1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
|
/*
* Copyright (c) 2012 Jakub Zawadzki
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <string.h>
#include <time.h>
#include <sys/time.h>
#include <dbus/dbus.h>
#include "pcap-int.h"
#include "pcap-dbus.h"
/*
* Private data for capturing on D-Bus.
*/
struct pcap_dbus {
DBusConnection *conn;
u_int packets_read; /* count of packets read */
};
static int
dbus_read(pcap_t *handle, int max_packets _U_, pcap_handler callback, u_char *user)
{
struct pcap_dbus *handlep = handle->priv;
struct pcap_pkthdr pkth;
DBusMessage *message;
char *raw_msg;
int raw_msg_len;
int count = 0;
message = dbus_connection_pop_message(handlep->conn);
while (!message) {
/* XXX handle->opt.timeout = timeout_ms; */
if (!dbus_connection_read_write(handlep->conn, 100)) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Connection closed");
return -1;
}
if (handle->break_loop) {
handle->break_loop = 0;
return -2;
}
message = dbus_connection_pop_message(handlep->conn);
}
if (dbus_message_is_signal(message, DBUS_INTERFACE_LOCAL, "Disconnected")) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Disconnected");
return -1;
}
if (dbus_message_marshal(message, &raw_msg, &raw_msg_len)) {
pkth.caplen = pkth.len = raw_msg_len;
/* pkth.caplen = min (payload_len, handle->snapshot); */
gettimeofday(&pkth.ts, NULL);
if (handle->fcode.bf_insns == NULL ||
pcap_filter(handle->fcode.bf_insns, (u_char *)raw_msg, pkth.len, pkth.caplen)) {
handlep->packets_read++;
callback(user, &pkth, (u_char *)raw_msg);
count++;
}
dbus_free(raw_msg);
}
return count;
}
static int
dbus_write(pcap_t *handle, const void *buf, int size)
{
/* XXX, not tested */
struct pcap_dbus *handlep = handle->priv;
DBusError error = DBUS_ERROR_INIT;
DBusMessage *msg;
if (!(msg = dbus_message_demarshal(buf, size, &error))) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "dbus_message_demarshal() failed: %s", error.message);
dbus_error_free(&error);
return -1;
}
dbus_connection_send(handlep->conn, msg, NULL);
dbus_connection_flush(handlep->conn);
dbus_message_unref(msg);
return 0;
}
static int
dbus_stats(pcap_t *handle, struct pcap_stat *stats)
{
struct pcap_dbus *handlep = handle->priv;
stats->ps_recv = handlep->packets_read;
stats->ps_drop = 0;
stats->ps_ifdrop = 0;
return 0;
}
static void
dbus_cleanup(pcap_t *handle)
{
struct pcap_dbus *handlep = handle->priv;
dbus_connection_unref(handlep->conn);
pcap_cleanup_live_common(handle);
}
/*
* We don't support non-blocking mode. I'm not sure what we'd
* do to support it and, given that we don't support select()/
* poll()/epoll_wait()/kevent() etc., it probably doesn't
* matter.
*/
static int
dbus_getnonblock(pcap_t *p)
{
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"Non-blocking mode isn't supported for capturing on D-Bus");
return (-1);
}
static int
dbus_setnonblock(pcap_t *p, int nonblock _U_)
{
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"Non-blocking mode isn't supported for capturing on D-Bus");
return (-1);
}
static int
dbus_activate(pcap_t *handle)
{
#define EAVESDROPPING_RULE "eavesdrop=true,"
static const char *rules[] = {
EAVESDROPPING_RULE "type='signal'",
EAVESDROPPING_RULE "type='method_call'",
EAVESDROPPING_RULE "type='method_return'",
EAVESDROPPING_RULE "type='error'",
};
#define N_RULES sizeof(rules)/sizeof(rules[0])
struct pcap_dbus *handlep = handle->priv;
const char *dev = handle->opt.device;
DBusError error = DBUS_ERROR_INIT;
u_int i;
if (strcmp(dev, "dbus-system") == 0) {
if (!(handlep->conn = dbus_bus_get(DBUS_BUS_SYSTEM, &error))) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Failed to get system bus: %s", error.message);
dbus_error_free(&error);
return PCAP_ERROR;
}
} else if (strcmp(dev, "dbus-session") == 0) {
if (!(handlep->conn = dbus_bus_get(DBUS_BUS_SESSION, &error))) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Failed to get session bus: %s", error.message);
dbus_error_free(&error);
return PCAP_ERROR;
}
} else if (strncmp(dev, "dbus://", 7) == 0) {
const char *addr = dev + 7;
if (!(handlep->conn = dbus_connection_open(addr, &error))) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Failed to open connection to: %s: %s", addr, error.message);
dbus_error_free(&error);
return PCAP_ERROR;
}
if (!dbus_bus_register(handlep->conn, &error)) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Failed to register bus %s: %s\n", addr, error.message);
dbus_error_free(&error);
return PCAP_ERROR;
}
} else {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't get bus address from %s", handle->opt.device);
return PCAP_ERROR;
}
/* Initialize some components of the pcap structure. */
handle->bufsize = 0;
handle->offset = 0;
handle->linktype = DLT_DBUS;
handle->read_op = dbus_read;
handle->inject_op = dbus_write;
handle->setfilter_op = install_bpf_program; /* XXX, later add support for dbus_bus_add_match() */
handle->setdirection_op = NULL;
handle->set_datalink_op = NULL; /* can't change data link type */
handle->getnonblock_op = dbus_getnonblock;
handle->setnonblock_op = dbus_setnonblock;
handle->stats_op = dbus_stats;
handle->cleanup_op = dbus_cleanup;
#ifndef _WIN32
/*
* Unfortunately, trying to do a select()/poll()/epoll_wait()/
* kevent()/etc. on a D-Bus connection isn't a simple
* case of "give me an FD on which to wait".
*
* Apparently, you have to register "add watch", "remove watch",
* and "toggle watch" functions with
* dbus_connection_set_watch_functions(),
* keep a *set* of FDs, add to that set in the "add watch"
* function, subtract from it in the "remove watch" function,
* and either add to or subtract from that set in the "toggle
* watch" function, and do the wait on *all* of the FDs in the
* set. (Yes, you need the "toggle watch" function, so that
* the main loop doesn't itself need to check for whether
* a given watch is enabled or disabled - most libpcap programs
* know nothing about D-Bus and shouldn't *have* to know anything
* about D-Bus other than how to decode D-Bus messages.)
*
* Implementing that would require considerable changes in
* the way libpcap exports "selectable FDs" to its client.
* Until that's done, we just say "you can't do that".
*/
handle->selectable_fd = handle->fd = -1;
#endif
if (handle->opt.rfmon) {
/*
* Monitor mode doesn't apply to dbus connections.
*/
dbus_cleanup(handle);
return PCAP_ERROR_RFMON_NOTSUP;
}
/*
* Turn a negative snapshot value (invalid), a snapshot value of
* 0 (unspecified), or a value bigger than the normal maximum
* value, into the maximum message length for D-Bus (128MB).
*/
if (handle->snapshot <= 0 || handle->snapshot > 134217728)
handle->snapshot = 134217728;
/* dbus_connection_set_max_message_size(handlep->conn, handle->snapshot); */
if (handle->opt.buffer_size != 0)
dbus_connection_set_max_received_size(handlep->conn, handle->opt.buffer_size);
for (i = 0; i < N_RULES; i++) {
dbus_bus_add_match(handlep->conn, rules[i], &error);
if (dbus_error_is_set(&error)) {
dbus_error_free(&error);
/* try without eavesdrop */
dbus_bus_add_match(handlep->conn, rules[i] + strlen(EAVESDROPPING_RULE), &error);
if (dbus_error_is_set(&error)) {
pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Failed to add bus match: %s\n", error.message);
dbus_error_free(&error);
dbus_cleanup(handle);
return PCAP_ERROR;
}
}
}
return 0;
}
pcap_t *
dbus_create(const char *device, char *ebuf, int *is_ours)
{
pcap_t *p;
if (strcmp(device, "dbus-system") &&
strcmp(device, "dbus-session") &&
strncmp(device, "dbus://", 7))
{
*is_ours = 0;
return NULL;
}
*is_ours = 1;
p = pcap_create_common(ebuf, sizeof (struct pcap_dbus));
if (p == NULL)
return (NULL);
p->activate_op = dbus_activate;
/*
* Set these up front, so that, even if our client tries
* to set non-blocking mode before we're activated, or
* query the state of non-blocking mode, they get an error,
* rather than having the non-blocking mode option set
* for use later.
*/
p->getnonblock_op = dbus_getnonblock;
p->setnonblock_op = dbus_setnonblock;
return (p);
}
int
dbus_findalldevs(pcap_if_list_t *devlistp, char *err_str)
{
/*
* The notion of "connected" vs. "disconnected" doesn't apply.
* XXX - what about the notions of "up" and "running"?
*/
if (add_dev(devlistp, "dbus-system",
PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, "D-Bus system bus",
err_str) == NULL)
return -1;
if (add_dev(devlistp, "dbus-session",
PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, "D-Bus session bus",
err_str) == NULL)
return -1;
return 0;
}
|