trp)) {
      packet += RIF_LENGTH(trp);
    }
    packet += TOKEN_HDRLEN;

    if(memcmp(trp->token_shost, if_hw_addr, 6) == 0 ) {
      /* packet leaving this i/f */
      dir = 1;
    } 
        else if(memcmp(trp->token_dhost, if_hw_addr, 6) == 0 || memcmp("\xFF\xFF\xFF\xFF\xFF\xFF", trp->token_dhost, 6) == 0) {
      /* packet entering this i/f */
      dir = 0;
    }

    /* Only know how to deal with LLC encapsulated packets */
    if(FRAME_TYPE(trp) == TOKEN_FC_LLC) {
      handle_llc_packet((struct llc*)packet, dir);
    }
}

pdw's avatar
pdw committed
516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535
static void handle_ppp_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
{
	register u_int length = pkthdr->len;
	register u_int caplen = pkthdr->caplen;
	u_int proto;

	if (caplen < 2) 
        return;

	if(packet[0] == PPP_ADDRESS) {
		if (caplen < 4) 
            return;

		packet += 2;
		length -= 2;

		proto = EXTRACT_16BITS(packet);
		packet += 2;
		length -= 2;

536
        if(proto == PPP_IP || proto == ETHERTYPE_IP || proto == ETHERTYPE_IPV6) {
pdw's avatar
pdw committed
537 538 539 540 541
            handle_ip_packet((struct ip*)packet, -1);
        }
    }
}

chris's avatar
chris committed
542
#ifdef DLT_LINUX_SLL
543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561
static void handle_cooked_packet(unsigned char *args, const struct pcap_pkthdr * thdr, const unsigned char * packet)
{
    struct sll_header *sptr;
    int dir = -1;
    sptr = (struct sll_header *) packet;

    switch (ntohs(sptr->sll_pkttype))
    {
    case LINUX_SLL_HOST:
        /*entering this interface*/
	dir = 0;
	break;
    case LINUX_SLL_OUTGOING:
	/*leaving this interface */
	dir=1;
	break;
    }
    handle_ip_packet((struct ip*)(packet+SLL_HDR_LEN), dir);
}
chris's avatar
chris committed
562
#endif /* DLT_LINUX_SLL */
563

chris's avatar
chris committed
564
static void handle_eth_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
565 566
{
    struct ether_header *eptr;
567 568
    int ether_type;
    const unsigned char *payload;
569
    eptr = (struct ether_header*)packet;
570 571
    ether_type = ntohs(eptr->ether_type);
    payload = packet + sizeof(struct ether_header);
chris's avatar
chris committed
572

573
    tick(0);
chris's avatar
chris committed
574

575
    if(ether_type == ETHERTYPE_8021Q) {
pdw's avatar
pdw committed
576 577 578
        struct vlan_8021q_header* vptr;
        vptr = (struct vlan_8021q_header*)payload;
        ether_type = ntohs(vptr->ether_type);
579 580 581
        payload += sizeof(struct vlan_8021q_header);
    }

582
    if(ether_type == ETHERTYPE_IP || ether_type == ETHERTYPE_IPV6) {
583 584 585 586 587 588
        struct ip* iptr;
        int dir = -1;
        
        /*
         * Is a direction implied by the MAC addresses?
         */
589
        if(have_hw_addr && memcmp(eptr->ether_shost, if_hw_addr, 6) == 0 ) {
590 591
            /* packet leaving this i/f */
            dir = 1;
592 593
        }
        else if(have_hw_addr && memcmp(eptr->ether_dhost, if_hw_addr, 6) == 0 ) {
pdw's avatar
pdw committed
594 595 596 597 598
            /* packet entering this i/f */
            dir = 0;
        }
        else if (memcmp("\xFF\xFF\xFF\xFF\xFF\xFF", eptr->ether_dhost, 6) == 0) {
            /* broadcast packet, count as incoming */
599 600 601
            dir = 0;
        }

602
        /* Distinguishing ip_hdr and ip6_hdr will be done later. */
603
        iptr = (struct ip*)(payload); /* alignment? */
604 605 606 607
        handle_ip_packet(iptr, dir);
    }
}

pdw's avatar
pdw committed
608 609 610 611 612 613 614
#ifdef DLT_IEEE802_11_RADIO
/*
 * Packets with a bonus radiotap header.
 * See http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=ieee80211_radiotap
 */
static void handle_radiotap_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
{
615
    /* 802.11 MAC header is = 34 bytes (not sure if that's universally true) */
pdw's avatar
pdw committed
616
    /* We could try harder to figure out hardware direction from the MAC header */
617
    handle_ip_packet((struct ip*)(packet + ((struct radiotap_header *)packet)->it_len + 34),-1);
pdw's avatar
pdw committed
618 619 620 621
}


#endif
622

chris's avatar
chris committed
623 624 625 626 627 628
/* set_filter_code:
 * Install some filter code. Returns NULL on success or an error message on
 * failure. */
char *set_filter_code(const char *filter) {
    char *x;
    if (filter) {
629 630
        x = xmalloc(strlen(filter) + sizeof "() and (ip or ip6)");
        sprintf(x, "(%s) and (ip or ip6)", filter);
chris's avatar
chris committed
631
    } else
632
        x = xstrdup("ip or ip6");
chris's avatar
chris committed
633 634 635 636 637 638 639 640 641 642 643 644 645
    if (pcap_compile(pd, &pcap_filter, x, 1, 0) == -1) {
        xfree(x);
        return pcap_geterr(pd);
    }
    xfree(x);
    if (pcap_setfilter(pd, &pcap_filter) == -1)
        return pcap_geterr(pd);
    else
        return NULL;
}



646 647 648 649 650 651
/*
 * packet_init:
 *
 * performs pcap initialisation, called before ui is initialised
 */
void packet_init() {
pdw's avatar
pdw committed
652
    char errbuf[PCAP_ERRBUF_SIZE];
chris's avatar
chris committed
653
    char *m;
chris's avatar
chris committed
654
    int s;
655
    int i;
656
    int dlt;
657
    int result;
chris's avatar
chris committed
658

659 660
#ifdef HAVE_DLPI
    result = get_addrs_dlpi(options.interface, if_hw_addr, &if_ip_addr);
661
#else
662 663
    result = get_addrs_ioctl(options.interface, if_hw_addr,
          &if_ip_addr, &if_ip6_addr);
664 665
#endif

666 667
    if (result < 0) {
      exit(1);
668 669
    }

670 671 672
    have_hw_addr = result & 0x01;
    have_ip_addr = result & 0x02;
    have_ip6_addr = result & 0x04;
673 674 675
    
    if(have_ip_addr) {
      fprintf(stderr, "IP address is: %s\n", inet_ntoa(if_ip_addr));
676
    }
677 678 679 680 681 682 683
    if(have_ip6_addr) {
       char ip6str[INET6_ADDRSTRLEN];

       ip6str[0] = '\0';
       inet_ntop(AF_INET6, &if_ip6_addr, ip6str, sizeof(ip6str));
       fprintf(stderr, "IPv6 address is: %s\n", ip6str);
    }
684

685 686 687 688 689 690
    if(have_hw_addr) {
      fprintf(stderr, "MAC address is:");
      for (i = 0; i < 6; ++i)
	fprintf(stderr, "%c%02x", i ? ':' : ' ', (unsigned int)if_hw_addr[i]);
      fprintf(stderr, "\n");
    }
chris's avatar
chris committed
691
    
692
    //    exit(0);
pdw's avatar
pdw committed
693 694
    resolver_initialise();

pdw's avatar
pdw committed
695
    pd = pcap_open_live(options.interface, CAPTURE_LENGTH, options.promiscuous, 1000, errbuf);
pdw's avatar
pdw committed
696
    // DEBUG: pd = pcap_open_offline("tcpdump.out", errbuf);
pdw's avatar
pdw committed
697
    if(pd == NULL) { 
pdw's avatar
pdw committed
698
        fprintf(stderr, "pcap_open_live(%s): %s\n", options.interface, errbuf); 
chris's avatar
chris committed
699
        exit(1);
700 701 702 703
    }
    dlt = pcap_datalink(pd);
    if(dlt == DLT_EN10MB) {
        packet_handler = handle_eth_packet;
pdw's avatar
pdw committed
704
    }
705
#ifdef DLT_PFLOG
706 707 708
    else if (dlt == DLT_PFLOG) {
		packet_handler = handle_pflog_packet;
    }
709
#endif
710
    else if(dlt == DLT_RAW) {
711 712
        packet_handler = handle_raw_packet;
    } 
713
    else if(dlt == DLT_NULL) {
714
        packet_handler = handle_null_packet;
715
    } 
716 717 718 719
#ifdef DLT_LOOP
    else if(dlt == DLT_LOOP) {
        packet_handler = handle_null_packet;
    }
pdw's avatar
pdw committed
720 721 722 723 724
#endif
#ifdef DLT_IEEE802_11_RADIO
    else if(dlt == DLT_IEEE802_11_RADIO) {
        packet_handler = handle_radiotap_packet;
    }
725
#endif
pdw's avatar
pdw committed
726 727 728
    else if(dlt == DLT_IEEE802) {
        packet_handler = handle_tokenring_packet;
    }
pdw's avatar
pdw committed
729 730 731
    else if(dlt == DLT_PPP) {
        packet_handler = handle_ppp_packet;
    }
pdw's avatar
pdw committed
732 733 734 735
/* 
 * SLL support not available in older libpcaps
 */
#ifdef DLT_LINUX_SLL
736
    else if(dlt == DLT_LINUX_SLL) {
pdw's avatar
pdw committed
737
      packet_handler = handle_cooked_packet;
738
    }
pdw's avatar
pdw committed
739
#endif
740 741 742 743
    else {
        fprintf(stderr, "Unsupported datalink type: %d\n"
                "Please email pdw@ex-parrot.com, quoting the datalink type and what you were\n"
                "trying to do at the time\n.", dlt);
chris's avatar
chris committed
744
        exit(1);
745 746
    }

chris's avatar
chris committed
747 748
    if ((m = set_filter_code(options.filtercode))) {
        fprintf(stderr, "set_filter_code: %s\n", m);
chris's avatar
chris committed
749
        exit(1);
chris's avatar
chris committed
750
        return;
chris's avatar
chris committed
751
    }
752 753 754 755 756
}

/* packet_loop:
 * Worker function for packet capture thread. */
void packet_loop(void* ptr) {
chris's avatar
chris committed
757
    pcap_loop(pd,-1,(pcap_handler)packet_handler,NULL);
pdw's avatar
pdw committed
758 759
}

chris's avatar
chris committed
760 761 762

/* main:
 * Entry point. See usage(). */
pdw's avatar
pdw committed
763 764
int main(int argc, char **argv) {
    pthread_t thread;
pdw's avatar
pdw committed
765
    struct sigaction sa = {};
pdw's avatar
pdw committed
766

767 768
    setlocale(LC_ALL, "");

769
    /* TODO: tidy this up */
pdw's avatar
pdw committed
770 771 772 773
    /* read command line options and config file */   
    config_init();
    options_set_defaults();
    options_read_args(argc, argv);
774 775
    /* If a config was explicitly specified, whinge if it can't be found */
    read_config(options.config_file, options.config_file_specified);
pdw's avatar
pdw committed
776
    options_make();
chris's avatar
chris committed
777
    
chris's avatar
chris committed
778 779
    sa.sa_handler = finish;
    sigaction(SIGINT, &sa, NULL);
pdw's avatar
pdw committed
780 781 782

    pthread_mutex_init(&tick_mutex, NULL);

783 784
    packet_init();

pdw's avatar
pdw committed
785 786
    init_history();

787 788
    ui_init();

pdw's avatar
pdw committed
789 790 791 792
    pthread_create(&thread, NULL, (void*)&packet_loop, NULL);

    ui_loop();

chris's avatar
chris committed
793 794 795 796
    pthread_cancel(thread);

    ui_finish();
    
pdw's avatar
pdw committed
797 798
    return 0;
}