1 /* 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 39 * 40 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.12 2002/04/14 21:41:48 luigi Exp $ 41 * $DragonFly: src/sys/net/bpf.c,v 1.41 2007/08/27 16:15:42 hasso Exp $ 42 */ 43 44 #include "use_bpf.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/conf.h> 49 #include <sys/device.h> 50 #include <sys/malloc.h> 51 #include <sys/mbuf.h> 52 #include <sys/time.h> 53 #include <sys/proc.h> 54 #include <sys/signalvar.h> 55 #include <sys/filio.h> 56 #include <sys/sockio.h> 57 #include <sys/ttycom.h> 58 #include <sys/filedesc.h> 59 60 #include <sys/poll.h> 61 62 #include <sys/socket.h> 63 #include <sys/vnode.h> 64 65 #include <sys/thread2.h> 66 67 #include <net/if.h> 68 #include <net/bpf.h> 69 #include <net/bpfdesc.h> 70 71 #include <netinet/in.h> 72 #include <netinet/if_ether.h> 73 #include <sys/kernel.h> 74 #include <sys/sysctl.h> 75 76 MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 77 78 #if NBPF > 0 79 80 /* 81 * The default read buffer size is patchable. 82 */ 83 static int bpf_bufsize = BPF_DEFAULTBUFSIZE; 84 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW, 85 &bpf_bufsize, 0, ""); 86 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 87 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW, 88 &bpf_maxbufsize, 0, ""); 89 90 /* 91 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 92 */ 93 static struct bpf_if *bpf_iflist; 94 95 static int bpf_allocbufs(struct bpf_d *); 96 static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp); 97 static void bpf_detachd(struct bpf_d *d); 98 static void bpf_resetd(struct bpf_d *); 99 static void bpf_freed(struct bpf_d *); 100 static void bpf_mcopy(const void *, void *, size_t); 101 static int bpf_movein(struct uio *, int, struct mbuf **, 102 struct sockaddr *, int *); 103 static int bpf_setif(struct bpf_d *, struct ifreq *); 104 static void bpf_timed_out(void *); 105 static void bpf_wakeup(struct bpf_d *); 106 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 107 void (*)(const void *, void *, size_t), 108 const struct timeval *); 109 static int bpf_setf(struct bpf_d *, struct bpf_program *); 110 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 111 static int bpf_setdlt(struct bpf_d *, u_int); 112 static void bpf_drvinit(void *unused); 113 114 static d_open_t bpfopen; 115 static d_close_t bpfclose; 116 static d_read_t bpfread; 117 static d_write_t bpfwrite; 118 static d_ioctl_t bpfioctl; 119 static d_poll_t bpfpoll; 120 121 #define CDEV_MAJOR 23 122 static struct dev_ops bpf_ops = { 123 { "bpf", CDEV_MAJOR, 0 }, 124 .d_open = bpfopen, 125 .d_close = bpfclose, 126 .d_read = bpfread, 127 .d_write = bpfwrite, 128 .d_ioctl = bpfioctl, 129 .d_poll = bpfpoll, 130 }; 131 132 133 static int 134 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, 135 struct sockaddr *sockp, int *datlen) 136 { 137 struct mbuf *m; 138 int error; 139 int len; 140 int hlen; 141 142 /* 143 * Build a sockaddr based on the data link layer type. 144 * We do this at this level because the ethernet header 145 * is copied directly into the data field of the sockaddr. 146 * In the case of SLIP, there is no header and the packet 147 * is forwarded as is. 148 * Also, we are careful to leave room at the front of the mbuf 149 * for the link level header. 150 */ 151 switch (linktype) { 152 case DLT_SLIP: 153 sockp->sa_family = AF_INET; 154 hlen = 0; 155 break; 156 157 case DLT_EN10MB: 158 sockp->sa_family = AF_UNSPEC; 159 /* XXX Would MAXLINKHDR be better? */ 160 hlen = sizeof(struct ether_header); 161 break; 162 163 case DLT_RAW: 164 case DLT_NULL: 165 sockp->sa_family = AF_UNSPEC; 166 hlen = 0; 167 break; 168 169 case DLT_ATM_RFC1483: 170 /* 171 * en atm driver requires 4-byte atm pseudo header. 172 * though it isn't standard, vpi:vci needs to be 173 * specified anyway. 174 */ 175 sockp->sa_family = AF_UNSPEC; 176 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 177 break; 178 179 case DLT_PPP: 180 sockp->sa_family = AF_UNSPEC; 181 hlen = 4; /* This should match PPP_HDRLEN */ 182 break; 183 184 default: 185 return(EIO); 186 } 187 188 len = uio->uio_resid; 189 *datlen = len - hlen; 190 if ((unsigned)len > MCLBYTES) 191 return(EIO); 192 193 m = m_getl(len, MB_WAIT, MT_DATA, M_PKTHDR, NULL); 194 if (m == NULL) 195 return(ENOBUFS); 196 m->m_pkthdr.len = m->m_len = len; 197 m->m_pkthdr.rcvif = NULL; 198 *mp = m; 199 /* 200 * Make room for link header. 201 */ 202 if (hlen != 0) { 203 m->m_pkthdr.len -= hlen; 204 m->m_len -= hlen; 205 m->m_data += hlen; /* XXX */ 206 error = uiomove(sockp->sa_data, hlen, uio); 207 if (error) 208 goto bad; 209 } 210 error = uiomove(mtod(m, caddr_t), len - hlen, uio); 211 if (!error) 212 return(0); 213 bad: 214 m_freem(m); 215 return(error); 216 } 217 218 /* 219 * Attach file to the bpf interface, i.e. make d listen on bp. 220 * Must be called at splimp. 221 */ 222 static void 223 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 224 { 225 /* 226 * Point d at bp, and add d to the interface's list of listeners. 227 * Finally, point the driver's bpf cookie at the interface so 228 * it will divert packets to bpf. 229 */ 230 d->bd_bif = bp; 231 SLIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 232 *bp->bif_driverp = bp; 233 } 234 235 /* 236 * Detach a file from its interface. 237 */ 238 static void 239 bpf_detachd(struct bpf_d *d) 240 { 241 int error; 242 struct bpf_if *bp; 243 struct ifnet *ifp; 244 245 bp = d->bd_bif; 246 ifp = bp->bif_ifp; 247 248 /* Remove d from the interface's descriptor list. */ 249 SLIST_REMOVE(&bp->bif_dlist, d, bpf_d, bd_next); 250 251 if (SLIST_EMPTY(&bp->bif_dlist)) { 252 /* 253 * Let the driver know that there are no more listeners. 254 */ 255 *bp->bif_driverp = NULL; 256 } 257 d->bd_bif = NULL; 258 /* 259 * Check if this descriptor had requested promiscuous mode. 260 * If so, turn it off. 261 */ 262 if (d->bd_promisc) { 263 d->bd_promisc = 0; 264 error = ifpromisc(ifp, 0); 265 if (error != 0 && error != ENXIO) { 266 /* 267 * ENXIO can happen if a pccard is unplugged, 268 * Something is really wrong if we were able to put 269 * the driver into promiscuous mode, but can't 270 * take it out. 271 */ 272 if_printf(ifp, "bpf_detach: ifpromisc failed(%d)\n", 273 error); 274 } 275 } 276 } 277 278 /* 279 * Open ethernet device. Returns ENXIO for illegal minor device number, 280 * EBUSY if file is open by another process. 281 */ 282 /* ARGSUSED */ 283 static int 284 bpfopen(struct dev_open_args *ap) 285 { 286 cdev_t dev = ap->a_head.a_dev; 287 struct bpf_d *d; 288 289 if (ap->a_cred->cr_prison) 290 return(EPERM); 291 292 d = dev->si_drv1; 293 /* 294 * Each minor can be opened by only one process. If the requested 295 * minor is in use, return EBUSY. 296 */ 297 if (d != NULL) 298 return(EBUSY); 299 make_dev(&bpf_ops, minor(dev), 0, 0, 0600, "bpf%d", lminor(dev)); 300 MALLOC(d, struct bpf_d *, sizeof *d, M_BPF, M_WAITOK | M_ZERO); 301 dev->si_drv1 = d; 302 d->bd_bufsize = bpf_bufsize; 303 d->bd_sig = SIGIO; 304 d->bd_seesent = 1; 305 callout_init(&d->bd_callout); 306 return(0); 307 } 308 309 /* 310 * Close the descriptor by detaching it from its interface, 311 * deallocating its buffers, and marking it free. 312 */ 313 /* ARGSUSED */ 314 static int 315 bpfclose(struct dev_close_args *ap) 316 { 317 cdev_t dev = ap->a_head.a_dev; 318 struct bpf_d *d = dev->si_drv1; 319 320 funsetown(d->bd_sigio); 321 crit_enter(); 322 if (d->bd_state == BPF_WAITING) 323 callout_stop(&d->bd_callout); 324 d->bd_state = BPF_IDLE; 325 if (d->bd_bif != NULL) 326 bpf_detachd(d); 327 crit_exit(); 328 bpf_freed(d); 329 dev->si_drv1 = NULL; 330 kfree(d, M_BPF); 331 332 return(0); 333 } 334 335 /* 336 * Rotate the packet buffers in descriptor d. Move the store buffer 337 * into the hold slot, and the free buffer into the store slot. 338 * Zero the length of the new store buffer. 339 */ 340 #define ROTATE_BUFFERS(d) \ 341 (d)->bd_hbuf = (d)->bd_sbuf; \ 342 (d)->bd_hlen = (d)->bd_slen; \ 343 (d)->bd_sbuf = (d)->bd_fbuf; \ 344 (d)->bd_slen = 0; \ 345 (d)->bd_fbuf = NULL; 346 /* 347 * bpfread - read next chunk of packets from buffers 348 */ 349 static int 350 bpfread(struct dev_read_args *ap) 351 { 352 cdev_t dev = ap->a_head.a_dev; 353 struct bpf_d *d = dev->si_drv1; 354 int timed_out; 355 int error; 356 357 /* 358 * Restrict application to use a buffer the same size as 359 * as kernel buffers. 360 */ 361 if (ap->a_uio->uio_resid != d->bd_bufsize) 362 return(EINVAL); 363 364 crit_enter(); 365 if (d->bd_state == BPF_WAITING) 366 callout_stop(&d->bd_callout); 367 timed_out = (d->bd_state == BPF_TIMED_OUT); 368 d->bd_state = BPF_IDLE; 369 /* 370 * If the hold buffer is empty, then do a timed sleep, which 371 * ends when the timeout expires or when enough packets 372 * have arrived to fill the store buffer. 373 */ 374 while (d->bd_hbuf == NULL) { 375 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 376 /* 377 * A packet(s) either arrived since the previous 378 * read or arrived while we were asleep. 379 * Rotate the buffers and return what's here. 380 */ 381 ROTATE_BUFFERS(d); 382 break; 383 } 384 385 /* 386 * No data is available, check to see if the bpf device 387 * is still pointed at a real interface. If not, return 388 * ENXIO so that the userland process knows to rebind 389 * it before using it again. 390 */ 391 if (d->bd_bif == NULL) { 392 crit_exit(); 393 return(ENXIO); 394 } 395 396 if (ap->a_ioflag & IO_NDELAY) { 397 crit_exit(); 398 return(EWOULDBLOCK); 399 } 400 error = tsleep(d, PCATCH, "bpf", d->bd_rtout); 401 if (error == EINTR || error == ERESTART) { 402 crit_exit(); 403 return(error); 404 } 405 if (error == EWOULDBLOCK) { 406 /* 407 * On a timeout, return what's in the buffer, 408 * which may be nothing. If there is something 409 * in the store buffer, we can rotate the buffers. 410 */ 411 if (d->bd_hbuf) 412 /* 413 * We filled up the buffer in between 414 * getting the timeout and arriving 415 * here, so we don't need to rotate. 416 */ 417 break; 418 419 if (d->bd_slen == 0) { 420 crit_exit(); 421 return(0); 422 } 423 ROTATE_BUFFERS(d); 424 break; 425 } 426 } 427 /* 428 * At this point, we know we have something in the hold slot. 429 */ 430 crit_exit(); 431 432 /* 433 * Move data from hold buffer into user space. 434 * We know the entire buffer is transferred since 435 * we checked above that the read buffer is bpf_bufsize bytes. 436 */ 437 error = uiomove(d->bd_hbuf, d->bd_hlen, ap->a_uio); 438 439 crit_enter(); 440 d->bd_fbuf = d->bd_hbuf; 441 d->bd_hbuf = NULL; 442 d->bd_hlen = 0; 443 crit_exit(); 444 445 return(error); 446 } 447 448 449 /* 450 * If there are processes sleeping on this descriptor, wake them up. 451 */ 452 static void 453 bpf_wakeup(struct bpf_d *d) 454 { 455 if (d->bd_state == BPF_WAITING) { 456 callout_stop(&d->bd_callout); 457 d->bd_state = BPF_IDLE; 458 } 459 wakeup(d); 460 if (d->bd_async && d->bd_sig && d->bd_sigio) 461 pgsigio(d->bd_sigio, d->bd_sig, 0); 462 463 get_mplock(); 464 selwakeup(&d->bd_sel); 465 rel_mplock(); 466 /* XXX */ 467 d->bd_sel.si_pid = 0; 468 } 469 470 static void 471 bpf_timed_out(void *arg) 472 { 473 struct bpf_d *d = (struct bpf_d *)arg; 474 475 crit_enter(); 476 if (d->bd_state == BPF_WAITING) { 477 d->bd_state = BPF_TIMED_OUT; 478 if (d->bd_slen != 0) 479 bpf_wakeup(d); 480 } 481 crit_exit(); 482 } 483 484 static int 485 bpfwrite(struct dev_write_args *ap) 486 { 487 cdev_t dev = ap->a_head.a_dev; 488 struct bpf_d *d = dev->si_drv1; 489 struct ifnet *ifp; 490 struct mbuf *m; 491 int error; 492 static struct sockaddr dst; 493 int datlen; 494 495 if (d->bd_bif == NULL) 496 return(ENXIO); 497 498 ifp = d->bd_bif->bif_ifp; 499 500 if (ap->a_uio->uio_resid == 0) 501 return(0); 502 503 error = bpf_movein(ap->a_uio, (int)d->bd_bif->bif_dlt, &m, 504 &dst, &datlen); 505 if (error) 506 return(error); 507 508 if (datlen > ifp->if_mtu) { 509 m_freem(m); 510 return(EMSGSIZE); 511 } 512 513 if (d->bd_hdrcmplt) 514 dst.sa_family = pseudo_AF_HDRCMPLT; 515 516 crit_enter(); 517 lwkt_serialize_enter(ifp->if_serializer); 518 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)NULL); 519 lwkt_serialize_exit(ifp->if_serializer); 520 crit_exit(); 521 /* 522 * The driver frees the mbuf. 523 */ 524 return(error); 525 } 526 527 /* 528 * Reset a descriptor by flushing its packet buffer and clearing the 529 * receive and drop counts. Should be called at splimp. 530 */ 531 static void 532 bpf_resetd(struct bpf_d *d) 533 { 534 if (d->bd_hbuf) { 535 /* Free the hold buffer. */ 536 d->bd_fbuf = d->bd_hbuf; 537 d->bd_hbuf = NULL; 538 } 539 d->bd_slen = 0; 540 d->bd_hlen = 0; 541 d->bd_rcount = 0; 542 d->bd_dcount = 0; 543 } 544 545 /* 546 * FIONREAD Check for read packet available. 547 * SIOCGIFADDR Get interface address - convenient hook to driver. 548 * BIOCGBLEN Get buffer len [for read()]. 549 * BIOCSETF Set ethernet read filter. 550 * BIOCFLUSH Flush read packet buffer. 551 * BIOCPROMISC Put interface into promiscuous mode. 552 * BIOCGDLT Get link layer type. 553 * BIOCGETIF Get interface name. 554 * BIOCSETIF Set interface. 555 * BIOCSRTIMEOUT Set read timeout. 556 * BIOCGRTIMEOUT Get read timeout. 557 * BIOCGSTATS Get packet stats. 558 * BIOCIMMEDIATE Set immediate mode. 559 * BIOCVERSION Get filter language version. 560 * BIOCGHDRCMPLT Get "header already complete" flag 561 * BIOCSHDRCMPLT Set "header already complete" flag 562 * BIOCGSEESENT Get "see packets sent" flag 563 * BIOCSSEESENT Set "see packets sent" flag 564 */ 565 /* ARGSUSED */ 566 static int 567 bpfioctl(struct dev_ioctl_args *ap) 568 { 569 cdev_t dev = ap->a_head.a_dev; 570 struct bpf_d *d = dev->si_drv1; 571 int error = 0; 572 573 crit_enter(); 574 if (d->bd_state == BPF_WAITING) 575 callout_stop(&d->bd_callout); 576 d->bd_state = BPF_IDLE; 577 crit_exit(); 578 579 switch (ap->a_cmd) { 580 default: 581 error = EINVAL; 582 break; 583 584 /* 585 * Check for read packet available. 586 */ 587 case FIONREAD: 588 { 589 int n; 590 591 crit_enter(); 592 n = d->bd_slen; 593 if (d->bd_hbuf) 594 n += d->bd_hlen; 595 crit_exit(); 596 597 *(int *)ap->a_data = n; 598 break; 599 } 600 601 case SIOCGIFADDR: 602 { 603 struct ifnet *ifp; 604 605 if (d->bd_bif == NULL) { 606 error = EINVAL; 607 } else { 608 ifp = d->bd_bif->bif_ifp; 609 lwkt_serialize_enter(ifp->if_serializer); 610 error = ifp->if_ioctl(ifp, ap->a_cmd, 611 ap->a_data, ap->a_cred); 612 lwkt_serialize_exit(ifp->if_serializer); 613 } 614 break; 615 } 616 617 /* 618 * Get buffer len [for read()]. 619 */ 620 case BIOCGBLEN: 621 *(u_int *)ap->a_data = d->bd_bufsize; 622 break; 623 624 /* 625 * Set buffer length. 626 */ 627 case BIOCSBLEN: 628 if (d->bd_bif != NULL) { 629 error = EINVAL; 630 } else { 631 u_int size = *(u_int *)ap->a_data; 632 633 if (size > bpf_maxbufsize) 634 *(u_int *)ap->a_data = size = bpf_maxbufsize; 635 else if (size < BPF_MINBUFSIZE) 636 *(u_int *)ap->a_data = size = BPF_MINBUFSIZE; 637 d->bd_bufsize = size; 638 } 639 break; 640 641 /* 642 * Set link layer read filter. 643 */ 644 case BIOCSETF: 645 error = bpf_setf(d, (struct bpf_program *)ap->a_data); 646 break; 647 648 /* 649 * Flush read packet buffer. 650 */ 651 case BIOCFLUSH: 652 crit_enter(); 653 bpf_resetd(d); 654 crit_exit(); 655 break; 656 657 /* 658 * Put interface into promiscuous mode. 659 */ 660 case BIOCPROMISC: 661 if (d->bd_bif == NULL) { 662 /* 663 * No interface attached yet. 664 */ 665 error = EINVAL; 666 break; 667 } 668 crit_enter(); 669 if (d->bd_promisc == 0) { 670 error = ifpromisc(d->bd_bif->bif_ifp, 1); 671 if (error == 0) 672 d->bd_promisc = 1; 673 } 674 crit_exit(); 675 break; 676 677 /* 678 * Get device parameters. 679 */ 680 case BIOCGDLT: 681 if (d->bd_bif == NULL) 682 error = EINVAL; 683 else 684 *(u_int *)ap->a_data = d->bd_bif->bif_dlt; 685 break; 686 687 /* 688 * Get a list of supported data link types. 689 */ 690 case BIOCGDLTLIST: 691 if (d->bd_bif == NULL) { 692 error = EINVAL; 693 } else { 694 error = bpf_getdltlist(d, 695 (struct bpf_dltlist *)ap->a_data); 696 } 697 break; 698 699 /* 700 * Set data link type. 701 */ 702 case BIOCSDLT: 703 if (d->bd_bif == NULL) 704 error = EINVAL; 705 else 706 error = bpf_setdlt(d, *(u_int *)ap->a_data); 707 break; 708 709 /* 710 * Get interface name. 711 */ 712 case BIOCGETIF: 713 if (d->bd_bif == NULL) { 714 error = EINVAL; 715 } else { 716 struct ifnet *const ifp = d->bd_bif->bif_ifp; 717 struct ifreq *const ifr = (struct ifreq *)ap->a_data; 718 719 strlcpy(ifr->ifr_name, ifp->if_xname, 720 sizeof ifr->ifr_name); 721 } 722 break; 723 724 /* 725 * Set interface. 726 */ 727 case BIOCSETIF: 728 error = bpf_setif(d, (struct ifreq *)ap->a_data); 729 break; 730 731 /* 732 * Set read timeout. 733 */ 734 case BIOCSRTIMEOUT: 735 { 736 struct timeval *tv = (struct timeval *)ap->a_data; 737 738 /* 739 * Subtract 1 tick from tvtohz() since this isn't 740 * a one-shot timer. 741 */ 742 if ((error = itimerfix(tv)) == 0) 743 d->bd_rtout = tvtohz_low(tv); 744 break; 745 } 746 747 /* 748 * Get read timeout. 749 */ 750 case BIOCGRTIMEOUT: 751 { 752 struct timeval *tv = (struct timeval *)ap->a_data; 753 754 tv->tv_sec = d->bd_rtout / hz; 755 tv->tv_usec = (d->bd_rtout % hz) * tick; 756 break; 757 } 758 759 /* 760 * Get packet stats. 761 */ 762 case BIOCGSTATS: 763 { 764 struct bpf_stat *bs = (struct bpf_stat *)ap->a_data; 765 766 bs->bs_recv = d->bd_rcount; 767 bs->bs_drop = d->bd_dcount; 768 break; 769 } 770 771 /* 772 * Set immediate mode. 773 */ 774 case BIOCIMMEDIATE: 775 d->bd_immediate = *(u_int *)ap->a_data; 776 break; 777 778 case BIOCVERSION: 779 { 780 struct bpf_version *bv = (struct bpf_version *)ap->a_data; 781 782 bv->bv_major = BPF_MAJOR_VERSION; 783 bv->bv_minor = BPF_MINOR_VERSION; 784 break; 785 } 786 787 /* 788 * Get "header already complete" flag 789 */ 790 case BIOCGHDRCMPLT: 791 *(u_int *)ap->a_data = d->bd_hdrcmplt; 792 break; 793 794 /* 795 * Set "header already complete" flag 796 */ 797 case BIOCSHDRCMPLT: 798 d->bd_hdrcmplt = *(u_int *)ap->a_data ? 1 : 0; 799 break; 800 801 /* 802 * Get "see sent packets" flag 803 */ 804 case BIOCGSEESENT: 805 *(u_int *)ap->a_data = d->bd_seesent; 806 break; 807 808 /* 809 * Set "see sent packets" flag 810 */ 811 case BIOCSSEESENT: 812 d->bd_seesent = *(u_int *)ap->a_data; 813 break; 814 815 case FIOASYNC: /* Send signal on receive packets */ 816 d->bd_async = *(int *)ap->a_data; 817 break; 818 819 case FIOSETOWN: 820 error = fsetown(*(int *)ap->a_data, &d->bd_sigio); 821 break; 822 823 case FIOGETOWN: 824 *(int *)ap->a_data = fgetown(d->bd_sigio); 825 break; 826 827 /* This is deprecated, FIOSETOWN should be used instead. */ 828 case TIOCSPGRP: 829 error = fsetown(-(*(int *)ap->a_data), &d->bd_sigio); 830 break; 831 832 /* This is deprecated, FIOGETOWN should be used instead. */ 833 case TIOCGPGRP: 834 *(int *)ap->a_data = -fgetown(d->bd_sigio); 835 break; 836 837 case BIOCSRSIG: /* Set receive signal */ 838 { 839 u_int sig; 840 841 sig = *(u_int *)ap->a_data; 842 843 if (sig >= NSIG) 844 error = EINVAL; 845 else 846 d->bd_sig = sig; 847 break; 848 } 849 case BIOCGRSIG: 850 *(u_int *)ap->a_data = d->bd_sig; 851 break; 852 } 853 return(error); 854 } 855 856 /* 857 * Set d's packet filter program to fp. If this file already has a filter, 858 * free it and replace it. Returns EINVAL for bogus requests. 859 */ 860 static int 861 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 862 { 863 struct bpf_insn *fcode, *old; 864 u_int flen, size; 865 866 old = d->bd_filter; 867 if (fp->bf_insns == NULL) { 868 if (fp->bf_len != 0) 869 return(EINVAL); 870 crit_enter(); 871 d->bd_filter = NULL; 872 bpf_resetd(d); 873 crit_exit(); 874 if (old != NULL) 875 kfree(old, M_BPF); 876 return(0); 877 } 878 flen = fp->bf_len; 879 if (flen > BPF_MAXINSNS) 880 return(EINVAL); 881 882 size = flen * sizeof *fp->bf_insns; 883 fcode = (struct bpf_insn *)kmalloc(size, M_BPF, M_WAITOK); 884 if (copyin(fp->bf_insns, fcode, size) == 0 && 885 bpf_validate(fcode, (int)flen)) { 886 crit_enter(); 887 d->bd_filter = fcode; 888 bpf_resetd(d); 889 crit_exit(); 890 if (old != NULL) 891 kfree(old, M_BPF); 892 893 return(0); 894 } 895 kfree(fcode, M_BPF); 896 return(EINVAL); 897 } 898 899 /* 900 * Detach a file from its current interface (if attached at all) and attach 901 * to the interface indicated by the name stored in ifr. 902 * Return an errno or 0. 903 */ 904 static int 905 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 906 { 907 struct bpf_if *bp; 908 int error; 909 struct ifnet *theywant; 910 911 theywant = ifunit(ifr->ifr_name); 912 if (theywant == NULL) 913 return(ENXIO); 914 915 /* 916 * Look through attached interfaces for the named one. 917 */ 918 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 919 struct ifnet *ifp = bp->bif_ifp; 920 921 if (ifp == NULL || ifp != theywant) 922 continue; 923 /* skip additional entry */ 924 if (bp->bif_driverp != &ifp->if_bpf) 925 continue; 926 /* 927 * We found the requested interface. 928 * If it's not up, return an error. 929 * Allocate the packet buffers if we need to. 930 * If we're already attached to requested interface, 931 * just flush the buffer. 932 */ 933 if (!(ifp->if_flags & IFF_UP)) 934 return(ENETDOWN); 935 936 if (d->bd_sbuf == NULL) { 937 error = bpf_allocbufs(d); 938 if (error != 0) 939 return(error); 940 } 941 crit_enter(); 942 if (bp != d->bd_bif) { 943 if (d->bd_bif != NULL) { 944 /* 945 * Detach if attached to something else. 946 */ 947 bpf_detachd(d); 948 } 949 950 bpf_attachd(d, bp); 951 } 952 bpf_resetd(d); 953 crit_exit(); 954 return(0); 955 } 956 957 /* Not found. */ 958 return(ENXIO); 959 } 960 961 /* 962 * Support for select() and poll() system calls 963 * 964 * Return true iff the specific operation will not block indefinitely. 965 * Otherwise, return false but make a note that a selwakeup() must be done. 966 */ 967 int 968 bpfpoll(struct dev_poll_args *ap) 969 { 970 cdev_t dev = ap->a_head.a_dev; 971 struct bpf_d *d; 972 int revents; 973 974 d = dev->si_drv1; 975 if (d->bd_bif == NULL) 976 return(ENXIO); 977 978 revents = ap->a_events & (POLLOUT | POLLWRNORM); 979 crit_enter(); 980 if (ap->a_events & (POLLIN | POLLRDNORM)) { 981 /* 982 * An imitation of the FIONREAD ioctl code. 983 * XXX not quite. An exact imitation: 984 * if (d->b_slen != 0 || 985 * (d->bd_hbuf != NULL && d->bd_hlen != 0) 986 */ 987 if (d->bd_hlen != 0 || 988 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 989 d->bd_slen != 0)) { 990 revents |= ap->a_events & (POLLIN | POLLRDNORM); 991 } else { 992 selrecord(curthread, &d->bd_sel); 993 /* Start the read timeout if necessary. */ 994 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 995 callout_reset(&d->bd_callout, d->bd_rtout, 996 bpf_timed_out, d); 997 d->bd_state = BPF_WAITING; 998 } 999 } 1000 } 1001 crit_exit(); 1002 ap->a_events = revents; 1003 return(0); 1004 } 1005 1006 /* 1007 * Process the packet pkt of length pktlen. The packet is parsed 1008 * by each listener's filter, and if accepted, stashed into the 1009 * corresponding buffer. 1010 */ 1011 void 1012 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1013 { 1014 struct bpf_d *d; 1015 struct timeval tv; 1016 int gottime = 0; 1017 u_int slen; 1018 1019 /* 1020 * Note that the ipl does not have to be raised at this point. 1021 * The only problem that could arise here is that if two different 1022 * interfaces shared any data. This is not the case. 1023 */ 1024 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1025 ++d->bd_rcount; 1026 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1027 if (slen != 0) { 1028 if (!gottime) { 1029 microtime(&tv); 1030 gottime = 1; 1031 } 1032 catchpacket(d, pkt, pktlen, slen, ovbcopy, &tv); 1033 } 1034 } 1035 } 1036 1037 /* 1038 * Copy data from an mbuf chain into a buffer. This code is derived 1039 * from m_copydata in sys/uipc_mbuf.c. 1040 */ 1041 static void 1042 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1043 { 1044 const struct mbuf *m; 1045 u_int count; 1046 u_char *dst; 1047 1048 m = src_arg; 1049 dst = dst_arg; 1050 while (len > 0) { 1051 if (m == NULL) 1052 panic("bpf_mcopy"); 1053 count = min(m->m_len, len); 1054 bcopy(mtod(m, void *), dst, count); 1055 m = m->m_next; 1056 dst += count; 1057 len -= count; 1058 } 1059 } 1060 1061 /* 1062 * Process the packet in the mbuf chain m. The packet is parsed by each 1063 * listener's filter, and if accepted, stashed into the corresponding 1064 * buffer. 1065 */ 1066 void 1067 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1068 { 1069 struct bpf_d *d; 1070 u_int pktlen, slen; 1071 struct timeval tv; 1072 int gottime = 0; 1073 1074 /* Don't compute pktlen, if no descriptor is attached. */ 1075 if (SLIST_EMPTY(&bp->bif_dlist)) 1076 return; 1077 1078 pktlen = m_lengthm(m, NULL); 1079 1080 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1081 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1082 continue; 1083 ++d->bd_rcount; 1084 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1085 if (slen != 0) { 1086 if (!gottime) { 1087 microtime(&tv); 1088 gottime = 1; 1089 } 1090 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy, 1091 &tv); 1092 } 1093 } 1094 } 1095 1096 void 1097 bpf_mtap_family(struct bpf_if *bp, struct mbuf *m, sa_family_t family) 1098 { 1099 u_int family4; 1100 1101 KKASSERT(family != AF_UNSPEC); 1102 1103 family4 = (u_int)family; 1104 bpf_ptap(bp, m, &family4, sizeof(family4)); 1105 } 1106 1107 /* 1108 * Process the packet in the mbuf chain m with the header in m prepended. 1109 * The packet is parsed by each listener's filter, and if accepted, 1110 * stashed into the corresponding buffer. 1111 */ 1112 void 1113 bpf_ptap(struct bpf_if *bp, struct mbuf *m, const void *data, u_int dlen) 1114 { 1115 struct mbuf mb; 1116 1117 /* 1118 * Craft on-stack mbuf suitable for passing to bpf_mtap. 1119 * Note that we cut corners here; we only setup what's 1120 * absolutely needed--this mbuf should never go anywhere else. 1121 */ 1122 mb.m_next = m; 1123 mb.m_data = __DECONST(void *, data); /* LINTED */ 1124 mb.m_len = dlen; 1125 mb.m_pkthdr.rcvif = m->m_pkthdr.rcvif; 1126 1127 bpf_mtap(bp, &mb); 1128 } 1129 1130 /* 1131 * Move the packet data from interface memory (pkt) into the 1132 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1133 * otherwise 0. "copy" is the routine called to do the actual data 1134 * transfer. bcopy is passed in to copy contiguous chunks, while 1135 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1136 * pkt is really an mbuf. 1137 */ 1138 static void 1139 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1140 void (*cpfn)(const void *, void *, size_t), 1141 const struct timeval *tv) 1142 { 1143 struct bpf_hdr *hp; 1144 int totlen, curlen; 1145 int hdrlen = d->bd_bif->bif_hdrlen; 1146 /* 1147 * Figure out how many bytes to move. If the packet is 1148 * greater or equal to the snapshot length, transfer that 1149 * much. Otherwise, transfer the whole packet (unless 1150 * we hit the buffer size limit). 1151 */ 1152 totlen = hdrlen + min(snaplen, pktlen); 1153 if (totlen > d->bd_bufsize) 1154 totlen = d->bd_bufsize; 1155 1156 /* 1157 * Round up the end of the previous packet to the next longword. 1158 */ 1159 curlen = BPF_WORDALIGN(d->bd_slen); 1160 if (curlen + totlen > d->bd_bufsize) { 1161 /* 1162 * This packet will overflow the storage buffer. 1163 * Rotate the buffers if we can, then wakeup any 1164 * pending reads. 1165 */ 1166 if (d->bd_fbuf == NULL) { 1167 /* 1168 * We haven't completed the previous read yet, 1169 * so drop the packet. 1170 */ 1171 ++d->bd_dcount; 1172 return; 1173 } 1174 ROTATE_BUFFERS(d); 1175 bpf_wakeup(d); 1176 curlen = 0; 1177 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1178 /* 1179 * Immediate mode is set, or the read timeout has 1180 * already expired during a select call. A packet 1181 * arrived, so the reader should be woken up. 1182 */ 1183 bpf_wakeup(d); 1184 } 1185 1186 /* 1187 * Append the bpf header. 1188 */ 1189 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1190 hp->bh_tstamp = *tv; 1191 hp->bh_datalen = pktlen; 1192 hp->bh_hdrlen = hdrlen; 1193 /* 1194 * Copy the packet data into the store buffer and update its length. 1195 */ 1196 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1197 d->bd_slen = curlen + totlen; 1198 } 1199 1200 /* 1201 * Initialize all nonzero fields of a descriptor. 1202 */ 1203 static int 1204 bpf_allocbufs(struct bpf_d *d) 1205 { 1206 d->bd_fbuf = kmalloc(d->bd_bufsize, M_BPF, M_WAITOK); 1207 d->bd_sbuf = kmalloc(d->bd_bufsize, M_BPF, M_WAITOK); 1208 d->bd_slen = 0; 1209 d->bd_hlen = 0; 1210 return(0); 1211 } 1212 1213 /* 1214 * Free buffers and packet filter program currently in use by a descriptor. 1215 * Called on close. 1216 */ 1217 static void 1218 bpf_freed(struct bpf_d *d) 1219 { 1220 /* 1221 * We don't need to lock out interrupts since this descriptor has 1222 * been detached from its interface and it yet hasn't been marked 1223 * free. 1224 */ 1225 if (d->bd_sbuf != NULL) { 1226 kfree(d->bd_sbuf, M_BPF); 1227 if (d->bd_hbuf != NULL) 1228 kfree(d->bd_hbuf, M_BPF); 1229 if (d->bd_fbuf != NULL) 1230 kfree(d->bd_fbuf, M_BPF); 1231 } 1232 if (d->bd_filter != NULL) 1233 kfree(d->bd_filter, M_BPF); 1234 } 1235 1236 /* 1237 * Attach an interface to bpf. ifp is a pointer to the structure 1238 * defining the interface to be attached, dlt is the link layer type, 1239 * and hdrlen is the fixed size of the link header (variable length 1240 * headers are not yet supported). 1241 */ 1242 void 1243 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1244 { 1245 bpfattach_dlt(ifp, dlt, hdrlen, &ifp->if_bpf); 1246 } 1247 1248 void 1249 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1250 { 1251 struct bpf_if *bp; 1252 1253 bp = kmalloc(sizeof *bp, M_BPF, M_WAITOK | M_ZERO); 1254 1255 SLIST_INIT(&bp->bif_dlist); 1256 bp->bif_ifp = ifp; 1257 bp->bif_dlt = dlt; 1258 bp->bif_driverp = driverp; 1259 *bp->bif_driverp = NULL; 1260 1261 bp->bif_next = bpf_iflist; 1262 bpf_iflist = bp; 1263 1264 /* 1265 * Compute the length of the bpf header. This is not necessarily 1266 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1267 * that the network layer header begins on a longword boundary (for 1268 * performance reasons and to alleviate alignment restrictions). 1269 */ 1270 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1271 1272 if (bootverbose) 1273 if_printf(ifp, "bpf attached\n"); 1274 } 1275 1276 /* 1277 * Detach bpf from an interface. This involves detaching each descriptor 1278 * associated with the interface, and leaving bd_bif NULL. Notify each 1279 * descriptor as it's detached so that any sleepers wake up and get 1280 * ENXIO. 1281 */ 1282 void 1283 bpfdetach(struct ifnet *ifp) 1284 { 1285 struct bpf_if *bp, *bp_prev; 1286 struct bpf_d *d; 1287 1288 crit_enter(); 1289 1290 /* Locate BPF interface information */ 1291 bp_prev = NULL; 1292 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1293 if (ifp == bp->bif_ifp) 1294 break; 1295 bp_prev = bp; 1296 } 1297 1298 /* Interface wasn't attached */ 1299 if (bp->bif_ifp == NULL) { 1300 crit_exit(); 1301 kprintf("bpfdetach: %s was not attached\n", ifp->if_xname); 1302 return; 1303 } 1304 1305 while ((d = SLIST_FIRST(&bp->bif_dlist)) != NULL) { 1306 bpf_detachd(d); 1307 bpf_wakeup(d); 1308 } 1309 1310 if (bp_prev != NULL) 1311 bp_prev->bif_next = bp->bif_next; 1312 else 1313 bpf_iflist = bp->bif_next; 1314 1315 kfree(bp, M_BPF); 1316 1317 crit_exit(); 1318 } 1319 1320 /* 1321 * Get a list of available data link type of the interface. 1322 */ 1323 static int 1324 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1325 { 1326 int n, error; 1327 struct ifnet *ifp; 1328 struct bpf_if *bp; 1329 1330 ifp = d->bd_bif->bif_ifp; 1331 n = 0; 1332 error = 0; 1333 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1334 if (bp->bif_ifp != ifp) 1335 continue; 1336 if (bfl->bfl_list != NULL) { 1337 if (n >= bfl->bfl_len) { 1338 return (ENOMEM); 1339 } 1340 error = copyout(&bp->bif_dlt, 1341 bfl->bfl_list + n, sizeof(u_int)); 1342 } 1343 n++; 1344 } 1345 bfl->bfl_len = n; 1346 return(error); 1347 } 1348 1349 /* 1350 * Set the data link type of a BPF instance. 1351 */ 1352 static int 1353 bpf_setdlt(struct bpf_d *d, u_int dlt) 1354 { 1355 int error, opromisc; 1356 struct ifnet *ifp; 1357 struct bpf_if *bp; 1358 1359 if (d->bd_bif->bif_dlt == dlt) 1360 return (0); 1361 ifp = d->bd_bif->bif_ifp; 1362 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1363 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1364 break; 1365 } 1366 if (bp != NULL) { 1367 opromisc = d->bd_promisc; 1368 crit_enter(); 1369 bpf_detachd(d); 1370 bpf_attachd(d, bp); 1371 bpf_resetd(d); 1372 if (opromisc) { 1373 error = ifpromisc(bp->bif_ifp, 1); 1374 if (error) { 1375 if_printf(bp->bif_ifp, 1376 "bpf_setdlt: ifpromisc failed (%d)\n", 1377 error); 1378 } else { 1379 d->bd_promisc = 1; 1380 } 1381 } 1382 crit_exit(); 1383 } 1384 return(bp == NULL ? EINVAL : 0); 1385 } 1386 1387 static void 1388 bpf_drvinit(void *unused) 1389 { 1390 dev_ops_add(&bpf_ops, 0, 0); 1391 } 1392 1393 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL) 1394 1395 #else /* !BPF */ 1396 /* 1397 * NOP stubs to allow bpf-using drivers to load and function. 1398 * 1399 * A 'better' implementation would allow the core bpf functionality 1400 * to be loaded at runtime. 1401 */ 1402 1403 void 1404 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1405 { 1406 } 1407 1408 void 1409 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1410 { 1411 } 1412 1413 void 1414 bpf_ptap(struct bpf_if *bp, struct mbuf *m, const void *data, u_int dlen) 1415 { 1416 } 1417 1418 void 1419 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1420 { 1421 } 1422 1423 void 1424 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1425 { 1426 } 1427 1428 void 1429 bpfdetach(struct ifnet *ifp) 1430 { 1431 } 1432 1433 u_int 1434 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1435 { 1436 return -1; /* "no filter" behaviour */ 1437 } 1438 1439 #endif /* !BPF */ 1440