2 * copy diverted (or tee'd) packets to a file in 'tcpdump' format
3 * (ie. this uses the '-lpcap' routines).
6 * # ipfwpcap -r 8091 divt.log &
7 * # ipfw add 2864 divert 8091 ip from 128.432.53.82 to any
8 * # ipfw add 2864 divert 8091 ip from any to 128.432.53.82
10 * the resulting dump file can be read with ...
11 * # tcpdump -nX -r divt.log
14 * Written by P Kern { pkern [AT] cns.utoronto.ca }
16 * Copyright (c) 2004 University of Toronto. All rights reserved.
17 * Anyone may use or copy this software except that this copyright
18 * notice remain intact and that credit is given where it is due.
19 * The University of Toronto and the author make no warranty and
20 * accept no liability for this software.
22 * From: Header: /local/src/local.lib/SRC/ipfwpcap/RCS/ipfwpcap.c,v 1.4 2004/01/15 16:19:07 pkern Exp
33 #include <sys/types.h>
35 #include <sys/param.h> /* for MAXPATHLEN */
36 #include <sys/socket.h>
37 #include <netinet/in.h>
39 #include <netinet/in_systm.h> /* for IP_MAXPACKET */
40 #include <netinet/ip.h> /* for IP_MAXPACKET */
42 /* XXX normally defined in config.h */
43 #define HAVE_STRLCPY 1
44 #define HAVE_SNPRINTF 1
45 #define HAVE_VSNPRINTF 1
46 #include <pcap-int.h> /* see pcap(3) and /usr/src/contrib/libpcap/. */
49 #define BUFMAX IP_MAXPACKET
55 #define MAXPATHLEN 1024
59 static int reflect = 0; /* 1 == write packet back to socket. */
61 static ssize_t totbytes = 0, maxbytes = 0;
62 static ssize_t totpkts = 0, maxpkts = 0;
65 char pidfile[MAXPATHLEN] = { '\0' };
74 (void) unlink(pidfile);
80 * - save my own pid in /var/run/$0.{port#}.pid
89 numlen = sizeof(numbuf);
90 bzero(numbuf, numlen);
91 snprintf(numbuf, numlen-1, "%ld\n", getpid());
92 numlen = strlen(numbuf);
94 if (pidfile[0] == '\0') {
95 p = (char *)rindex(prog, '/');
96 p = (p == NULL) ? prog : p+1 ;
98 snprintf(pidfile, sizeof(pidfile)-1,
99 "%s%s.%d.pid", _PATH_VARRUN, p, pn);
102 fd = open(pidfile, O_WRONLY|O_CREAT|O_EXCL, 0644);
103 if (fd < 0) { perror(pidfile); exit(21); }
105 siginterrupt(SIGTERM, 1);
106 siginterrupt(SIGHUP, 1);
107 signal (SIGTERM, quit);
108 signal (SIGHUP, quit);
109 signal (SIGINT, quit);
111 n = write(fd, numbuf, numlen);
112 if (n < 0) { perror(pidfile); quit(23); }
121 %s [-dr] [-b maxbytes] [-p maxpkts] [-P pidfile] portnum dumpfile\n\
124 '-d' = enable debugging messages.\n\
125 '-r' = reflect. write packets back to the divert socket.\n\
126 (ie. simulate the original intent of \"ipfw tee\").\n\
127 '-rr' = indicate that it is okay to quit if packet-count or\n\
128 byte-count limits are reached (see the NOTE below\n\
129 about what this implies).\n\
130 '-b bytcnt' = stop dumping after {bytcnt} bytes.\n\
131 '-p pktcnt' = stop dumping after {pktcnt} packets.\n\
132 '-P pidfile' = alternate file to store the PID\n\
133 (default: /var/run/%s.{portnum}.pid).\n\
135 portnum = divert(4) socket port number.\n\
136 dumpfile = file to write captured packets (tcpdump format).\n\
137 (specify '-' to write packets to stdout).\n\
142 The '-r' option should not be necessary, but because \"ipfw tee\" is broken\n\
143 (see BUGS in ipfw(8) for details) this feature can be used along with\n\
144 an \"ipfw divert\" rule to simulate the original intent of \"ipfw tee\".\n\
146 NOTE: With an \"ipfw divert\" rule, diverted packets will silently\n\
147 disappear if there is nothing listening to the divert socket.\n\
157 int r, sd, portnum, l;
158 struct sockaddr_in sin;
166 char *dumpf, buf[BUFMAX];
170 struct pcap_pkthdr phd;
174 while ((r = getopt(ac, av, "drb:p:P:")) != -1) {
183 maxbytes = (ssize_t) atol(optarg);
186 maxpkts = (ssize_t) atoi(optarg);
189 strcpy(pidfile, optarg);
198 if ((ac - optind) != 2 || errflg)
201 portnum = atoi(av[optind++]);
204 if (debug) fprintf(stderr, "bind to %d.\ndump to '%s'.\n", portnum, dumpf);
206 if ((r = socket(PF_INET, SOCK_RAW, IPPROTO_DIVERT)) == -1) {
207 perror("socket(DIVERT)");
212 sin.sin_port = htons(portnum);
213 sin.sin_family = AF_INET;
214 sin.sin_addr.s_addr = INADDR_ANY;
216 if (bind(sd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
217 perror("bind(divert)");
221 p = pcap_open_dead(DLT_RAW, BUFMAX);
222 dp = pcap_dump_open(p, dumpf);
224 pcap_perror(p, dumpf);
235 r = select(nfd, &rds, NULL, NULL, NULL);
237 if (errno == EINTR) continue;
242 if (!FD_ISSET(sd, &rds))
247 * use recvfrom(3 and sendto(3) as in natd(8).
248 * see /usr/src/sbin/natd/natd.c
249 * see ipfw(8) about using 'divert' and 'tee'.
256 nr = recvfrom(sd, buf, sizeof(buf), 0, (struct sockaddr *)&sin, &l);
257 if (debug) fprintf(stderr, "recvfrom(%d) = %d (%d)\n", sd, nr, l);
258 if (nr < 0 && errno != EINTR) {
259 perror("recvfrom(sd)");
262 if (nr <= 0) continue;
266 * write packet back so it can continue
267 * being processed by any further IPFW rules.
270 r = sendto(sd, buf, nr, 0, (struct sockaddr *)&sin, l);
271 if (debug) fprintf(stderr, " sendto(%d) = %d\n", sd, r);
272 if (r < 0) { perror("sendto(sd)"); quit(13); }
276 * check maximums, if any.
277 * but don't quit if must continue reflecting packets.
281 if (totpkts > maxpkts) {
282 if (reflect == 1) continue;
288 if (totbytes > maxbytes) {
289 if (reflect == 1) continue;
295 * save packet in tcpdump(1) format. see pcap(3).
296 * divert packets are fully assembled. see ipfw(8).
298 (void) gettimeofday(&(phd.ts), NULL);
299 phd.caplen = phd.len = nr;
300 pcap_dump((u_char *)dp, &phd, buf);
301 if (ferror((FILE *)dp)) { perror(dumpf); quit(14); }
302 (void) fflush((FILE *)dp);
projects / FreeBSD / FreeBSD.git / blob