1 /* $NetBSD: bpf.c,v 1.69 2002/09/15 23:44:12 thorpej Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 41 * static char rcsid[] = 42 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 43 */ 44 45 #include <sys/cdefs.h> 46 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.69 2002/09/15 23:44:12 thorpej Exp $"); 47 48 #include "bpfilter.h" 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/map.h> 59 #include <sys/conf.h> 60 #include <sys/vnode.h> 61 62 #include <sys/file.h> 63 #include <sys/tty.h> 64 #include <sys/uio.h> 65 66 #include <sys/protosw.h> 67 #include <sys/socket.h> 68 #include <sys/errno.h> 69 #include <sys/kernel.h> 70 #include <sys/poll.h> 71 72 #include <net/if.h> 73 74 #include <net/bpf.h> 75 #include <net/bpfdesc.h> 76 77 #include <net/if_arc.h> 78 #include <net/if_ether.h> 79 80 #include <netinet/in.h> 81 #include <netinet/if_inarp.h> 82 83 #if defined(_KERNEL_OPT) 84 #include "bpf.h" 85 #endif 86 87 #ifndef BPF_BUFSIZE 88 # define BPF_BUFSIZE 8192 /* 4096 too small for FDDI frames */ 89 #endif 90 91 #define PRINET 26 /* interruptible */ 92 93 /* 94 * The default read buffer size is patchable. 95 */ 96 int bpf_bufsize = BPF_BUFSIZE; 97 98 /* 99 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 100 * bpf_dtab holds the descriptors, indexed by minor device # 101 */ 102 struct bpf_if *bpf_iflist; 103 struct bpf_d bpf_dtab[NBPFILTER]; 104 105 static int bpf_allocbufs __P((struct bpf_d *)); 106 static void bpf_freed __P((struct bpf_d *)); 107 static void bpf_ifname __P((struct ifnet *, struct ifreq *)); 108 static void *bpf_mcpy __P((void *, const void *, size_t)); 109 static int bpf_movein __P((struct uio *, int, int, 110 struct mbuf **, struct sockaddr *)); 111 static void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 112 static void bpf_detachd __P((struct bpf_d *)); 113 static int bpf_setif __P((struct bpf_d *, struct ifreq *)); 114 static __inline void 115 bpf_wakeup __P((struct bpf_d *)); 116 static void catchpacket __P((struct bpf_d *, u_char *, u_int, u_int, 117 void *(*)(void *, const void *, size_t))); 118 static void reset_d __P((struct bpf_d *)); 119 static int bpf_getdltlist __P((struct bpf_d *, struct bpf_dltlist *)); 120 static int bpf_setdlt __P((struct bpf_d *, u_int)); 121 122 dev_type_open(bpfopen); 123 dev_type_close(bpfclose); 124 dev_type_read(bpfread); 125 dev_type_write(bpfwrite); 126 dev_type_ioctl(bpfioctl); 127 dev_type_poll(bpfpoll); 128 129 const struct cdevsw bpf_cdevsw = { 130 bpfopen, bpfclose, bpfread, bpfwrite, bpfioctl, 131 nostop, notty, bpfpoll, nommap, 132 }; 133 134 static int 135 bpf_movein(uio, linktype, mtu, mp, sockp) 136 struct uio *uio; 137 int linktype; 138 int mtu; 139 struct mbuf **mp; 140 struct sockaddr *sockp; 141 { 142 struct mbuf *m; 143 int error; 144 int len; 145 int hlen; 146 int align; 147 148 /* 149 * Build a sockaddr based on the data link layer type. 150 * We do this at this level because the ethernet header 151 * is copied directly into the data field of the sockaddr. 152 * In the case of SLIP, there is no header and the packet 153 * is forwarded as is. 154 * Also, we are careful to leave room at the front of the mbuf 155 * for the link level header. 156 */ 157 switch (linktype) { 158 159 case DLT_SLIP: 160 sockp->sa_family = AF_INET; 161 hlen = 0; 162 align = 0; 163 break; 164 165 case DLT_PPP: 166 sockp->sa_family = AF_UNSPEC; 167 hlen = 0; 168 align = 0; 169 break; 170 171 case DLT_EN10MB: 172 sockp->sa_family = AF_UNSPEC; 173 /* XXX Would MAXLINKHDR be better? */ 174 /* 6(dst)+6(src)+2(type) */ 175 hlen = sizeof(struct ether_header); 176 align = 2; 177 break; 178 179 case DLT_ARCNET: 180 sockp->sa_family = AF_UNSPEC; 181 hlen = ARC_HDRLEN; 182 align = 5; 183 break; 184 185 case DLT_FDDI: 186 sockp->sa_family = AF_LINK; 187 /* XXX 4(FORMAC)+6(dst)+6(src) */ 188 hlen = 16; 189 align = 0; 190 break; 191 192 case DLT_ECONET: 193 sockp->sa_family = AF_UNSPEC; 194 hlen = 6; 195 align = 2; 196 break; 197 198 case DLT_NULL: 199 sockp->sa_family = AF_UNSPEC; 200 hlen = 0; 201 align = 0; 202 break; 203 204 default: 205 return (EIO); 206 } 207 208 len = uio->uio_resid; 209 /* 210 * If there aren't enough bytes for a link level header or the 211 * packet length exceeds the interface mtu, return an error. 212 */ 213 if (len < hlen || len - hlen > mtu) 214 return (EMSGSIZE); 215 216 /* 217 * XXX Avoid complicated buffer chaining --- 218 * bail if it won't fit in a single mbuf. 219 * (Take into account possible alignment bytes) 220 */ 221 if ((unsigned)len > MCLBYTES - align) 222 return (EIO); 223 224 MGETHDR(m, M_WAIT, MT_DATA); 225 if (m == 0) 226 return (ENOBUFS); 227 m->m_pkthdr.rcvif = 0; 228 m->m_pkthdr.len = len - hlen; 229 if (len > MHLEN - align) { 230 MCLGET(m, M_WAIT); 231 if ((m->m_flags & M_EXT) == 0) { 232 error = ENOBUFS; 233 goto bad; 234 } 235 } 236 237 /* Insure the data is properly aligned */ 238 if (align > 0) { 239 m->m_data += align; 240 m->m_len -= align; 241 } 242 243 error = uiomove(mtod(m, caddr_t), len, uio); 244 if (error) 245 goto bad; 246 if (hlen != 0) { 247 memcpy(sockp->sa_data, mtod(m, caddr_t), hlen); 248 m->m_data += hlen; /* XXX */ 249 len -= hlen; 250 } 251 m->m_len = len; 252 *mp = m; 253 return (0); 254 255 bad: 256 m_freem(m); 257 return (error); 258 } 259 260 /* 261 * Attach file to the bpf interface, i.e. make d listen on bp. 262 * Must be called at splnet. 263 */ 264 static void 265 bpf_attachd(d, bp) 266 struct bpf_d *d; 267 struct bpf_if *bp; 268 { 269 /* 270 * Point d at bp, and add d to the interface's list of listeners. 271 * Finally, point the driver's bpf cookie at the interface so 272 * it will divert packets to bpf. 273 */ 274 d->bd_bif = bp; 275 d->bd_next = bp->bif_dlist; 276 bp->bif_dlist = d; 277 278 *bp->bif_driverp = bp; 279 } 280 281 /* 282 * Detach a file from its interface. 283 */ 284 static void 285 bpf_detachd(d) 286 struct bpf_d *d; 287 { 288 struct bpf_d **p; 289 struct bpf_if *bp; 290 291 bp = d->bd_bif; 292 /* 293 * Check if this descriptor had requested promiscuous mode. 294 * If so, turn it off. 295 */ 296 if (d->bd_promisc) { 297 int error; 298 299 d->bd_promisc = 0; 300 /* 301 * Take device out of promiscuous mode. Since we were 302 * able to enter promiscuous mode, we should be able 303 * to turn it off. But we can get an error if 304 * the interface was configured down, so only panic 305 * if we don't get an unexpected error. 306 */ 307 error = ifpromisc(bp->bif_ifp, 0); 308 if (error && error != EINVAL) 309 panic("bpf: ifpromisc failed"); 310 } 311 /* Remove d from the interface's descriptor list. */ 312 p = &bp->bif_dlist; 313 while (*p != d) { 314 p = &(*p)->bd_next; 315 if (*p == 0) 316 panic("bpf_detachd: descriptor not in list"); 317 } 318 *p = (*p)->bd_next; 319 if (bp->bif_dlist == 0) 320 /* 321 * Let the driver know that there are no more listeners. 322 */ 323 *d->bd_bif->bif_driverp = 0; 324 d->bd_bif = 0; 325 } 326 327 328 /* 329 * Mark a descriptor free by making it point to itself. 330 * This is probably cheaper than marking with a constant since 331 * the address should be in a register anyway. 332 */ 333 #define D_ISFREE(d) ((d) == (d)->bd_next) 334 #define D_MARKFREE(d) ((d)->bd_next = (d)) 335 #define D_MARKUSED(d) ((d)->bd_next = 0) 336 337 /* 338 * bpfilterattach() is called at boot time. 339 */ 340 /* ARGSUSED */ 341 void 342 bpfilterattach(n) 343 int n; 344 { 345 int i; 346 /* 347 * Mark all the descriptors free. 348 */ 349 for (i = 0; i < NBPFILTER; ++i) 350 D_MARKFREE(&bpf_dtab[i]); 351 352 } 353 354 /* 355 * Open ethernet device. Returns ENXIO for illegal minor device number, 356 * EBUSY if file is open by another process. 357 */ 358 /* ARGSUSED */ 359 int 360 bpfopen(dev, flag, mode, p) 361 dev_t dev; 362 int flag; 363 int mode; 364 struct proc *p; 365 { 366 struct bpf_d *d; 367 368 if (minor(dev) >= NBPFILTER) 369 return (ENXIO); 370 /* 371 * Each minor can be opened by only one process. If the requested 372 * minor is in use, return EBUSY. 373 */ 374 d = &bpf_dtab[minor(dev)]; 375 if (!D_ISFREE(d)) 376 return (EBUSY); 377 378 /* Mark "free" and do most initialization. */ 379 memset((char *)d, 0, sizeof(*d)); 380 d->bd_bufsize = bpf_bufsize; 381 382 return (0); 383 } 384 385 /* 386 * Close the descriptor by detaching it from its interface, 387 * deallocating its buffers, and marking it free. 388 */ 389 /* ARGSUSED */ 390 int 391 bpfclose(dev, flag, mode, p) 392 dev_t dev; 393 int flag; 394 int mode; 395 struct proc *p; 396 { 397 struct bpf_d *d = &bpf_dtab[minor(dev)]; 398 int s; 399 400 s = splnet(); 401 if (d->bd_bif) 402 bpf_detachd(d); 403 splx(s); 404 bpf_freed(d); 405 406 return (0); 407 } 408 409 /* 410 * Rotate the packet buffers in descriptor d. Move the store buffer 411 * into the hold slot, and the free buffer into the store slot. 412 * Zero the length of the new store buffer. 413 */ 414 #define ROTATE_BUFFERS(d) \ 415 (d)->bd_hbuf = (d)->bd_sbuf; \ 416 (d)->bd_hlen = (d)->bd_slen; \ 417 (d)->bd_sbuf = (d)->bd_fbuf; \ 418 (d)->bd_slen = 0; \ 419 (d)->bd_fbuf = 0; 420 /* 421 * bpfread - read next chunk of packets from buffers 422 */ 423 int 424 bpfread(dev, uio, ioflag) 425 dev_t dev; 426 struct uio *uio; 427 int ioflag; 428 { 429 struct bpf_d *d = &bpf_dtab[minor(dev)]; 430 int error; 431 int s; 432 433 /* 434 * Restrict application to use a buffer the same size as 435 * as kernel buffers. 436 */ 437 if (uio->uio_resid != d->bd_bufsize) 438 return (EINVAL); 439 440 s = splnet(); 441 /* 442 * If the hold buffer is empty, then do a timed sleep, which 443 * ends when the timeout expires or when enough packets 444 * have arrived to fill the store buffer. 445 */ 446 while (d->bd_hbuf == 0) { 447 if (d->bd_immediate) { 448 if (d->bd_slen == 0) { 449 splx(s); 450 return (EWOULDBLOCK); 451 } 452 /* 453 * A packet(s) either arrived since the previous 454 * read or arrived while we were asleep. 455 * Rotate the buffers and return what's here. 456 */ 457 ROTATE_BUFFERS(d); 458 break; 459 } 460 if (d->bd_rtout != -1) 461 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 462 d->bd_rtout); 463 else { 464 if (d->bd_rtout == -1) { 465 /* User requested non-blocking I/O */ 466 error = EWOULDBLOCK; 467 } else 468 error = 0; 469 } 470 if (error == EINTR || error == ERESTART) { 471 splx(s); 472 return (error); 473 } 474 if (error == EWOULDBLOCK) { 475 /* 476 * On a timeout, return what's in the buffer, 477 * which may be nothing. If there is something 478 * in the store buffer, we can rotate the buffers. 479 */ 480 if (d->bd_hbuf) 481 /* 482 * We filled up the buffer in between 483 * getting the timeout and arriving 484 * here, so we don't need to rotate. 485 */ 486 break; 487 488 if (d->bd_slen == 0) { 489 splx(s); 490 return (0); 491 } 492 ROTATE_BUFFERS(d); 493 break; 494 } 495 if (error != 0) 496 goto done; 497 } 498 /* 499 * At this point, we know we have something in the hold slot. 500 */ 501 splx(s); 502 503 /* 504 * Move data from hold buffer into user space. 505 * We know the entire buffer is transferred since 506 * we checked above that the read buffer is bpf_bufsize bytes. 507 */ 508 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 509 510 s = splnet(); 511 d->bd_fbuf = d->bd_hbuf; 512 d->bd_hbuf = 0; 513 d->bd_hlen = 0; 514 done: 515 splx(s); 516 return (error); 517 } 518 519 520 /* 521 * If there are processes sleeping on this descriptor, wake them up. 522 */ 523 static __inline void 524 bpf_wakeup(d) 525 struct bpf_d *d; 526 { 527 struct proc *p; 528 529 wakeup((caddr_t)d); 530 if (d->bd_async) { 531 if (d->bd_pgid > 0) 532 gsignal (d->bd_pgid, SIGIO); 533 else if (d->bd_pgid && (p = pfind (-d->bd_pgid)) != NULL) 534 psignal (p, SIGIO); 535 } 536 537 selwakeup(&d->bd_sel); 538 /* XXX */ 539 d->bd_sel.si_pid = 0; 540 } 541 542 int 543 bpfwrite(dev, uio, ioflag) 544 dev_t dev; 545 struct uio *uio; 546 int ioflag; 547 { 548 struct bpf_d *d = &bpf_dtab[minor(dev)]; 549 struct ifnet *ifp; 550 struct mbuf *m; 551 int error, s; 552 static struct sockaddr_storage dst; 553 554 if (d->bd_bif == 0) 555 return (ENXIO); 556 557 ifp = d->bd_bif->bif_ifp; 558 559 if (uio->uio_resid == 0) 560 return (0); 561 562 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 563 (struct sockaddr *) &dst); 564 if (error) 565 return (error); 566 567 if (m->m_pkthdr.len > ifp->if_mtu) 568 return (EMSGSIZE); 569 570 if (d->bd_hdrcmplt) 571 dst.ss_family = pseudo_AF_HDRCMPLT; 572 573 s = splsoftnet(); 574 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 575 splx(s); 576 /* 577 * The driver frees the mbuf. 578 */ 579 return (error); 580 } 581 582 /* 583 * Reset a descriptor by flushing its packet buffer and clearing the 584 * receive and drop counts. Should be called at splnet. 585 */ 586 static void 587 reset_d(d) 588 struct bpf_d *d; 589 { 590 if (d->bd_hbuf) { 591 /* Free the hold buffer. */ 592 d->bd_fbuf = d->bd_hbuf; 593 d->bd_hbuf = 0; 594 } 595 d->bd_slen = 0; 596 d->bd_hlen = 0; 597 d->bd_rcount = 0; 598 d->bd_dcount = 0; 599 } 600 601 #ifdef BPF_KERN_FILTER 602 extern struct bpf_insn *bpf_tcp_filter; 603 extern struct bpf_insn *bpf_udp_filter; 604 #endif 605 606 /* 607 * FIONREAD Check for read packet available. 608 * BIOCGBLEN Get buffer len [for read()]. 609 * BIOCSETF Set ethernet read filter. 610 * BIOCFLUSH Flush read packet buffer. 611 * BIOCPROMISC Put interface into promiscuous mode. 612 * BIOCGDLT Get link layer type. 613 * BIOCGETIF Get interface name. 614 * BIOCSETIF Set interface. 615 * BIOCSRTIMEOUT Set read timeout. 616 * BIOCGRTIMEOUT Get read timeout. 617 * BIOCGSTATS Get packet stats. 618 * BIOCIMMEDIATE Set immediate mode. 619 * BIOCVERSION Get filter language version. 620 * BIOGHDRCMPLT Get "header already complete" flag. 621 * BIOSHDRCMPLT Set "header already complete" flag. 622 */ 623 /* ARGSUSED */ 624 int 625 bpfioctl(dev, cmd, addr, flag, p) 626 dev_t dev; 627 u_long cmd; 628 caddr_t addr; 629 int flag; 630 struct proc *p; 631 { 632 struct bpf_d *d = &bpf_dtab[minor(dev)]; 633 int s, error = 0; 634 #ifdef BPF_KERN_FILTER 635 struct bpf_insn **p; 636 #endif 637 638 switch (cmd) { 639 640 default: 641 error = EINVAL; 642 break; 643 644 /* 645 * Check for read packet available. 646 */ 647 case FIONREAD: 648 { 649 int n; 650 651 s = splnet(); 652 n = d->bd_slen; 653 if (d->bd_hbuf) 654 n += d->bd_hlen; 655 splx(s); 656 657 *(int *)addr = n; 658 break; 659 } 660 661 /* 662 * Get buffer len [for read()]. 663 */ 664 case BIOCGBLEN: 665 *(u_int *)addr = d->bd_bufsize; 666 break; 667 668 /* 669 * Set buffer length. 670 */ 671 case BIOCSBLEN: 672 if (d->bd_bif != 0) 673 error = EINVAL; 674 else { 675 u_int size = *(u_int *)addr; 676 677 if (size > BPF_MAXBUFSIZE) 678 *(u_int *)addr = size = BPF_MAXBUFSIZE; 679 else if (size < BPF_MINBUFSIZE) 680 *(u_int *)addr = size = BPF_MINBUFSIZE; 681 d->bd_bufsize = size; 682 } 683 break; 684 685 /* 686 * Set link layer read filter. 687 */ 688 case BIOCSETF: 689 error = bpf_setf(d, (struct bpf_program *)addr); 690 break; 691 692 #ifdef BPF_KERN_FILTER 693 /* 694 * Set TCP or UDP reject filter. 695 */ 696 case BIOCSTCPF: 697 case BIOCSUDPF: 698 if (!suser()) { 699 error = EPERM; 700 break; 701 } 702 703 /* Validate and store filter */ 704 error = bpf_setf(d, (struct bpf_program *)addr); 705 706 /* Free possible old filter */ 707 if (cmd == BIOCSTCPF) 708 p = &bpf_tcp_filter; 709 else 710 p = &bpf_udp_filter; 711 if (*p != NULL) 712 free((caddr_t)*p, M_DEVBUF); 713 714 /* Steal new filter (noop if error) */ 715 s = splnet(); 716 *p = d->bd_filter; 717 d->bd_filter = NULL; 718 splx(s); 719 break; 720 #endif 721 722 /* 723 * Flush read packet buffer. 724 */ 725 case BIOCFLUSH: 726 s = splnet(); 727 reset_d(d); 728 splx(s); 729 break; 730 731 /* 732 * Put interface into promiscuous mode. 733 */ 734 case BIOCPROMISC: 735 if (d->bd_bif == 0) { 736 /* 737 * No interface attached yet. 738 */ 739 error = EINVAL; 740 break; 741 } 742 s = splnet(); 743 if (d->bd_promisc == 0) { 744 error = ifpromisc(d->bd_bif->bif_ifp, 1); 745 if (error == 0) 746 d->bd_promisc = 1; 747 } 748 splx(s); 749 break; 750 751 /* 752 * Get device parameters. 753 */ 754 case BIOCGDLT: 755 if (d->bd_bif == 0) 756 error = EINVAL; 757 else 758 *(u_int *)addr = d->bd_bif->bif_dlt; 759 break; 760 761 /* 762 * Get a list of supported device parameters. 763 */ 764 case BIOCGDLTLIST: 765 if (d->bd_bif == 0) 766 error = EINVAL; 767 else 768 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 769 break; 770 771 /* 772 * Set device parameters. 773 */ 774 case BIOCSDLT: 775 if (d->bd_bif == 0) 776 error = EINVAL; 777 else 778 error = bpf_setdlt(d, *(u_int *)addr); 779 break; 780 781 /* 782 * Set interface name. 783 */ 784 case BIOCGETIF: 785 if (d->bd_bif == 0) 786 error = EINVAL; 787 else 788 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 789 break; 790 791 /* 792 * Set interface. 793 */ 794 case BIOCSETIF: 795 error = bpf_setif(d, (struct ifreq *)addr); 796 break; 797 798 /* 799 * Set read timeout. 800 */ 801 case BIOCSRTIMEOUT: 802 { 803 struct timeval *tv = (struct timeval *)addr; 804 805 /* Compute number of ticks. */ 806 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 807 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 808 d->bd_rtout = 1; 809 break; 810 } 811 812 /* 813 * Get read timeout. 814 */ 815 case BIOCGRTIMEOUT: 816 { 817 struct timeval *tv = (struct timeval *)addr; 818 819 tv->tv_sec = d->bd_rtout / hz; 820 tv->tv_usec = (d->bd_rtout % hz) * tick; 821 break; 822 } 823 824 /* 825 * Get packet stats. 826 */ 827 case BIOCGSTATS: 828 { 829 struct bpf_stat *bs = (struct bpf_stat *)addr; 830 831 bs->bs_recv = d->bd_rcount; 832 bs->bs_drop = d->bd_dcount; 833 break; 834 } 835 836 /* 837 * Set immediate mode. 838 */ 839 case BIOCIMMEDIATE: 840 d->bd_immediate = *(u_int *)addr; 841 break; 842 843 case BIOCVERSION: 844 { 845 struct bpf_version *bv = (struct bpf_version *)addr; 846 847 bv->bv_major = BPF_MAJOR_VERSION; 848 bv->bv_minor = BPF_MINOR_VERSION; 849 break; 850 } 851 852 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 853 *(u_int *)addr = d->bd_hdrcmplt; 854 break; 855 856 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 857 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 858 break; 859 860 case FIONBIO: /* Non-blocking I/O */ 861 if (*(int *)addr) 862 d->bd_rtout = -1; 863 else 864 d->bd_rtout = 0; 865 break; 866 867 case FIOASYNC: /* Send signal on receive packets */ 868 d->bd_async = *(int *)addr; 869 break; 870 871 /* 872 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 873 * the equivalent of a TIOCSPGRP and hence end up here. *However* 874 * TIOCSPGRP's arg is a process group if it's positive and a process 875 * id if it's negative. This is exactly the opposite of what the 876 * other two functions want! Therefore there is code in ioctl and 877 * fcntl to negate the arg before calling here. 878 */ 879 case TIOCSPGRP: /* Process or group to send signals to */ 880 d->bd_pgid = *(int *)addr; 881 break; 882 883 case TIOCGPGRP: 884 *(int *)addr = d->bd_pgid; 885 break; 886 } 887 return (error); 888 } 889 890 /* 891 * Set d's packet filter program to fp. If this file already has a filter, 892 * free it and replace it. Returns EINVAL for bogus requests. 893 */ 894 int 895 bpf_setf(d, fp) 896 struct bpf_d *d; 897 struct bpf_program *fp; 898 { 899 struct bpf_insn *fcode, *old; 900 u_int flen, size; 901 int s; 902 903 old = d->bd_filter; 904 if (fp->bf_insns == 0) { 905 if (fp->bf_len != 0) 906 return (EINVAL); 907 s = splnet(); 908 d->bd_filter = 0; 909 reset_d(d); 910 splx(s); 911 if (old != 0) 912 free((caddr_t)old, M_DEVBUF); 913 return (0); 914 } 915 flen = fp->bf_len; 916 if (flen > BPF_MAXINSNS) 917 return (EINVAL); 918 919 size = flen * sizeof(*fp->bf_insns); 920 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 921 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 922 bpf_validate(fcode, (int)flen)) { 923 s = splnet(); 924 d->bd_filter = fcode; 925 reset_d(d); 926 splx(s); 927 if (old != 0) 928 free((caddr_t)old, M_DEVBUF); 929 930 return (0); 931 } 932 free((caddr_t)fcode, M_DEVBUF); 933 return (EINVAL); 934 } 935 936 /* 937 * Detach a file from its current interface (if attached at all) and attach 938 * to the interface indicated by the name stored in ifr. 939 * Return an errno or 0. 940 */ 941 static int 942 bpf_setif(d, ifr) 943 struct bpf_d *d; 944 struct ifreq *ifr; 945 { 946 struct bpf_if *bp; 947 char *cp; 948 int unit_seen, i, s, error; 949 950 /* 951 * Make sure the provided name has a unit number, and default 952 * it to '0' if not specified. 953 * XXX This is ugly ... do this differently? 954 */ 955 unit_seen = 0; 956 cp = ifr->ifr_name; 957 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 958 while (*cp++) 959 if (*cp >= '0' && *cp <= '9') 960 unit_seen = 1; 961 if (!unit_seen) { 962 /* Make sure to leave room for the '\0'. */ 963 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 964 if ((ifr->ifr_name[i] >= 'a' && 965 ifr->ifr_name[i] <= 'z') || 966 (ifr->ifr_name[i] >= 'A' && 967 ifr->ifr_name[i] <= 'Z')) 968 continue; 969 ifr->ifr_name[i] = '0'; 970 } 971 } 972 973 /* 974 * Look through attached interfaces for the named one. 975 */ 976 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 977 struct ifnet *ifp = bp->bif_ifp; 978 979 if (ifp == 0 || 980 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 981 continue; 982 /* skip additional entry */ 983 if (bp->bif_driverp != (struct bpf_if **)&ifp->if_bpf) 984 continue; 985 /* 986 * We found the requested interface. 987 * If it's not up, return an error. 988 * Allocate the packet buffers if we need to. 989 * If we're already attached to requested interface, 990 * just flush the buffer. 991 */ 992 if ((ifp->if_flags & IFF_UP) == 0) 993 return (ENETDOWN); 994 995 if (d->bd_sbuf == 0) { 996 error = bpf_allocbufs(d); 997 if (error != 0) 998 return (error); 999 } 1000 s = splnet(); 1001 if (bp != d->bd_bif) { 1002 if (d->bd_bif) 1003 /* 1004 * Detach if attached to something else. 1005 */ 1006 bpf_detachd(d); 1007 1008 bpf_attachd(d, bp); 1009 } 1010 reset_d(d); 1011 splx(s); 1012 return (0); 1013 } 1014 /* Not found. */ 1015 return (ENXIO); 1016 } 1017 1018 /* 1019 * Copy the interface name to the ifreq. 1020 */ 1021 static void 1022 bpf_ifname(ifp, ifr) 1023 struct ifnet *ifp; 1024 struct ifreq *ifr; 1025 { 1026 1027 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1028 } 1029 1030 /* 1031 * Support for poll() system call 1032 * 1033 * Return true iff the specific operation will not block indefinitely - with 1034 * the assumption that it is safe to positively acknowledge a request for the 1035 * ability to write to the BPF device. 1036 * Otherwise, return false but make a note that a selwakeup() must be done. 1037 */ 1038 int 1039 bpfpoll(dev, events, p) 1040 dev_t dev; 1041 int events; 1042 struct proc *p; 1043 { 1044 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1045 int s = splnet(); 1046 int revents; 1047 1048 revents = events & (POLLOUT | POLLWRNORM); 1049 if (events & (POLLIN | POLLRDNORM)) { 1050 /* 1051 * An imitation of the FIONREAD ioctl code. 1052 */ 1053 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) 1054 revents |= events & (POLLIN | POLLRDNORM); 1055 else 1056 selrecord(p, &d->bd_sel); 1057 } 1058 1059 splx(s); 1060 return (revents); 1061 } 1062 1063 /* 1064 * Incoming linkage from device drivers. Process the packet pkt, of length 1065 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1066 * by each process' filter, and if accepted, stashed into the corresponding 1067 * buffer. 1068 */ 1069 void 1070 bpf_tap(arg, pkt, pktlen) 1071 caddr_t arg; 1072 u_char *pkt; 1073 u_int pktlen; 1074 { 1075 struct bpf_if *bp; 1076 struct bpf_d *d; 1077 u_int slen; 1078 /* 1079 * Note that the ipl does not have to be raised at this point. 1080 * The only problem that could arise here is that if two different 1081 * interfaces shared any data. This is not the case. 1082 */ 1083 bp = (struct bpf_if *)arg; 1084 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1085 ++d->bd_rcount; 1086 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1087 if (slen != 0) 1088 catchpacket(d, pkt, pktlen, slen, memcpy); 1089 } 1090 } 1091 1092 /* 1093 * Copy data from an mbuf chain into a buffer. This code is derived 1094 * from m_copydata in sys/uipc_mbuf.c. 1095 */ 1096 static void * 1097 bpf_mcpy(dst_arg, src_arg, len) 1098 void *dst_arg; 1099 const void *src_arg; 1100 size_t len; 1101 { 1102 const struct mbuf *m; 1103 u_int count; 1104 u_char *dst; 1105 1106 m = src_arg; 1107 dst = dst_arg; 1108 while (len > 0) { 1109 if (m == 0) 1110 panic("bpf_mcpy"); 1111 count = min(m->m_len, len); 1112 memcpy((caddr_t)dst, mtod(m, caddr_t), count); 1113 m = m->m_next; 1114 dst += count; 1115 len -= count; 1116 } 1117 return (dst_arg); 1118 } 1119 1120 /* 1121 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1122 */ 1123 void 1124 bpf_mtap(arg, m) 1125 caddr_t arg; 1126 struct mbuf *m; 1127 { 1128 struct bpf_if *bp = (struct bpf_if *)arg; 1129 struct bpf_d *d; 1130 u_int pktlen, slen; 1131 struct mbuf *m0; 1132 1133 pktlen = 0; 1134 for (m0 = m; m0 != 0; m0 = m0->m_next) 1135 pktlen += m0->m_len; 1136 1137 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1138 ++d->bd_rcount; 1139 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1140 if (slen != 0) 1141 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcpy); 1142 } 1143 } 1144 1145 /* 1146 * Move the packet data from interface memory (pkt) into the 1147 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1148 * otherwise 0. "copy" is the routine called to do the actual data 1149 * transfer. memcpy is passed in to copy contiguous chunks, while 1150 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1151 * pkt is really an mbuf. 1152 */ 1153 static void 1154 catchpacket(d, pkt, pktlen, snaplen, cpfn) 1155 struct bpf_d *d; 1156 u_char *pkt; 1157 u_int pktlen, snaplen; 1158 void *(*cpfn) __P((void *, const void *, size_t)); 1159 { 1160 struct bpf_hdr *hp; 1161 int totlen, curlen; 1162 int hdrlen = d->bd_bif->bif_hdrlen; 1163 /* 1164 * Figure out how many bytes to move. If the packet is 1165 * greater or equal to the snapshot length, transfer that 1166 * much. Otherwise, transfer the whole packet (unless 1167 * we hit the buffer size limit). 1168 */ 1169 totlen = hdrlen + min(snaplen, pktlen); 1170 if (totlen > d->bd_bufsize) 1171 totlen = d->bd_bufsize; 1172 1173 /* 1174 * Round up the end of the previous packet to the next longword. 1175 */ 1176 curlen = BPF_WORDALIGN(d->bd_slen); 1177 if (curlen + totlen > d->bd_bufsize) { 1178 /* 1179 * This packet will overflow the storage buffer. 1180 * Rotate the buffers if we can, then wakeup any 1181 * pending reads. 1182 */ 1183 if (d->bd_fbuf == 0) { 1184 /* 1185 * We haven't completed the previous read yet, 1186 * so drop the packet. 1187 */ 1188 ++d->bd_dcount; 1189 return; 1190 } 1191 ROTATE_BUFFERS(d); 1192 bpf_wakeup(d); 1193 curlen = 0; 1194 } 1195 else if (d->bd_immediate) 1196 /* 1197 * Immediate mode is set. A packet arrived so any 1198 * reads should be woken up. 1199 */ 1200 bpf_wakeup(d); 1201 1202 /* 1203 * Append the bpf header. 1204 */ 1205 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1206 microtime(&hp->bh_tstamp); 1207 hp->bh_datalen = pktlen; 1208 hp->bh_hdrlen = hdrlen; 1209 /* 1210 * Copy the packet data into the store buffer and update its length. 1211 */ 1212 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1213 d->bd_slen = curlen + totlen; 1214 } 1215 1216 /* 1217 * Initialize all nonzero fields of a descriptor. 1218 */ 1219 static int 1220 bpf_allocbufs(d) 1221 struct bpf_d *d; 1222 { 1223 1224 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1225 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1226 d->bd_slen = 0; 1227 d->bd_hlen = 0; 1228 return (0); 1229 } 1230 1231 /* 1232 * Free buffers currently in use by a descriptor. 1233 * Called on close. 1234 */ 1235 static void 1236 bpf_freed(d) 1237 struct bpf_d *d; 1238 { 1239 /* 1240 * We don't need to lock out interrupts since this descriptor has 1241 * been detached from its interface and it yet hasn't been marked 1242 * free. 1243 */ 1244 if (d->bd_sbuf != 0) { 1245 free(d->bd_sbuf, M_DEVBUF); 1246 if (d->bd_hbuf != 0) 1247 free(d->bd_hbuf, M_DEVBUF); 1248 if (d->bd_fbuf != 0) 1249 free(d->bd_fbuf, M_DEVBUF); 1250 } 1251 if (d->bd_filter) 1252 free((caddr_t)d->bd_filter, M_DEVBUF); 1253 1254 D_MARKFREE(d); 1255 } 1256 1257 /* 1258 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1259 * fixed size of the link header (variable length headers not yet supported). 1260 */ 1261 void 1262 bpfattach(ifp, dlt, hdrlen) 1263 struct ifnet *ifp; 1264 u_int dlt, hdrlen; 1265 { 1266 1267 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1268 } 1269 1270 /* 1271 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1272 * hdrlen is the fixed size of the link header for the specified dlt 1273 * (variable length headers not yet supported). 1274 */ 1275 void 1276 bpfattach2(ifp, dlt, hdrlen, driverp) 1277 struct ifnet *ifp; 1278 u_int dlt, hdrlen; 1279 caddr_t *driverp; 1280 { 1281 struct bpf_if *bp; 1282 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1283 if (bp == 0) 1284 panic("bpfattach"); 1285 1286 bp->bif_dlist = 0; 1287 bp->bif_driverp = (struct bpf_if **)driverp; 1288 bp->bif_ifp = ifp; 1289 bp->bif_dlt = dlt; 1290 1291 bp->bif_next = bpf_iflist; 1292 bpf_iflist = bp; 1293 1294 *bp->bif_driverp = 0; 1295 1296 /* 1297 * Compute the length of the bpf header. This is not necessarily 1298 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1299 * that the network layer header begins on a longword boundary (for 1300 * performance reasons and to alleviate alignment restrictions). 1301 */ 1302 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1303 1304 #if 0 1305 printf("bpf: %s attached\n", ifp->if_xname); 1306 #endif 1307 } 1308 1309 /* 1310 * Remove an interface from bpf. 1311 */ 1312 void 1313 bpfdetach(ifp) 1314 struct ifnet *ifp; 1315 { 1316 struct bpf_if *bp, **pbp; 1317 struct bpf_d *d; 1318 int i, s, cmaj; 1319 1320 /* locate the major number */ 1321 cmaj = cdevsw_lookup_major(&bpf_cdevsw); 1322 1323 /* Nuke the vnodes for any open instances */ 1324 for (i = 0; i < NBPFILTER; ++i) { 1325 d = &bpf_dtab[i]; 1326 if (!D_ISFREE(d) && d->bd_bif != NULL && 1327 d->bd_bif->bif_ifp == ifp) { 1328 /* 1329 * Detach the descriptor from an interface now. 1330 * It will be free'ed later by close routine. 1331 */ 1332 s = splnet(); 1333 d->bd_promisc = 0; /* we can't touch device. */ 1334 bpf_detachd(d); 1335 splx(s); 1336 vdevgone(cmaj, i, i, VCHR); 1337 } 1338 } 1339 1340 again: 1341 for (bp = bpf_iflist, pbp = &bpf_iflist; 1342 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1343 if (bp->bif_ifp == ifp) { 1344 *pbp = bp->bif_next; 1345 free(bp, M_DEVBUF); 1346 goto again; 1347 } 1348 } 1349 } 1350 1351 /* 1352 * Change the data link type of a interface. 1353 */ 1354 void 1355 bpf_change_type(ifp, dlt, hdrlen) 1356 struct ifnet *ifp; 1357 u_int dlt, hdrlen; 1358 { 1359 struct bpf_if *bp; 1360 1361 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1362 if (bp->bif_driverp == (struct bpf_if **)&ifp->if_bpf) 1363 break; 1364 } 1365 if (bp == NULL) 1366 panic("bpf_change_type"); 1367 1368 bp->bif_dlt = dlt; 1369 1370 /* 1371 * Compute the length of the bpf header. This is not necessarily 1372 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1373 * that the network layer header begins on a longword boundary (for 1374 * performance reasons and to alleviate alignment restrictions). 1375 */ 1376 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1377 } 1378 1379 /* 1380 * Get a list of available data link type of the interface. 1381 */ 1382 static int 1383 bpf_getdltlist(d, bfl) 1384 struct bpf_d *d; 1385 struct bpf_dltlist *bfl; 1386 { 1387 int n, error; 1388 struct ifnet *ifp; 1389 struct bpf_if *bp; 1390 1391 ifp = d->bd_bif->bif_ifp; 1392 n = 0; 1393 error = 0; 1394 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1395 if (bp->bif_ifp != ifp) 1396 continue; 1397 if (bfl->bfl_list != NULL) { 1398 if (n >= bfl->bfl_len) 1399 return ENOMEM; 1400 error = copyout(&bp->bif_dlt, 1401 bfl->bfl_list + n, sizeof(u_int)); 1402 } 1403 n++; 1404 } 1405 bfl->bfl_len = n; 1406 return error; 1407 } 1408 1409 /* 1410 * Set the data link type of a BPF instance. 1411 */ 1412 static int 1413 bpf_setdlt(d, dlt) 1414 struct bpf_d *d; 1415 u_int dlt; 1416 { 1417 int s, error, opromisc; 1418 struct ifnet *ifp; 1419 struct bpf_if *bp; 1420 1421 if (d->bd_bif->bif_dlt == dlt) 1422 return 0; 1423 ifp = d->bd_bif->bif_ifp; 1424 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1425 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1426 break; 1427 } 1428 if (bp == NULL) 1429 return EINVAL; 1430 s = splnet(); 1431 opromisc = d->bd_promisc; 1432 bpf_detachd(d); 1433 bpf_attachd(d, bp); 1434 reset_d(d); 1435 if (opromisc) { 1436 error = ifpromisc(bp->bif_ifp, 1); 1437 if (error) 1438 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1439 bp->bif_ifp->if_xname, error); 1440 else 1441 d->bd_promisc = 1; 1442 } 1443 splx(s); 1444 return 0; 1445 } 1446