1 /* $NetBSD: bpf.c,v 1.134 2008/03/01 14:16:52 rmind Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.134 2008/03/01 14:16:52 rmind Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), 144 struct timeval*); 145 static void reset_d(struct bpf_d *); 146 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 147 static int bpf_setdlt(struct bpf_d *, u_int); 148 149 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 150 int); 151 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 152 int); 153 static int bpf_ioctl(struct file *, u_long, void *, struct lwp *); 154 static int bpf_poll(struct file *, int, struct lwp *); 155 static int bpf_close(struct file *, struct lwp *); 156 static int bpf_kqfilter(struct file *, struct knote *); 157 158 static const struct fileops bpf_fileops = { 159 bpf_read, 160 bpf_write, 161 bpf_ioctl, 162 fnullop_fcntl, 163 bpf_poll, 164 fbadop_stat, 165 bpf_close, 166 bpf_kqfilter, 167 }; 168 169 dev_type_open(bpfopen); 170 171 const struct cdevsw bpf_cdevsw = { 172 bpfopen, noclose, noread, nowrite, noioctl, 173 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 174 }; 175 176 static int 177 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 178 struct sockaddr *sockp) 179 { 180 struct mbuf *m; 181 int error; 182 int len; 183 int hlen; 184 int align; 185 186 /* 187 * Build a sockaddr based on the data link layer type. 188 * We do this at this level because the ethernet header 189 * is copied directly into the data field of the sockaddr. 190 * In the case of SLIP, there is no header and the packet 191 * is forwarded as is. 192 * Also, we are careful to leave room at the front of the mbuf 193 * for the link level header. 194 */ 195 switch (linktype) { 196 197 case DLT_SLIP: 198 sockp->sa_family = AF_INET; 199 hlen = 0; 200 align = 0; 201 break; 202 203 case DLT_PPP: 204 sockp->sa_family = AF_UNSPEC; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_EN10MB: 210 sockp->sa_family = AF_UNSPEC; 211 /* XXX Would MAXLINKHDR be better? */ 212 /* 6(dst)+6(src)+2(type) */ 213 hlen = sizeof(struct ether_header); 214 align = 2; 215 break; 216 217 case DLT_ARCNET: 218 sockp->sa_family = AF_UNSPEC; 219 hlen = ARC_HDRLEN; 220 align = 5; 221 break; 222 223 case DLT_FDDI: 224 sockp->sa_family = AF_LINK; 225 /* XXX 4(FORMAC)+6(dst)+6(src) */ 226 hlen = 16; 227 align = 0; 228 break; 229 230 case DLT_ECONET: 231 sockp->sa_family = AF_UNSPEC; 232 hlen = 6; 233 align = 2; 234 break; 235 236 case DLT_NULL: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 0; 239 align = 0; 240 break; 241 242 default: 243 return (EIO); 244 } 245 246 len = uio->uio_resid; 247 /* 248 * If there aren't enough bytes for a link level header or the 249 * packet length exceeds the interface mtu, return an error. 250 */ 251 if (len < hlen || len - hlen > mtu) 252 return (EMSGSIZE); 253 254 /* 255 * XXX Avoid complicated buffer chaining --- 256 * bail if it won't fit in a single mbuf. 257 * (Take into account possible alignment bytes) 258 */ 259 if ((unsigned)len > MCLBYTES - align) 260 return (EIO); 261 262 m = m_gethdr(M_WAIT, MT_DATA); 263 m->m_pkthdr.rcvif = 0; 264 m->m_pkthdr.len = len - hlen; 265 if (len > MHLEN - align) { 266 m_clget(m, M_WAIT); 267 if ((m->m_flags & M_EXT) == 0) { 268 error = ENOBUFS; 269 goto bad; 270 } 271 } 272 273 /* Insure the data is properly aligned */ 274 if (align > 0) { 275 m->m_data += align; 276 m->m_len -= align; 277 } 278 279 error = uiomove(mtod(m, void *), len, uio); 280 if (error) 281 goto bad; 282 if (hlen != 0) { 283 memcpy(sockp->sa_data, mtod(m, void *), hlen); 284 m->m_data += hlen; /* XXX */ 285 len -= hlen; 286 } 287 m->m_len = len; 288 *mp = m; 289 return (0); 290 291 bad: 292 m_freem(m); 293 return (error); 294 } 295 296 /* 297 * Attach file to the bpf interface, i.e. make d listen on bp. 298 * Must be called at splnet. 299 */ 300 static void 301 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 302 { 303 /* 304 * Point d at bp, and add d to the interface's list of listeners. 305 * Finally, point the driver's bpf cookie at the interface so 306 * it will divert packets to bpf. 307 */ 308 d->bd_bif = bp; 309 d->bd_next = bp->bif_dlist; 310 bp->bif_dlist = d; 311 312 *bp->bif_driverp = bp; 313 } 314 315 /* 316 * Detach a file from its interface. 317 */ 318 static void 319 bpf_detachd(struct bpf_d *d) 320 { 321 struct bpf_d **p; 322 struct bpf_if *bp; 323 324 bp = d->bd_bif; 325 /* 326 * Check if this descriptor had requested promiscuous mode. 327 * If so, turn it off. 328 */ 329 if (d->bd_promisc) { 330 int error; 331 332 d->bd_promisc = 0; 333 /* 334 * Take device out of promiscuous mode. Since we were 335 * able to enter promiscuous mode, we should be able 336 * to turn it off. But we can get an error if 337 * the interface was configured down, so only panic 338 * if we don't get an unexpected error. 339 */ 340 error = ifpromisc(bp->bif_ifp, 0); 341 if (error && error != EINVAL) 342 panic("bpf: ifpromisc failed"); 343 } 344 /* Remove d from the interface's descriptor list. */ 345 p = &bp->bif_dlist; 346 while (*p != d) { 347 p = &(*p)->bd_next; 348 if (*p == 0) 349 panic("bpf_detachd: descriptor not in list"); 350 } 351 *p = (*p)->bd_next; 352 if (bp->bif_dlist == 0) 353 /* 354 * Let the driver know that there are no more listeners. 355 */ 356 *d->bd_bif->bif_driverp = 0; 357 d->bd_bif = 0; 358 } 359 360 361 /* 362 * Mark a descriptor free by making it point to itself. 363 * This is probably cheaper than marking with a constant since 364 * the address should be in a register anyway. 365 */ 366 367 /* 368 * bpfilterattach() is called at boot time. 369 */ 370 /* ARGSUSED */ 371 void 372 bpfilterattach(int n) 373 { 374 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 mutex_enter(&bpf_mtx); 377 LIST_INIT(&bpf_list); 378 mutex_exit(&bpf_mtx); 379 380 bpf_gstats.bs_recv = 0; 381 bpf_gstats.bs_drop = 0; 382 bpf_gstats.bs_capt = 0; 383 } 384 385 /* 386 * Open ethernet device. Clones. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 391 { 392 struct bpf_d *d; 393 struct file *fp; 394 int error, fd; 395 396 /* falloc() will use the descriptor for us. */ 397 if ((error = falloc(l, &fp, &fd)) != 0) 398 return error; 399 400 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 401 (void)memset(d, 0, sizeof(*d)); 402 d->bd_bufsize = bpf_bufsize; 403 d->bd_seesent = 1; 404 d->bd_pid = l->l_proc->p_pid; 405 callout_init(&d->bd_callout, 0); 406 selinit(&d->bd_sel); 407 408 mutex_enter(&bpf_mtx); 409 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 410 mutex_exit(&bpf_mtx); 411 412 return fdclone(l, fp, fd, flag, &bpf_fileops, d); 413 } 414 415 /* 416 * Close the descriptor by detaching it from its interface, 417 * deallocating its buffers, and marking it free. 418 */ 419 /* ARGSUSED */ 420 static int 421 bpf_close(struct file *fp, struct lwp *l) 422 { 423 struct bpf_d *d = fp->f_data; 424 int s; 425 426 /* 427 * Refresh the PID associated with this bpf file. 428 */ 429 d->bd_pid = l->l_proc->p_pid; 430 431 s = splnet(); 432 if (d->bd_state == BPF_WAITING) 433 callout_stop(&d->bd_callout); 434 d->bd_state = BPF_IDLE; 435 if (d->bd_bif) 436 bpf_detachd(d); 437 splx(s); 438 bpf_freed(d); 439 mutex_enter(&bpf_mtx); 440 LIST_REMOVE(d, bd_list); 441 mutex_exit(&bpf_mtx); 442 callout_destroy(&d->bd_callout); 443 seldestroy(&d->bd_sel); 444 free(d, M_DEVBUF); 445 fp->f_data = NULL; 446 447 return (0); 448 } 449 450 /* 451 * Rotate the packet buffers in descriptor d. Move the store buffer 452 * into the hold slot, and the free buffer into the store slot. 453 * Zero the length of the new store buffer. 454 */ 455 #define ROTATE_BUFFERS(d) \ 456 (d)->bd_hbuf = (d)->bd_sbuf; \ 457 (d)->bd_hlen = (d)->bd_slen; \ 458 (d)->bd_sbuf = (d)->bd_fbuf; \ 459 (d)->bd_slen = 0; \ 460 (d)->bd_fbuf = 0; 461 /* 462 * bpfread - read next chunk of packets from buffers 463 */ 464 static int 465 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 466 kauth_cred_t cred, int flags) 467 { 468 struct bpf_d *d = fp->f_data; 469 int timed_out; 470 int error; 471 int s; 472 473 /* 474 * Restrict application to use a buffer the same size as 475 * the kernel buffers. 476 */ 477 if (uio->uio_resid != d->bd_bufsize) 478 return (EINVAL); 479 480 s = splnet(); 481 if (d->bd_state == BPF_WAITING) 482 callout_stop(&d->bd_callout); 483 timed_out = (d->bd_state == BPF_TIMED_OUT); 484 d->bd_state = BPF_IDLE; 485 /* 486 * If the hold buffer is empty, then do a timed sleep, which 487 * ends when the timeout expires or when enough packets 488 * have arrived to fill the store buffer. 489 */ 490 while (d->bd_hbuf == 0) { 491 if (fp->f_flag & FNONBLOCK) { 492 if (d->bd_slen == 0) { 493 splx(s); 494 return (EWOULDBLOCK); 495 } 496 ROTATE_BUFFERS(d); 497 break; 498 } 499 500 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 501 /* 502 * A packet(s) either arrived since the previous 503 * read or arrived while we were asleep. 504 * Rotate the buffers and return what's here. 505 */ 506 ROTATE_BUFFERS(d); 507 break; 508 } 509 error = tsleep(d, PRINET|PCATCH, "bpf", 510 d->bd_rtout); 511 if (error == EINTR || error == ERESTART) { 512 splx(s); 513 return (error); 514 } 515 if (error == EWOULDBLOCK) { 516 /* 517 * On a timeout, return what's in the buffer, 518 * which may be nothing. If there is something 519 * in the store buffer, we can rotate the buffers. 520 */ 521 if (d->bd_hbuf) 522 /* 523 * We filled up the buffer in between 524 * getting the timeout and arriving 525 * here, so we don't need to rotate. 526 */ 527 break; 528 529 if (d->bd_slen == 0) { 530 splx(s); 531 return (0); 532 } 533 ROTATE_BUFFERS(d); 534 break; 535 } 536 if (error != 0) 537 goto done; 538 } 539 /* 540 * At this point, we know we have something in the hold slot. 541 */ 542 splx(s); 543 544 /* 545 * Move data from hold buffer into user space. 546 * We know the entire buffer is transferred since 547 * we checked above that the read buffer is bpf_bufsize bytes. 548 */ 549 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 550 551 s = splnet(); 552 d->bd_fbuf = d->bd_hbuf; 553 d->bd_hbuf = 0; 554 d->bd_hlen = 0; 555 done: 556 splx(s); 557 return (error); 558 } 559 560 561 /* 562 * If there are processes sleeping on this descriptor, wake them up. 563 */ 564 static inline void 565 bpf_wakeup(struct bpf_d *d) 566 { 567 wakeup(d); 568 if (d->bd_async) 569 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 570 571 selnotify(&d->bd_sel, 0, 0); 572 } 573 574 575 static void 576 bpf_timed_out(void *arg) 577 { 578 struct bpf_d *d = arg; 579 int s; 580 581 s = splnet(); 582 if (d->bd_state == BPF_WAITING) { 583 d->bd_state = BPF_TIMED_OUT; 584 if (d->bd_slen != 0) 585 bpf_wakeup(d); 586 } 587 splx(s); 588 } 589 590 591 static int 592 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 593 kauth_cred_t cred, int flags) 594 { 595 struct bpf_d *d = fp->f_data; 596 struct ifnet *ifp; 597 struct mbuf *m; 598 int error, s; 599 static struct sockaddr_storage dst; 600 601 m = NULL; /* XXX gcc */ 602 603 if (d->bd_bif == 0) 604 return (ENXIO); 605 606 ifp = d->bd_bif->bif_ifp; 607 608 if (uio->uio_resid == 0) 609 return (0); 610 611 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 612 (struct sockaddr *) &dst); 613 if (error) 614 return (error); 615 616 if (m->m_pkthdr.len > ifp->if_mtu) { 617 m_freem(m); 618 return (EMSGSIZE); 619 } 620 621 if (d->bd_hdrcmplt) 622 dst.ss_family = pseudo_AF_HDRCMPLT; 623 624 s = splsoftnet(); 625 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 626 splx(s); 627 /* 628 * The driver frees the mbuf. 629 */ 630 return (error); 631 } 632 633 /* 634 * Reset a descriptor by flushing its packet buffer and clearing the 635 * receive and drop counts. Should be called at splnet. 636 */ 637 static void 638 reset_d(struct bpf_d *d) 639 { 640 if (d->bd_hbuf) { 641 /* Free the hold buffer. */ 642 d->bd_fbuf = d->bd_hbuf; 643 d->bd_hbuf = 0; 644 } 645 d->bd_slen = 0; 646 d->bd_hlen = 0; 647 d->bd_rcount = 0; 648 d->bd_dcount = 0; 649 d->bd_ccount = 0; 650 } 651 652 /* 653 * FIONREAD Check for read packet available. 654 * BIOCGBLEN Get buffer len [for read()]. 655 * BIOCSETF Set ethernet read filter. 656 * BIOCFLUSH Flush read packet buffer. 657 * BIOCPROMISC Put interface into promiscuous mode. 658 * BIOCGDLT Get link layer type. 659 * BIOCGETIF Get interface name. 660 * BIOCSETIF Set interface. 661 * BIOCSRTIMEOUT Set read timeout. 662 * BIOCGRTIMEOUT Get read timeout. 663 * BIOCGSTATS Get packet stats. 664 * BIOCIMMEDIATE Set immediate mode. 665 * BIOCVERSION Get filter language version. 666 * BIOCGHDRCMPLT Get "header already complete" flag. 667 * BIOCSHDRCMPLT Set "header already complete" flag. 668 */ 669 /* ARGSUSED */ 670 static int 671 bpf_ioctl(struct file *fp, u_long cmd, void *addr, struct lwp *l) 672 { 673 struct bpf_d *d = fp->f_data; 674 int s, error = 0; 675 676 /* 677 * Refresh the PID associated with this bpf file. 678 */ 679 d->bd_pid = l->l_proc->p_pid; 680 681 s = splnet(); 682 if (d->bd_state == BPF_WAITING) 683 callout_stop(&d->bd_callout); 684 d->bd_state = BPF_IDLE; 685 splx(s); 686 687 switch (cmd) { 688 689 default: 690 error = EINVAL; 691 break; 692 693 /* 694 * Check for read packet available. 695 */ 696 case FIONREAD: 697 { 698 int n; 699 700 s = splnet(); 701 n = d->bd_slen; 702 if (d->bd_hbuf) 703 n += d->bd_hlen; 704 splx(s); 705 706 *(int *)addr = n; 707 break; 708 } 709 710 /* 711 * Get buffer len [for read()]. 712 */ 713 case BIOCGBLEN: 714 *(u_int *)addr = d->bd_bufsize; 715 break; 716 717 /* 718 * Set buffer length. 719 */ 720 case BIOCSBLEN: 721 if (d->bd_bif != 0) 722 error = EINVAL; 723 else { 724 u_int size = *(u_int *)addr; 725 726 if (size > bpf_maxbufsize) 727 *(u_int *)addr = size = bpf_maxbufsize; 728 else if (size < BPF_MINBUFSIZE) 729 *(u_int *)addr = size = BPF_MINBUFSIZE; 730 d->bd_bufsize = size; 731 } 732 break; 733 734 /* 735 * Set link layer read filter. 736 */ 737 case BIOCSETF: 738 error = bpf_setf(d, addr); 739 break; 740 741 /* 742 * Flush read packet buffer. 743 */ 744 case BIOCFLUSH: 745 s = splnet(); 746 reset_d(d); 747 splx(s); 748 break; 749 750 /* 751 * Put interface into promiscuous mode. 752 */ 753 case BIOCPROMISC: 754 if (d->bd_bif == 0) { 755 /* 756 * No interface attached yet. 757 */ 758 error = EINVAL; 759 break; 760 } 761 s = splnet(); 762 if (d->bd_promisc == 0) { 763 error = ifpromisc(d->bd_bif->bif_ifp, 1); 764 if (error == 0) 765 d->bd_promisc = 1; 766 } 767 splx(s); 768 break; 769 770 /* 771 * Get device parameters. 772 */ 773 case BIOCGDLT: 774 if (d->bd_bif == 0) 775 error = EINVAL; 776 else 777 *(u_int *)addr = d->bd_bif->bif_dlt; 778 break; 779 780 /* 781 * Get a list of supported device parameters. 782 */ 783 case BIOCGDLTLIST: 784 if (d->bd_bif == 0) 785 error = EINVAL; 786 else 787 error = bpf_getdltlist(d, addr); 788 break; 789 790 /* 791 * Set device parameters. 792 */ 793 case BIOCSDLT: 794 if (d->bd_bif == 0) 795 error = EINVAL; 796 else 797 error = bpf_setdlt(d, *(u_int *)addr); 798 break; 799 800 /* 801 * Set interface name. 802 */ 803 #ifdef OBIOCGETIF 804 case OBIOCGETIF: 805 #endif 806 case BIOCGETIF: 807 if (d->bd_bif == 0) 808 error = EINVAL; 809 else 810 bpf_ifname(d->bd_bif->bif_ifp, addr); 811 break; 812 813 /* 814 * Set interface. 815 */ 816 #ifdef OBIOCSETIF 817 case OBIOCSETIF: 818 #endif 819 case BIOCSETIF: 820 error = bpf_setif(d, addr); 821 break; 822 823 /* 824 * Set read timeout. 825 */ 826 case BIOCSRTIMEOUT: 827 { 828 struct timeval *tv = addr; 829 830 /* Compute number of ticks. */ 831 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 832 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 833 d->bd_rtout = 1; 834 break; 835 } 836 837 /* 838 * Get read timeout. 839 */ 840 case BIOCGRTIMEOUT: 841 { 842 struct timeval *tv = addr; 843 844 tv->tv_sec = d->bd_rtout / hz; 845 tv->tv_usec = (d->bd_rtout % hz) * tick; 846 break; 847 } 848 849 /* 850 * Get packet stats. 851 */ 852 case BIOCGSTATS: 853 { 854 struct bpf_stat *bs = addr; 855 856 bs->bs_recv = d->bd_rcount; 857 bs->bs_drop = d->bd_dcount; 858 bs->bs_capt = d->bd_ccount; 859 break; 860 } 861 862 case BIOCGSTATSOLD: 863 { 864 struct bpf_stat_old *bs = addr; 865 866 bs->bs_recv = d->bd_rcount; 867 bs->bs_drop = d->bd_dcount; 868 break; 869 } 870 871 /* 872 * Set immediate mode. 873 */ 874 case BIOCIMMEDIATE: 875 d->bd_immediate = *(u_int *)addr; 876 break; 877 878 case BIOCVERSION: 879 { 880 struct bpf_version *bv = addr; 881 882 bv->bv_major = BPF_MAJOR_VERSION; 883 bv->bv_minor = BPF_MINOR_VERSION; 884 break; 885 } 886 887 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 888 *(u_int *)addr = d->bd_hdrcmplt; 889 break; 890 891 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 892 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 893 break; 894 895 /* 896 * Get "see sent packets" flag 897 */ 898 case BIOCGSEESENT: 899 *(u_int *)addr = d->bd_seesent; 900 break; 901 902 /* 903 * Set "see sent" packets flag 904 */ 905 case BIOCSSEESENT: 906 d->bd_seesent = *(u_int *)addr; 907 break; 908 909 case FIONBIO: /* Non-blocking I/O */ 910 /* 911 * No need to do anything special as we use IO_NDELAY in 912 * bpfread() as an indication of whether or not to block 913 * the read. 914 */ 915 break; 916 917 case FIOASYNC: /* Send signal on receive packets */ 918 d->bd_async = *(int *)addr; 919 break; 920 921 case TIOCSPGRP: /* Process or group to send signals to */ 922 case FIOSETOWN: 923 error = fsetown(l->l_proc, &d->bd_pgid, cmd, addr); 924 break; 925 926 case TIOCGPGRP: 927 case FIOGETOWN: 928 error = fgetown(l->l_proc, d->bd_pgid, cmd, addr); 929 break; 930 } 931 return (error); 932 } 933 934 /* 935 * Set d's packet filter program to fp. If this file already has a filter, 936 * free it and replace it. Returns EINVAL for bogus requests. 937 */ 938 int 939 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 940 { 941 struct bpf_insn *fcode, *old; 942 u_int flen, size; 943 int s; 944 945 old = d->bd_filter; 946 if (fp->bf_insns == 0) { 947 if (fp->bf_len != 0) 948 return (EINVAL); 949 s = splnet(); 950 d->bd_filter = 0; 951 reset_d(d); 952 splx(s); 953 if (old != 0) 954 free(old, M_DEVBUF); 955 return (0); 956 } 957 flen = fp->bf_len; 958 if (flen > BPF_MAXINSNS) 959 return (EINVAL); 960 961 size = flen * sizeof(*fp->bf_insns); 962 fcode = malloc(size, M_DEVBUF, M_WAITOK); 963 if (copyin(fp->bf_insns, fcode, size) == 0 && 964 bpf_validate(fcode, (int)flen)) { 965 s = splnet(); 966 d->bd_filter = fcode; 967 reset_d(d); 968 splx(s); 969 if (old != 0) 970 free(old, M_DEVBUF); 971 972 return (0); 973 } 974 free(fcode, M_DEVBUF); 975 return (EINVAL); 976 } 977 978 /* 979 * Detach a file from its current interface (if attached at all) and attach 980 * to the interface indicated by the name stored in ifr. 981 * Return an errno or 0. 982 */ 983 static int 984 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 985 { 986 struct bpf_if *bp; 987 char *cp; 988 int unit_seen, i, s, error; 989 990 /* 991 * Make sure the provided name has a unit number, and default 992 * it to '0' if not specified. 993 * XXX This is ugly ... do this differently? 994 */ 995 unit_seen = 0; 996 cp = ifr->ifr_name; 997 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 998 while (*cp++) 999 if (*cp >= '0' && *cp <= '9') 1000 unit_seen = 1; 1001 if (!unit_seen) { 1002 /* Make sure to leave room for the '\0'. */ 1003 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1004 if ((ifr->ifr_name[i] >= 'a' && 1005 ifr->ifr_name[i] <= 'z') || 1006 (ifr->ifr_name[i] >= 'A' && 1007 ifr->ifr_name[i] <= 'Z')) 1008 continue; 1009 ifr->ifr_name[i] = '0'; 1010 } 1011 } 1012 1013 /* 1014 * Look through attached interfaces for the named one. 1015 */ 1016 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1017 struct ifnet *ifp = bp->bif_ifp; 1018 1019 if (ifp == 0 || 1020 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1021 continue; 1022 /* skip additional entry */ 1023 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1024 continue; 1025 /* 1026 * We found the requested interface. 1027 * Allocate the packet buffers if we need to. 1028 * If we're already attached to requested interface, 1029 * just flush the buffer. 1030 */ 1031 if (d->bd_sbuf == 0) { 1032 error = bpf_allocbufs(d); 1033 if (error != 0) 1034 return (error); 1035 } 1036 s = splnet(); 1037 if (bp != d->bd_bif) { 1038 if (d->bd_bif) 1039 /* 1040 * Detach if attached to something else. 1041 */ 1042 bpf_detachd(d); 1043 1044 bpf_attachd(d, bp); 1045 } 1046 reset_d(d); 1047 splx(s); 1048 return (0); 1049 } 1050 /* Not found. */ 1051 return (ENXIO); 1052 } 1053 1054 /* 1055 * Copy the interface name to the ifreq. 1056 */ 1057 static void 1058 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1059 { 1060 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1061 } 1062 1063 /* 1064 * Support for poll() system call 1065 * 1066 * Return true iff the specific operation will not block indefinitely - with 1067 * the assumption that it is safe to positively acknowledge a request for the 1068 * ability to write to the BPF device. 1069 * Otherwise, return false but make a note that a selnotify() must be done. 1070 */ 1071 static int 1072 bpf_poll(struct file *fp, int events, struct lwp *l) 1073 { 1074 struct bpf_d *d = fp->f_data; 1075 int s = splnet(); 1076 int revents; 1077 1078 /* 1079 * Refresh the PID associated with this bpf file. 1080 */ 1081 d->bd_pid = l->l_proc->p_pid; 1082 1083 revents = events & (POLLOUT | POLLWRNORM); 1084 if (events & (POLLIN | POLLRDNORM)) { 1085 /* 1086 * An imitation of the FIONREAD ioctl code. 1087 */ 1088 if ((d->bd_hlen != 0) || 1089 (d->bd_immediate && d->bd_slen != 0)) { 1090 revents |= events & (POLLIN | POLLRDNORM); 1091 } else if (d->bd_state == BPF_TIMED_OUT) { 1092 if (d->bd_slen != 0) 1093 revents |= events & (POLLIN | POLLRDNORM); 1094 else 1095 revents |= events & POLLIN; 1096 } else { 1097 selrecord(l, &d->bd_sel); 1098 /* Start the read timeout if necessary */ 1099 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1100 callout_reset(&d->bd_callout, d->bd_rtout, 1101 bpf_timed_out, d); 1102 d->bd_state = BPF_WAITING; 1103 } 1104 } 1105 } 1106 1107 splx(s); 1108 return (revents); 1109 } 1110 1111 static void 1112 filt_bpfrdetach(struct knote *kn) 1113 { 1114 struct bpf_d *d = kn->kn_hook; 1115 int s; 1116 1117 s = splnet(); 1118 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1119 splx(s); 1120 } 1121 1122 static int 1123 filt_bpfread(struct knote *kn, long hint) 1124 { 1125 struct bpf_d *d = kn->kn_hook; 1126 1127 kn->kn_data = d->bd_hlen; 1128 if (d->bd_immediate) 1129 kn->kn_data += d->bd_slen; 1130 return (kn->kn_data > 0); 1131 } 1132 1133 static const struct filterops bpfread_filtops = 1134 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1135 1136 static int 1137 bpf_kqfilter(struct file *fp, struct knote *kn) 1138 { 1139 struct bpf_d *d = fp->f_data; 1140 struct klist *klist; 1141 int s; 1142 1143 switch (kn->kn_filter) { 1144 case EVFILT_READ: 1145 klist = &d->bd_sel.sel_klist; 1146 kn->kn_fop = &bpfread_filtops; 1147 break; 1148 1149 default: 1150 return (EINVAL); 1151 } 1152 1153 kn->kn_hook = d; 1154 1155 s = splnet(); 1156 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1157 splx(s); 1158 1159 return (0); 1160 } 1161 1162 /* 1163 * Incoming linkage from device drivers. Process the packet pkt, of length 1164 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1165 * by each process' filter, and if accepted, stashed into the corresponding 1166 * buffer. 1167 */ 1168 void 1169 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1170 { 1171 struct bpf_if *bp; 1172 struct bpf_d *d; 1173 u_int slen; 1174 struct timeval tv; 1175 int gottime=0; 1176 1177 /* 1178 * Note that the ipl does not have to be raised at this point. 1179 * The only problem that could arise here is that if two different 1180 * interfaces shared any data. This is not the case. 1181 */ 1182 bp = arg; 1183 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1184 ++d->bd_rcount; 1185 ++bpf_gstats.bs_recv; 1186 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1187 if (slen != 0) { 1188 if (!gottime) { 1189 microtime(&tv); 1190 gottime = 1; 1191 } 1192 catchpacket(d, pkt, pktlen, slen, memcpy, &tv); 1193 } 1194 } 1195 } 1196 1197 /* 1198 * Copy data from an mbuf chain into a buffer. This code is derived 1199 * from m_copydata in sys/uipc_mbuf.c. 1200 */ 1201 static void * 1202 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1203 { 1204 const struct mbuf *m; 1205 u_int count; 1206 u_char *dst; 1207 1208 m = src_arg; 1209 dst = dst_arg; 1210 while (len > 0) { 1211 if (m == 0) 1212 panic("bpf_mcpy"); 1213 count = min(m->m_len, len); 1214 memcpy(dst, mtod(m, void *), count); 1215 m = m->m_next; 1216 dst += count; 1217 len -= count; 1218 } 1219 return (dst_arg); 1220 } 1221 1222 /* 1223 * Dispatch a packet to all the listeners on interface bp. 1224 * 1225 * marg pointer to the packet, either a data buffer or an mbuf chain 1226 * buflen buffer length, if marg is a data buffer 1227 * cpfn a function that can copy marg into the listener's buffer 1228 * pktlen length of the packet 1229 * rcvif either NULL or the interface the packet came in on. 1230 */ 1231 static inline void 1232 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1233 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1234 { 1235 u_int slen; 1236 struct bpf_d *d; 1237 struct timeval tv; 1238 int gottime = 0; 1239 1240 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1241 if (!d->bd_seesent && (rcvif == NULL)) 1242 continue; 1243 ++d->bd_rcount; 1244 ++bpf_gstats.bs_recv; 1245 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1246 if (slen != 0) { 1247 if(!gottime) { 1248 microtime(&tv); 1249 gottime = 1; 1250 } 1251 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1252 } 1253 } 1254 } 1255 1256 /* 1257 * Incoming linkage from device drivers, when the head of the packet is in 1258 * a buffer, and the tail is in an mbuf chain. 1259 */ 1260 void 1261 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1262 { 1263 struct bpf_if *bp = arg; 1264 u_int pktlen; 1265 struct mbuf mb; 1266 1267 pktlen = m_length(m) + dlen; 1268 1269 /* 1270 * Craft on-stack mbuf suitable for passing to bpf_filter. 1271 * Note that we cut corners here; we only setup what's 1272 * absolutely needed--this mbuf should never go anywhere else. 1273 */ 1274 (void)memset(&mb, 0, sizeof(mb)); 1275 mb.m_next = m; 1276 mb.m_data = data; 1277 mb.m_len = dlen; 1278 1279 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1280 } 1281 1282 /* 1283 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1284 */ 1285 void 1286 bpf_mtap(void *arg, struct mbuf *m) 1287 { 1288 void *(*cpfn)(void *, const void *, size_t); 1289 struct bpf_if *bp = arg; 1290 u_int pktlen, buflen; 1291 void *marg; 1292 1293 pktlen = m_length(m); 1294 1295 if (pktlen == m->m_len) { 1296 cpfn = memcpy; 1297 marg = mtod(m, void *); 1298 buflen = pktlen; 1299 } else { 1300 cpfn = bpf_mcpy; 1301 marg = m; 1302 buflen = 0; 1303 } 1304 1305 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1306 } 1307 1308 /* 1309 * We need to prepend the address family as 1310 * a four byte field. Cons up a dummy header 1311 * to pacify bpf. This is safe because bpf 1312 * will only read from the mbuf (i.e., it won't 1313 * try to free it or keep a pointer a to it). 1314 */ 1315 void 1316 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1317 { 1318 struct mbuf m0; 1319 1320 m0.m_flags = 0; 1321 m0.m_next = m; 1322 m0.m_len = 4; 1323 m0.m_data = (char *)⁡ 1324 1325 bpf_mtap(arg, &m0); 1326 } 1327 1328 void 1329 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1330 { 1331 struct mbuf m0; 1332 1333 m0.m_flags = 0; 1334 m0.m_next = m; 1335 m0.m_len = 14; 1336 m0.m_data = m0.m_dat; 1337 1338 ((uint32_t *)m0.m_data)[0] = 0; 1339 ((uint32_t *)m0.m_data)[1] = 0; 1340 ((uint32_t *)m0.m_data)[2] = 0; 1341 ((uint16_t *)m0.m_data)[6] = et; 1342 1343 bpf_mtap(arg, &m0); 1344 } 1345 1346 #if NSL > 0 || NSTRIP > 0 1347 /* 1348 * Put the SLIP pseudo-"link header" in place. 1349 * Note this M_PREPEND() should never fail, 1350 * swince we know we always have enough space 1351 * in the input buffer. 1352 */ 1353 void 1354 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1355 { 1356 int s; 1357 u_char *hp; 1358 1359 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1360 if (*m == NULL) 1361 return; 1362 1363 hp = mtod(*m, u_char *); 1364 hp[SLX_DIR] = SLIPDIR_IN; 1365 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1366 1367 s = splnet(); 1368 bpf_mtap(arg, *m); 1369 splx(s); 1370 1371 m_adj(*m, SLIP_HDRLEN); 1372 } 1373 1374 /* 1375 * Put the SLIP pseudo-"link header" in 1376 * place. The compressed header is now 1377 * at the beginning of the mbuf. 1378 */ 1379 void 1380 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1381 { 1382 struct mbuf m0; 1383 u_char *hp; 1384 int s; 1385 1386 m0.m_flags = 0; 1387 m0.m_next = m; 1388 m0.m_data = m0.m_dat; 1389 m0.m_len = SLIP_HDRLEN; 1390 1391 hp = mtod(&m0, u_char *); 1392 1393 hp[SLX_DIR] = SLIPDIR_OUT; 1394 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1395 1396 s = splnet(); 1397 bpf_mtap(arg, &m0); 1398 splx(s); 1399 m_freem(m); 1400 } 1401 #endif 1402 1403 /* 1404 * Move the packet data from interface memory (pkt) into the 1405 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1406 * otherwise 0. "copy" is the routine called to do the actual data 1407 * transfer. memcpy is passed in to copy contiguous chunks, while 1408 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1409 * pkt is really an mbuf. 1410 */ 1411 static void 1412 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1413 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1414 { 1415 struct bpf_hdr *hp; 1416 int totlen, curlen; 1417 int hdrlen = d->bd_bif->bif_hdrlen; 1418 1419 ++d->bd_ccount; 1420 ++bpf_gstats.bs_capt; 1421 /* 1422 * Figure out how many bytes to move. If the packet is 1423 * greater or equal to the snapshot length, transfer that 1424 * much. Otherwise, transfer the whole packet (unless 1425 * we hit the buffer size limit). 1426 */ 1427 totlen = hdrlen + min(snaplen, pktlen); 1428 if (totlen > d->bd_bufsize) 1429 totlen = d->bd_bufsize; 1430 1431 /* 1432 * Round up the end of the previous packet to the next longword. 1433 */ 1434 curlen = BPF_WORDALIGN(d->bd_slen); 1435 if (curlen + totlen > d->bd_bufsize) { 1436 /* 1437 * This packet will overflow the storage buffer. 1438 * Rotate the buffers if we can, then wakeup any 1439 * pending reads. 1440 */ 1441 if (d->bd_fbuf == 0) { 1442 /* 1443 * We haven't completed the previous read yet, 1444 * so drop the packet. 1445 */ 1446 ++d->bd_dcount; 1447 ++bpf_gstats.bs_drop; 1448 return; 1449 } 1450 ROTATE_BUFFERS(d); 1451 bpf_wakeup(d); 1452 curlen = 0; 1453 } 1454 1455 /* 1456 * Append the bpf header. 1457 */ 1458 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1459 hp->bh_tstamp = *tv; 1460 hp->bh_datalen = pktlen; 1461 hp->bh_hdrlen = hdrlen; 1462 /* 1463 * Copy the packet data into the store buffer and update its length. 1464 */ 1465 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1466 d->bd_slen = curlen + totlen; 1467 1468 /* 1469 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1470 * will cause filt_bpfread() to be called with it adjusted. 1471 */ 1472 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1473 /* 1474 * Immediate mode is set, or the read timeout has 1475 * already expired during a select call. A packet 1476 * arrived, so the reader should be woken up. 1477 */ 1478 bpf_wakeup(d); 1479 } 1480 1481 /* 1482 * Initialize all nonzero fields of a descriptor. 1483 */ 1484 static int 1485 bpf_allocbufs(struct bpf_d *d) 1486 { 1487 1488 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1489 if (!d->bd_fbuf) 1490 return (ENOBUFS); 1491 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1492 if (!d->bd_sbuf) { 1493 free(d->bd_fbuf, M_DEVBUF); 1494 return (ENOBUFS); 1495 } 1496 d->bd_slen = 0; 1497 d->bd_hlen = 0; 1498 return (0); 1499 } 1500 1501 /* 1502 * Free buffers currently in use by a descriptor. 1503 * Called on close. 1504 */ 1505 static void 1506 bpf_freed(struct bpf_d *d) 1507 { 1508 /* 1509 * We don't need to lock out interrupts since this descriptor has 1510 * been detached from its interface and it yet hasn't been marked 1511 * free. 1512 */ 1513 if (d->bd_sbuf != 0) { 1514 free(d->bd_sbuf, M_DEVBUF); 1515 if (d->bd_hbuf != 0) 1516 free(d->bd_hbuf, M_DEVBUF); 1517 if (d->bd_fbuf != 0) 1518 free(d->bd_fbuf, M_DEVBUF); 1519 } 1520 if (d->bd_filter) 1521 free(d->bd_filter, M_DEVBUF); 1522 } 1523 1524 /* 1525 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1526 * fixed size of the link header (variable length headers not yet supported). 1527 */ 1528 void 1529 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1530 { 1531 1532 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1533 } 1534 1535 /* 1536 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1537 * hdrlen is the fixed size of the link header for the specified dlt 1538 * (variable length headers not yet supported). 1539 */ 1540 void 1541 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1542 { 1543 struct bpf_if *bp; 1544 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1545 if (bp == 0) 1546 panic("bpfattach"); 1547 1548 bp->bif_dlist = 0; 1549 bp->bif_driverp = driverp; 1550 bp->bif_ifp = ifp; 1551 bp->bif_dlt = dlt; 1552 1553 bp->bif_next = bpf_iflist; 1554 bpf_iflist = bp; 1555 1556 *bp->bif_driverp = 0; 1557 1558 /* 1559 * Compute the length of the bpf header. This is not necessarily 1560 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1561 * that the network layer header begins on a longword boundary (for 1562 * performance reasons and to alleviate alignment restrictions). 1563 */ 1564 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1565 1566 #if 0 1567 printf("bpf: %s attached\n", ifp->if_xname); 1568 #endif 1569 } 1570 1571 /* 1572 * Remove an interface from bpf. 1573 */ 1574 void 1575 bpfdetach(struct ifnet *ifp) 1576 { 1577 struct bpf_if *bp, **pbp; 1578 struct bpf_d *d; 1579 int s; 1580 1581 /* Nuke the vnodes for any open instances */ 1582 LIST_FOREACH(d, &bpf_list, bd_list) { 1583 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1584 /* 1585 * Detach the descriptor from an interface now. 1586 * It will be free'ed later by close routine. 1587 */ 1588 s = splnet(); 1589 d->bd_promisc = 0; /* we can't touch device. */ 1590 bpf_detachd(d); 1591 splx(s); 1592 } 1593 } 1594 1595 again: 1596 for (bp = bpf_iflist, pbp = &bpf_iflist; 1597 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1598 if (bp->bif_ifp == ifp) { 1599 *pbp = bp->bif_next; 1600 free(bp, M_DEVBUF); 1601 goto again; 1602 } 1603 } 1604 } 1605 1606 /* 1607 * Change the data link type of a interface. 1608 */ 1609 void 1610 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1611 { 1612 struct bpf_if *bp; 1613 1614 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1615 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1616 break; 1617 } 1618 if (bp == NULL) 1619 panic("bpf_change_type"); 1620 1621 bp->bif_dlt = dlt; 1622 1623 /* 1624 * Compute the length of the bpf header. This is not necessarily 1625 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1626 * that the network layer header begins on a longword boundary (for 1627 * performance reasons and to alleviate alignment restrictions). 1628 */ 1629 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1630 } 1631 1632 /* 1633 * Get a list of available data link type of the interface. 1634 */ 1635 static int 1636 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1637 { 1638 int n, error; 1639 struct ifnet *ifp; 1640 struct bpf_if *bp; 1641 1642 ifp = d->bd_bif->bif_ifp; 1643 n = 0; 1644 error = 0; 1645 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1646 if (bp->bif_ifp != ifp) 1647 continue; 1648 if (bfl->bfl_list != NULL) { 1649 if (n >= bfl->bfl_len) 1650 return ENOMEM; 1651 error = copyout(&bp->bif_dlt, 1652 bfl->bfl_list + n, sizeof(u_int)); 1653 } 1654 n++; 1655 } 1656 bfl->bfl_len = n; 1657 return error; 1658 } 1659 1660 /* 1661 * Set the data link type of a BPF instance. 1662 */ 1663 static int 1664 bpf_setdlt(struct bpf_d *d, u_int dlt) 1665 { 1666 int s, error, opromisc; 1667 struct ifnet *ifp; 1668 struct bpf_if *bp; 1669 1670 if (d->bd_bif->bif_dlt == dlt) 1671 return 0; 1672 ifp = d->bd_bif->bif_ifp; 1673 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1674 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1675 break; 1676 } 1677 if (bp == NULL) 1678 return EINVAL; 1679 s = splnet(); 1680 opromisc = d->bd_promisc; 1681 bpf_detachd(d); 1682 bpf_attachd(d, bp); 1683 reset_d(d); 1684 if (opromisc) { 1685 error = ifpromisc(bp->bif_ifp, 1); 1686 if (error) 1687 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1688 bp->bif_ifp->if_xname, error); 1689 else 1690 d->bd_promisc = 1; 1691 } 1692 splx(s); 1693 return 0; 1694 } 1695 1696 static int 1697 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1698 { 1699 int newsize, error; 1700 struct sysctlnode node; 1701 1702 node = *rnode; 1703 node.sysctl_data = &newsize; 1704 newsize = bpf_maxbufsize; 1705 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1706 if (error || newp == NULL) 1707 return (error); 1708 1709 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1710 return (EINVAL); 1711 1712 bpf_maxbufsize = newsize; 1713 1714 return (0); 1715 } 1716 1717 static int 1718 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1719 { 1720 int error, elem_count; 1721 struct bpf_d *dp; 1722 struct bpf_d_ext dpe; 1723 size_t len, needed, elem_size, out_size; 1724 char *sp; 1725 1726 if (namelen == 1 && name[0] == CTL_QUERY) 1727 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1728 1729 if (namelen != 2) 1730 return (EINVAL); 1731 1732 /* BPF peers is privileged information. */ 1733 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1734 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1735 if (error) 1736 return (EPERM); 1737 1738 len = (oldp != NULL) ? *oldlenp : 0; 1739 sp = oldp; 1740 elem_size = name[0]; 1741 elem_count = name[1]; 1742 out_size = MIN(sizeof(dpe), elem_size); 1743 needed = 0; 1744 1745 if (elem_size < 1 || elem_count < 0) 1746 return (EINVAL); 1747 1748 mutex_enter(&bpf_mtx); 1749 LIST_FOREACH(dp, &bpf_list, bd_list) { 1750 if (len >= elem_size && elem_count > 0) { 1751 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1752 BPF_EXT(bufsize); 1753 BPF_EXT(promisc); 1754 BPF_EXT(promisc); 1755 BPF_EXT(state); 1756 BPF_EXT(immediate); 1757 BPF_EXT(hdrcmplt); 1758 BPF_EXT(seesent); 1759 BPF_EXT(pid); 1760 BPF_EXT(rcount); 1761 BPF_EXT(dcount); 1762 BPF_EXT(ccount); 1763 #undef BPF_EXT 1764 if (dp->bd_bif) 1765 (void)strlcpy(dpe.bde_ifname, 1766 dp->bd_bif->bif_ifp->if_xname, 1767 IFNAMSIZ - 1); 1768 else 1769 dpe.bde_ifname[0] = '\0'; 1770 1771 error = copyout(&dpe, sp, out_size); 1772 if (error) 1773 break; 1774 sp += elem_size; 1775 len -= elem_size; 1776 } 1777 if (elem_count > 0) { 1778 needed += elem_size; 1779 if (elem_count != INT_MAX) 1780 elem_count--; 1781 } 1782 } 1783 mutex_exit(&bpf_mtx); 1784 1785 *oldlenp = needed; 1786 1787 return (error); 1788 } 1789 1790 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1791 { 1792 const struct sysctlnode *node; 1793 1794 sysctl_createv(clog, 0, NULL, NULL, 1795 CTLFLAG_PERMANENT, 1796 CTLTYPE_NODE, "net", NULL, 1797 NULL, 0, NULL, 0, 1798 CTL_NET, CTL_EOL); 1799 1800 node = NULL; 1801 sysctl_createv(clog, 0, NULL, &node, 1802 CTLFLAG_PERMANENT, 1803 CTLTYPE_NODE, "bpf", 1804 SYSCTL_DESCR("BPF options"), 1805 NULL, 0, NULL, 0, 1806 CTL_NET, CTL_CREATE, CTL_EOL); 1807 if (node != NULL) { 1808 sysctl_createv(clog, 0, NULL, NULL, 1809 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1810 CTLTYPE_INT, "maxbufsize", 1811 SYSCTL_DESCR("Maximum size for data capture buffer"), 1812 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1813 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1814 sysctl_createv(clog, 0, NULL, NULL, 1815 CTLFLAG_PERMANENT, 1816 CTLTYPE_STRUCT, "stats", 1817 SYSCTL_DESCR("BPF stats"), 1818 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1819 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1820 sysctl_createv(clog, 0, NULL, NULL, 1821 CTLFLAG_PERMANENT, 1822 CTLTYPE_STRUCT, "peers", 1823 SYSCTL_DESCR("BPF peers"), 1824 sysctl_net_bpf_peers, 0, NULL, 0, 1825 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1826 } 1827 1828 } 1829