#include <stdio.h>
#include <unistd.h>
#include <stropts.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <fcntl.h>
#include <stdarg.h>
#include <setjmp.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <signal.h>
#include <sys/mman.h>
#include <assert.h>
#include <sys/sysmacros.h>
#include <sys/socket.h>
#include <sys/pfmod.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include "snoop.h"
static int snaplen;
sigjmp_buf jmp_env, ojmp_env;
int snoop_nrecover;
int quitting;
static struct snoop_handler *snoop_hp;
static struct snoop_handler *snoop_tp;
static time_t snoop_nalarm;
#define MAXSUM 8
#define REDZONE 64
static char *sumline[MAXSUM];
static char *detail_line;
static char *line;
static char *encap;
static int audio;
int maxcount;
int count;
static int sumcount;
int x_offset = -1;
int x_length = 0x7fffffff;
FILE *namefile;
boolean_t Pflg;
boolean_t Iflg;
boolean_t fflg;
boolean_t qflg;
boolean_t rflg;
#ifdef DEBUG
boolean_t zflg;
#endif
struct Pf_ext_packetfilt pf;
static int vlanid = 0;
static void usage(void);
static void snoop_sigrecover(int sig, siginfo_t *info, void *p);
static char *protmalloc(size_t);
static void resetperm(void);
static char *
process_ocapfile(const char *arg, size_t *nfiles, off_t *limit)
{
char *ptr = strdup(arg);
char *name, *data;
const char *errstr;
long long n, m;
int i;
name = strsep(&ptr, ":");
data = strsep(&ptr, ":");
if (data == NULL || ptr == NULL)
usage();
n = strtonum(data, 1, 100, &errstr);
if (errstr != NULL) {
printf("%s: value %s: %s\n", __func__, data, errstr);
usage();
}
*nfiles = n;
m = 1;
i = strlen(ptr);
if (i > 0)
i--;
switch (ptr[i]) {
case 'k':
m = 1024;
ptr[i] = '\0';
break;
case 'm':
m = 1024 * 1024;
ptr[i] = '\0';
break;
case 'g':
m = 1024 * 1024 * 1024;
ptr[i] = '\0';
break;
}
n = strtonum(ptr, 1, MAXOFF_T, &errstr);
if (errstr != NULL) {
printf("%s: value %s: %s\n", __func__, ptr, errstr);
usage();
}
*limit = n * m;
return (name);
}
int
main(int argc, char **argv)
{
int c;
int filter = 0;
int flags = F_SUM;
struct Pf_ext_packetfilt *fp = NULL;
char *icapfile = NULL;
char *ocapfile = NULL;
boolean_t nflg = B_FALSE;
boolean_t Nflg = B_FALSE;
int Cflg = 0;
boolean_t Qflg = B_FALSE;
boolean_t Uflg = B_FALSE;
int first = 1;
int last = 0x7fffffff;
boolean_t use_kern_pf;
char *p, *p2;
char names[MAXPATHLEN + 1];
char self[MAXHOSTNAMELEN + 1];
char *argstr = NULL;
void (*proc)();
char *audiodev;
int ret;
struct sigaction sigact;
stack_t sigstk;
char *output_area;
int nbytes;
char *datalink = NULL;
dlpi_handle_t dh;
size_t nfiles = 0;
off_t limit = 0;
int direction = DIR_INOUT;
names[0] = '\0';
nbytes = (MAXSUM + 3) * (MAXLINE + REDZONE);
output_area = protmalloc(nbytes);
if (output_area == NULL) {
perror("Warning: mmap");
exit(1);
}
for (ret = 0; ret < MAXSUM; ret++) {
sumline[ret] = (char *)output_area;
output_area += (MAXLINE + REDZONE);
}
detail_line = output_area;
output_area += MAXLINE + REDZONE;
line = output_area;
output_area += MAXLINE + REDZONE;
encap = output_area;
output_area += MAXLINE + REDZONE;
if ((sigstk.ss_sp = (char *)malloc(SIGSTKSZ+REDZONE)) == NULL) {
perror("Warning: malloc");
exit(1);
}
sigstk.ss_size = SIGSTKSZ;
sigstk.ss_flags = 0;
if (sigaltstack(&sigstk, (stack_t *)NULL) < 0) {
perror("Warning: sigaltstack");
exit(1);
}
sigact.sa_handler = NULL;
sigact.sa_sigaction = snoop_sigrecover;
(void) sigemptyset(&sigact.sa_mask);
sigact.sa_flags = SA_ONSTACK|SA_SIGINFO;
if (sigaction(SIGHUP, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGINT, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGQUIT, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGILL, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGTRAP, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGIOT, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGEMT, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGFPE, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGBUS, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGSEGV, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGSYS, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGALRM, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigaction(SIGTERM, &sigact, (struct sigaction *)NULL) < 0) {
perror("Warning: sigaction");
exit(1);
}
if (sigsetjmp(jmp_env, 1)) {
exit(1);
}
(void) setvbuf(stdout, NULL, _IOLBF, BUFSIZ);
while ((c = getopt(argc, argv,
"at:CPDSi:O:o:Nn:s:d:I:vVp:fc:x:U?rqQ:z")) != EOF) {
switch (c) {
case 'a':
audiodev = getenv("AUDIODEV");
if (audiodev == NULL)
audiodev = "/dev/audio";
audio = open(audiodev, O_WRONLY);
if (audio < 0) {
pr_err("Audio device %s: %m",
audiodev);
exit(1);
}
break;
case 't':
flags |= F_TIME;
switch (*optarg) {
case 'r': flags |= F_RTIME; break;
case 'a': flags |= F_ATIME; break;
case 'd': break;
default: usage();
}
break;
case 'I':
if (datalink != NULL)
usage();
Iflg = B_TRUE;
datalink = optarg;
break;
case 'P':
Pflg = B_TRUE;
break;
case 'D':
flags |= F_DROPS;
break;
case 'S':
flags |= F_LEN;
break;
case 'i':
icapfile = optarg;
break;
case 'O':
if (ocapfile != NULL)
usage();
ocapfile = process_ocapfile(optarg, &nfiles, &limit);
break;
case 'o':
if (ocapfile != NULL)
usage();
ocapfile = optarg;
break;
case 'N':
Nflg = B_TRUE;
break;
case 'n':
nflg = B_TRUE;
(void) strlcpy(names, optarg, MAXPATHLEN);
break;
case 's':
snaplen = atoi(optarg);
break;
case 'd':
if (Iflg)
usage();
datalink = optarg;
break;
case 'v':
flags &= ~(F_SUM);
flags |= F_DTAIL;
break;
case 'V':
flags |= F_ALLSUM;
break;
case 'p':
p = optarg;
p2 = strpbrk(p, ",:-");
if (p2 == NULL) {
first = last = atoi(p);
} else {
*p2++ = '\0';
first = atoi(p);
last = atoi(p2);
}
break;
case 'f':
fflg = B_TRUE;
break;
case 'x':
p = optarg;
p2 = strpbrk(p, ",:-");
if (p2 == NULL) {
x_offset = atoi(p);
x_length = -1;
} else {
*p2++ = '\0';
x_offset = atoi(p);
x_length = atoi(p2);
}
break;
case 'c':
maxcount = atoi(optarg);
break;
case 'C':
Cflg = B_TRUE;
break;
case 'q':
qflg = B_TRUE;
break;
case 'Q':
Qflg = B_TRUE;
if (strcasecmp("inout", optarg) == 0)
direction = DIR_INOUT;
else if (strcasecmp("in", optarg) == 0)
direction = DIR_IN;
else if (strcasecmp("out", optarg) == 0)
direction = DIR_OUT;
else
usage();
break;
case 'r':
rflg = B_TRUE;
break;
case 'U':
Uflg = B_TRUE;
break;
#ifdef DEBUG
case 'z':
zflg = B_TRUE;
break;
#endif
case '?':
default:
usage();
}
}
if (argc > optind)
argstr = (char *)concat_args(&argv[optind], argc - optind);
if (!icapfile) {
use_kern_pf = open_datalink(&dh, datalink);
} else {
if (Qflg) {
pr_err("cannot specify direction (-Q) when "
"reading from a capture file (-i)");
}
use_kern_pf = B_FALSE;
cap_open_read(icapfile);
if (!nflg) {
names[0] = '\0';
(void) strlcpy(names, icapfile, MAXPATHLEN);
(void) strlcat(names, ".names", MAXPATHLEN);
}
}
if (Uflg)
use_kern_pf = B_FALSE;
if ((!Nflg) && names[0] != '\0') {
if (access(names, F_OK) == 0) {
load_names(names);
} else if (nflg) {
(void) fprintf(stderr, "%s not found\n", names);
exit(1);
}
}
if (argstr) {
if (use_kern_pf) {
ret = pf_compile(argstr, Cflg);
switch (ret) {
case 0:
filter++;
compile(argstr, Cflg);
break;
case 1:
fp = &pf;
break;
case 2:
fp = &pf;
filter++;
break;
}
} else {
filter++;
compile(argstr, Cflg);
}
if (Cflg)
exit(0);
}
if (flags & F_SUM)
flags |= F_WHO;
if (ocapfile) {
if (nfiles > 1)
cap_open_wr_multi(ocapfile, nfiles, limit);
else
cap_open_write(ocapfile);
proc = cap_write;
} else {
flags |= F_NOW;
proc = process_pkt;
}
if (icapfile) {
names[0] = '\0';
(void) strlcpy(names, icapfile, MAXPATHLEN);
(void) strlcat(names, ".names", MAXPATHLEN);
if (Nflg) {
namefile = fopen(names, "w");
if (namefile == NULL) {
perror(names);
exit(1);
}
flags = 0;
(void) fprintf(stderr,
"Creating name file %s\n", names);
}
if (flags & F_DTAIL)
flags = F_DTAIL;
else
flags |= F_NUM | F_TIME;
resetperm();
cap_read(first, last, filter, proc, flags);
if (Nflg)
(void) fclose(namefile);
} else {
const int chunksize = 8 * 8192;
struct timeval timeout;
if (audio) {
timeout.tv_sec = 0;
timeout.tv_usec = 100000;
} else {
timeout.tv_sec = 1;
timeout.tv_usec = 0;
}
init_datalink(dh, snaplen, chunksize, &timeout, fp, direction);
if (! qflg && ocapfile)
show_count();
resetperm();
net_read(dh, chunksize, filter, proc, flags);
dlpi_close(dh);
if (!(flags & F_NOW))
(void) printf("\n");
}
if (ocapfile)
cap_close();
return (0);
}
static int tone[] = {
0x076113, 0x153333, 0x147317, 0x144311, 0x147315, 0x050353, 0x037103, 0x051106,
0x157155, 0x142723, 0x133273, 0x134664, 0x051712, 0x024465, 0x026447, 0x072473,
0x136715, 0x126257, 0x135256, 0x047344, 0x034476, 0x027464, 0x036062, 0x133334,
0x127256, 0x130660, 0x136262, 0x040724, 0x016446, 0x025437, 0x137171, 0x127672,
0x124655, 0x134654, 0x032741, 0x021447, 0x037450, 0x125675, 0x127650, 0x077277,
0x046514, 0x036077, 0x035471, 0x147131, 0x136272, 0x162720, 0x166151, 0x037527,
};
void
click(int len)
{
len /= 8;
len = len ? len : 4;
if (audio) {
(void) write(audio, tone, len);
}
}
void
show_count()
{
static int prev = -1;
if (count == prev)
return;
prev = count;
(void) fprintf(stderr, "\r%d ", count);
}
#define ENCAP_LEN 16
void
show_pktinfo(int flags, int num, char *src, char *dst, struct timeval *ptvp,
struct timeval *tvp, int drops, int len)
{
struct tm *tm;
static struct timeval tvp0;
int sec, usec;
char *lp = line;
int i, start;
if (flags & F_NUM) {
(void) sprintf(lp, "%3d ", num);
lp += strlen(lp);
}
tm = localtime(&tvp->tv_sec);
if (flags & F_TIME) {
if (flags & F_ATIME) {
(void) sprintf(lp, "%02d:%02d:%02d.%05d ",
tm->tm_hour, tm->tm_min, tm->tm_sec,
(int)tvp->tv_usec / 10);
lp += strlen(lp);
} else {
if (flags & F_RTIME) {
if (tvp0.tv_sec == 0) {
tvp0.tv_sec = tvp->tv_sec;
tvp0.tv_usec = tvp->tv_usec;
}
ptvp = &tvp0;
}
sec = tvp->tv_sec - ptvp->tv_sec;
usec = tvp->tv_usec - ptvp->tv_usec;
if (usec < 0) {
usec += 1000000;
sec -= 1;
}
(void) sprintf(lp, "%3d.%05d ", sec, usec / 10);
lp += strlen(lp);
}
}
if ((flags & F_SUM) && !(flags & F_ALLSUM) && (vlanid != 0)) {
(void) snprintf(lp, MAXLINE, "VLAN#%i: ", vlanid);
lp += strlen(lp);
}
if (flags & F_WHO) {
(void) sprintf(lp, "%12s -> %-12s ", src, dst);
lp += strlen(lp);
}
if (flags & F_DROPS) {
(void) sprintf(lp, "drops: %d ", drops);
lp += strlen(lp);
}
if (flags & F_LEN) {
(void) sprintf(lp, "length: %4d ", len);
lp += strlen(lp);
}
if (flags & F_SUM) {
if (flags & F_ALLSUM)
(void) printf("________________________________\n");
start = flags & F_ALLSUM ? 0 : sumcount - 1;
(void) sprintf(encap, " (%d encap)", total_encap_levels - 1);
(void) printf("%s%s%s\n", line, sumline[start],
((flags & F_ALLSUM) || (total_encap_levels == 1)) ? "" :
encap);
for (i = start + 1; i < sumcount; i++)
(void) printf("%s%s\n", line, sumline[i]);
sumcount = 0;
}
if (flags & F_DTAIL) {
(void) printf("%s\n\n", detail_line);
detail_line[0] = '\0';
}
}
char *
get_sum_line()
{
int tsumcount = sumcount;
if (sumcount >= MAXSUM) {
sumcount = 0;
pr_err(
"get_sum_line: sumline overflow (sumcount=%d, MAXSUM=%d)\n",
tsumcount, MAXSUM);
}
sumline[sumcount][0] = '\0';
return (sumline[sumcount++]);
}
char *
get_detail_line(int off, int len)
{
if (detail_line[0]) {
(void) printf("%s\n", detail_line);
detail_line[0] = '\0';
}
return (detail_line);
}
void
set_vlan_id(int id)
{
vlanid = id;
}
void
pr_err(const char *fmt, ...)
{
va_list ap;
char buf[1024], *p2;
const char *p1;
(void) strcpy(buf, "snoop: ");
p2 = buf + strlen(buf);
for (p1 = fmt; *p1 != '\0' && p2 < buf + sizeof (buf) - 2; p1++) {
if (*p1 == '%' && *(p1+1) == 'm') {
const char *errstr;
if ((errstr = strerror(errno)) != NULL) {
*p2 = '\0';
(void) strlcat(buf, errstr, sizeof (buf));
p2 += strlen(p2);
}
p1++;
} else {
*p2++ = *p1;
}
}
if (p2 > buf && *(p2-1) != '\n')
*p2++ = '\n';
*p2 = '\0';
va_start(ap, fmt);
(void) vfprintf(stderr, buf, ap);
va_end(ap);
snoop_sigrecover(-1, NULL, NULL);
}
void
pr_errdlpi(dlpi_handle_t dh, const char *cmd, int err)
{
int save_errno = errno;
char linkname[DLPI_LINKNAME_MAX];
(void) strlcpy(linkname, dlpi_linkname(dh), sizeof (linkname));
dlpi_close(dh);
errno = save_errno;
pr_err("%s on \"%s\": %s", cmd, linkname, dlpi_strerror(err));
}
static void
usage(void)
{
(void) fprintf(stderr, "\nUsage: snoop\n");
(void) fprintf(stderr,
"\t[ -a ] # Listen to packets on audio\n");
(void) fprintf(stderr,
"\t[ -d link ] # Listen on named link\n");
(void) fprintf(stderr,
"\t[ -s snaplen ] # Truncate packets\n");
(void) fprintf(stderr,
"\t[ -I IP interface ] # Listen on named IP interface\n");
(void) fprintf(stderr,
"\t[ -c count ] # Quit after count packets\n");
(void) fprintf(stderr,
"\t[ -P ] # Turn OFF promiscuous mode\n");
(void) fprintf(stderr,
"\t[ -D ] # Report dropped packets\n");
(void) fprintf(stderr,
"\t[ -S ] # Report packet size\n");
(void) fprintf(stderr,
"\t[ -i file ] # Read previously captured packets\n");
(void) fprintf(stderr,
"\t[ -O prefix:count:size ] # Capture packets in files\n");
(void) fprintf(stderr,
"\t[ -o file ] # Capture packets in file\n");
(void) fprintf(stderr,
"\t[ -n file ] # Load addr-to-name table from file\n");
(void) fprintf(stderr,
"\t[ -N ] # Create addr-to-name table\n");
(void) fprintf(stderr,
"\t[ -t r|a|d ] # Time: Relative, Absolute or Delta\n");
(void) fprintf(stderr,
"\t[ -v ] # Verbose packet display\n");
(void) fprintf(stderr,
"\t[ -V ] # Show all summary lines\n");
(void) fprintf(stderr,
"\t[ -p first[,last] ] # Select packet(s) to display\n");
(void) fprintf(stderr,
"\t[ -x offset[,length] ] # Hex dump from offset for length\n");
(void) fprintf(stderr,
"\t[ -C ] # Print packet filter code\n");
(void) fprintf(stderr,
"\t[ -q ] # Suppress printing packet count\n");
(void) fprintf(stderr,
"\t[ -Q inout|in|out ] # Set packet capture direction\n");
(void) fprintf(stderr,
"\t[ -r ] # Do not resolve address to name\n");
(void) fprintf(stderr,
"\n\t[ filter expression ]\n");
(void) fprintf(stderr, "\nExample:\n");
(void) fprintf(stderr, "\tsnoop -o saved host fred\n\n");
(void) fprintf(stderr, "\tsnoop -i saved -tr -v -p19\n");
exit(1);
}
static void
sdefault(void)
{
snoop_nrecover = SNOOP_MAXRECOVER;
}
int
snoop_alarm(int s_sec, void (*s_handler)())
{
volatile time_t now;
volatile time_t nalarm = 0;
volatile struct snoop_handler *sh = NULL;
volatile struct snoop_handler *hp, *tp, *next;
volatile sigset_t s_mask;
volatile int ret = -1;
(void) sigemptyset((sigset_t *)&s_mask);
(void) sigaddset((sigset_t *)&s_mask, SIGALRM);
if (s_sec < 0)
return (-1);
now = time(NULL);
if (s_sec) {
sh = malloc(sizeof (struct snoop_handler));
sh->s_time = now + s_sec;
if (s_handler == NULL)
s_handler = sdefault;
sh->s_handler = s_handler;
sh->s_next = NULL;
(void) sigprocmask(SIG_BLOCK, (sigset_t *)&s_mask, NULL);
if (snoop_hp == NULL) {
snoop_hp = snoop_tp = (struct snoop_handler *)sh;
snoop_nalarm = sh->s_time;
(void) alarm(sh->s_time - now);
} else {
snoop_tp->s_next = (struct snoop_handler *)sh;
snoop_tp = (struct snoop_handler *)sh;
if (sh->s_time < snoop_nalarm) {
snoop_nalarm = sh->s_time;
(void) alarm(sh->s_time - now);
}
}
(void) sigprocmask(SIG_UNBLOCK, (sigset_t *)&s_mask, NULL);
return (0);
}
(void) sigprocmask(SIG_BLOCK, (sigset_t *)&s_mask, NULL);
tp = (struct snoop_handler *)&snoop_hp;
for (hp = snoop_hp; hp; hp = next) {
next = hp->s_next;
if (s_handler == NULL || hp->s_handler == s_handler) {
ret = 0;
tp->s_next = hp->s_next;
if (snoop_tp == hp) {
if (tp == (struct snoop_handler *)&snoop_hp)
snoop_tp = NULL;
else
snoop_tp = (struct snoop_handler *)tp;
}
free((void *)hp);
} else {
if (nalarm == 0 || nalarm > hp->s_time)
nalarm = now < hp->s_time ? hp->s_time :
now + 1;
tp = hp;
}
}
if (snoop_hp == NULL) {
snoop_nalarm = 0;
(void) alarm(0);
} else if (nalarm > 0 && nalarm < snoop_nalarm) {
snoop_nalarm = nalarm;
(void) alarm(nalarm - now);
}
(void) sigprocmask(SIG_UNBLOCK, (sigset_t *)&s_mask, NULL);
return (ret);
}
void
snoop_recover(void)
{
int i;
for (i = 0; i < MAXSUM; i++)
sumline[i][0] = '\0';
detail_line[0] = '\0';
line[0] = '\0';
encap[0] = '\0';
sumcount = 0;
encap_levels = 0;
total_encap_levels = 1;
(void) snoop_alarm(0, NULL);
}
static void
snoop_sigrecover(int sig, siginfo_t *info, void *p)
{
volatile time_t now;
volatile time_t nalarm = 0;
volatile struct snoop_handler *hp;
if (sig == SIGALRM) {
now = time(NULL);
for (hp = snoop_hp; hp; hp = hp->s_next) {
if (hp->s_time) {
if ((hp->s_time - now) > 0) {
if (nalarm == 0 || nalarm > hp->s_time)
nalarm = now < hp->s_time ?
hp->s_time : now + 1;
}
}
}
if (nalarm) {
snoop_nalarm = nalarm;
(void) alarm(nalarm - now);
} else {
snoop_nalarm = 0;
}
for (hp = snoop_hp; hp; hp = hp->s_next) {
if (hp->s_time) {
if ((now - hp->s_time) >= 0) {
hp->s_time = 0;
if (hp->s_handler)
hp->s_handler();
}
}
}
} else {
snoop_nrecover++;
}
if (quitting)
exit(1);
if (sig == SIGALRM) {
if (ioctl(STDOUT_FILENO, I_CANPUT, 0) == 0) {
snoop_nrecover = 0;
return;
}
if (snoop_nrecover >= SNOOP_MAXRECOVER) {
(void) fprintf(stderr,
"snoop: WARNING: skipping from packet %d\n",
count);
snoop_nrecover = 0;
} else {
return;
}
} else if (snoop_nrecover >= SNOOP_MAXRECOVER) {
(void) fprintf(stderr,
"snoop: ERROR: cannot recover from packet %d\n", count);
exit(1);
}
#ifdef DEBUG
(void) fprintf(stderr, "snoop_sigrecover(%d, %p, %p)\n", sig, info, p);
#endif
if (sig == SIGTERM || sig == SIGHUP || sig == SIGINT) {
quitting = 1;
return;
} else if (sig != -1 && sig != SIGALRM) {
(void) fprintf(stderr,
"WARNING: received signal %d from packet %d\n",
sig, count);
}
snoop_recover();
siglongjmp(jmp_env, 1);
}
static char *
protmalloc(size_t nbytes)
{
caddr_t start;
int psz = sysconf(_SC_PAGESIZE);
nbytes = P2ROUNDUP(nbytes, psz);
start = mmap(NULL, nbytes + psz * 2, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANON, -1, 0);
if (start == MAP_FAILED) {
perror("Error: protmalloc: mmap");
return (NULL);
}
assert(IS_P2ALIGNED(start, psz));
if (mprotect(start, 1, PROT_NONE) == -1)
perror("Warning: mprotect");
start += psz;
if (mprotect(start + nbytes, 1, PROT_NONE) == -1)
perror("Warning: mprotect");
return (start);
}
void
resetperm(void)
{
if (geteuid() == 0) {
(void) setgid(GID_NOBODY);
(void) setuid(UID_NOBODY);
}
}
