/*
 * Copyright (c) 2015, Arista Networks, inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#include <net-snmp/net-snmp-config.h>
#include <net-snmp/net-snmp-includes.h>
#include <net-snmp/library/large_fd_set.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <pcap/pcap.h>

#define FAKE_FD 3
/*
 * This is a funny little program, hooking together callbacks
 * to get packets from a pcap format file to go through
 * net-snmp's main loop.  Both net-snmp and libpcap have
 * callback-based processing, so:
 *
 * We create a fake snmp transport that calls snmppcap_recv()
 * to receive a packet, and use snmp_add() to add the session
 * and the transport directly.
 *
 * We create a session callback on the session that just
 * prints out the varbind list that we got.
 *
 * We use the libpcap pcap_dispatch() to loop through all
 * the packets in the pcap file, and then pretend to snmp_read2()
 * that a fake file descriptor is ready.  Luckily, there is
 * only one session active, and it happens to also claim to
 * be using that file descriptor, so snmplib calls the transport
 * receive function, snmppcap_recv().  If the packet parses,
 * we get a callback at snmppcap_callback().  If it doesn't,
 * you may need to use the -D options.
 */
typedef struct mystuff {
    int pktnum;
} mystuff_t;

/*
 * These two globals are used to communicate between handle_pcap()
 * and snmppcap_recv().  Don't try to multi-thread!  :-)
 */
const void *recv_data;
int recv_datalen;

int
snmppcap_recv(netsnmp_transport *t, void *buf, int bufsiz, void **opaque, int *opaque_len)
{
    if (bufsiz > recv_datalen) {
        memcpy(buf, recv_data, recv_datalen);
        return recv_datalen;
    } else {
        return -1;
    }
}

/*
 * snmplib calls us back with the received packet.
 */
static int
snmppcap_callback(int op, netsnmp_session *sess, int reqid, netsnmp_pdu *pdu,
                  void *magic)
{
    mystuff_t *mystuff = (mystuff_t *)magic;
    netsnmp_variable_list *vars;

    /*
     * We ignore op, since we know there is only way we can be
     * called back, since this is not a "real" transport.
     */
    printf( "Packet %d PDU contents:\n", mystuff->pktnum );
    /*
     * TODO: print PDU type and other info?
     */
    for (vars = pdu->variables; vars; vars = vars->next_variable) {
       printf( "   " );
       print_variable(vars->name, vars->name_length, vars );
    }
    return 0;
}

void
handle_pcap(u_char *user, const struct pcap_pkthdr *h,
                                         const u_char *bytes)
{
    size_t len;
    const u_char *buf;
    int skip;
    mystuff_t *mystuff = (mystuff_t *)user;
    netsnmp_large_fd_set lfdset;

    mystuff->pktnum++;

    /*
     * If it's not a full packet, then we can't parse it.
     */
    if ( h->caplen < h->len ) {
        printf( "Skipping packet #%d; we only have %d of %d bytes\n", mystuff->pktnum, h->caplen, h->len );
        return;
    }

    /*
     * For now, no error checking and almost no parsing.
     * Assume that we have all Ethernet/IPv4/UDP/SNMP.
     */
    skip = 14 /* Ethernet */ + 20 /* IPv4 */ + 8 /* UDP */;
    buf = bytes + skip;
    len = h->len - skip;

    printf( "Packet #%d:\n", mystuff->pktnum );

    /*
     * Store the data in the globals that we use to communicate
     */
    recv_data = buf;
    recv_datalen = len;

    /*
     * We call snmp_read2() pretending that our
     * fake file descriptor is ready to read.
     * This is a funny API to fake up - we need to
     * set our fake file descriptor so that our fake
     * receive function gets called.
     */
    netsnmp_large_fd_set_init(&lfdset, FD_SETSIZE);
    netsnmp_large_fd_setfd(FAKE_FD, &lfdset);
    snmp_read2(&lfdset);
    netsnmp_large_fd_set_cleanup(&lfdset);
}

void
usage(void)
{
    fprintf(stderr, "USAGE: snmppcap [OPTIONS] FILE\n\n");
    /* can't use snmp_parse_args_usage because it assumes an agent */
    snmp_parse_args_descriptions(stderr);
}

int main(int argc, char **argv)
{
    netsnmp_session *ss;
    netsnmp_transport *transport;
    int arg;
    char errbuf[PCAP_ERRBUF_SIZE];
    char *fname;
    pcap_t *p;
    mystuff_t mystuff;

    ss = SNMP_MALLOC_TYPEDEF(netsnmp_session);
    /*
     * snmp_parse_args usage here is totally overkill, but trying to
     * parse -D
     */
    switch (arg = snmp_parse_args(argc, argv, ss, "", NULL)) {
    case NETSNMP_PARSE_ARGS_ERROR:
        exit(1);
    case NETSNMP_PARSE_ARGS_SUCCESS_EXIT:
        exit(0);
    case NETSNMP_PARSE_ARGS_ERROR_USAGE:
        usage();
        exit(1);
    default:
        break;
    }
    if (arg != argc) {
        fprintf(stderr, "Specify exactly one file name\n");
        usage();
        exit(1);
    }
    fname = argv[ arg-1 ];
    p = pcap_open_offline( fname, errbuf );
    if ( p == NULL ) {
        fprintf(stderr, "%s: %s\n", fname, errbuf );
        return 1;
    }
    if ( pcap_datalink( p ) != DLT_EN10MB) {
        fprintf(stderr, "Only Ethernet pcaps currently supported\n");
        return 2;
    }
    transport = SNMP_MALLOC_TYPEDEF(netsnmp_transport);
    if ( transport == NULL ) {
        fprintf(stderr, "Could not malloc transport\n" );
        return 3;
    }
    /*
     * We set up just enough of the transport to fake the main
     * loop into calling us back.
     */
    transport->sock = FAKE_FD;        /* nobody actually uses this as a file descriptor */
    transport->f_recv = snmppcap_recv;

    ss->callback = snmppcap_callback;
    ss->callback_magic = (void *)&mystuff;

    /* todo: add the option of a filter here */
    mystuff.pktnum = 0;
    /* todo: user, etc. parsing. */
    ss->securityModel = SNMP_SEC_MODEL_USM;
    printf("flags %lx securityModel %d version %ld securityNameLen %" NETSNMP_PRIz "d securityEngineIDLen %" NETSNMP_PRIz "d\n",
          ss->flags, ss->securityModel, ss->version,
          ss->securityNameLen, ss->securityEngineIDLen);
    create_user_from_session(ss);

    /*
     * We use snmp_add() to specify the transport
     * explicitly.
     */
    snmp_add(ss, transport, NULL, NULL);

    pcap_loop(p, -1, handle_pcap, (void *)&mystuff);

    return 0;
}