/src/libpcap/pcap-usb-linux.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2006 Paolo Abeni (Italy) |
3 | | * All rights reserved. |
4 | | * |
5 | | * Redistribution and use in source and binary forms, with or without |
6 | | * modification, are permitted provided that the following conditions |
7 | | * are met: |
8 | | * |
9 | | * 1. Redistributions of source code must retain the above copyright |
10 | | * notice, this list of conditions and the following disclaimer. |
11 | | * 2. Redistributions in binary form must reproduce the above copyright |
12 | | * notice, this list of conditions and the following disclaimer in the |
13 | | * documentation and/or other materials provided with the distribution. |
14 | | * 3. The name of the author may not be used to endorse or promote |
15 | | * products derived from this software without specific prior written |
16 | | * permission. |
17 | | * |
18 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
19 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
20 | | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
21 | | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
22 | | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 | | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 | | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | | * |
30 | | * USB sniffing API implementation for Linux platform |
31 | | * By Paolo Abeni <paolo.abeni@email.it> |
32 | | * Modifications: Kris Katterjohn <katterjohn@gmail.com> |
33 | | * |
34 | | */ |
35 | | |
36 | | #include <config.h> |
37 | | |
38 | | #include "pcap/usb.h" |
39 | | #include "pcap-int.h" |
40 | | #include "pcap-usb-linux.h" |
41 | | #include "pcap-usb-linux-common.h" |
42 | | |
43 | | #include "extract.h" |
44 | | |
45 | | #include <errno.h> |
46 | | #include <stdlib.h> |
47 | | #include <unistd.h> |
48 | | #include <fcntl.h> |
49 | | #include <limits.h> |
50 | | #include <string.h> |
51 | | #include <dirent.h> |
52 | | #include <byteswap.h> |
53 | | #include <netinet/in.h> |
54 | | #include <sys/ioctl.h> |
55 | | #include <sys/mman.h> |
56 | | #include <sys/utsname.h> |
57 | | #ifdef HAVE_LINUX_USBDEVICE_FS_H |
58 | | /* |
59 | | * We might need <linux/compiler.h> to define __user for |
60 | | * <linux/usbdevice_fs.h>. |
61 | | */ |
62 | | #ifdef HAVE_LINUX_COMPILER_H |
63 | | #include <linux/compiler.h> |
64 | | #endif /* HAVE_LINUX_COMPILER_H */ |
65 | | #include <linux/usbdevice_fs.h> |
66 | | #endif /* HAVE_LINUX_USBDEVICE_FS_H */ |
67 | | |
68 | | #include "diag-control.h" |
69 | | |
70 | 0 | #define USB_IFACE "usbmon" |
71 | | |
72 | 0 | #define USBMON_DEV_PREFIX "usbmon" |
73 | 0 | #define USBMON_DEV_PREFIX_LEN (sizeof USBMON_DEV_PREFIX - 1) |
74 | 0 | #define USB_LINE_LEN 4096 |
75 | | |
76 | | #if __BYTE_ORDER == __LITTLE_ENDIAN |
77 | | #define htols(s) s |
78 | | #define htoll(l) l |
79 | | #define htol64(ll) ll |
80 | | #else |
81 | | #define htols(s) bswap_16(s) |
82 | | #define htoll(l) bswap_32(l) |
83 | | #define htol64(ll) bswap_64(ll) |
84 | | #endif |
85 | | |
86 | | struct mon_bin_stats { |
87 | | uint32_t queued; |
88 | | uint32_t dropped; |
89 | | }; |
90 | | |
91 | | struct mon_bin_get { |
92 | | pcap_usb_header *hdr; |
93 | | void *data; |
94 | | size_t data_len; /* Length of data (can be zero) */ |
95 | | }; |
96 | | |
97 | | struct mon_bin_mfetch { |
98 | | int32_t *offvec; /* Vector of events fetched */ |
99 | | int32_t nfetch; /* Number of events to fetch (out: fetched) */ |
100 | | int32_t nflush; /* Number of events to flush */ |
101 | | }; |
102 | | |
103 | | #define MON_IOC_MAGIC 0x92 |
104 | | |
105 | | #define MON_IOCQ_URB_LEN _IO(MON_IOC_MAGIC, 1) |
106 | | #define MON_IOCX_URB _IOWR(MON_IOC_MAGIC, 2, struct mon_bin_hdr) |
107 | 0 | #define MON_IOCG_STATS _IOR(MON_IOC_MAGIC, 3, struct mon_bin_stats) |
108 | 0 | #define MON_IOCT_RING_SIZE _IO(MON_IOC_MAGIC, 4) |
109 | | #define MON_IOCQ_RING_SIZE _IO(MON_IOC_MAGIC, 5) |
110 | 0 | #define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get) |
111 | 0 | #define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch) |
112 | 0 | #define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8) |
113 | | |
114 | | #define MON_BIN_SETUP 0x1 /* setup hdr is present*/ |
115 | | #define MON_BIN_SETUP_ZERO 0x2 /* setup buffer is not available */ |
116 | | #define MON_BIN_DATA_ZERO 0x4 /* data buffer is not available */ |
117 | | #define MON_BIN_ERROR 0x8 |
118 | | |
119 | | /* |
120 | | * Private data for capturing on Linux USB. |
121 | | */ |
122 | | struct pcap_usb_linux { |
123 | | u_char *mmapbuf; /* memory-mapped region pointer */ |
124 | | size_t mmapbuflen; /* size of region */ |
125 | | unsigned bus_index; |
126 | | u_int packets_read; |
127 | | }; |
128 | | |
129 | | /* forward declaration */ |
130 | | static int usb_activate(pcap_t *); |
131 | | static int usb_stats_linux_bin(pcap_t *, struct pcap_stat *); |
132 | | static int usb_read_linux_bin(pcap_t *, int , pcap_handler , u_char *); |
133 | | static int usb_read_linux_mmap(pcap_t *, int , pcap_handler , u_char *); |
134 | | static int usb_inject_linux(pcap_t *, const void *, int); |
135 | | static int usb_setdirection_linux(pcap_t *, pcap_direction_t); |
136 | | static void usb_cleanup_linux_mmap(pcap_t *); |
137 | | |
138 | | /* facility to add an USB device to the device list*/ |
139 | | static int |
140 | | usb_dev_add(pcap_if_list_t *devlistp, int n, char *err_str) |
141 | 0 | { |
142 | 0 | char dev_name[10]; |
143 | 0 | char dev_descr[30]; |
144 | 0 | snprintf(dev_name, sizeof(dev_name), USB_IFACE"%d", n); |
145 | | /* |
146 | | * XXX - is there any notion of "up" and "running"? |
147 | | */ |
148 | 0 | if (n == 0) { |
149 | | /* |
150 | | * As this refers to all buses, there's no notion of |
151 | | * "connected" vs. "disconnected", as that's a property |
152 | | * that would apply to a particular USB interface. |
153 | | */ |
154 | 0 | if (pcapint_add_dev(devlistp, dev_name, |
155 | 0 | PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, |
156 | 0 | "Raw USB traffic, all USB buses", err_str) == NULL) |
157 | 0 | return -1; |
158 | 0 | } else { |
159 | | /* |
160 | | * XXX - is there a way to determine whether anything's |
161 | | * plugged into this bus interface or not, and set |
162 | | * PCAP_IF_CONNECTION_STATUS_CONNECTED or |
163 | | * PCAP_IF_CONNECTION_STATUS_DISCONNECTED? |
164 | | */ |
165 | 0 | snprintf(dev_descr, sizeof(dev_descr), "Raw USB traffic, bus number %d", n); |
166 | 0 | if (pcapint_add_dev(devlistp, dev_name, 0, dev_descr, err_str) == NULL) |
167 | 0 | return -1; |
168 | 0 | } |
169 | | |
170 | 0 | return 0; |
171 | 0 | } |
172 | | |
173 | | int |
174 | | usb_findalldevs(pcap_if_list_t *devlistp, char *err_str) |
175 | 0 | { |
176 | 0 | struct dirent* data; |
177 | 0 | int ret = 0; |
178 | 0 | DIR* dir; |
179 | 0 | int n; |
180 | 0 | char* name; |
181 | | |
182 | | /* |
183 | | * We require 2.6.27 or later kernels, so we have binary-mode support. |
184 | | * The devices are of the form /dev/usbmon{N}. |
185 | | * Open /dev and scan it. |
186 | | */ |
187 | 0 | dir = opendir("/dev"); |
188 | 0 | if (dir != NULL) { |
189 | 0 | while ((ret == 0) && ((data = readdir(dir)) != 0)) { |
190 | 0 | name = data->d_name; |
191 | | |
192 | | /* |
193 | | * Is this a usbmon device? |
194 | | */ |
195 | 0 | if (strncmp(name, USBMON_DEV_PREFIX, |
196 | 0 | USBMON_DEV_PREFIX_LEN) != 0) |
197 | 0 | continue; /* no */ |
198 | | |
199 | | /* |
200 | | * What's the device number? |
201 | | */ |
202 | 0 | if (sscanf(&name[USBMON_DEV_PREFIX_LEN], "%d", &n) == 0) |
203 | 0 | continue; /* failed */ |
204 | | |
205 | 0 | ret = usb_dev_add(devlistp, n, err_str); |
206 | 0 | } |
207 | |
|
208 | 0 | closedir(dir); |
209 | 0 | } |
210 | 0 | return 0; |
211 | 0 | } |
212 | | |
213 | | /* |
214 | | * Matches what's in mon_bin.c in the Linux kernel. |
215 | | */ |
216 | 0 | #define MIN_RING_SIZE (8*1024) |
217 | 0 | #define MAX_RING_SIZE (1200*1024) |
218 | | |
219 | | static int |
220 | | usb_set_ring_size(pcap_t* handle, int header_size) |
221 | 0 | { |
222 | | /* |
223 | | * A packet from binary usbmon has: |
224 | | * |
225 | | * 1) a fixed-length header, of size header_size; |
226 | | * 2) descriptors, for isochronous transfers; |
227 | | * 3) the payload. |
228 | | * |
229 | | * The kernel buffer has a size, defaulting to 300KB, with a |
230 | | * minimum of 8KB and a maximum of 1200KB. The size is set with |
231 | | * the MON_IOCT_RING_SIZE ioctl; the size passed in is rounded up |
232 | | * to a page size. |
233 | | * |
234 | | * No more than {buffer size}/5 bytes worth of payload is saved. |
235 | | * Therefore, if we subtract the fixed-length size from the |
236 | | * snapshot length, we have the biggest payload we want (we |
237 | | * don't worry about the descriptors - if we have descriptors, |
238 | | * we'll just discard the last bit of the payload to get it |
239 | | * to fit). We multiply that result by 5 and set the buffer |
240 | | * size to that value. |
241 | | */ |
242 | 0 | int ring_size; |
243 | |
|
244 | 0 | if (handle->snapshot < header_size) |
245 | 0 | handle->snapshot = header_size; |
246 | | /* The maximum snapshot size is small enough that this won't overflow */ |
247 | 0 | ring_size = (handle->snapshot - header_size) * 5; |
248 | | |
249 | | /* |
250 | | * Will this get an error? |
251 | | * (There's no way to query the minimum or maximum, so we just |
252 | | * copy the value from the kernel source. We don't round it |
253 | | * up to a multiple of the page size.) |
254 | | */ |
255 | 0 | if (ring_size > MAX_RING_SIZE) { |
256 | | /* |
257 | | * Yes. Lower the ring size to the maximum, and set the |
258 | | * snapshot length to the value that would give us a |
259 | | * maximum-size ring. |
260 | | */ |
261 | 0 | ring_size = MAX_RING_SIZE; |
262 | 0 | handle->snapshot = header_size + (MAX_RING_SIZE/5); |
263 | 0 | } else if (ring_size < MIN_RING_SIZE) { |
264 | | /* |
265 | | * Yes. Raise the ring size to the minimum, but leave |
266 | | * the snapshot length unchanged, so we show the |
267 | | * callback no more data than specified by the |
268 | | * snapshot length. |
269 | | */ |
270 | 0 | ring_size = MIN_RING_SIZE; |
271 | 0 | } |
272 | |
|
273 | 0 | if (ioctl(handle->fd, MON_IOCT_RING_SIZE, ring_size) == -1) { |
274 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, |
275 | 0 | errno, "Can't set ring size from fd %d", handle->fd); |
276 | 0 | return -1; |
277 | 0 | } |
278 | 0 | return ring_size; |
279 | 0 | } |
280 | | |
281 | | static |
282 | | int usb_mmap(pcap_t* handle) |
283 | 0 | { |
284 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
285 | 0 | int len; |
286 | | |
287 | | /* |
288 | | * Attempt to set the ring size as appropriate for the snapshot |
289 | | * length, reducing the snapshot length if that'd make the ring |
290 | | * bigger than the kernel supports. |
291 | | */ |
292 | 0 | len = usb_set_ring_size(handle, (int)sizeof(pcap_usb_header_mmapped)); |
293 | 0 | if (len == -1) { |
294 | | /* Failed. Fall back on non-memory-mapped access. */ |
295 | 0 | return 0; |
296 | 0 | } |
297 | | |
298 | 0 | handlep->mmapbuflen = len; |
299 | 0 | handlep->mmapbuf = mmap(0, handlep->mmapbuflen, PROT_READ, |
300 | 0 | MAP_SHARED, handle->fd, 0); |
301 | 0 | if (handlep->mmapbuf == MAP_FAILED) { |
302 | | /* |
303 | | * Failed. We don't treat that as a fatal error, we |
304 | | * just try to fall back on non-memory-mapped access. |
305 | | */ |
306 | 0 | return 0; |
307 | 0 | } |
308 | 0 | return 1; |
309 | 0 | } |
310 | | |
311 | | #ifdef HAVE_LINUX_USBDEVICE_FS_H |
312 | | |
313 | 0 | #define CTRL_TIMEOUT (5*1000) /* milliseconds */ |
314 | | |
315 | 0 | #define USB_DIR_IN 0x80 |
316 | 0 | #define USB_TYPE_STANDARD 0x00 |
317 | 0 | #define USB_RECIP_DEVICE 0x00 |
318 | | |
319 | 0 | #define USB_REQ_GET_DESCRIPTOR 6 |
320 | | |
321 | 0 | #define USB_DT_DEVICE 1 |
322 | 0 | #define USB_DT_CONFIG 2 |
323 | | |
324 | | #define USB_DEVICE_DESCRIPTOR_SIZE 18 |
325 | | #define USB_CONFIG_DESCRIPTOR_SIZE 9 |
326 | | |
327 | | /* probe the descriptors of the devices attached to the bus */ |
328 | | /* the descriptors will end up in the captured packet stream */ |
329 | | /* and be decoded by external apps like wireshark */ |
330 | | /* without these identifying probes packet data can't be fully decoded */ |
331 | | static void |
332 | | probe_devices(int bus) |
333 | 0 | { |
334 | 0 | struct usbdevfs_ctrltransfer ctrl; |
335 | 0 | struct dirent* data; |
336 | 0 | int ret = 0; |
337 | 0 | char busdevpath[sizeof("/dev/bus/usb/000/") + NAME_MAX]; |
338 | 0 | DIR* dir; |
339 | 0 | uint8_t descriptor[USB_DEVICE_DESCRIPTOR_SIZE]; |
340 | 0 | uint8_t configdesc[USB_CONFIG_DESCRIPTOR_SIZE]; |
341 | | |
342 | | /* scan usb bus directories for device nodes */ |
343 | 0 | snprintf(busdevpath, sizeof(busdevpath), "/dev/bus/usb/%03d", bus); |
344 | 0 | dir = opendir(busdevpath); |
345 | 0 | if (!dir) |
346 | 0 | return; |
347 | | |
348 | 0 | while ((ret >= 0) && ((data = readdir(dir)) != 0)) { |
349 | 0 | int fd; |
350 | 0 | char* name = data->d_name; |
351 | |
|
352 | 0 | if (name[0] == '.') |
353 | 0 | continue; |
354 | | |
355 | 0 | snprintf(busdevpath, sizeof(busdevpath), "/dev/bus/usb/%03d/%s", bus, data->d_name); |
356 | |
|
357 | 0 | fd = open(busdevpath, O_RDWR); |
358 | 0 | if (fd == -1) |
359 | 0 | continue; |
360 | | |
361 | | /* |
362 | | * Sigh. Different kernels have different member names |
363 | | * for this structure. |
364 | | */ |
365 | 0 | #ifdef HAVE_STRUCT_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE |
366 | 0 | ctrl.bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE; |
367 | 0 | ctrl.bRequest = USB_REQ_GET_DESCRIPTOR; |
368 | 0 | ctrl.wValue = USB_DT_DEVICE << 8; |
369 | 0 | ctrl.wIndex = 0; |
370 | 0 | ctrl.wLength = sizeof(descriptor); |
371 | | #else |
372 | | ctrl.requesttype = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE; |
373 | | ctrl.request = USB_REQ_GET_DESCRIPTOR; |
374 | | ctrl.value = USB_DT_DEVICE << 8; |
375 | | ctrl.index = 0; |
376 | | ctrl.length = sizeof(descriptor); |
377 | | #endif |
378 | 0 | ctrl.data = descriptor; |
379 | 0 | ctrl.timeout = CTRL_TIMEOUT; |
380 | |
|
381 | 0 | ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl); |
382 | | |
383 | | /* Request CONFIGURATION descriptor alone to know wTotalLength */ |
384 | 0 | #ifdef HAVE_STRUCT_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE |
385 | 0 | ctrl.wValue = USB_DT_CONFIG << 8; |
386 | 0 | ctrl.wLength = sizeof(configdesc); |
387 | | #else |
388 | | ctrl.value = USB_DT_CONFIG << 8; |
389 | | ctrl.length = sizeof(configdesc); |
390 | | #endif |
391 | 0 | ctrl.data = configdesc; |
392 | 0 | ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl); |
393 | 0 | if (ret >= 0) { |
394 | 0 | uint16_t wtotallength; |
395 | 0 | wtotallength = EXTRACT_LE_U_2(&configdesc[2]); |
396 | 0 | #ifdef HAVE_STRUCT_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE |
397 | 0 | ctrl.wLength = wtotallength; |
398 | | #else |
399 | | ctrl.length = wtotallength; |
400 | | #endif |
401 | 0 | ctrl.data = malloc(wtotallength); |
402 | 0 | if (ctrl.data) { |
403 | 0 | ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl); |
404 | 0 | free(ctrl.data); |
405 | 0 | } |
406 | 0 | } |
407 | 0 | close(fd); |
408 | 0 | } |
409 | 0 | closedir(dir); |
410 | 0 | } |
411 | | #endif /* HAVE_LINUX_USBDEVICE_FS_H */ |
412 | | |
413 | | pcap_t * |
414 | | usb_create(const char *device, char *ebuf, int *is_ours) |
415 | 0 | { |
416 | 0 | const char *cp; |
417 | 0 | unsigned bus_index; |
418 | 0 | pcap_t *p; |
419 | | |
420 | | /* Does this look like a USB monitoring device? */ |
421 | 0 | cp = device; |
422 | | /* Does it begin with USB_IFACE? */ |
423 | 0 | if (strncmp(cp, USB_IFACE, sizeof USB_IFACE - 1) != 0) { |
424 | | /* Nope, doesn't begin with USB_IFACE */ |
425 | 0 | *is_ours = 0; |
426 | 0 | return NULL; |
427 | 0 | } |
428 | | /* Yes - is USB_IFACE followed by a number? */ |
429 | 0 | cp += sizeof USB_IFACE - 1; |
430 | 0 | if (pcapint_get_decuint(cp, NULL, &bus_index) != 0) { |
431 | | /* Not followed by a valid number */ |
432 | 0 | *is_ours = 0; |
433 | 0 | return NULL; |
434 | 0 | } |
435 | | |
436 | | /* OK, it's probably ours. */ |
437 | 0 | *is_ours = 1; |
438 | |
|
439 | 0 | p = PCAP_CREATE_COMMON(ebuf, struct pcap_usb_linux); |
440 | 0 | if (p == NULL) |
441 | 0 | return (NULL); |
442 | | |
443 | 0 | struct pcap_usb_linux *handlep = p->priv; |
444 | |
|
445 | 0 | p->activate_op = usb_activate; |
446 | 0 | handlep->bus_index = bus_index; |
447 | 0 | return (p); |
448 | 0 | } |
449 | | |
450 | | static int |
451 | | usb_activate(pcap_t* handle) |
452 | 0 | { |
453 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
454 | 0 | char full_path[USB_LINE_LEN]; |
455 | | |
456 | | /* |
457 | | * Turn a negative snapshot value (invalid), a snapshot value of |
458 | | * 0 (unspecified), or a value bigger than the normal maximum |
459 | | * value, into the maximum allowed value. |
460 | | * |
461 | | * If some application really *needs* a bigger snapshot |
462 | | * length, we should just increase MAXIMUM_SNAPLEN. |
463 | | */ |
464 | 0 | if (handle->snapshot <= 0 || handle->snapshot > MAXIMUM_SNAPLEN) |
465 | 0 | handle->snapshot = MAXIMUM_SNAPLEN; |
466 | | |
467 | | /* Initialize some components of the pcap structure. */ |
468 | 0 | handle->bufsize = handle->snapshot; |
469 | 0 | handle->offset = 0; |
470 | 0 | handle->linktype = DLT_USB_LINUX; |
471 | |
|
472 | 0 | handle->inject_op = usb_inject_linux; |
473 | 0 | handle->setfilter_op = pcapint_install_bpf_program; /* no kernel filtering */ |
474 | 0 | handle->setdirection_op = usb_setdirection_linux; |
475 | 0 | handle->set_datalink_op = NULL; /* can't change data link type */ |
476 | 0 | handle->getnonblock_op = pcapint_getnonblock_fd; |
477 | 0 | handle->setnonblock_op = pcapint_setnonblock_fd; |
478 | | |
479 | | /* |
480 | | * We require 2.6.27 or later kernels, so we have binary-mode support. |
481 | | * Try to open the binary interface. |
482 | | */ |
483 | 0 | snprintf(full_path, USB_LINE_LEN, "/dev/"USBMON_DEV_PREFIX"%d", |
484 | 0 | handlep->bus_index); |
485 | 0 | handle->fd = open(full_path, O_RDONLY, 0); |
486 | 0 | if (handle->fd < 0) |
487 | 0 | { |
488 | | /* |
489 | | * The attempt failed; why? |
490 | | */ |
491 | 0 | switch (errno) { |
492 | | |
493 | 0 | case ENOENT: |
494 | | /* |
495 | | * The device doesn't exist. |
496 | | * That could either mean that there's |
497 | | * no support for monitoring USB buses |
498 | | * (which probably means "the usbmon |
499 | | * module isn't loaded") or that there |
500 | | * is but that *particular* device |
501 | | * doesn't exist (no "scan all buses" |
502 | | * device if the bus index is 0, no |
503 | | * such bus if the bus index isn't 0). |
504 | | * |
505 | | * For now, don't provide an error message; |
506 | | * if we can determine what the particular |
507 | | * problem is, we should report that. |
508 | | */ |
509 | 0 | handle->errbuf[0] = '\0'; |
510 | 0 | return PCAP_ERROR_NO_SUCH_DEVICE; |
511 | | |
512 | 0 | case EACCES: |
513 | | /* |
514 | | * We didn't have permission to open it. |
515 | | */ |
516 | 0 | DIAG_OFF_FORMAT_TRUNCATION |
517 | 0 | snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, |
518 | 0 | "Attempt to open %s failed with EACCES - root privileges may be required", |
519 | 0 | full_path); |
520 | 0 | DIAG_ON_FORMAT_TRUNCATION |
521 | 0 | return PCAP_ERROR_PERM_DENIED; |
522 | | |
523 | 0 | default: |
524 | | /* |
525 | | * Something went wrong. |
526 | | */ |
527 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, |
528 | 0 | PCAP_ERRBUF_SIZE, errno, |
529 | 0 | "Can't open USB bus file %s", full_path); |
530 | 0 | return PCAP_ERROR; |
531 | 0 | } |
532 | 0 | } |
533 | | |
534 | 0 | if (handle->opt.rfmon) |
535 | 0 | { |
536 | | /* |
537 | | * Monitor mode doesn't apply to USB devices. |
538 | | */ |
539 | 0 | close(handle->fd); |
540 | 0 | return PCAP_ERROR_RFMON_NOTSUP; |
541 | 0 | } |
542 | | |
543 | | /* try to use fast mmap access */ |
544 | 0 | if (usb_mmap(handle)) |
545 | 0 | { |
546 | | /* We succeeded. */ |
547 | 0 | handle->linktype = DLT_USB_LINUX_MMAPPED; |
548 | 0 | handle->stats_op = usb_stats_linux_bin; |
549 | 0 | handle->read_op = usb_read_linux_mmap; |
550 | 0 | handle->cleanup_op = usb_cleanup_linux_mmap; |
551 | 0 | #ifdef HAVE_LINUX_USBDEVICE_FS_H |
552 | 0 | probe_devices(handlep->bus_index); |
553 | 0 | #endif |
554 | | |
555 | | /* |
556 | | * "handle->fd" is a real file, so |
557 | | * "select()" and "poll()" work on it. |
558 | | */ |
559 | 0 | handle->selectable_fd = handle->fd; |
560 | 0 | return 0; |
561 | 0 | } |
562 | | |
563 | | /* |
564 | | * We failed; try plain binary interface access. |
565 | | * |
566 | | * Attempt to set the ring size as appropriate for |
567 | | * the snapshot length, reducing the snapshot length |
568 | | * if that'd make the ring bigger than the kernel |
569 | | * supports. |
570 | | */ |
571 | 0 | if (usb_set_ring_size(handle, (int)sizeof(pcap_usb_header)) == -1) { |
572 | | /* Failed. */ |
573 | 0 | close(handle->fd); |
574 | 0 | return PCAP_ERROR; |
575 | 0 | } |
576 | 0 | handle->stats_op = usb_stats_linux_bin; |
577 | 0 | handle->read_op = usb_read_linux_bin; |
578 | 0 | #ifdef HAVE_LINUX_USBDEVICE_FS_H |
579 | 0 | probe_devices(handlep->bus_index); |
580 | 0 | #endif |
581 | | |
582 | | /* |
583 | | * "handle->fd" is a real file, so "select()" and "poll()" |
584 | | * work on it. |
585 | | */ |
586 | 0 | handle->selectable_fd = handle->fd; |
587 | | |
588 | | /* for plain binary access and text access we need to allocate the read |
589 | | * buffer */ |
590 | 0 | handle->buffer = malloc(handle->bufsize); |
591 | 0 | if (!handle->buffer) { |
592 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, |
593 | 0 | errno, "malloc"); |
594 | 0 | close(handle->fd); |
595 | 0 | return PCAP_ERROR; |
596 | 0 | } |
597 | 0 | return 0; |
598 | 0 | } |
599 | | |
600 | | static int |
601 | | usb_inject_linux(pcap_t *handle, const void *buf _U_, int size _U_) |
602 | 0 | { |
603 | 0 | snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, |
604 | 0 | "Packet injection is not supported on USB devices"); |
605 | 0 | return (-1); |
606 | 0 | } |
607 | | |
608 | | static int |
609 | | usb_setdirection_linux(pcap_t *p, pcap_direction_t d) |
610 | 0 | { |
611 | | /* |
612 | | * It's guaranteed, at this point, that d is a valid |
613 | | * direction value. |
614 | | */ |
615 | 0 | p->direction = d; |
616 | 0 | return 0; |
617 | 0 | } |
618 | | |
619 | | static int |
620 | | usb_stats_linux_bin(pcap_t *handle, struct pcap_stat *stats) |
621 | 0 | { |
622 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
623 | 0 | int ret; |
624 | 0 | struct mon_bin_stats st; |
625 | 0 | ret = ioctl(handle->fd, MON_IOCG_STATS, &st); |
626 | 0 | if (ret < 0) |
627 | 0 | { |
628 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, |
629 | 0 | errno, "Can't read stats from fd %d", handle->fd); |
630 | 0 | return -1; |
631 | 0 | } |
632 | | |
633 | 0 | stats->ps_recv = handlep->packets_read + st.queued; |
634 | 0 | stats->ps_drop = st.dropped; |
635 | 0 | stats->ps_ifdrop = 0; |
636 | 0 | return 0; |
637 | 0 | } |
638 | | |
639 | | /* |
640 | | * see <linux-kernel-source>/Documentation/usb/usbmon.txt and |
641 | | * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI |
642 | | */ |
643 | | static int |
644 | | usb_read_linux_bin(pcap_t *handle, int max_packets _U_, pcap_handler callback, u_char *user) |
645 | 0 | { |
646 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
647 | 0 | struct mon_bin_get info; |
648 | 0 | int ret; |
649 | 0 | struct pcap_pkthdr pkth; |
650 | 0 | u_int clen = handle->snapshot - sizeof(pcap_usb_header); |
651 | | |
652 | | /* the usb header is going to be part of 'packet' data*/ |
653 | 0 | info.hdr = (pcap_usb_header*) handle->buffer; |
654 | 0 | info.data = handle->buffer + sizeof(pcap_usb_header); |
655 | 0 | info.data_len = clen; |
656 | | |
657 | | /* ignore interrupt system call errors */ |
658 | 0 | do { |
659 | 0 | ret = ioctl(handle->fd, MON_IOCX_GET, &info); |
660 | 0 | if (handle->break_loop) |
661 | 0 | { |
662 | 0 | handle->break_loop = 0; |
663 | 0 | return -2; |
664 | 0 | } |
665 | 0 | } while ((ret == -1) && (errno == EINTR)); |
666 | 0 | if (ret < 0) |
667 | 0 | { |
668 | 0 | if (errno == EAGAIN) |
669 | 0 | return 0; /* no data there */ |
670 | | |
671 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, |
672 | 0 | errno, "Can't read from fd %d", handle->fd); |
673 | 0 | return -1; |
674 | 0 | } |
675 | | |
676 | | /* |
677 | | * info.hdr->data_len is the number of bytes of isochronous |
678 | | * descriptors (if any) plus the number of bytes of data |
679 | | * provided. There are no isochronous descriptors here, |
680 | | * because we're using the old 48-byte header. |
681 | | * |
682 | | * If info.hdr->data_flag is non-zero, there's no URB data; |
683 | | * info.hdr->urb_len is the size of the buffer into which |
684 | | * data is to be placed; it does not represent the amount |
685 | | * of data transferred. If info.hdr->data_flag is zero, |
686 | | * there is URB data, and info.hdr->urb_len is the number |
687 | | * of bytes transmitted or received; it doesn't include |
688 | | * isochronous descriptors. |
689 | | * |
690 | | * The kernel may give us more data than the snaplen; if it did, |
691 | | * reduce the data length so that the total number of bytes we |
692 | | * tell our client we have is not greater than the snaplen. |
693 | | */ |
694 | 0 | if (info.hdr->data_len < clen) |
695 | 0 | clen = info.hdr->data_len; |
696 | 0 | info.hdr->data_len = clen; |
697 | 0 | pkth.caplen = sizeof(pcap_usb_header) + clen; |
698 | 0 | if (info.hdr->data_flag) { |
699 | | /* |
700 | | * No data; just base the original length on |
701 | | * info.hdr->data_len (so that it's >= the captured |
702 | | * length). |
703 | | */ |
704 | 0 | pkth.len = sizeof(pcap_usb_header) + info.hdr->data_len; |
705 | 0 | } else { |
706 | | /* |
707 | | * We got data; base the original length on |
708 | | * info.hdr->urb_len, so that it includes data |
709 | | * discarded by the USB monitor device due to |
710 | | * its buffer being too small. |
711 | | */ |
712 | 0 | pkth.len = sizeof(pcap_usb_header) + info.hdr->urb_len; |
713 | 0 | } |
714 | 0 | pkth.ts.tv_sec = (time_t)pcap_4_byte_aligned_int64_val(info.hdr->ts_sec); |
715 | 0 | pkth.ts.tv_usec = info.hdr->ts_usec; |
716 | |
|
717 | 0 | if (handle->fcode.bf_insns == NULL || |
718 | 0 | pcapint_filter(handle->fcode.bf_insns, handle->buffer, |
719 | 0 | pkth.len, pkth.caplen)) { |
720 | 0 | handlep->packets_read++; |
721 | 0 | callback(user, &pkth, handle->buffer); |
722 | 0 | return 1; |
723 | 0 | } |
724 | | |
725 | 0 | return 0; /* didn't pass filter */ |
726 | 0 | } |
727 | | |
728 | | /* |
729 | | * see <linux-kernel-source>/Documentation/usb/usbmon.txt and |
730 | | * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI |
731 | | */ |
732 | 0 | #define VEC_SIZE 32 |
733 | | static int |
734 | | usb_read_linux_mmap(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user) |
735 | 0 | { |
736 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
737 | 0 | struct mon_bin_mfetch fetch; |
738 | 0 | int32_t vec[VEC_SIZE]; |
739 | 0 | struct pcap_pkthdr pkth; |
740 | 0 | u_char *bp; |
741 | 0 | pcap_usb_header_mmapped* hdr; |
742 | 0 | int nflush = 0; |
743 | 0 | int packets = 0; |
744 | 0 | u_int clen, max_clen; |
745 | |
|
746 | 0 | max_clen = handle->snapshot - sizeof(pcap_usb_header_mmapped); |
747 | |
|
748 | 0 | for (;;) { |
749 | 0 | int i, ret; |
750 | 0 | int limit; |
751 | |
|
752 | 0 | if (PACKET_COUNT_IS_UNLIMITED(max_packets)) { |
753 | | /* |
754 | | * There's no limit on the number of packets |
755 | | * to process, so try to fetch VEC_SIZE packets. |
756 | | */ |
757 | 0 | limit = VEC_SIZE; |
758 | 0 | } else { |
759 | | /* |
760 | | * Try to fetch as many packets as we have left |
761 | | * to process, or VEC_SIZE packets, whichever |
762 | | * is less. |
763 | | * |
764 | | * At this point, max_packets > 0 (otherwise, |
765 | | * PACKET_COUNT_IS_UNLIMITED(max_packets) |
766 | | * would be true) and max_packets > packets |
767 | | * (packet starts out as 0, and the test |
768 | | * at the bottom of the loop exits if |
769 | | * max_packets <= packets), so limit is |
770 | | * guaranteed to be > 0. |
771 | | */ |
772 | 0 | limit = max_packets - packets; |
773 | 0 | if (limit > VEC_SIZE) |
774 | 0 | limit = VEC_SIZE; |
775 | 0 | } |
776 | | |
777 | | /* |
778 | | * Try to fetch as many events as possible, up to |
779 | | * the limit, and flush the events we've processed |
780 | | * earlier (nflush) - MON_IOCX_MFETCH does both |
781 | | * (presumably to reduce the number of system |
782 | | * calls in loops like this). |
783 | | */ |
784 | 0 | fetch.offvec = vec; |
785 | 0 | fetch.nfetch = limit; |
786 | 0 | fetch.nflush = nflush; |
787 | | /* ignore interrupt system call errors */ |
788 | 0 | do { |
789 | 0 | ret = ioctl(handle->fd, MON_IOCX_MFETCH, &fetch); |
790 | 0 | if (handle->break_loop) |
791 | 0 | { |
792 | 0 | handle->break_loop = 0; |
793 | 0 | return -2; |
794 | 0 | } |
795 | 0 | } while ((ret == -1) && (errno == EINTR)); |
796 | 0 | if (ret < 0) |
797 | 0 | { |
798 | 0 | if (errno == EAGAIN) |
799 | 0 | return 0; /* no data there */ |
800 | | |
801 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, |
802 | 0 | PCAP_ERRBUF_SIZE, errno, "Can't mfetch fd %d", |
803 | 0 | handle->fd); |
804 | 0 | return -1; |
805 | 0 | } |
806 | | |
807 | | /* keep track of processed events, we will flush them later */ |
808 | 0 | nflush = fetch.nfetch; |
809 | 0 | for (i=0; i<fetch.nfetch; ++i) { |
810 | | /* |
811 | | * XXX - we can't check break_loop here, as |
812 | | * we read the indices of packets into a |
813 | | * local variable, so if we're later called |
814 | | * to fetch more packets, those packets will |
815 | | * not be seen - and won't be flushed, either. |
816 | | * |
817 | | * Instead, we would have to keep the array |
818 | | * of indices in our private data, along |
819 | | * with the count of packets to flush - or |
820 | | * would have to flush the already-processed |
821 | | * packets if we break out of the loop here. |
822 | | */ |
823 | | |
824 | | /* Get a pointer to this packet's buffer */ |
825 | 0 | bp = &handlep->mmapbuf[vec[i]]; |
826 | | |
827 | | /* That begins with a metadata header */ |
828 | 0 | hdr = (pcap_usb_header_mmapped*) bp; |
829 | | |
830 | | /* discard filler */ |
831 | 0 | if (hdr->event_type == '@') |
832 | 0 | continue; |
833 | | |
834 | | /* |
835 | | * hdr->data_len is the number of bytes of |
836 | | * isochronous descriptors (if any) plus the |
837 | | * number of bytes of data provided. |
838 | | * |
839 | | * If hdr->data_flag is non-zero, there's no |
840 | | * URB data; hdr->urb_len is the size of the |
841 | | * buffer into which data is to be placed; it does |
842 | | * not represent the amount of data transferred. |
843 | | * If hdr->data_flag is zero, there is URB data, |
844 | | * and hdr->urb_len is the number of bytes |
845 | | * transmitted or received; it doesn't include |
846 | | * isochronous descriptors. |
847 | | * |
848 | | * The kernel may give us more data than the |
849 | | * snaplen; if it did, reduce the data length |
850 | | * so that the total number of bytes we |
851 | | * tell our client we have is not greater than |
852 | | * the snaplen. |
853 | | */ |
854 | 0 | clen = max_clen; |
855 | 0 | if (hdr->data_len < clen) |
856 | 0 | clen = hdr->data_len; |
857 | 0 | pkth.caplen = sizeof(pcap_usb_header_mmapped) + clen; |
858 | 0 | if (hdr->data_flag) { |
859 | | /* |
860 | | * No data; just base the original length |
861 | | * on hdr->data_len (so that it's >= the |
862 | | * captured length). Clamp the result |
863 | | * at UINT_MAX, so it fits in an unsigned |
864 | | * int. |
865 | | */ |
866 | 0 | pkth.len = u_int_sum(sizeof(pcap_usb_header_mmapped), |
867 | 0 | hdr->data_len); |
868 | 0 | } else { |
869 | | /* |
870 | | * We got data. |
871 | | */ |
872 | 0 | if (is_isochronous_transfer_completion(hdr)) { |
873 | | /* |
874 | | * For isochronous transfer completion |
875 | | * events, hdr->urb_len doesn't take |
876 | | * into account the way the data is |
877 | | * put into the buffer, as it doesn't |
878 | | * count any padding between the |
879 | | * chunks of isochronous data, so |
880 | | * we have to calculate the amount |
881 | | * of data from the isochronous |
882 | | * descriptors. |
883 | | */ |
884 | 0 | pkth.len = incoming_isochronous_transfer_completed_len(&pkth, bp); |
885 | 0 | } else { |
886 | | /* |
887 | | * For everything else, the original |
888 | | * data length is just the length of |
889 | | * the memory-mapped Linux USB header |
890 | | * plus hdr->urb_len; we use |
891 | | * hdr->urb_len so that it includes |
892 | | * data discarded by the USB monitor |
893 | | * device due to its buffer being |
894 | | * too small. Clamp the result at |
895 | | * UINT_MAX, so it fits in an |
896 | | * unsigned int. |
897 | | */ |
898 | 0 | pkth.len = u_int_sum(sizeof(pcap_usb_header_mmapped), |
899 | 0 | hdr->urb_len); |
900 | 0 | } |
901 | 0 | } |
902 | 0 | pkth.ts.tv_sec = (time_t)pcap_4_byte_aligned_int64_val(hdr->ts_sec); |
903 | 0 | pkth.ts.tv_usec = hdr->ts_usec; |
904 | |
|
905 | 0 | if (handle->fcode.bf_insns == NULL || |
906 | 0 | pcapint_filter(handle->fcode.bf_insns, (u_char*) hdr, |
907 | 0 | pkth.len, pkth.caplen)) { |
908 | 0 | handlep->packets_read++; |
909 | 0 | callback(user, &pkth, (u_char*) hdr); |
910 | 0 | packets++; |
911 | 0 | } |
912 | 0 | } |
913 | | |
914 | | /* |
915 | | * If max_packets specifies "unlimited", we stop after |
916 | | * the first chunk. |
917 | | */ |
918 | 0 | if (PACKET_COUNT_IS_UNLIMITED(max_packets) || |
919 | 0 | (packets >= max_packets)) |
920 | 0 | break; |
921 | 0 | } |
922 | | |
923 | | /* flush pending events*/ |
924 | 0 | if (ioctl(handle->fd, MON_IOCH_MFLUSH, nflush) == -1) { |
925 | 0 | pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, |
926 | 0 | errno, "Can't mflush fd %d", handle->fd); |
927 | 0 | return -1; |
928 | 0 | } |
929 | 0 | return packets; |
930 | 0 | } |
931 | | |
932 | | static void |
933 | | usb_cleanup_linux_mmap(pcap_t* handle) |
934 | 0 | { |
935 | 0 | struct pcap_usb_linux *handlep = handle->priv; |
936 | | |
937 | | /* if we have a memory-mapped buffer, unmap it */ |
938 | 0 | if (handlep->mmapbuf != NULL) { |
939 | 0 | munmap(handlep->mmapbuf, handlep->mmapbuflen); |
940 | | handlep->mmapbuf = NULL; |
941 | 0 | } |
942 | 0 | pcapint_cleanup_live_common(handle); |
943 | 0 | } |