1 /* $NetBSD: bpf.c,v 1.82 2003/06/29 22:31:49 fvdl Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 41 * static char rcsid[] = 42 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 43 */ 44 45 #include <sys/cdefs.h> 46 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.82 2003/06/29 22:31:49 fvdl Exp $"); 47 48 #include "bpfilter.h" 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 61 #include <sys/file.h> 62 #include <sys/tty.h> 63 #include <sys/uio.h> 64 65 #include <sys/protosw.h> 66 #include <sys/socket.h> 67 #include <sys/errno.h> 68 #include <sys/kernel.h> 69 #include <sys/poll.h> 70 71 #include <net/if.h> 72 73 #include <net/bpf.h> 74 #include <net/bpfdesc.h> 75 76 #include <net/if_arc.h> 77 #include <net/if_ether.h> 78 79 #include <netinet/in.h> 80 #include <netinet/if_inarp.h> 81 82 #if defined(_KERNEL_OPT) 83 #include "bpf.h" 84 #endif 85 86 #ifndef BPF_BUFSIZE 87 # define BPF_BUFSIZE 8192 /* 4096 too small for FDDI frames */ 88 #endif 89 90 #define PRINET 26 /* interruptible */ 91 92 /* 93 * The default read buffer size is patchable. 94 */ 95 int bpf_bufsize = BPF_BUFSIZE; 96 97 /* 98 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 99 * bpf_dtab holds the descriptors, indexed by minor device # 100 */ 101 struct bpf_if *bpf_iflist; 102 struct bpf_d bpf_dtab[NBPFILTER]; 103 104 static int bpf_allocbufs __P((struct bpf_d *)); 105 static void bpf_freed __P((struct bpf_d *)); 106 static void bpf_ifname __P((struct ifnet *, struct ifreq *)); 107 static void *bpf_mcpy __P((void *, const void *, size_t)); 108 static int bpf_movein __P((struct uio *, int, int, 109 struct mbuf **, struct sockaddr *)); 110 static void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 111 static void bpf_detachd __P((struct bpf_d *)); 112 static int bpf_setif __P((struct bpf_d *, struct ifreq *)); 113 static __inline void 114 bpf_wakeup __P((struct bpf_d *)); 115 static void catchpacket __P((struct bpf_d *, u_char *, u_int, u_int, 116 void *(*)(void *, const void *, size_t))); 117 static void reset_d __P((struct bpf_d *)); 118 static int bpf_getdltlist __P((struct bpf_d *, struct bpf_dltlist *)); 119 static int bpf_setdlt __P((struct bpf_d *, u_int)); 120 121 dev_type_open(bpfopen); 122 dev_type_close(bpfclose); 123 dev_type_read(bpfread); 124 dev_type_write(bpfwrite); 125 dev_type_ioctl(bpfioctl); 126 dev_type_poll(bpfpoll); 127 dev_type_kqfilter(bpfkqfilter); 128 129 const struct cdevsw bpf_cdevsw = { 130 bpfopen, bpfclose, bpfread, bpfwrite, bpfioctl, 131 nostop, notty, bpfpoll, nommap, bpfkqfilter, 132 }; 133 134 static int 135 bpf_movein(uio, linktype, mtu, mp, sockp) 136 struct uio *uio; 137 int linktype; 138 int mtu; 139 struct mbuf **mp; 140 struct sockaddr *sockp; 141 { 142 struct mbuf *m; 143 int error; 144 int len; 145 int hlen; 146 int align; 147 148 /* 149 * Build a sockaddr based on the data link layer type. 150 * We do this at this level because the ethernet header 151 * is copied directly into the data field of the sockaddr. 152 * In the case of SLIP, there is no header and the packet 153 * is forwarded as is. 154 * Also, we are careful to leave room at the front of the mbuf 155 * for the link level header. 156 */ 157 switch (linktype) { 158 159 case DLT_SLIP: 160 sockp->sa_family = AF_INET; 161 hlen = 0; 162 align = 0; 163 break; 164 165 case DLT_PPP: 166 sockp->sa_family = AF_UNSPEC; 167 hlen = 0; 168 align = 0; 169 break; 170 171 case DLT_EN10MB: 172 sockp->sa_family = AF_UNSPEC; 173 /* XXX Would MAXLINKHDR be better? */ 174 /* 6(dst)+6(src)+2(type) */ 175 hlen = sizeof(struct ether_header); 176 align = 2; 177 break; 178 179 case DLT_ARCNET: 180 sockp->sa_family = AF_UNSPEC; 181 hlen = ARC_HDRLEN; 182 align = 5; 183 break; 184 185 case DLT_FDDI: 186 sockp->sa_family = AF_LINK; 187 /* XXX 4(FORMAC)+6(dst)+6(src) */ 188 hlen = 16; 189 align = 0; 190 break; 191 192 case DLT_ECONET: 193 sockp->sa_family = AF_UNSPEC; 194 hlen = 6; 195 align = 2; 196 break; 197 198 case DLT_NULL: 199 sockp->sa_family = AF_UNSPEC; 200 hlen = 0; 201 align = 0; 202 break; 203 204 default: 205 return (EIO); 206 } 207 208 len = uio->uio_resid; 209 /* 210 * If there aren't enough bytes for a link level header or the 211 * packet length exceeds the interface mtu, return an error. 212 */ 213 if (len < hlen || len - hlen > mtu) 214 return (EMSGSIZE); 215 216 /* 217 * XXX Avoid complicated buffer chaining --- 218 * bail if it won't fit in a single mbuf. 219 * (Take into account possible alignment bytes) 220 */ 221 if ((unsigned)len > MCLBYTES - align) 222 return (EIO); 223 224 m = m_gethdr(M_WAIT, MT_DATA); 225 m->m_pkthdr.rcvif = 0; 226 m->m_pkthdr.len = len - hlen; 227 if (len > MHLEN - align) { 228 m_clget(m, M_WAIT); 229 if ((m->m_flags & M_EXT) == 0) { 230 error = ENOBUFS; 231 goto bad; 232 } 233 } 234 235 /* Insure the data is properly aligned */ 236 if (align > 0) { 237 m->m_data += align; 238 m->m_len -= align; 239 } 240 241 error = uiomove(mtod(m, caddr_t), len, uio); 242 if (error) 243 goto bad; 244 if (hlen != 0) { 245 memcpy(sockp->sa_data, mtod(m, caddr_t), hlen); 246 m->m_data += hlen; /* XXX */ 247 len -= hlen; 248 } 249 m->m_len = len; 250 *mp = m; 251 return (0); 252 253 bad: 254 m_freem(m); 255 return (error); 256 } 257 258 /* 259 * Attach file to the bpf interface, i.e. make d listen on bp. 260 * Must be called at splnet. 261 */ 262 static void 263 bpf_attachd(d, bp) 264 struct bpf_d *d; 265 struct bpf_if *bp; 266 { 267 /* 268 * Point d at bp, and add d to the interface's list of listeners. 269 * Finally, point the driver's bpf cookie at the interface so 270 * it will divert packets to bpf. 271 */ 272 d->bd_bif = bp; 273 d->bd_next = bp->bif_dlist; 274 bp->bif_dlist = d; 275 276 *bp->bif_driverp = bp; 277 } 278 279 /* 280 * Detach a file from its interface. 281 */ 282 static void 283 bpf_detachd(d) 284 struct bpf_d *d; 285 { 286 struct bpf_d **p; 287 struct bpf_if *bp; 288 289 bp = d->bd_bif; 290 /* 291 * Check if this descriptor had requested promiscuous mode. 292 * If so, turn it off. 293 */ 294 if (d->bd_promisc) { 295 int error; 296 297 d->bd_promisc = 0; 298 /* 299 * Take device out of promiscuous mode. Since we were 300 * able to enter promiscuous mode, we should be able 301 * to turn it off. But we can get an error if 302 * the interface was configured down, so only panic 303 * if we don't get an unexpected error. 304 */ 305 error = ifpromisc(bp->bif_ifp, 0); 306 if (error && error != EINVAL) 307 panic("bpf: ifpromisc failed"); 308 } 309 /* Remove d from the interface's descriptor list. */ 310 p = &bp->bif_dlist; 311 while (*p != d) { 312 p = &(*p)->bd_next; 313 if (*p == 0) 314 panic("bpf_detachd: descriptor not in list"); 315 } 316 *p = (*p)->bd_next; 317 if (bp->bif_dlist == 0) 318 /* 319 * Let the driver know that there are no more listeners. 320 */ 321 *d->bd_bif->bif_driverp = 0; 322 d->bd_bif = 0; 323 } 324 325 326 /* 327 * Mark a descriptor free by making it point to itself. 328 * This is probably cheaper than marking with a constant since 329 * the address should be in a register anyway. 330 */ 331 #define D_ISFREE(d) ((d) == (d)->bd_next) 332 #define D_MARKFREE(d) ((d)->bd_next = (d)) 333 #define D_MARKUSED(d) ((d)->bd_next = 0) 334 335 /* 336 * bpfilterattach() is called at boot time. 337 */ 338 /* ARGSUSED */ 339 void 340 bpfilterattach(n) 341 int n; 342 { 343 int i; 344 /* 345 * Mark all the descriptors free. 346 */ 347 for (i = 0; i < NBPFILTER; ++i) 348 D_MARKFREE(&bpf_dtab[i]); 349 350 } 351 352 /* 353 * Open ethernet device. Returns ENXIO for illegal minor device number, 354 * EBUSY if file is open by another process. 355 */ 356 /* ARGSUSED */ 357 int 358 bpfopen(dev, flag, mode, p) 359 dev_t dev; 360 int flag; 361 int mode; 362 struct proc *p; 363 { 364 struct bpf_d *d; 365 366 if (minor(dev) >= NBPFILTER) 367 return (ENXIO); 368 /* 369 * Each minor can be opened by only one process. If the requested 370 * minor is in use, return EBUSY. 371 */ 372 d = &bpf_dtab[minor(dev)]; 373 if (!D_ISFREE(d)) 374 return (EBUSY); 375 376 /* Mark "free" and do most initialization. */ 377 memset((char *)d, 0, sizeof(*d)); 378 d->bd_bufsize = bpf_bufsize; 379 380 return (0); 381 } 382 383 /* 384 * Close the descriptor by detaching it from its interface, 385 * deallocating its buffers, and marking it free. 386 */ 387 /* ARGSUSED */ 388 int 389 bpfclose(dev, flag, mode, p) 390 dev_t dev; 391 int flag; 392 int mode; 393 struct proc *p; 394 { 395 struct bpf_d *d = &bpf_dtab[minor(dev)]; 396 int s; 397 398 s = splnet(); 399 if (d->bd_bif) 400 bpf_detachd(d); 401 splx(s); 402 bpf_freed(d); 403 404 return (0); 405 } 406 407 /* 408 * Rotate the packet buffers in descriptor d. Move the store buffer 409 * into the hold slot, and the free buffer into the store slot. 410 * Zero the length of the new store buffer. 411 */ 412 #define ROTATE_BUFFERS(d) \ 413 (d)->bd_hbuf = (d)->bd_sbuf; \ 414 (d)->bd_hlen = (d)->bd_slen; \ 415 (d)->bd_sbuf = (d)->bd_fbuf; \ 416 (d)->bd_slen = 0; \ 417 (d)->bd_fbuf = 0; 418 /* 419 * bpfread - read next chunk of packets from buffers 420 */ 421 int 422 bpfread(dev, uio, ioflag) 423 dev_t dev; 424 struct uio *uio; 425 int ioflag; 426 { 427 struct bpf_d *d = &bpf_dtab[minor(dev)]; 428 int error; 429 int s; 430 431 /* 432 * Restrict application to use a buffer the same size as 433 * as kernel buffers. 434 */ 435 if (uio->uio_resid != d->bd_bufsize) 436 return (EINVAL); 437 438 s = splnet(); 439 /* 440 * If the hold buffer is empty, then do a timed sleep, which 441 * ends when the timeout expires or when enough packets 442 * have arrived to fill the store buffer. 443 */ 444 while (d->bd_hbuf == 0) { 445 if (d->bd_immediate) { 446 if (d->bd_slen == 0) { 447 splx(s); 448 return (EWOULDBLOCK); 449 } 450 /* 451 * A packet(s) either arrived since the previous 452 * read or arrived while we were asleep. 453 * Rotate the buffers and return what's here. 454 */ 455 ROTATE_BUFFERS(d); 456 break; 457 } 458 if (d->bd_rtout != -1) 459 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 460 d->bd_rtout); 461 else { 462 if (d->bd_rtout == -1) { 463 /* User requested non-blocking I/O */ 464 error = EWOULDBLOCK; 465 } else 466 error = 0; 467 } 468 if (error == EINTR || error == ERESTART) { 469 splx(s); 470 return (error); 471 } 472 if (error == EWOULDBLOCK) { 473 /* 474 * On a timeout, return what's in the buffer, 475 * which may be nothing. If there is something 476 * in the store buffer, we can rotate the buffers. 477 */ 478 if (d->bd_hbuf) 479 /* 480 * We filled up the buffer in between 481 * getting the timeout and arriving 482 * here, so we don't need to rotate. 483 */ 484 break; 485 486 if (d->bd_slen == 0) { 487 splx(s); 488 return (0); 489 } 490 ROTATE_BUFFERS(d); 491 break; 492 } 493 if (error != 0) 494 goto done; 495 } 496 /* 497 * At this point, we know we have something in the hold slot. 498 */ 499 splx(s); 500 501 /* 502 * Move data from hold buffer into user space. 503 * We know the entire buffer is transferred since 504 * we checked above that the read buffer is bpf_bufsize bytes. 505 */ 506 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 507 508 s = splnet(); 509 d->bd_fbuf = d->bd_hbuf; 510 d->bd_hbuf = 0; 511 d->bd_hlen = 0; 512 done: 513 splx(s); 514 return (error); 515 } 516 517 518 /* 519 * If there are processes sleeping on this descriptor, wake them up. 520 */ 521 static __inline void 522 bpf_wakeup(d) 523 struct bpf_d *d; 524 { 525 struct proc *p; 526 527 wakeup((caddr_t)d); 528 if (d->bd_async) { 529 if (d->bd_pgid > 0) 530 gsignal (d->bd_pgid, SIGIO); 531 else if (d->bd_pgid && (p = pfind (-d->bd_pgid)) != NULL) 532 psignal (p, SIGIO); 533 } 534 535 selnotify(&d->bd_sel, 0); 536 /* XXX */ 537 d->bd_sel.sel_pid = 0; 538 } 539 540 int 541 bpfwrite(dev, uio, ioflag) 542 dev_t dev; 543 struct uio *uio; 544 int ioflag; 545 { 546 struct bpf_d *d = &bpf_dtab[minor(dev)]; 547 struct ifnet *ifp; 548 struct mbuf *m; 549 int error, s; 550 static struct sockaddr_storage dst; 551 552 if (d->bd_bif == 0) 553 return (ENXIO); 554 555 ifp = d->bd_bif->bif_ifp; 556 557 if (uio->uio_resid == 0) 558 return (0); 559 560 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 561 (struct sockaddr *) &dst); 562 if (error) 563 return (error); 564 565 if (m->m_pkthdr.len > ifp->if_mtu) 566 return (EMSGSIZE); 567 568 if (d->bd_hdrcmplt) 569 dst.ss_family = pseudo_AF_HDRCMPLT; 570 571 s = splsoftnet(); 572 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 573 splx(s); 574 /* 575 * The driver frees the mbuf. 576 */ 577 return (error); 578 } 579 580 /* 581 * Reset a descriptor by flushing its packet buffer and clearing the 582 * receive and drop counts. Should be called at splnet. 583 */ 584 static void 585 reset_d(d) 586 struct bpf_d *d; 587 { 588 if (d->bd_hbuf) { 589 /* Free the hold buffer. */ 590 d->bd_fbuf = d->bd_hbuf; 591 d->bd_hbuf = 0; 592 } 593 d->bd_slen = 0; 594 d->bd_hlen = 0; 595 d->bd_rcount = 0; 596 d->bd_dcount = 0; 597 } 598 599 #ifdef BPF_KERN_FILTER 600 extern struct bpf_insn *bpf_tcp_filter; 601 extern struct bpf_insn *bpf_udp_filter; 602 #endif 603 604 /* 605 * FIONREAD Check for read packet available. 606 * BIOCGBLEN Get buffer len [for read()]. 607 * BIOCSETF Set ethernet read filter. 608 * BIOCFLUSH Flush read packet buffer. 609 * BIOCPROMISC Put interface into promiscuous mode. 610 * BIOCGDLT Get link layer type. 611 * BIOCGETIF Get interface name. 612 * BIOCSETIF Set interface. 613 * BIOCSRTIMEOUT Set read timeout. 614 * BIOCGRTIMEOUT Get read timeout. 615 * BIOCGSTATS Get packet stats. 616 * BIOCIMMEDIATE Set immediate mode. 617 * BIOCVERSION Get filter language version. 618 * BIOGHDRCMPLT Get "header already complete" flag. 619 * BIOSHDRCMPLT Set "header already complete" flag. 620 */ 621 /* ARGSUSED */ 622 int 623 bpfioctl(dev, cmd, addr, flag, p) 624 dev_t dev; 625 u_long cmd; 626 caddr_t addr; 627 int flag; 628 struct proc *p; 629 { 630 struct bpf_d *d = &bpf_dtab[minor(dev)]; 631 int s, error = 0; 632 pid_t pgid; 633 #ifdef BPF_KERN_FILTER 634 struct bpf_insn **p; 635 #endif 636 637 switch (cmd) { 638 639 default: 640 error = EINVAL; 641 break; 642 643 /* 644 * Check for read packet available. 645 */ 646 case FIONREAD: 647 { 648 int n; 649 650 s = splnet(); 651 n = d->bd_slen; 652 if (d->bd_hbuf) 653 n += d->bd_hlen; 654 splx(s); 655 656 *(int *)addr = n; 657 break; 658 } 659 660 /* 661 * Get buffer len [for read()]. 662 */ 663 case BIOCGBLEN: 664 *(u_int *)addr = d->bd_bufsize; 665 break; 666 667 /* 668 * Set buffer length. 669 */ 670 case BIOCSBLEN: 671 if (d->bd_bif != 0) 672 error = EINVAL; 673 else { 674 u_int size = *(u_int *)addr; 675 676 if (size > BPF_MAXBUFSIZE) 677 *(u_int *)addr = size = BPF_MAXBUFSIZE; 678 else if (size < BPF_MINBUFSIZE) 679 *(u_int *)addr = size = BPF_MINBUFSIZE; 680 d->bd_bufsize = size; 681 } 682 break; 683 684 /* 685 * Set link layer read filter. 686 */ 687 case BIOCSETF: 688 error = bpf_setf(d, (struct bpf_program *)addr); 689 break; 690 691 #ifdef BPF_KERN_FILTER 692 /* 693 * Set TCP or UDP reject filter. 694 */ 695 case BIOCSTCPF: 696 case BIOCSUDPF: 697 if (!suser()) { 698 error = EPERM; 699 break; 700 } 701 702 /* Validate and store filter */ 703 error = bpf_setf(d, (struct bpf_program *)addr); 704 705 /* Free possible old filter */ 706 if (cmd == BIOCSTCPF) 707 p = &bpf_tcp_filter; 708 else 709 p = &bpf_udp_filter; 710 if (*p != NULL) 711 free((caddr_t)*p, M_DEVBUF); 712 713 /* Steal new filter (noop if error) */ 714 s = splnet(); 715 *p = d->bd_filter; 716 d->bd_filter = NULL; 717 splx(s); 718 break; 719 #endif 720 721 /* 722 * Flush read packet buffer. 723 */ 724 case BIOCFLUSH: 725 s = splnet(); 726 reset_d(d); 727 splx(s); 728 break; 729 730 /* 731 * Put interface into promiscuous mode. 732 */ 733 case BIOCPROMISC: 734 if (d->bd_bif == 0) { 735 /* 736 * No interface attached yet. 737 */ 738 error = EINVAL; 739 break; 740 } 741 s = splnet(); 742 if (d->bd_promisc == 0) { 743 error = ifpromisc(d->bd_bif->bif_ifp, 1); 744 if (error == 0) 745 d->bd_promisc = 1; 746 } 747 splx(s); 748 break; 749 750 /* 751 * Get device parameters. 752 */ 753 case BIOCGDLT: 754 if (d->bd_bif == 0) 755 error = EINVAL; 756 else 757 *(u_int *)addr = d->bd_bif->bif_dlt; 758 break; 759 760 /* 761 * Get a list of supported device parameters. 762 */ 763 case BIOCGDLTLIST: 764 if (d->bd_bif == 0) 765 error = EINVAL; 766 else 767 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 768 break; 769 770 /* 771 * Set device parameters. 772 */ 773 case BIOCSDLT: 774 if (d->bd_bif == 0) 775 error = EINVAL; 776 else 777 error = bpf_setdlt(d, *(u_int *)addr); 778 break; 779 780 /* 781 * Set interface name. 782 */ 783 case BIOCGETIF: 784 if (d->bd_bif == 0) 785 error = EINVAL; 786 else 787 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 788 break; 789 790 /* 791 * Set interface. 792 */ 793 case BIOCSETIF: 794 error = bpf_setif(d, (struct ifreq *)addr); 795 break; 796 797 /* 798 * Set read timeout. 799 */ 800 case BIOCSRTIMEOUT: 801 { 802 struct timeval *tv = (struct timeval *)addr; 803 804 /* Compute number of ticks. */ 805 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 806 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 807 d->bd_rtout = 1; 808 break; 809 } 810 811 /* 812 * Get read timeout. 813 */ 814 case BIOCGRTIMEOUT: 815 { 816 struct timeval *tv = (struct timeval *)addr; 817 818 tv->tv_sec = d->bd_rtout / hz; 819 tv->tv_usec = (d->bd_rtout % hz) * tick; 820 break; 821 } 822 823 /* 824 * Get packet stats. 825 */ 826 case BIOCGSTATS: 827 { 828 struct bpf_stat *bs = (struct bpf_stat *)addr; 829 830 bs->bs_recv = d->bd_rcount; 831 bs->bs_drop = d->bd_dcount; 832 break; 833 } 834 835 /* 836 * Set immediate mode. 837 */ 838 case BIOCIMMEDIATE: 839 d->bd_immediate = *(u_int *)addr; 840 break; 841 842 case BIOCVERSION: 843 { 844 struct bpf_version *bv = (struct bpf_version *)addr; 845 846 bv->bv_major = BPF_MAJOR_VERSION; 847 bv->bv_minor = BPF_MINOR_VERSION; 848 break; 849 } 850 851 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 852 *(u_int *)addr = d->bd_hdrcmplt; 853 break; 854 855 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 856 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 857 break; 858 859 case FIONBIO: /* Non-blocking I/O */ 860 if (*(int *)addr) 861 d->bd_rtout = -1; 862 else 863 d->bd_rtout = 0; 864 break; 865 866 case FIOASYNC: /* Send signal on receive packets */ 867 d->bd_async = *(int *)addr; 868 break; 869 870 /* 871 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 872 * the equivalent of a TIOCSPGRP and hence end up here. *However* 873 * TIOCSPGRP's arg is a process group if it's positive and a process 874 * id if it's negative. This is exactly the opposite of what the 875 * other two functions want! 876 * There is code in ioctl and fcntl to make the SETOWN calls do 877 * a TIOCSPGRP with the pgid of the process if a pid is given. 878 */ 879 case TIOCSPGRP: /* Process or group to send signals to */ 880 pgid = *(int *)addr; 881 if (pgid != 0) 882 error = pgid_in_session(p, pgid); 883 if (error == 0) 884 d->bd_pgid = pgid; 885 break; 886 887 case TIOCGPGRP: 888 *(int *)addr = d->bd_pgid; 889 break; 890 } 891 return (error); 892 } 893 894 /* 895 * Set d's packet filter program to fp. If this file already has a filter, 896 * free it and replace it. Returns EINVAL for bogus requests. 897 */ 898 int 899 bpf_setf(d, fp) 900 struct bpf_d *d; 901 struct bpf_program *fp; 902 { 903 struct bpf_insn *fcode, *old; 904 u_int flen, size; 905 int s; 906 907 old = d->bd_filter; 908 if (fp->bf_insns == 0) { 909 if (fp->bf_len != 0) 910 return (EINVAL); 911 s = splnet(); 912 d->bd_filter = 0; 913 reset_d(d); 914 splx(s); 915 if (old != 0) 916 free((caddr_t)old, M_DEVBUF); 917 return (0); 918 } 919 flen = fp->bf_len; 920 if (flen > BPF_MAXINSNS) 921 return (EINVAL); 922 923 size = flen * sizeof(*fp->bf_insns); 924 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 925 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 926 bpf_validate(fcode, (int)flen)) { 927 s = splnet(); 928 d->bd_filter = fcode; 929 reset_d(d); 930 splx(s); 931 if (old != 0) 932 free((caddr_t)old, M_DEVBUF); 933 934 return (0); 935 } 936 free((caddr_t)fcode, M_DEVBUF); 937 return (EINVAL); 938 } 939 940 /* 941 * Detach a file from its current interface (if attached at all) and attach 942 * to the interface indicated by the name stored in ifr. 943 * Return an errno or 0. 944 */ 945 static int 946 bpf_setif(d, ifr) 947 struct bpf_d *d; 948 struct ifreq *ifr; 949 { 950 struct bpf_if *bp; 951 char *cp; 952 int unit_seen, i, s, error; 953 954 /* 955 * Make sure the provided name has a unit number, and default 956 * it to '0' if not specified. 957 * XXX This is ugly ... do this differently? 958 */ 959 unit_seen = 0; 960 cp = ifr->ifr_name; 961 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 962 while (*cp++) 963 if (*cp >= '0' && *cp <= '9') 964 unit_seen = 1; 965 if (!unit_seen) { 966 /* Make sure to leave room for the '\0'. */ 967 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 968 if ((ifr->ifr_name[i] >= 'a' && 969 ifr->ifr_name[i] <= 'z') || 970 (ifr->ifr_name[i] >= 'A' && 971 ifr->ifr_name[i] <= 'Z')) 972 continue; 973 ifr->ifr_name[i] = '0'; 974 } 975 } 976 977 /* 978 * Look through attached interfaces for the named one. 979 */ 980 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 981 struct ifnet *ifp = bp->bif_ifp; 982 983 if (ifp == 0 || 984 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 985 continue; 986 /* skip additional entry */ 987 if (bp->bif_driverp != (struct bpf_if **)&ifp->if_bpf) 988 continue; 989 /* 990 * We found the requested interface. 991 * If it's not up, return an error. 992 * Allocate the packet buffers if we need to. 993 * If we're already attached to requested interface, 994 * just flush the buffer. 995 */ 996 if ((ifp->if_flags & IFF_UP) == 0) 997 return (ENETDOWN); 998 999 if (d->bd_sbuf == 0) { 1000 error = bpf_allocbufs(d); 1001 if (error != 0) 1002 return (error); 1003 } 1004 s = splnet(); 1005 if (bp != d->bd_bif) { 1006 if (d->bd_bif) 1007 /* 1008 * Detach if attached to something else. 1009 */ 1010 bpf_detachd(d); 1011 1012 bpf_attachd(d, bp); 1013 } 1014 reset_d(d); 1015 splx(s); 1016 return (0); 1017 } 1018 /* Not found. */ 1019 return (ENXIO); 1020 } 1021 1022 /* 1023 * Copy the interface name to the ifreq. 1024 */ 1025 static void 1026 bpf_ifname(ifp, ifr) 1027 struct ifnet *ifp; 1028 struct ifreq *ifr; 1029 { 1030 1031 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1032 } 1033 1034 /* 1035 * Support for poll() system call 1036 * 1037 * Return true iff the specific operation will not block indefinitely - with 1038 * the assumption that it is safe to positively acknowledge a request for the 1039 * ability to write to the BPF device. 1040 * Otherwise, return false but make a note that a selwakeup() must be done. 1041 */ 1042 int 1043 bpfpoll(dev, events, p) 1044 dev_t dev; 1045 int events; 1046 struct proc *p; 1047 { 1048 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1049 int s = splnet(); 1050 int revents; 1051 1052 revents = events & (POLLOUT | POLLWRNORM); 1053 if (events & (POLLIN | POLLRDNORM)) { 1054 /* 1055 * An imitation of the FIONREAD ioctl code. 1056 */ 1057 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) 1058 revents |= events & (POLLIN | POLLRDNORM); 1059 else 1060 selrecord(p, &d->bd_sel); 1061 } 1062 1063 splx(s); 1064 return (revents); 1065 } 1066 1067 static void 1068 filt_bpfrdetach(struct knote *kn) 1069 { 1070 struct bpf_d *d = kn->kn_hook; 1071 int s; 1072 1073 s = splnet(); 1074 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1075 splx(s); 1076 } 1077 1078 static int 1079 filt_bpfread(struct knote *kn, long hint) 1080 { 1081 struct bpf_d *d = kn->kn_hook; 1082 1083 kn->kn_data = d->bd_hlen; 1084 if (d->bd_immediate) 1085 kn->kn_data += d->bd_slen; 1086 return (kn->kn_data > 0); 1087 } 1088 1089 static const struct filterops bpfread_filtops = 1090 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1091 1092 int 1093 bpfkqfilter(dev, kn) 1094 dev_t dev; 1095 struct knote *kn; 1096 { 1097 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1098 struct klist *klist; 1099 int s; 1100 1101 switch (kn->kn_filter) { 1102 case EVFILT_READ: 1103 klist = &d->bd_sel.sel_klist; 1104 kn->kn_fop = &bpfread_filtops; 1105 break; 1106 1107 default: 1108 return (1); 1109 } 1110 1111 kn->kn_hook = d; 1112 1113 s = splnet(); 1114 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1115 splx(s); 1116 1117 return (0); 1118 } 1119 1120 /* 1121 * Incoming linkage from device drivers. Process the packet pkt, of length 1122 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1123 * by each process' filter, and if accepted, stashed into the corresponding 1124 * buffer. 1125 */ 1126 void 1127 bpf_tap(arg, pkt, pktlen) 1128 caddr_t arg; 1129 u_char *pkt; 1130 u_int pktlen; 1131 { 1132 struct bpf_if *bp; 1133 struct bpf_d *d; 1134 u_int slen; 1135 /* 1136 * Note that the ipl does not have to be raised at this point. 1137 * The only problem that could arise here is that if two different 1138 * interfaces shared any data. This is not the case. 1139 */ 1140 bp = (struct bpf_if *)arg; 1141 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1142 ++d->bd_rcount; 1143 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1144 if (slen != 0) 1145 catchpacket(d, pkt, pktlen, slen, memcpy); 1146 } 1147 } 1148 1149 /* 1150 * Copy data from an mbuf chain into a buffer. This code is derived 1151 * from m_copydata in sys/uipc_mbuf.c. 1152 */ 1153 static void * 1154 bpf_mcpy(dst_arg, src_arg, len) 1155 void *dst_arg; 1156 const void *src_arg; 1157 size_t len; 1158 { 1159 const struct mbuf *m; 1160 u_int count; 1161 u_char *dst; 1162 1163 m = src_arg; 1164 dst = dst_arg; 1165 while (len > 0) { 1166 if (m == 0) 1167 panic("bpf_mcpy"); 1168 count = min(m->m_len, len); 1169 memcpy((caddr_t)dst, mtod(m, caddr_t), count); 1170 m = m->m_next; 1171 dst += count; 1172 len -= count; 1173 } 1174 return (dst_arg); 1175 } 1176 1177 /* 1178 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1179 */ 1180 void 1181 bpf_mtap(arg, m) 1182 caddr_t arg; 1183 struct mbuf *m; 1184 { 1185 struct bpf_if *bp = (struct bpf_if *)arg; 1186 struct bpf_d *d; 1187 u_int pktlen, slen; 1188 struct mbuf *m0; 1189 1190 pktlen = 0; 1191 for (m0 = m; m0 != 0; m0 = m0->m_next) 1192 pktlen += m0->m_len; 1193 1194 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1195 ++d->bd_rcount; 1196 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1197 if (slen != 0) 1198 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcpy); 1199 } 1200 } 1201 1202 /* 1203 * Move the packet data from interface memory (pkt) into the 1204 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1205 * otherwise 0. "copy" is the routine called to do the actual data 1206 * transfer. memcpy is passed in to copy contiguous chunks, while 1207 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1208 * pkt is really an mbuf. 1209 */ 1210 static void 1211 catchpacket(d, pkt, pktlen, snaplen, cpfn) 1212 struct bpf_d *d; 1213 u_char *pkt; 1214 u_int pktlen, snaplen; 1215 void *(*cpfn) __P((void *, const void *, size_t)); 1216 { 1217 struct bpf_hdr *hp; 1218 int totlen, curlen; 1219 int hdrlen = d->bd_bif->bif_hdrlen; 1220 /* 1221 * Figure out how many bytes to move. If the packet is 1222 * greater or equal to the snapshot length, transfer that 1223 * much. Otherwise, transfer the whole packet (unless 1224 * we hit the buffer size limit). 1225 */ 1226 totlen = hdrlen + min(snaplen, pktlen); 1227 if (totlen > d->bd_bufsize) 1228 totlen = d->bd_bufsize; 1229 1230 /* 1231 * Round up the end of the previous packet to the next longword. 1232 */ 1233 curlen = BPF_WORDALIGN(d->bd_slen); 1234 if (curlen + totlen > d->bd_bufsize) { 1235 /* 1236 * This packet will overflow the storage buffer. 1237 * Rotate the buffers if we can, then wakeup any 1238 * pending reads. 1239 */ 1240 if (d->bd_fbuf == 0) { 1241 /* 1242 * We haven't completed the previous read yet, 1243 * so drop the packet. 1244 */ 1245 ++d->bd_dcount; 1246 return; 1247 } 1248 ROTATE_BUFFERS(d); 1249 bpf_wakeup(d); 1250 curlen = 0; 1251 } 1252 1253 /* 1254 * Append the bpf header. 1255 */ 1256 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1257 microtime(&hp->bh_tstamp); 1258 hp->bh_datalen = pktlen; 1259 hp->bh_hdrlen = hdrlen; 1260 /* 1261 * Copy the packet data into the store buffer and update its length. 1262 */ 1263 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1264 d->bd_slen = curlen + totlen; 1265 1266 if (d->bd_immediate) { 1267 /* 1268 * Immediate mode is set. A packet arrived so any 1269 * reads should be woken up. 1270 */ 1271 bpf_wakeup(d); 1272 } 1273 } 1274 1275 /* 1276 * Initialize all nonzero fields of a descriptor. 1277 */ 1278 static int 1279 bpf_allocbufs(d) 1280 struct bpf_d *d; 1281 { 1282 1283 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1284 if (!d->bd_fbuf) 1285 return (ENOBUFS); 1286 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1287 if (!d->bd_sbuf) { 1288 free(d->bd_fbuf, M_DEVBUF); 1289 return (ENOBUFS); 1290 } 1291 d->bd_slen = 0; 1292 d->bd_hlen = 0; 1293 return (0); 1294 } 1295 1296 /* 1297 * Free buffers currently in use by a descriptor. 1298 * Called on close. 1299 */ 1300 static void 1301 bpf_freed(d) 1302 struct bpf_d *d; 1303 { 1304 /* 1305 * We don't need to lock out interrupts since this descriptor has 1306 * been detached from its interface and it yet hasn't been marked 1307 * free. 1308 */ 1309 if (d->bd_sbuf != 0) { 1310 free(d->bd_sbuf, M_DEVBUF); 1311 if (d->bd_hbuf != 0) 1312 free(d->bd_hbuf, M_DEVBUF); 1313 if (d->bd_fbuf != 0) 1314 free(d->bd_fbuf, M_DEVBUF); 1315 } 1316 if (d->bd_filter) 1317 free((caddr_t)d->bd_filter, M_DEVBUF); 1318 1319 D_MARKFREE(d); 1320 } 1321 1322 /* 1323 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1324 * fixed size of the link header (variable length headers not yet supported). 1325 */ 1326 void 1327 bpfattach(ifp, dlt, hdrlen) 1328 struct ifnet *ifp; 1329 u_int dlt, hdrlen; 1330 { 1331 1332 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1333 } 1334 1335 /* 1336 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1337 * hdrlen is the fixed size of the link header for the specified dlt 1338 * (variable length headers not yet supported). 1339 */ 1340 void 1341 bpfattach2(ifp, dlt, hdrlen, driverp) 1342 struct ifnet *ifp; 1343 u_int dlt, hdrlen; 1344 caddr_t *driverp; 1345 { 1346 struct bpf_if *bp; 1347 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1348 if (bp == 0) 1349 panic("bpfattach"); 1350 1351 bp->bif_dlist = 0; 1352 bp->bif_driverp = (struct bpf_if **)driverp; 1353 bp->bif_ifp = ifp; 1354 bp->bif_dlt = dlt; 1355 1356 bp->bif_next = bpf_iflist; 1357 bpf_iflist = bp; 1358 1359 *bp->bif_driverp = 0; 1360 1361 /* 1362 * Compute the length of the bpf header. This is not necessarily 1363 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1364 * that the network layer header begins on a longword boundary (for 1365 * performance reasons and to alleviate alignment restrictions). 1366 */ 1367 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1368 1369 #if 0 1370 printf("bpf: %s attached\n", ifp->if_xname); 1371 #endif 1372 } 1373 1374 /* 1375 * Remove an interface from bpf. 1376 */ 1377 void 1378 bpfdetach(ifp) 1379 struct ifnet *ifp; 1380 { 1381 struct bpf_if *bp, **pbp; 1382 struct bpf_d *d; 1383 int i, s, cmaj; 1384 1385 /* locate the major number */ 1386 cmaj = cdevsw_lookup_major(&bpf_cdevsw); 1387 1388 /* Nuke the vnodes for any open instances */ 1389 for (i = 0; i < NBPFILTER; ++i) { 1390 d = &bpf_dtab[i]; 1391 if (!D_ISFREE(d) && d->bd_bif != NULL && 1392 d->bd_bif->bif_ifp == ifp) { 1393 /* 1394 * Detach the descriptor from an interface now. 1395 * It will be free'ed later by close routine. 1396 */ 1397 s = splnet(); 1398 d->bd_promisc = 0; /* we can't touch device. */ 1399 bpf_detachd(d); 1400 splx(s); 1401 vdevgone(cmaj, i, i, VCHR); 1402 } 1403 } 1404 1405 again: 1406 for (bp = bpf_iflist, pbp = &bpf_iflist; 1407 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1408 if (bp->bif_ifp == ifp) { 1409 *pbp = bp->bif_next; 1410 free(bp, M_DEVBUF); 1411 goto again; 1412 } 1413 } 1414 } 1415 1416 /* 1417 * Change the data link type of a interface. 1418 */ 1419 void 1420 bpf_change_type(ifp, dlt, hdrlen) 1421 struct ifnet *ifp; 1422 u_int dlt, hdrlen; 1423 { 1424 struct bpf_if *bp; 1425 1426 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1427 if (bp->bif_driverp == (struct bpf_if **)&ifp->if_bpf) 1428 break; 1429 } 1430 if (bp == NULL) 1431 panic("bpf_change_type"); 1432 1433 bp->bif_dlt = dlt; 1434 1435 /* 1436 * Compute the length of the bpf header. This is not necessarily 1437 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1438 * that the network layer header begins on a longword boundary (for 1439 * performance reasons and to alleviate alignment restrictions). 1440 */ 1441 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1442 } 1443 1444 /* 1445 * Get a list of available data link type of the interface. 1446 */ 1447 static int 1448 bpf_getdltlist(d, bfl) 1449 struct bpf_d *d; 1450 struct bpf_dltlist *bfl; 1451 { 1452 int n, error; 1453 struct ifnet *ifp; 1454 struct bpf_if *bp; 1455 1456 ifp = d->bd_bif->bif_ifp; 1457 n = 0; 1458 error = 0; 1459 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1460 if (bp->bif_ifp != ifp) 1461 continue; 1462 if (bfl->bfl_list != NULL) { 1463 if (n >= bfl->bfl_len) 1464 return ENOMEM; 1465 error = copyout(&bp->bif_dlt, 1466 bfl->bfl_list + n, sizeof(u_int)); 1467 } 1468 n++; 1469 } 1470 bfl->bfl_len = n; 1471 return error; 1472 } 1473 1474 /* 1475 * Set the data link type of a BPF instance. 1476 */ 1477 static int 1478 bpf_setdlt(d, dlt) 1479 struct bpf_d *d; 1480 u_int dlt; 1481 { 1482 int s, error, opromisc; 1483 struct ifnet *ifp; 1484 struct bpf_if *bp; 1485 1486 if (d->bd_bif->bif_dlt == dlt) 1487 return 0; 1488 ifp = d->bd_bif->bif_ifp; 1489 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1490 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1491 break; 1492 } 1493 if (bp == NULL) 1494 return EINVAL; 1495 s = splnet(); 1496 opromisc = d->bd_promisc; 1497 bpf_detachd(d); 1498 bpf_attachd(d, bp); 1499 reset_d(d); 1500 if (opromisc) { 1501 error = ifpromisc(bp->bif_ifp, 1); 1502 if (error) 1503 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1504 bp->bif_ifp->if_xname, error); 1505 else 1506 d->bd_promisc = 1; 1507 } 1508 splx(s); 1509 return 0; 1510 } 1511