File Coverage

blib/lib/Socket/Packet.pm

Criterion	Covered	Total	%
statement	12	12	100.0
branch			n/a
condition			n/a
subroutine	4	4	100.0
pod			n/a
total	16	16	100.0

line	stmt	sub	time	code
1				# You may distribute under the terms of either the GNU General Public License
2				# or the Artistic License (the same terms as Perl itself)
3				#
4				# (C) Paul Evans, 2009-2020 -- leonerd@leonerd.org.uk
5
6				package Socket::Packet;
7
8	8	8	430554	use strict;
	8		71
	8		238
9	8	8	47	use warnings;
	8		14
	8		196
10
11	8	8	42	use Carp;
	8		16
	8		601
12
13				our $VERSION = '0.11';
14
15	8	8	50	use Exporter 'import';
	8		23
	8		1196
16				our @EXPORT_OK = qw(
17				pack_sockaddr_ll unpack_sockaddr_ll
18				pack_packet_mreq unpack_packet_mreq
19				unpack_tpacket_stats
20				siocgstamp
21				siocgstampns
22				siocgifindex
23				siocgifname
24				recv_len
25
26				setup_rx_ring
27				get_ring_frame_status
28				get_ring_frame
29				done_ring_frame
30				);
31
32				require XSLoader;
33				XSLoader::load( __PACKAGE__, $VERSION );
34
35				=head1 NAME
36
37				C - interface to Linux's C socket family
38
39				=head1 SYNOPSIS
40
41				use Socket qw( SOCK_RAW );
42				use Socket::Packet qw(
43				PF_PACKET
44				ETH_P_ALL
45				pack_sockaddr_ll unpack_sockaddr_ll
46				);
47
48				socket( my $sock, PF_PACKET, SOCK_RAW, 0 )
49				or die "Cannot socket() - $!\n";
50
51				bind( $sock, pack_sockaddr_ll( ETH_P_ALL, 0, 0, 0, "" ) )
52				or die "Cannot bind() - $!\n";
53
54				while( my $addr = recv( $sock, my $packet, 8192, 0 ) ) {
55				my ( $proto, $ifindex, $hatype, $pkttype, $addr )
56				= unpack_sockaddr_ll( $addr );
57
58				...
59				}
60
61				=head1 DESCRIPTION
62
63				To quote C:
64
65				Packet sockets are used to receive or send raw packets at the device driver
66				(OSI Layer 2) level. They allow the user to implement protocol modules in
67				user space on top of the physical layer.
68
69				Sockets in the C family get direct link-level access to the
70				underlying hardware (i.e. Ethernet or similar). They are usually used to
71				implement packet capturing, or sending of specially-constructed packets
72				or to implement protocols the underlying kernel does not recognise.
73
74				The use of C sockets is usually restricted to privileged users
75				only.
76
77				This module also provides various other support functions which wrap
78				Cs or socket options. This includes support for C,
79				the high-performance zero-copy packet receive buffering, if the underlying
80				platform supports it.
81
82				=cut
83
84				=head1 CONSTANTS
85
86				The following constants are exported
87
88				=over 8
89
90				=item PF_PACKET
91
92				The packet family (for C calls)
93
94				=item AF_PACKET
95
96				The address family
97
98				=item PACKET_HOST
99
100				This packet is inbound unicast for this host.
101
102				=item PACKET_BROADCAST
103
104				This packet is inbound broadcast.
105
106				=item PACKET_MULTICAST
107
108				This packet is inbound multicast.
109
110				=item PACKET_OTHERHOST
111
112				This packet is inbound unicast for another host.
113
114				=item PACKET_OUTGOING
115
116				This packet is outbound.
117
118				=item ETH_P_ALL
119
120				Pseudo-protocol number to capture all protocols.
121
122				=item SOL_PACKET
123
124				Socket option level for C and C.
125
126				=back
127
128				=cut
129
130				=head1 SOCKET OPTIONS
131
132				The following constants define socket options
133
134				=over 8
135
136				=item PACKET_STATISTICS (get; struct tpacket_stats)
137
138				Packet received and drop counters.
139
140				=item PACKET_ORIGDEV (get or set; int)
141
142				Received packets will indicate the originally-received device, rather than the
143				apparent one. This mainly relates to Ethernet bonding or VLANs.
144
145				This socket option is optional, and may not be provided on all platforms.
146
147				=item PACKET_ADD_MEMBERSHIP (set; struct packet_mreq)
148
149				=item PACKET_DROP_MEMBERSHIP (set; struct packet_mreq)
150
151				Membership of multicast or broadcast groups, or set promiscuous mode.
152
153				The C C field should be one of the following:
154
155				=over 4
156
157				=item PACKET_MR_MULTICAST
158
159				A multicast group
160
161				=item PACKET_MR_PROMISC
162
163				Set or clear the promiscuous flag; the address is ignored
164
165				=item PACKET_MR_ALLMULTI
166
167				Set or clear the allmulti flag; the address is ignored
168
169				=back
170
171				=back
172
173				=cut
174
175				=head1 FUNCTIONS
176
177				The following pair of functions operate on C address structures.
178				The meanings of the parameters are:
179
180				=over 8
181
182				=item protocol
183
184				An ethertype protocol number. When using an address with C, the
185				constant C can be used instead, to capture any protocol. The
186				C and C functions byte-swap this
187				value to or from network endian order.
188
189				=item ifindex
190
191				The index number of the interface on which the packet was sent or received.
192				When using an address with C, the value C<0> can be used instead, to
193				watch all interfaces.
194
195				=item hatype
196
197				The hardware ARP type of hardware address.
198
199				=item pkttype
200
201				The type of the packet; indicates if it was sent or received. Will be one of
202				the C values.
203
204				=item addr
205
206				The underlying hardware address, in the type given by C.
207
208				=back
209
210				=head2 pack_sockaddr_ll
211
212				$a = pack_sockaddr_ll( $protocol, $ifindex, $hatype, $pkttype, $addr )
213
214				Returns a C structure with the fields packed into it.
215
216				=head2 unpack_sockaddr_ll
217
218				( $protocol, $ifindex, $hatype, $pkttype, $addr ) = unpack_sockaddr_ll( $a )
219
220				Takes a C structure and returns the unpacked fields from it.
221
222				=head2 pack_packet_mreq
223
224				$mreq = pack_packet_mreq( $ifindex, $type, $addr )
225
226				Returns a C structure with the fields packed into it.
227
228				=head2 unpack_packet_mreq
229
230				( $ifindex, $type, $addr ) = unpack_packet_mreq( $mreq )
231
232				Takes a C structure and returns the unpacked fields from it.
233
234				=head2 unpack_tpacket_stats
235
236				( $packets, $drops ) = unpack_tpacket_stats( $stats )
237
238				Takes a C structure from the C sockopt and
239				returns the unpacked fields from it.
240
241				=head2 siocgstamp
242
243				$time = siocgstamp( $sock )
244
245				( $sec, $usec ) = siocgstamp( $sock )
246
247				Returns the timestamp of the last received packet on the socket (as obtained
248				by the C C). In scalar context, returns a single
249				floating-point value in UNIX epoch seconds. In list context, returns the
250				number of seconds, and the number of microseconds.
251
252				=head2 siocgstampns
253
254				$time = siocgstampns( $sock )
255
256				( $sec, $nsec ) = siocgstampns( $sock )
257
258				Returns the nanosecond-precise timestamp of the last received packet on the
259				socket (as obtained by the C C). In scalar context,
260				returns a single floating-point value in UNIX epoch seconds. In list context,
261				returns the number of seconds, and the number of nanoseconds.
262
263				=head2 siocgifindex
264
265				$ifindex = siocgifindex( $sock, $ifname )
266
267				Returns the C of the interface with the given name if one exists, or
268				C if not. C<$sock> does not need to be a C socket, any
269				socket handle will do.
270
271				=head2 siocgifname
272
273				$ifname = siocgifname( $sock, $ifindex )
274
275				Returns the C of the interface at the given index if one exists, or
276				C if not. C<$sock> does not need to be a C socket, any
277				socket handle will do.
278
279				=head2 recv_len
280
281				( $addr, $len ) = recv_len( $sock, $buffer, $maxlen, $flags )
282
283				Similar to Perl's C builtin, except it returns the packet length as an
284				explict return value. This may be useful if C<$flags> contains the
285				C flag, obtaining the true length of the packet on the wire, even
286				if this is longer than the data written in the buffer.
287
288				=cut
289
290				=head1 RING-BUFFER FUNCTIONS
291
292				The following functions operate on the high-performance memory-mapped buffer
293				feature of C, allowing efficient packet-capture applications to
294				share a buffer with the kernel directly, avoiding the need for per-packet
295				system calls to C (and possibly C to obtain the timestamp).
296
297				The ring-buffer is optional, and may not be implemented on all platforms. If
298				it is not implemented, then all the following functions will die with an error
299				message.
300
301				=cut
302
303				=head2 setup_rx_ring
304
305				$size = setup_rx_ring( $sock, $frame_size, $frame_nr, $block_size )
306
307				Sets up the ring-buffer on the socket. The buffer will store C<$frame_nr>
308				frames of up to C<$frame_size> bytes each (including metadata headers), and
309				will be split in the kernel in blocks of C<$block_size> bytes. C<$block_size>
310				should be a power of 2, at minimum, 4KiB.
311
312				If successful, the overall size of the buffer in bytes is returned. If not,
313				C is returned, and C<$!> will hold the error value.
314
315				=head2 get_ring_frame_status
316
317				$status = get_ring_frame_status( $sock )
318
319				Returns the frame status of the next frame in the ring.
320
321				The following constants are defined for the status:
322
323				=over 8
324
325				=item TP_STATUS_KERNEL
326
327				This frame belongs to the kernel and userland should not touch it.
328
329				=item TP_STATUS_USER
330
331				This frame belongs to userland and the kernel will not modify it.
332
333				=item TP_STATUS_LOSING
334
335				Bitwise-or'ed with the status if packet loss has occurred since the previous
336				frame.
337
338				=back
339
340				=head2 get_ring_frame
341
342				$len = get_ring_frame( $sock, $buffer, \%info )
343
344				If the next frame is ready for userland, fills in keys of the C<%info> hash
345				with its metadata, sets C<$buffer> to its contents, and return the length of
346				the data. The C<$buffer> variable has its string backing buffer aliased,
347				rather than the buffer copied into, for performance. The caller should not
348				modify the variable, nor attempt to access it after the socket has been
349				closed.
350
351				If the frame is not yet ready, this function returns undef.
352
353				The following fields are returned:
354
355				=over 8
356
357				=item tp_status
358
359				The status of the frame; see C
360
361				=item tp_len
362
363				The length of the packet on the wire, in bytes
364
365				=item tp_snaplen
366
367				The length of the packet captured and stored in the buffer, in bytes. This may
368				be shorter than C if, for example, a filter is set on the socket that
369				truncated the packet.
370
371				=item tp_sec
372
373				=item tp_nsec
374
375				The seconds and nanoseconds fields of the timestamp. If the underlying
376				platform does not support C, then this field will only have a
377				resolution of microseconds; i.e. it will be a whole multiple of 1000.
378
379				=item tp_vlan_tci
380
381				VLAN information about the packet, if the underlying platform supports
382				C. If this is not supported, the key will not be present in the
383				hash
384
385				=item sll_protocol
386
387				=item sll_ifindex
388
389				=item sll_hatype
390
391				=item sll_pkttype
392
393				=item sll_addr
394
395				Fields from the C; see above for more detail
396
397				=back
398
399				=head2 clear_ring_frame
400
401				clear_ring_frame( $sock )
402
403				Clears the status of current frame to hand it back to the kernel and moves on
404				to the next.
405
406				=cut
407
408				=head1 SEE ALSO
409
410				=over 4
411
412				=item *
413
414				L - Object interface to C domain sockets
415
416				=item *
417
418				L - interface to Linux's socket packet filtering
419
420				=item *
421
422				C - packet, AF_PACKET - packet interface on device level
423
424				=back
425
426				=head1 AUTHOR
427
428				Paul Evans
429
430				=cut
431
432				0x55AA;