Created
October 18, 2020 15:46
-
-
Save rzezeski/6e99738bddc7f3a5fd0b90f9c6c4d187 to your computer and use it in GitHub Desktop.
Intercept all IP packets arriving at mac_rx_common() and print basic header info along with mac group + ring.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Print basic Ethernet frame and IP header info for all IPv4 traffic | |
| * that hits mac_rx_common() along with the group and ring it came in | |
| * on. | |
| */ | |
| #pragma D option quiet | |
| #include <inttypes.h> | |
| #include <sys/types.h> | |
| #include <sys/pattr.h> | |
| #include <sys/vlan.h> | |
| #define ETH_FMT "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" | |
| BEGIN | |
| { | |
| IPP_FILT=1; | |
| HUMAN=1; | |
| } | |
| mac_rx_common:entry | |
| { | |
| this->mr = (mac_ring_t *)args[1]; | |
| } | |
| mac_rx_common:entry /this->mr != NULL/ | |
| { | |
| this->mg = (mac_group_t *)this->mr->mr_gh; | |
| this->mp = args[2]; | |
| this->eh = (struct ether_header *)this->mp->b_rptr; | |
| this->l2type = ntohs(this->eh->ether_type); | |
| this->need_lf = 0; | |
| if (this->l2type == ETHERTYPE_VLAN) { | |
| this->evh = (struct ether_vlan_header *)this->mp->b_rptr; | |
| this->l2type = ntohs(this->evh->ether_type); | |
| this->l2dst = &(this->evh->ether_dhost.ether_addr_octet[0]); | |
| this->l2src = &(this->evh->ether_shost.ether_addr_octet[0]); | |
| this->vid = VLAN_ID(ntohs(this->evh->ether_tci)); | |
| this->eh = NULL; | |
| this->offset = 18; | |
| } else { | |
| this->l2dst = &(this->eh->ether_dhost.ether_addr_octet[0]); | |
| this->l2src = &(this->eh->ether_shost.ether_addr_octet[0]); | |
| this->vid = 0; | |
| this->offset = 14; | |
| } | |
| if (this->l2type == 0x800) { | |
| this->ipha = (ipha_t *)(this->mp->b_rptr + this->offset); | |
| this->l3src = inet_ntoa(&this->ipha->ipha_src); | |
| this->l3dst = inet_ntoa(&this->ipha->ipha_dst); | |
| this->l3proto = this->ipha->ipha_protocol; | |
| } | |
| if (this->l2type == 0x800 && | |
| (IPP_FILT == -1 || this->l3proto == IPP_FILT)) { | |
| if (HUMAN) { | |
| printf("%-8s %4u/%-4u ", | |
| this->mg->mrg_index == 0 ? "DEFAULT" : "RESERVED", | |
| this->mg->mrg_index, this->mr->mr_index); | |
| } else { | |
| printf("0x%p %u 0x%p %u ", this->mg, | |
| this->mg->mrg_index, this->mr, this->mr->mr_index); | |
| } | |
| printf(ETH_FMT, this->l2src[0], this->l2src[1], this->l2src[2], | |
| this->l2src[3], this->l2src[4], this->l2src[5]); | |
| printf(" "); | |
| printf(ETH_FMT, this->l2dst[0], this->l2dst[1], this->l2dst[2], | |
| this->l2dst[3], this->l2dst[4], this->l2dst[5]); | |
| printf(" %-.4x", this->l2type); | |
| printf(" %-4u", this->vid); | |
| printf(" %-15s %-15s %-4u\n", this->l3src, this->l3dst, | |
| this->l3proto); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment