2 * Copyright (c) 2017 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "stc-plugin-pcap.h"
19 #define ENCAPTYPE_ETHERNET 1
20 #define ENCAPTYPE_NFLOG 141
22 #define PCAP_IFNAME "ifname"
23 #define PCAP_NFLOG_GROUP "nflog_group"
24 #define PCAP_DEV_NAME "dev"
25 #define PCAP_DEV_DECS "decs"
26 #define PCAP_DEV_NET "net"
27 #define PCAP_DEV_MASK "mask"
29 #define NFLOG_IFNAME "nflog"
32 static GHashTable *g_pcap_tables = NULL;
33 static bool g_pcap_start_fm = false;
34 static struct timeval g_pcap_tv = { 0, };
36 static void __pcap_data_free(gpointer value)
38 stc_pcap_data_s *data = (stc_pcap_data_s *)value;
40 g_thread_unref(data->thread);
48 static void __pcap_data_info(const u_char *packet, int len)
52 data = g_string_sized_new(len);
57 g_string_append_printf(data, "%02x", *(packet++));
59 STC_LOGD("[%s]", g_string_free(data, FALSE));
63 static void __pcap_ntp_time_info(uint32_t s, char *time)
68 uint32_t sec = ntohl(s);
71 seconds = sec - NTP_JAN_1970;
72 curr = ctime(&seconds);
76 snprintf(time, len, "%s", curr);
78 snprintf(time, 10, "00:00:00");
82 static void __pcap_ntp_refid_info(ntp_t *ntp_h, char *refid)
84 switch (ntp_h->stratum) {
85 case NTP_STRATUM_UNSPECIFIED:
86 snprintf(refid, BUFF_SIZE_ID, "%s", "(unspec)");
88 case NTP_STRATUM_PRIM_REF:
89 snprintf(refid, BUFF_SIZE_ID, "%s", "(prim_ref)");
91 case NTP_STRATUM_INFO_QUERY:
92 snprintf(refid, BUFF_SIZE_ID, "%s INFO_QEURY",
93 inet_ntoa(*((struct in_addr *)&ntp_h->refid)));
95 case NTP_STRATUM_INFO_REPLY:
96 snprintf(refid, BUFF_SIZE_ID, "%s INFO_REPLY",
97 inet_ntoa(*((struct in_addr *)&ntp_h->refid)));
100 snprintf(refid, BUFF_SIZE_ID, "%s",
101 inet_ntoa(*((struct in_addr *)&ntp_h->refid)));
106 static uint16_t __pcap_ntp_fraction_info(uint16_t f)
111 ff = ntohs(f) / 65536.0;
112 fraction = (uint16_t)(ff * 1000000.0);
117 static void __pcap_ntp_info(const u_char **packet, uint32_t *pktlen)
119 ntp_t *ntp_h = (ntp_t *)*packet;
120 char refid[BUFF_SIZE_ID];
121 char reftime[BUFF_SIZE_TIME];
122 char orgtime[BUFF_SIZE_TIME];
123 char rectime[BUFF_SIZE_TIME];
124 char xmttime[BUFF_SIZE_TIME];
126 __pcap_ntp_refid_info(ntp_h, refid);
127 __pcap_ntp_time_info(ntp_h->reftime.second, reftime);
128 __pcap_ntp_time_info(ntp_h->orgtime.second, orgtime);
129 __pcap_ntp_time_info(ntp_h->rectime.second, rectime);
130 __pcap_ntp_time_info(ntp_h->xmttime.second, xmttime);
134 STC_LOGD("Flags[0x%02x] Stratum[%u] Poll[%u:%us] Precision[%u] "
135 "Root delay[%u.%06us] Root dispersion[%u.%06us] Ref ID[%s]",
136 ntp_h->flags, ntp_h->stratum, ntp_h->poll,
137 ntp_h->precision, 1 << ntp_h->precision,
138 ntohs(ntp_h->rootdelay.second),
139 __pcap_ntp_fraction_info(ntp_h->rootdelay.fraction),
140 ntohs(ntp_h->rootdisp.second),
141 __pcap_ntp_fraction_info(ntp_h->rootdisp.fraction),
143 STC_LOGD("Reference[%s] Origin[%s] Receive[%s] Transmit[%s]",
144 reftime, orgtime, rectime, xmttime);
149 static const char *__pcap_dhcp_client_id_info(uint8_t data)
154 case DHCP_CLIENT_ID_ETHERNET:
157 case DHCP_CLIENT_ID_IEEE802:
158 info = "IEEE 802 Networks";
160 case DHCP_CLIENT_ID_ARCNET:
163 case DHCP_CLIENT_ID_LOCALTALK:
166 case DHCP_CLIENT_ID_LOCALNET:
169 case DHCP_CLIENT_ID_SMDS:
172 case DHCP_CLIENT_ID_FRAMERELAY:
173 info = "Frame Relay";
175 case DHCP_CLIENT_ID_ATM1:
176 info = "ATM(Async Transfer Mode)";
178 case DHCP_CLIENT_ID_HDLC:
181 case DHCP_CLIENT_ID_FIBRECHANNEL:
182 info = "Fibre Channel";
184 case DHCP_CLIENT_ID_ATM2:
185 info = "ATM(Async Transfer Mode)";
187 case DHCP_CLIENT_ID_SERIALLINE:
188 info = "Serial Line";
198 static const char *__pcap_dhcp_msg_type_info(uint8_t type)
203 case DHCP_MSG_TYPE_DISCOVER:
206 case DHCP_MSG_TYPE_OFFER:
209 case DHCP_MSG_TYPE_REQUEST:
212 case DHCP_MSG_TYPE_DECLINE:
215 case DHCP_MSG_TYPE_ACK:
218 case DHCP_MSG_TYPE_NAK:
221 case DHCP_MSG_TYPE_RELEASE:
224 case DHCP_MSG_TYPE_INFORM:
235 static void __pcap_bootp_magic_info(uint32_t magic,
236 uint8_t *moption, u_int16_t len)
238 if (ntohl(magic) == BOOTP_MAGIC_DHCP) {
239 char buf[BOOTP_MOPTION_LEN];
240 uint8_t *opt = moption;
243 STC_LOGD("Magic cookie[DHCP]");
246 uint8_t tag = opt[0];
247 uint8_t length = opt[1];
248 uint8_t *data = &opt[2];
249 char addr[BUFF_SIZE_IP];
250 char host[BUFF_SIZE_HOST];
253 case DHCP_TAG_SUBNET_MASK:
254 inet_ntop(AF_INET, (struct in_addr *)data,
257 STC_LOGD("Subnet mask[%s]", addr);
259 case DHCP_TAG_ROUTER:
260 inet_ntop(AF_INET, (struct in_addr *)data,
263 STC_LOGD("Router[%s]", addr);
266 inet_ntop(AF_INET, (struct in_addr *)data,
269 STC_LOGD("Domain name server[%s]", addr);
271 case DHCP_TAG_HOST_NAME:
272 snprintf(buf, ((length < BOOTP_MOPTION_LEN) ?
273 (length + 1) : BOOTP_MOPTION_LEN), "%s", (char *)data);
275 STC_LOGD("Host name[%s]", buf);
277 case DHCP_TAG_REQUESTED_IP:
278 inet_ntop(AF_INET, (struct in_addr *)data,
281 STC_LOGD("Requested IP[%s]", addr);
283 case DHCP_TAG_IP_LEASE_TIME:
285 STC_LOGD("IP address lease time[%us]",
286 ntohl(*(uint32_t *)data));
288 case DHCP_TAG_MSG_TYPE:
290 STC_LOGD("DHCP message type[%u:%s]", *data,
291 __pcap_dhcp_msg_type_info(*data));
293 case DHCP_TAG_SERVER_ID:
294 inet_ntop(AF_INET, (struct in_addr *)data,
297 STC_LOGD("DHCP server identifier[%s]", addr);
299 case DHCP_TAG_MSG_SIZE:
301 STC_LOGD("Maximum DHCP message size[%u]",
302 ntohs(*(uint16_t *)data));
304 case DHCP_TAG_CLIENT_ID:
306 STC_LOGD("Client identifier HW type[0x%02x:%s]", *data,
307 __pcap_dhcp_client_id_info(*data));
308 if (*data == DHCP_CLIENT_ID_ETHERNET) {
310 ether_ntoa((const struct ether_addr *)&data[1]),
313 STC_LOGD("Client identifier MAC[%s]", host);
322 STC_LOGD("Unknown[%u]", tag);
332 static const char *__pcap_bootp_op_info(uint8_t op)
351 static void __pcap_bootp_info(const u_char **packet, u_int16_t len)
353 bootp_t *bootp_h = (bootp_t *)*packet;
354 char ciaddr[BUFF_SIZE_IP];
355 char yiaddr[BUFF_SIZE_IP];
356 char siaddr[BUFF_SIZE_IP];
357 char giaddr[BUFF_SIZE_IP];
358 char chaddr[BUFF_SIZE_HOST];
360 inet_ntop(AF_INET, &bootp_h->ciaddr, ciaddr, BUFF_SIZE_IP);
361 inet_ntop(AF_INET, &bootp_h->yiaddr, yiaddr, BUFF_SIZE_IP);
362 inet_ntop(AF_INET, &bootp_h->siaddr, siaddr, BUFF_SIZE_IP);
363 inet_ntop(AF_INET, &bootp_h->giaddr, giaddr, BUFF_SIZE_IP);
366 ether_ntoa((const struct ether_addr *)bootp_h->chaddr),
371 STC_LOGD("Message type[%u:%s] HW type[0x%02x] HW len[%u] Hops[%u] "
372 "Transaction ID[0x%08x] Seconds elapsed[%u] Flags[0x%04x]",
373 bootp_h->op, __pcap_bootp_op_info(bootp_h->op),
374 bootp_h->htype, bootp_h->hlen, bootp_h->hops,
375 ntohl(bootp_h->xid), ntohs(bootp_h->secs), ntohs(bootp_h->flags));
376 STC_LOGD("Client[%s] Your(client)[%s] Next server[%s] "
377 "Relay agent[%s] Client MAC[%s]",
378 ciaddr, yiaddr, siaddr, giaddr, chaddr);
381 __pcap_bootp_magic_info(bootp_h->magic, bootp_h->moption, len);
387 static char *__pcap_dns_type_info(uint16_t type)
395 case DNS_QTYPE_CNAME:
409 static char *__pcap_dns_class_info(uint16_t class)
417 case DNS_QCLASS_CHAOS:
434 static uint8_t * __pcap_dns_name_info(uint8_t *dns_h,
435 uint8_t *data, u_char *name)
438 u_char *dname = name;
445 sec = (uint8_t *)dns_h +
446 (htons(*(uint16_t *)sec) & 0x3FFF);
454 if (dname + *sec >= name + BUFF_SIZE_NAME) {
459 memcpy(dname, sec + 1, *sec);
472 return (uint8_t *)nxt;
475 static void __pcap_dns_data_info(const u_char **packet, dns_t *dns_h, uint32_t *pktlen)
477 uint8_t *data = (uint8_t *)*packet;
478 uint16_t qdcount = ntohs(dns_h->questions);
479 uint16_t ancount = ntohs(dns_h->answerRR);
482 for (i = 0; i < qdcount; ++i) {
483 u_char name[BUFF_SIZE_NAME];
489 STC_LOGD("[Queries]");
492 data = __pcap_dns_name_info((uint8_t *)dns_h, data, name);
496 type = ntohs(*(uint16_t *)&data[0]);
497 class = ntohs(*(uint16_t *)&data[2]);
500 STC_LOGD("Name[%s] Type[%u:%s] Class[0x%04x:%s]",
501 name, type, __pcap_dns_type_info(type),
502 class, __pcap_dns_class_info(class));
507 for (i = 0; i < ancount; ++i) {
508 u_char name[BUFF_SIZE_NAME];
509 u_char cname[BUFF_SIZE_NAME];
514 char ip[BUFF_SIZE_IP];
518 STC_LOGD("[Answers]");
521 data = __pcap_dns_name_info((uint8_t *)dns_h, data, name);
525 type = ntohs(*(uint16_t *)&data[0]);
526 class = ntohs(*(uint16_t *)&data[2]);
527 ttl = ntohl(*(uint32_t *)&data[4]);
528 length = ntohs(*(uint16_t *)&data[8]);
530 if (class == DNS_QCLASS_IN) {
533 inet_ntop(AF_INET, (struct in_addr *)&data[10],
536 STC_LOGD("Name[%s] Type[%u:%s] Class[0x%04x:%s] "
537 "TTL[%u] Data length[%u] Address[%s]",
538 name, type, __pcap_dns_type_info(type),
539 class, __pcap_dns_class_info(class),
542 case DNS_QTYPE_CNAME:
543 __pcap_dns_name_info((uint8_t *)dns_h, &data[10], cname);
547 STC_LOGD("Name[%s] Type[%u:%s] Class[0x%04x:%s] "
548 "TTL[%u] Data length[%u] CName[%s]",
549 name, type, __pcap_dns_type_info(type),
550 class, __pcap_dns_class_info(class),
557 STC_LOGD("Name[%s] Type[%u:%s] Class[0x%04x:%s] "
558 "TTL[%u] Data length[%u]",
559 name, type, __pcap_dns_type_info(type),
560 class, __pcap_dns_class_info(class),
566 data += (length + 10);
570 static void __pcap_dns_info(const u_char **packet, uint32_t *pktlen)
572 dns_t *dns_h = (dns_t *)*packet;
576 STC_LOGD("Transaction ID[0x%x] Flags[0x%x] Questions[%u] "
577 "Answer RRs[%u] Authority RRs[%u] Additional RRs[%u]",
578 ntohs(dns_h->id), ntohs(dns_h->flags),
579 ntohs(dns_h->questions), ntohs(dns_h->answerRR),
580 ntohs(dns_h->authorityRR), ntohs(dns_h->additionalRR));
583 *packet += SIZE_DNS_HEADER;
584 *pktlen -= SIZE_DNS_HEADER;
586 __pcap_dns_data_info(packet, dns_h, pktlen);
592 static const char *__pcap_icmp_code_info(u_int8_t type, u_int8_t code)
597 case ICMP_DEST_UNREACH:
599 case ICMP_NET_UNREACH:
600 info = "Network Unreachable";
602 case ICMP_HOST_UNREACH:
603 info = "Host Unreachable";
605 case ICMP_PROT_UNREACH:
606 info = "Protocol Unreachable";
608 case ICMP_PORT_UNREACH:
609 info = "Port Unreachable";
611 case ICMP_FRAG_NEEDED:
612 info = "Fragmentation Needed/DF set";
615 info = "Source Route failed";
617 case ICMP_NET_UNKNOWN:
619 case ICMP_HOST_UNKNOWN:
621 case ICMP_HOST_ISOLATED:
627 case ICMP_NET_UNR_TOS:
629 case ICMP_HOST_UNR_TOS:
631 case ICMP_PKT_FILTERED:
632 info = "Packet filtered";
634 case ICMP_PREC_VIOLATION:
635 info = "Precedence violation";
637 case ICMP_PREC_CUTOFF:
638 info = "Precedence cut off";
648 info = "Redirect Net";
650 case ICMP_REDIR_HOST:
651 info = "Redirect Host";
653 case ICMP_REDIR_NETTOS:
654 info = "Redirect Net for TOS";
656 case ICMP_REDIR_HOSTTOS:
657 info = "Redirect Host for TOS";
664 case ICMP_TIME_EXCEEDED:
667 info = "TTL count exceeded";
669 case ICMP_EXC_FRAGTIME:
670 info = "Fragment Reass time exceeded";
685 static const char *__pcap_icmp_type_info(u_int8_t type)
693 case ICMP_DEST_UNREACH:
694 info = "Destination Unreachable";
696 case ICMP_SOURCE_QUENCH:
697 info = "Source Quench";
703 info = "Echo Request";
705 case ICMP_TIME_EXCEEDED:
706 info = "Time Exceeded";
708 case ICMP_PARAMETERPROB:
709 info = "Parameter Problem";
712 info = "Timestamp Request";
714 case ICMP_TIMESTAMPREPLY:
715 info = "Timestamp Reply";
717 case ICMP_INFO_REQUEST:
718 info = "Information Request";
720 case ICMP_INFO_REPLY:
721 info = "Information Reply";
724 info = "Address Mask Request";
726 case ICMP_ADDRESSREPLY:
727 info = "Address Mask Reply";
737 static void __pcap_icmp_info(const u_char **packet, uint32_t *pktlen)
739 icmp_t *icmp_h = (icmp_t *)*packet;
742 STC_LOGD("Type[%u:%s] Code[%u:%s] Checksum[0x%x]",
743 icmp_h->type, __pcap_icmp_type_info(icmp_h->type),
744 icmp_h->code, __pcap_icmp_code_info(icmp_h->type, icmp_h->code),
745 ntohs(icmp_h->checksum));
747 *packet += SIZE_ICMP_HEADER;
748 *pktlen -= SIZE_ICMP_HEADER;
751 static void __pcap_http_info(const u_char **packet, uint32_t *pktlen)
755 u_char *value_pos = NULL;
756 gchar *value_str = NULL;
759 value = g_string_sized_new(value_len);
761 value_pos = (u_char *)*packet;
763 g_string_append_printf(value, "%c", *(value_pos++));
764 value_str = g_string_free(value, FALSE);
768 STC_LOGD(HR_SINGLE "\n%s", value_str);
775 static void __pcap_tcp_info(const u_char **packet, uint32_t *pktlen)
777 tcp_t *tcp_h = (tcp_t *)*packet;
778 u_int16_t source = ntohs(tcp_h->source);
779 u_int16_t dest = ntohs(tcp_h->dest);
782 STC_LOGD("Source[%u] Destination[%u] Sequence[%u] "
783 "Acknowledgment seq[%u] Window size[%u] ",
784 ntohs(tcp_h->source), ntohs(tcp_h->dest),
785 ntohl(tcp_h->seq), ntohl(tcp_h->ack_seq),
786 ntohs(tcp_h->window));
789 STC_LOGD("Checksum[0x%x] URG[%u] ACK[%u] PUSH[%u] "
790 "RST[%u] SYN[%u] FIN[%u]",
792 tcp_h->urg, tcp_h->ack, tcp_h->psh,
793 tcp_h->rst, tcp_h->syn, tcp_h->fin);
795 *packet += (tcp_h->th_off * 4);
796 *pktlen -= (tcp_h->th_off * 4);
799 if (IS_SRC_OR_DST_PORT(PORT_DNS))
800 __pcap_dns_info(packet, pktlen);
801 else if (IS_SRC_OR_DST_PORT(PORT_HTTP) ||
802 IS_SRC_OR_DST_PORT(PORT_HTTP_ALT))
803 __pcap_http_info(packet, pktlen);
807 static void __pcap_udp_info(const u_char **packet, uint32_t *pktlen)
809 udp_t *udp_h = (udp_t *)*packet;
810 u_int16_t source = ntohs(udp_h->source);
811 u_int16_t dest = ntohs(udp_h->dest);
812 u_int16_t len = ntohs(udp_h->len);
815 STC_LOGD("Source[%u] Destination[%u] Len[%u] Checksum[0x%x]",
816 source, dest, len, ntohs(udp_h->check));
818 *packet += SIZE_UDP_HEADER;
819 *pktlen -= SIZE_UDP_HEADER;
822 if (IS_SRC_OR_DST_PORT(PORT_DNS))
823 __pcap_dns_info(packet, pktlen);
824 else if (IS_SRC_OR_DST_PORT(PORT_BOOTP_C) ||
825 IS_SRC_OR_DST_PORT(PORT_BOOTP_S))
826 __pcap_bootp_info(packet, len);
827 else if (IS_SRC_OR_DST_PORT(PORT_NTP))
828 __pcap_ntp_info(packet, pktlen);
832 static const char *__pcap_eth_type_info(u_int16_t type)
846 case ETHERTYPE_REVARP:
849 case ETHERTYPE_LOOPBACK:
860 static void __pcap_eapol_info(const u_char **packet, uint32_t *pktlen)
864 static const char *__pcap_arp_opcode_info(u_int16_t opcode)
889 static void __pcap_arp_info(const u_char **packet, uint32_t *pktlen)
891 arp_t *arp_h = (arp_t *)*packet;
892 u_int8_t *sha = (u_int8_t *)(*packet + SIZE_ARP_HEADER);
893 u_int8_t *spa = (u_int8_t *)(sha + arp_h->ar_hln);
894 u_int8_t *tha = (u_int8_t *)(spa + arp_h->ar_pln);
895 u_int8_t *tpa = (u_int8_t *)(tha + arp_h->ar_hln);
896 u_int16_t ar_op = ntohs(arp_h->ar_op);
897 char sma[BUFF_SIZE_HOST];
898 char sia[BUFF_SIZE_IP];
899 char tma[BUFF_SIZE_HOST];
900 char tia[BUFF_SIZE_IP];
904 ether_ntoa((const struct ether_addr *)sha),
907 ether_ntoa((const struct ether_addr *)tha),
910 inet_ntop(AF_INET, (struct in_addr *)spa, sia, BUFF_SIZE_IP);
911 inet_ntop(AF_INET, (struct in_addr *)tpa, tia, BUFF_SIZE_IP);
913 ar_pro = ntohs(arp_h->ar_pro);
916 STC_LOGD("HW type[%u] Protocol type[0x%04x:%s] "
917 "HW size[%u] Protocol size[%u] Opcode[%u:%s] ",
918 ntohs(arp_h->ar_hrd), ar_pro,
919 __pcap_eth_type_info(ar_pro),
920 arp_h->ar_hln, arp_h->ar_pln,
921 ar_op, __pcap_arp_opcode_info(ar_op));
924 STC_LOGD("Sender MAC[%s] Sender IP[%s] "
925 "Target MAC[%s] Target IP[%s]",
928 *packet += SIZE_ARP_HEADER;
929 *pktlen -= SIZE_ARP_HEADER;
932 static const char *__pcap_ip_protocol_info(u_int8_t p)
966 static void __pcap_ipv6_info(const u_char **packet, uint32_t *pktlen)
968 ip6_t *ip6_h = (ip6_t *)*packet;
969 char ip6_src[BUFF_SIZE_IP6];
970 char ip6_dst[BUFF_SIZE_IP6];
972 inet_ntop(AF_INET6, &ip6_h->ip6_src, ip6_src, BUFF_SIZE_IP6);
973 inet_ntop(AF_INET6, &ip6_h->ip6_dst, ip6_dst, BUFF_SIZE_IP6);
976 STC_LOGD("Flow[0x%08x] Payload len[%u] Next hdr[%u:%s] "
977 "Hop limit[%u] Source[%s] Destination[%s]",
978 ntohl(ip6_h->ip6_flow), ntohs(ip6_h->ip6_plen),
979 ip6_h->ip6_nxt, __pcap_ip_protocol_info(ip6_h->ip6_nxt),
980 ip6_h->ip6_hlim, ip6_src, ip6_dst);
982 *packet += SIZE_IP6_HEADER;
983 *pktlen -= SIZE_IP6_HEADER;
985 switch (ip6_h->ip6_nxt) {
987 __pcap_tcp_info(packet, pktlen);
990 __pcap_udp_info(packet, pktlen);
993 __pcap_icmp_info(packet, pktlen);
1000 static void __pcap_ip_info(const u_char **packet, uint32_t *pktlen)
1002 ip_t *ip_h = (ip_t *)*packet;
1003 char ip_src[BUFF_SIZE_IP];
1004 char ip_dst[BUFF_SIZE_IP];
1006 inet_ntop(AF_INET, &ip_h->ip_src, ip_src, BUFF_SIZE_IP);
1007 inet_ntop(AF_INET, &ip_h->ip_dst, ip_dst, BUFF_SIZE_IP);
1010 STC_LOGD("Header len[%u] TOS[0x%02x] Total len[%u] "
1011 "ID[0x%04x] Flags[0x%02x] TTL[%u] Protocol[%u:%s] "
1012 "Checksum[0x%04x] Source[%s] Destination[%s]",
1013 ip_h->ip_hl << 2, ip_h->ip_tos,
1014 ntohs(ip_h->ip_len), ntohs(ip_h->ip_id),
1015 (ntohs(ip_h->ip_off) & 0xe000) >> 13,
1016 ip_h->ip_ttl, ip_h->ip_p,
1017 __pcap_ip_protocol_info(ip_h->ip_p),
1018 ntohs(ip_h->ip_sum), ip_src, ip_dst);
1020 *packet += SIZE_IP_HEADER;
1021 *pktlen -= SIZE_IP_HEADER;
1023 switch (ip_h->ip_p) {
1025 __pcap_icmp_info(packet, pktlen);
1028 __pcap_tcp_info(packet, pktlen);
1031 __pcap_udp_info(packet, pktlen);
1038 static void __pcap_eth_info(const u_char **packet, uint32_t *pktlen)
1040 eth_t *eth_h = (eth_t *)*packet;
1041 u_int8_t *eth_shost = eth_h->ether_shost;
1042 u_int8_t *eth_dhost = eth_h->ether_dhost;
1043 char shost[BUFF_SIZE_HOST];
1044 char dhost[BUFF_SIZE_HOST];
1045 u_int16_t ether_type;
1048 ether_ntoa((const struct ether_addr *)eth_shost),
1052 ether_ntoa((const struct ether_addr *)eth_dhost),
1055 ether_type = ntohs(eth_h->ether_type);
1058 STC_LOGD("Source[%s] Destination[%s] Type[0x%04x:%s]",
1059 shost, dhost, ether_type, __pcap_eth_type_info(ether_type));
1061 *packet += SIZE_ETHER_HEADER;
1062 *pktlen -= SIZE_ETHER_HEADER;
1065 static const char *__pcap_family_info(u_int8_t family)
1084 static const char *__pcap_tlv_type_info(u_int16_t type)
1089 case NFULA_PACKET_HDR:
1090 info = "NFULA_PACKET_HDR";
1093 info = "NFULA_MARK";
1095 case NFULA_TIMESTAMP:
1096 info = "NFULA_TIMESTAMP";
1098 case NFULA_IFINDEX_INDEV:
1099 info = "NFULA_IFINDEX_INDEV";
1101 case NFULA_IFINDEX_OUTDEV:
1102 info = "NFULA_IFINDEX_OUTDEV";
1104 case NFULA_IFINDEX_PHYSINDEV:
1105 info = "NFULA_IFINDEX_PHYSINDEV";
1107 case NFULA_IFINDEX_PHYSOUTDEV:
1108 info = "NFULA_IFINDEX_PHYSOUTDEV";
1111 info = "NFULA_HWADDR";
1114 info = "NFULA_PAYLOAD";
1117 info = "NFULA_PREFIX";
1125 case NFULA_SEQ_GLOBAL:
1126 info = "NFULA_SEQ_GLOBAL";
1132 info = "NFULA_HWTYPE";
1134 case NFULA_HWHEADER:
1135 info = "NFULA_HWHEADER";
1138 info = "NFULA_HWLEN";
1148 static void __pcap_nflog_tlv_info(const u_char **packet,
1152 u_int16_t tlv_length;
1155 u_int16_t value_len;
1156 u_char *value_pos = NULL;
1157 gchar *value_str = NULL;
1159 *pktlen -= SIZE_NFLOG_HDR;
1161 while (*pktlen > 0) {
1162 if (*pktlen < SIZE_NFLOG_TLV)
1165 tlv_h = (nflog_tlv_t *)*packet;
1166 tlv_length = tlv_h->tlv_length;
1167 if (tlv_length % 4 != 0)
1168 tlv_length += 4 - tlv_length % 4;
1169 tlv_type = tlv_h->tlv_type;
1171 if (tlv_length < SIZE_NFLOG_TLV)
1174 if (*pktlen < tlv_length)
1178 if (tlv_type != NFULA_PAYLOAD) {
1179 nflog_hwaddr_t *hwaddr;
1180 nflog_timestamp_s *timestamp;
1181 char host[BUFF_SIZE_HOST];
1188 hwaddr = (nflog_hwaddr_t *)((u_char *)tlv_h + SIZE_NFLOG_TLV);
1190 ether_ntoa((const struct ether_addr *)hwaddr->hw_addr),
1192 STC_LOGD("Type[%s:%u] Length[%u] Hwaddr[%s]",
1193 __pcap_tlv_type_info(tlv_type), tlv_type,
1194 tlv_h->tlv_length, host);
1196 case NFULA_TIMESTAMP:
1197 timestamp = (nflog_timestamp_s *)((u_char *)tlv_h + SIZE_NFLOG_TLV);
1198 sec = ntohl(timestamp->ts[1]);
1199 time = ctime((const time_t *)&sec);
1201 time[len - 1] = '\0';
1203 STC_LOGD("Type[%s:%u] Length[%u] Timestamp[%s]",
1204 __pcap_tlv_type_info(tlv_type), tlv_type,
1205 tlv_h->tlv_length, time);
1208 value_len = tlv_h->tlv_length - SIZE_NFLOG_TLV;
1209 value = g_string_sized_new(value_len);
1211 value_pos = (u_char *)tlv_h + SIZE_NFLOG_TLV;
1213 g_string_append_printf(value, "%c", *(value_pos++));
1214 value_str = g_string_free(value, FALSE);
1217 STC_LOGD("Type[%s:%u] Length[%u] Prefix[%s]",
1218 __pcap_tlv_type_info(tlv_type), tlv_type,
1219 tlv_h->tlv_length, value_str);
1224 value_len = tlv_h->tlv_length - SIZE_NFLOG_TLV;
1225 value = g_string_sized_new(value_len);
1227 value_pos = (u_char *)tlv_h + SIZE_NFLOG_TLV;
1229 g_string_append_printf(value, "%02x", *(value_pos++));
1230 value_str = g_string_free(value, FALSE);
1233 STC_LOGD("Type[%s:%u] Length[%u] Value[%s]",
1234 __pcap_tlv_type_info(tlv_type), tlv_type,
1235 tlv_h->tlv_length, value_str);
1241 STC_LOGD("Type[%s:%u] Length[%u]",
1242 __pcap_tlv_type_info(tlv_type),
1243 tlv_type, tlv_h->tlv_length);
1247 if (tlv_type == NFULA_PAYLOAD) {
1248 *packet += SIZE_NFLOG_TLV;
1249 *pktlen -= SIZE_NFLOG_TLV;
1253 *packet += tlv_length;
1254 *pktlen -= tlv_length;
1258 static void __pcap_nflog_hdr_info(const u_char **packet, uint32_t *pktlen)
1260 nflog_hdr_t *hdr_h = (nflog_hdr_t *)*packet;
1261 u_int8_t family = hdr_h->nflog_family;
1262 u_int8_t version = hdr_h->nflog_version;
1263 u_int16_t resource_id = ntohs(hdr_h->nflog_rid);
1266 STC_LOGD("Family[%s:%u] Version[%u] Resource id[%u]",
1267 __pcap_family_info(family), family, version, resource_id);
1269 *packet += SIZE_NFLOG_HDR;
1270 *pktlen -= SIZE_NFLOG_HDR;
1273 static void __pcap_fm_info(const struct pcap_pkthdr *pkthdr)
1277 struct timeval ts = pkthdr->ts;
1278 __time_t tv_sec = ts.tv_sec;
1279 __suseconds_t tv_usec = ts.tv_usec;
1281 if (g_pcap_start_fm == false) {
1283 g_pcap_start_fm = true;
1286 curr = ctime((const time_t *)&tv_sec);
1288 curr[len - 1] = '\0';
1291 STC_LOGD("Arrival time[%s] Timeval[%.06f] "
1292 "Frame len[%u] Capture len[%u]", curr,
1293 (float)((tv_sec - g_pcap_tv.tv_sec) * 1000000 +
1294 (tv_usec - g_pcap_tv.tv_usec)) / 1000000,
1295 pkthdr->len, pkthdr->caplen);
1298 static void __pcap_handler(u_char *param,
1299 const struct pcap_pkthdr *pkthdr,
1300 const u_char *packet) {
1301 uint32_t pktlen = pkthdr->len;
1302 stc_pcap_data_s *pcap_data = (stc_pcap_data_s *)param;
1305 nflog_hdr_t *nflog_h;
1306 uint8_t nflog_family;
1308 STC_LOGD(HR_DOUBLE);
1310 __pcap_fm_info(pkthdr);
1312 switch (pcap_data->encap_type) {
1313 case ENCAPTYPE_ETHERNET:
1314 eth_h = (eth_t *)packet;
1315 eth_type = ntohs(eth_h->ether_type);
1317 __pcap_eth_info(&packet, &pktlen);
1321 __pcap_ip_info(&packet, &pktlen);
1322 /* __pcap_data_info(pcaket, pktlen); */
1324 case ETHERTYPE_IPV6:
1325 __pcap_ipv6_info(&packet, &pktlen);
1328 case ETHERTYPE_REVARP:
1329 __pcap_arp_info(&packet, &pktlen);
1331 case ETHERTYPE_LOOPBACK:
1333 case ETHERTYPE_EAPOL:
1334 __pcap_eapol_info(&packet, &pktlen);
1340 case ENCAPTYPE_NFLOG:
1341 nflog_h = (nflog_hdr_t *)packet;
1342 nflog_family = nflog_h->nflog_family;
1344 __pcap_nflog_hdr_info(&packet, &pktlen);
1345 __pcap_nflog_tlv_info(&packet, &pktlen);
1347 switch (nflog_family) {
1349 __pcap_ip_info(&packet, &pktlen);
1352 __pcap_ipv6_info(&packet, &pktlen);
1362 STC_LOGD(HR_DOUBLE);
1365 static gboolean __pcap_thread_source_func(gpointer data)
1367 char buf[MAX_IFACE_LENGTH];
1368 stc_pcap_data_s *lookup;
1369 stc_pcap_data_s *pcap_data = (stc_pcap_data_s *)data;
1371 g_pcap_tv.tv_sec = 0;
1372 g_pcap_tv.tv_usec = 0;
1373 g_pcap_start_fm = false;
1375 if (g_pcap_tables == NULL)
1378 snprintf(buf, sizeof(buf), "%s:%d",
1379 pcap_data->ifname, pcap_data->nflog_group);
1381 lookup = g_hash_table_lookup(g_pcap_tables, buf);
1383 STC_LOGE("pcap loop not found");
1387 g_hash_table_remove(g_pcap_tables, buf);
1388 STC_LOGD("Successfully removed pcap loop [%s]", buf);
1393 static gpointer __pcap_thread_func(gpointer data)
1395 __STC_LOG_FUNC_ENTER__;
1397 char errbuf[PCAP_ERRBUF_SIZE];
1398 pcap_if_t *alldevs = NULL;
1399 pcap_if_t *dev = NULL;
1401 GSource *source = NULL;
1402 GMainContext *context = NULL;
1403 stc_pcap_data_s *pcap_data = (stc_pcap_data_s *)data;
1405 if (pcap_findalldevs(&alldevs, errbuf) < 0 ||
1407 STC_LOGE("Failed to find all devs [%s]", errbuf);
1411 for (dev = alldevs; dev; dev = dev->next) {
1412 if (g_strcmp0(dev->name, pcap_data->ifname) == 0) {
1413 if (g_strcmp0(dev->name, NFLOG_IFNAME) == 0) {
1414 name = g_strdup(pcap_data->nfname);
1415 pcap_data->encap_type = ENCAPTYPE_NFLOG;
1417 name = g_strdup(pcap_data->ifname);
1418 pcap_data->encap_type = ENCAPTYPE_ETHERNET;
1424 pcap_freealldevs(alldevs);
1427 STC_LOGE("Failed to find dev [%s]", pcap_data->ifname);
1431 STC_LOGD("Pcap source dev [%s]", name);
1433 pcap_data->handle = pcap_open_live(name, 65535, 1, 1000, errbuf);
1434 if (pcap_data->handle == NULL) {
1435 STC_LOGE("Failed to open live [%s]", errbuf);
1439 STC_LOGD("Pcap open live [%p]", pcap_data->handle);
1441 STC_LOGD("Pcap loop start [%s]", name);
1442 pcap_loop(pcap_data->handle, 0, __pcap_handler, (u_char *)pcap_data);
1443 STC_LOGD("Pcap loop end [%s]", name);
1445 pcap_close(pcap_data->handle);
1446 STC_LOGD("Pcap closed [%p]", pcap_data->handle);
1451 context = g_main_context_default();
1453 source = g_idle_source_new();
1455 g_source_set_callback(source,
1456 __pcap_thread_source_func, pcap_data, NULL);
1457 g_source_attach(source, context);
1459 g_source_unref(source);
1461 __STC_LOG_FUNC_EXIT__;
1465 static void __pcap_make_params(gpointer key, gpointer value,
1468 stc_pcap_data_s *data = (stc_pcap_data_s *)value;
1469 GVariantBuilder *builder = (GVariantBuilder *)user_data;
1470 GVariantBuilder sub_builder;
1472 g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}"));
1474 g_variant_builder_add(&sub_builder, "{sv}", PCAP_IFNAME,
1475 g_variant_new_string(data->ifname));
1477 g_variant_builder_add(&sub_builder, "{sv}", PCAP_NFLOG_GROUP,
1478 g_variant_new_uint32(data->nflog_group));
1480 g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder));
1483 int stc_plugin_pcap_initialize(void)
1485 __STC_LOG_FUNC_ENTER__;
1487 g_pcap_tables = g_hash_table_new_full(g_str_hash,
1488 g_str_equal, g_free, __pcap_data_free);
1490 __STC_LOG_FUNC_EXIT__;
1491 return STC_ERROR_NONE;
1494 int stc_plugin_pcap_deinitialize(void)
1496 __STC_LOG_FUNC_ENTER__;
1498 if (g_pcap_tables) {
1499 g_hash_table_destroy(g_pcap_tables);
1500 g_pcap_tables = NULL;
1503 __STC_LOG_FUNC_EXIT__;
1504 return STC_ERROR_NONE;
1507 int stc_plugin_pcap_lookup_dev(void)
1510 char errbuf[PCAP_ERRBUF_SIZE];
1512 dev = pcap_lookupdev(errbuf);
1514 STC_LOGE("Failed to look up dev [%s]", errbuf);
1515 return STC_ERROR_FAIL;
1518 STC_LOGD("Dev [%s]", dev);
1520 return STC_ERROR_NONE;
1523 int stc_plugin_pcap_lookup_net(void)
1526 char net[BUFF_SIZE_IP];
1527 char mask[BUFF_SIZE_IP];
1528 char errbuf[PCAP_ERRBUF_SIZE];
1533 dev = pcap_lookupdev(errbuf);
1535 STC_LOGE("Failed to look up dev [%s]", errbuf);
1536 return STC_ERROR_FAIL;
1539 STC_LOGD("Dev [%s]", dev);
1541 ret = pcap_lookupnet(dev, &netp, &maskp, errbuf);
1543 STC_LOGE("Failed to look up net [%s]", errbuf);
1544 return STC_ERROR_FAIL;
1547 inet_ntop(AF_INET, &netp, net, BUFF_SIZE_IP);
1548 STC_LOGD("Net [%s]", net);
1550 inet_ntop(AF_INET, &maskp, mask, BUFF_SIZE_IP);
1551 STC_LOGD("Mask [%s]", mask);
1553 return STC_ERROR_NONE;
1556 int stc_plugin_pcap_find_all_devs(GVariantBuilder *builder)
1558 char net[BUFF_SIZE_IP];
1559 char mask[BUFF_SIZE_IP];
1560 char errbuf[PCAP_ERRBUF_SIZE];
1561 pcap_if_t *alldevs = NULL;
1562 pcap_if_t *dev = NULL;
1566 if (pcap_findalldevs(&alldevs, errbuf) < 0 ||
1568 STC_LOGE("Failed to find all devs [%s]", errbuf);
1569 return STC_ERROR_FAIL;
1572 for (dev = alldevs; dev; dev = dev->next) {
1573 GVariantBuilder sub_builder;
1575 g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}"));
1577 STC_LOGD("Dev [%s]", dev->name);
1578 g_variant_builder_add(&sub_builder, "{sv}", PCAP_DEV_NAME,
1579 g_variant_new_string(dev->name));
1581 if (dev->description) {
1582 STC_LOGD("Decs [%s]", dev->description);
1583 g_variant_builder_add(&sub_builder, "{sv}", PCAP_DEV_DECS,
1584 g_variant_new_string(dev->description));
1587 if (pcap_lookupnet(dev->name, &netp, &maskp, errbuf) == -1) {
1588 STC_LOGE("Failed to look up net [%s]", errbuf);
1589 g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder));
1593 inet_ntop(AF_INET, &netp, net, BUFF_SIZE_IP);
1594 STC_LOGD("Net [%s]", net);
1595 g_variant_builder_add(&sub_builder, "{sv}", PCAP_DEV_NET,
1596 g_variant_new_string(net));
1598 inet_ntop(AF_INET, &maskp, mask, BUFF_SIZE_IP);
1599 STC_LOGD("Mask [%s]", mask);
1600 g_variant_builder_add(&sub_builder, "{sv}", PCAP_DEV_MASK,
1601 g_variant_new_string(mask));
1603 g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder));
1606 pcap_freealldevs(alldevs);
1608 return STC_ERROR_NONE;
1611 int stc_plugin_pcap_register_loop(const char *ifname,
1614 stc_pcap_data_s *data;
1615 stc_pcap_data_s *lookup;
1616 char buf[MAX_IFACE_LENGTH];
1618 ret_value_msg_if(g_pcap_tables == NULL,
1620 "pcap tables is not initialized!");
1622 ret_value_msg_if(ifname == NULL,
1624 "Invalid parameter [ifname]");
1626 snprintf(buf, sizeof(buf), "%s:%d", ifname, nflog_group);
1628 lookup = g_hash_table_lookup(g_pcap_tables, buf);
1630 STC_LOGD("pcap loop already present");
1631 return STC_ERROR_ALREADY_DATA;
1634 data = MALLOC0(stc_pcap_data_s, 1);
1636 STC_LOGE("data allocation failed");
1637 return STC_ERROR_OUT_OF_MEMORY;
1640 data->ifname = g_strdup(ifname);
1641 data->nfname = g_strdup(buf);
1642 data->nflog_group = nflog_group;
1643 data->thread = g_thread_new(buf, __pcap_thread_func, data);
1645 g_hash_table_insert(g_pcap_tables, g_strdup(buf), data);
1646 STC_LOGD("Successfully added pcap loop [%s]", buf);
1648 return STC_ERROR_NONE;
1651 int stc_plugin_pcap_unregister_loop(const char *ifname,
1654 stc_pcap_data_s *lookup;
1655 char buf[MAX_IFACE_LENGTH];
1657 ret_value_msg_if(g_pcap_tables == NULL,
1659 "pcap tables is not initialized!");
1661 ret_value_msg_if(ifname == NULL,
1663 "Invalid parameter [ifname]");
1665 snprintf(buf, sizeof(buf), "%s:%d", ifname, nflog_group);
1667 lookup = g_hash_table_lookup(g_pcap_tables, buf);
1669 STC_LOGE("pcap loop not found");
1670 __STC_LOG_FUNC_EXIT__;
1671 return STC_ERROR_NO_DATA;
1674 pcap_breakloop(lookup->handle);
1675 STC_LOGD("Successfully removed pcap loop [%s]", buf);
1677 return STC_ERROR_NONE;
1680 int stc_plugin_pcap_get_all_loop(GVariantBuilder *builder)
1682 ret_value_msg_if(g_pcap_tables == NULL,
1684 "pcap tables is not initialized!");
1686 g_hash_table_foreach(g_pcap_tables, __pcap_make_params, builder);
1688 return STC_ERROR_NONE;
1691 API stc_plugin_pcap_s stc_plugin_pcap = {
1692 .initialize_plugin =
1693 stc_plugin_pcap_initialize,
1694 .deinitialize_plugin =
1695 stc_plugin_pcap_deinitialize,
1697 stc_plugin_pcap_lookup_dev,
1699 stc_plugin_pcap_lookup_net,
1701 stc_plugin_pcap_find_all_devs,
1703 stc_plugin_pcap_register_loop,
1705 stc_plugin_pcap_unregister_loop,
1707 stc_plugin_pcap_get_all_loop