1 /* $NetBSD: bpf.c,v 1.144 2009/04/04 10:12:51 ad Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.144 2009/04/04 10:12:51 ad Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timespec *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_close(struct file *); 155 static int bpf_kqfilter(struct file *, struct knote *); 156 static void bpf_softintr(void *); 157 158 static const struct fileops bpf_fileops = { 159 .fo_read = bpf_read, 160 .fo_write = bpf_write, 161 .fo_ioctl = bpf_ioctl, 162 .fo_fcntl = fnullop_fcntl, 163 .fo_poll = bpf_poll, 164 .fo_stat = fbadop_stat, 165 .fo_close = bpf_close, 166 .fo_kqfilter = bpf_kqfilter, 167 .fo_drain = fnullop_drain, 168 }; 169 170 dev_type_open(bpfopen); 171 172 const struct cdevsw bpf_cdevsw = { 173 bpfopen, noclose, noread, nowrite, noioctl, 174 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 175 }; 176 177 static int 178 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 179 struct sockaddr *sockp) 180 { 181 struct mbuf *m; 182 int error; 183 int len; 184 int hlen; 185 int align; 186 187 /* 188 * Build a sockaddr based on the data link layer type. 189 * We do this at this level because the ethernet header 190 * is copied directly into the data field of the sockaddr. 191 * In the case of SLIP, there is no header and the packet 192 * is forwarded as is. 193 * Also, we are careful to leave room at the front of the mbuf 194 * for the link level header. 195 */ 196 switch (linktype) { 197 198 case DLT_SLIP: 199 sockp->sa_family = AF_INET; 200 hlen = 0; 201 align = 0; 202 break; 203 204 case DLT_PPP: 205 sockp->sa_family = AF_UNSPEC; 206 hlen = 0; 207 align = 0; 208 break; 209 210 case DLT_EN10MB: 211 sockp->sa_family = AF_UNSPEC; 212 /* XXX Would MAXLINKHDR be better? */ 213 /* 6(dst)+6(src)+2(type) */ 214 hlen = sizeof(struct ether_header); 215 align = 2; 216 break; 217 218 case DLT_ARCNET: 219 sockp->sa_family = AF_UNSPEC; 220 hlen = ARC_HDRLEN; 221 align = 5; 222 break; 223 224 case DLT_FDDI: 225 sockp->sa_family = AF_LINK; 226 /* XXX 4(FORMAC)+6(dst)+6(src) */ 227 hlen = 16; 228 align = 0; 229 break; 230 231 case DLT_ECONET: 232 sockp->sa_family = AF_UNSPEC; 233 hlen = 6; 234 align = 2; 235 break; 236 237 case DLT_NULL: 238 sockp->sa_family = AF_UNSPEC; 239 hlen = 0; 240 align = 0; 241 break; 242 243 default: 244 return (EIO); 245 } 246 247 len = uio->uio_resid; 248 /* 249 * If there aren't enough bytes for a link level header or the 250 * packet length exceeds the interface mtu, return an error. 251 */ 252 if (len < hlen || len - hlen > mtu) 253 return (EMSGSIZE); 254 255 /* 256 * XXX Avoid complicated buffer chaining --- 257 * bail if it won't fit in a single mbuf. 258 * (Take into account possible alignment bytes) 259 */ 260 if ((unsigned)len > MCLBYTES - align) 261 return (EIO); 262 263 m = m_gethdr(M_WAIT, MT_DATA); 264 m->m_pkthdr.rcvif = 0; 265 m->m_pkthdr.len = len - hlen; 266 if (len > MHLEN - align) { 267 m_clget(m, M_WAIT); 268 if ((m->m_flags & M_EXT) == 0) { 269 error = ENOBUFS; 270 goto bad; 271 } 272 } 273 274 /* Insure the data is properly aligned */ 275 if (align > 0) { 276 m->m_data += align; 277 m->m_len -= align; 278 } 279 280 error = uiomove(mtod(m, void *), len, uio); 281 if (error) 282 goto bad; 283 if (hlen != 0) { 284 memcpy(sockp->sa_data, mtod(m, void *), hlen); 285 m->m_data += hlen; /* XXX */ 286 len -= hlen; 287 } 288 m->m_len = len; 289 *mp = m; 290 return (0); 291 292 bad: 293 m_freem(m); 294 return (error); 295 } 296 297 /* 298 * Attach file to the bpf interface, i.e. make d listen on bp. 299 * Must be called at splnet. 300 */ 301 static void 302 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 303 { 304 /* 305 * Point d at bp, and add d to the interface's list of listeners. 306 * Finally, point the driver's bpf cookie at the interface so 307 * it will divert packets to bpf. 308 */ 309 d->bd_bif = bp; 310 d->bd_next = bp->bif_dlist; 311 bp->bif_dlist = d; 312 313 *bp->bif_driverp = bp; 314 } 315 316 /* 317 * Detach a file from its interface. 318 */ 319 static void 320 bpf_detachd(struct bpf_d *d) 321 { 322 struct bpf_d **p; 323 struct bpf_if *bp; 324 325 bp = d->bd_bif; 326 /* 327 * Check if this descriptor had requested promiscuous mode. 328 * If so, turn it off. 329 */ 330 if (d->bd_promisc) { 331 int error; 332 333 d->bd_promisc = 0; 334 /* 335 * Take device out of promiscuous mode. Since we were 336 * able to enter promiscuous mode, we should be able 337 * to turn it off. But we can get an error if 338 * the interface was configured down, so only panic 339 * if we don't get an unexpected error. 340 */ 341 error = ifpromisc(bp->bif_ifp, 0); 342 if (error && error != EINVAL) 343 panic("bpf: ifpromisc failed"); 344 } 345 /* Remove d from the interface's descriptor list. */ 346 p = &bp->bif_dlist; 347 while (*p != d) { 348 p = &(*p)->bd_next; 349 if (*p == 0) 350 panic("bpf_detachd: descriptor not in list"); 351 } 352 *p = (*p)->bd_next; 353 if (bp->bif_dlist == 0) 354 /* 355 * Let the driver know that there are no more listeners. 356 */ 357 *d->bd_bif->bif_driverp = 0; 358 d->bd_bif = 0; 359 } 360 361 362 /* 363 * Mark a descriptor free by making it point to itself. 364 * This is probably cheaper than marking with a constant since 365 * the address should be in a register anyway. 366 */ 367 368 /* 369 * bpfilterattach() is called at boot time. 370 */ 371 /* ARGSUSED */ 372 void 373 bpfilterattach(int n) 374 { 375 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 376 377 mutex_enter(&bpf_mtx); 378 LIST_INIT(&bpf_list); 379 mutex_exit(&bpf_mtx); 380 381 bpf_gstats.bs_recv = 0; 382 bpf_gstats.bs_drop = 0; 383 bpf_gstats.bs_capt = 0; 384 } 385 386 /* 387 * Open ethernet device. Clones. 388 */ 389 /* ARGSUSED */ 390 int 391 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 392 { 393 struct bpf_d *d; 394 struct file *fp; 395 int error, fd; 396 397 /* falloc() will use the descriptor for us. */ 398 if ((error = fd_allocfile(&fp, &fd)) != 0) 399 return error; 400 401 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 402 d->bd_bufsize = bpf_bufsize; 403 d->bd_seesent = 1; 404 d->bd_pid = l->l_proc->p_pid; 405 callout_init(&d->bd_callout, 0); 406 selinit(&d->bd_sel); 407 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 408 409 mutex_enter(&bpf_mtx); 410 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 411 mutex_exit(&bpf_mtx); 412 413 return fd_clone(fp, fd, flag, &bpf_fileops, d); 414 } 415 416 /* 417 * Close the descriptor by detaching it from its interface, 418 * deallocating its buffers, and marking it free. 419 */ 420 /* ARGSUSED */ 421 static int 422 bpf_close(struct file *fp) 423 { 424 struct bpf_d *d = fp->f_data; 425 int s; 426 427 KERNEL_LOCK(1, NULL); 428 429 /* 430 * Refresh the PID associated with this bpf file. 431 */ 432 d->bd_pid = curproc->p_pid; 433 434 s = splnet(); 435 if (d->bd_state == BPF_WAITING) 436 callout_stop(&d->bd_callout); 437 d->bd_state = BPF_IDLE; 438 if (d->bd_bif) 439 bpf_detachd(d); 440 splx(s); 441 bpf_freed(d); 442 mutex_enter(&bpf_mtx); 443 LIST_REMOVE(d, bd_list); 444 mutex_exit(&bpf_mtx); 445 callout_destroy(&d->bd_callout); 446 seldestroy(&d->bd_sel); 447 softint_disestablish(d->bd_sih); 448 free(d, M_DEVBUF); 449 fp->f_data = NULL; 450 451 KERNEL_UNLOCK_ONE(NULL); 452 453 return (0); 454 } 455 456 /* 457 * Rotate the packet buffers in descriptor d. Move the store buffer 458 * into the hold slot, and the free buffer into the store slot. 459 * Zero the length of the new store buffer. 460 */ 461 #define ROTATE_BUFFERS(d) \ 462 (d)->bd_hbuf = (d)->bd_sbuf; \ 463 (d)->bd_hlen = (d)->bd_slen; \ 464 (d)->bd_sbuf = (d)->bd_fbuf; \ 465 (d)->bd_slen = 0; \ 466 (d)->bd_fbuf = 0; 467 /* 468 * bpfread - read next chunk of packets from buffers 469 */ 470 static int 471 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 472 kauth_cred_t cred, int flags) 473 { 474 struct bpf_d *d = fp->f_data; 475 int timed_out; 476 int error; 477 int s; 478 479 /* 480 * Restrict application to use a buffer the same size as 481 * the kernel buffers. 482 */ 483 if (uio->uio_resid != d->bd_bufsize) 484 return (EINVAL); 485 486 KERNEL_LOCK(1, NULL); 487 s = splnet(); 488 if (d->bd_state == BPF_WAITING) 489 callout_stop(&d->bd_callout); 490 timed_out = (d->bd_state == BPF_TIMED_OUT); 491 d->bd_state = BPF_IDLE; 492 /* 493 * If the hold buffer is empty, then do a timed sleep, which 494 * ends when the timeout expires or when enough packets 495 * have arrived to fill the store buffer. 496 */ 497 while (d->bd_hbuf == 0) { 498 if (fp->f_flag & FNONBLOCK) { 499 if (d->bd_slen == 0) { 500 splx(s); 501 KERNEL_UNLOCK_ONE(NULL); 502 return (EWOULDBLOCK); 503 } 504 ROTATE_BUFFERS(d); 505 break; 506 } 507 508 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 509 /* 510 * A packet(s) either arrived since the previous 511 * read or arrived while we were asleep. 512 * Rotate the buffers and return what's here. 513 */ 514 ROTATE_BUFFERS(d); 515 break; 516 } 517 error = tsleep(d, PRINET|PCATCH, "bpf", 518 d->bd_rtout); 519 if (error == EINTR || error == ERESTART) { 520 splx(s); 521 KERNEL_UNLOCK_ONE(NULL); 522 return (error); 523 } 524 if (error == EWOULDBLOCK) { 525 /* 526 * On a timeout, return what's in the buffer, 527 * which may be nothing. If there is something 528 * in the store buffer, we can rotate the buffers. 529 */ 530 if (d->bd_hbuf) 531 /* 532 * We filled up the buffer in between 533 * getting the timeout and arriving 534 * here, so we don't need to rotate. 535 */ 536 break; 537 538 if (d->bd_slen == 0) { 539 splx(s); 540 KERNEL_UNLOCK_ONE(NULL); 541 return (0); 542 } 543 ROTATE_BUFFERS(d); 544 break; 545 } 546 if (error != 0) 547 goto done; 548 } 549 /* 550 * At this point, we know we have something in the hold slot. 551 */ 552 splx(s); 553 554 /* 555 * Move data from hold buffer into user space. 556 * We know the entire buffer is transferred since 557 * we checked above that the read buffer is bpf_bufsize bytes. 558 */ 559 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 560 561 s = splnet(); 562 d->bd_fbuf = d->bd_hbuf; 563 d->bd_hbuf = 0; 564 d->bd_hlen = 0; 565 done: 566 splx(s); 567 KERNEL_UNLOCK_ONE(NULL); 568 return (error); 569 } 570 571 572 /* 573 * If there are processes sleeping on this descriptor, wake them up. 574 */ 575 static inline void 576 bpf_wakeup(struct bpf_d *d) 577 { 578 wakeup(d); 579 if (d->bd_async) 580 softint_schedule(d->bd_sih); 581 selnotify(&d->bd_sel, 0, 0); 582 } 583 584 static void 585 bpf_softintr(void *cookie) 586 { 587 struct bpf_d *d; 588 589 d = cookie; 590 if (d->bd_async) 591 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 592 } 593 594 static void 595 bpf_timed_out(void *arg) 596 { 597 struct bpf_d *d = arg; 598 int s; 599 600 s = splnet(); 601 if (d->bd_state == BPF_WAITING) { 602 d->bd_state = BPF_TIMED_OUT; 603 if (d->bd_slen != 0) 604 bpf_wakeup(d); 605 } 606 splx(s); 607 } 608 609 610 static int 611 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 612 kauth_cred_t cred, int flags) 613 { 614 struct bpf_d *d = fp->f_data; 615 struct ifnet *ifp; 616 struct mbuf *m; 617 int error, s; 618 static struct sockaddr_storage dst; 619 620 m = NULL; /* XXX gcc */ 621 622 KERNEL_LOCK(1, NULL); 623 624 if (d->bd_bif == 0) { 625 KERNEL_UNLOCK_ONE(NULL); 626 return (ENXIO); 627 } 628 629 ifp = d->bd_bif->bif_ifp; 630 631 if (uio->uio_resid == 0) { 632 KERNEL_UNLOCK_ONE(NULL); 633 return (0); 634 } 635 636 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 637 (struct sockaddr *) &dst); 638 if (error) { 639 KERNEL_UNLOCK_ONE(NULL); 640 return (error); 641 } 642 643 if (m->m_pkthdr.len > ifp->if_mtu) { 644 KERNEL_UNLOCK_ONE(NULL); 645 m_freem(m); 646 return (EMSGSIZE); 647 } 648 649 if (d->bd_hdrcmplt) 650 dst.ss_family = pseudo_AF_HDRCMPLT; 651 652 s = splsoftnet(); 653 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 654 splx(s); 655 KERNEL_UNLOCK_ONE(NULL); 656 /* 657 * The driver frees the mbuf. 658 */ 659 return (error); 660 } 661 662 /* 663 * Reset a descriptor by flushing its packet buffer and clearing the 664 * receive and drop counts. Should be called at splnet. 665 */ 666 static void 667 reset_d(struct bpf_d *d) 668 { 669 if (d->bd_hbuf) { 670 /* Free the hold buffer. */ 671 d->bd_fbuf = d->bd_hbuf; 672 d->bd_hbuf = 0; 673 } 674 d->bd_slen = 0; 675 d->bd_hlen = 0; 676 d->bd_rcount = 0; 677 d->bd_dcount = 0; 678 d->bd_ccount = 0; 679 } 680 681 /* 682 * FIONREAD Check for read packet available. 683 * BIOCGBLEN Get buffer len [for read()]. 684 * BIOCSETF Set ethernet read filter. 685 * BIOCFLUSH Flush read packet buffer. 686 * BIOCPROMISC Put interface into promiscuous mode. 687 * BIOCGDLT Get link layer type. 688 * BIOCGETIF Get interface name. 689 * BIOCSETIF Set interface. 690 * BIOCSRTIMEOUT Set read timeout. 691 * BIOCGRTIMEOUT Get read timeout. 692 * BIOCGSTATS Get packet stats. 693 * BIOCIMMEDIATE Set immediate mode. 694 * BIOCVERSION Get filter language version. 695 * BIOCGHDRCMPLT Get "header already complete" flag. 696 * BIOCSHDRCMPLT Set "header already complete" flag. 697 */ 698 /* ARGSUSED */ 699 static int 700 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 701 { 702 struct bpf_d *d = fp->f_data; 703 int s, error = 0; 704 705 /* 706 * Refresh the PID associated with this bpf file. 707 */ 708 KERNEL_LOCK(1, NULL); 709 d->bd_pid = curproc->p_pid; 710 711 s = splnet(); 712 if (d->bd_state == BPF_WAITING) 713 callout_stop(&d->bd_callout); 714 d->bd_state = BPF_IDLE; 715 splx(s); 716 717 switch (cmd) { 718 719 default: 720 error = EINVAL; 721 break; 722 723 /* 724 * Check for read packet available. 725 */ 726 case FIONREAD: 727 { 728 int n; 729 730 s = splnet(); 731 n = d->bd_slen; 732 if (d->bd_hbuf) 733 n += d->bd_hlen; 734 splx(s); 735 736 *(int *)addr = n; 737 break; 738 } 739 740 /* 741 * Get buffer len [for read()]. 742 */ 743 case BIOCGBLEN: 744 *(u_int *)addr = d->bd_bufsize; 745 break; 746 747 /* 748 * Set buffer length. 749 */ 750 case BIOCSBLEN: 751 if (d->bd_bif != 0) 752 error = EINVAL; 753 else { 754 u_int size = *(u_int *)addr; 755 756 if (size > bpf_maxbufsize) 757 *(u_int *)addr = size = bpf_maxbufsize; 758 else if (size < BPF_MINBUFSIZE) 759 *(u_int *)addr = size = BPF_MINBUFSIZE; 760 d->bd_bufsize = size; 761 } 762 break; 763 764 /* 765 * Set link layer read filter. 766 */ 767 case BIOCSETF: 768 error = bpf_setf(d, addr); 769 break; 770 771 /* 772 * Flush read packet buffer. 773 */ 774 case BIOCFLUSH: 775 s = splnet(); 776 reset_d(d); 777 splx(s); 778 break; 779 780 /* 781 * Put interface into promiscuous mode. 782 */ 783 case BIOCPROMISC: 784 if (d->bd_bif == 0) { 785 /* 786 * No interface attached yet. 787 */ 788 error = EINVAL; 789 break; 790 } 791 s = splnet(); 792 if (d->bd_promisc == 0) { 793 error = ifpromisc(d->bd_bif->bif_ifp, 1); 794 if (error == 0) 795 d->bd_promisc = 1; 796 } 797 splx(s); 798 break; 799 800 /* 801 * Get device parameters. 802 */ 803 case BIOCGDLT: 804 if (d->bd_bif == 0) 805 error = EINVAL; 806 else 807 *(u_int *)addr = d->bd_bif->bif_dlt; 808 break; 809 810 /* 811 * Get a list of supported device parameters. 812 */ 813 case BIOCGDLTLIST: 814 if (d->bd_bif == 0) 815 error = EINVAL; 816 else 817 error = bpf_getdltlist(d, addr); 818 break; 819 820 /* 821 * Set device parameters. 822 */ 823 case BIOCSDLT: 824 if (d->bd_bif == 0) 825 error = EINVAL; 826 else 827 error = bpf_setdlt(d, *(u_int *)addr); 828 break; 829 830 /* 831 * Set interface name. 832 */ 833 #ifdef OBIOCGETIF 834 case OBIOCGETIF: 835 #endif 836 case BIOCGETIF: 837 if (d->bd_bif == 0) 838 error = EINVAL; 839 else 840 bpf_ifname(d->bd_bif->bif_ifp, addr); 841 break; 842 843 /* 844 * Set interface. 845 */ 846 #ifdef OBIOCSETIF 847 case OBIOCSETIF: 848 #endif 849 case BIOCSETIF: 850 error = bpf_setif(d, addr); 851 break; 852 853 /* 854 * Set read timeout. 855 */ 856 case BIOCSRTIMEOUT: 857 { 858 struct timeval *tv = addr; 859 860 /* Compute number of ticks. */ 861 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 862 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 863 d->bd_rtout = 1; 864 break; 865 } 866 867 #ifdef BIOCGORTIMEOUT 868 /* 869 * Get read timeout. 870 */ 871 case BIOCGORTIMEOUT: 872 { 873 struct timeval50 *tv = addr; 874 875 tv->tv_sec = d->bd_rtout / hz; 876 tv->tv_usec = (d->bd_rtout % hz) * tick; 877 break; 878 } 879 #endif 880 881 #ifdef BIOCSORTIMEOUT 882 /* 883 * Set read timeout. 884 */ 885 case BIOCSORTIMEOUT: 886 { 887 struct timeval50 *tv = addr; 888 889 /* Compute number of ticks. */ 890 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 891 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 892 d->bd_rtout = 1; 893 break; 894 } 895 #endif 896 897 /* 898 * Get read timeout. 899 */ 900 case BIOCGRTIMEOUT: 901 { 902 struct timeval *tv = addr; 903 904 tv->tv_sec = d->bd_rtout / hz; 905 tv->tv_usec = (d->bd_rtout % hz) * tick; 906 break; 907 } 908 /* 909 * Get packet stats. 910 */ 911 case BIOCGSTATS: 912 { 913 struct bpf_stat *bs = addr; 914 915 bs->bs_recv = d->bd_rcount; 916 bs->bs_drop = d->bd_dcount; 917 bs->bs_capt = d->bd_ccount; 918 break; 919 } 920 921 case BIOCGSTATSOLD: 922 { 923 struct bpf_stat_old *bs = addr; 924 925 bs->bs_recv = d->bd_rcount; 926 bs->bs_drop = d->bd_dcount; 927 break; 928 } 929 930 /* 931 * Set immediate mode. 932 */ 933 case BIOCIMMEDIATE: 934 d->bd_immediate = *(u_int *)addr; 935 break; 936 937 case BIOCVERSION: 938 { 939 struct bpf_version *bv = addr; 940 941 bv->bv_major = BPF_MAJOR_VERSION; 942 bv->bv_minor = BPF_MINOR_VERSION; 943 break; 944 } 945 946 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 947 *(u_int *)addr = d->bd_hdrcmplt; 948 break; 949 950 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 951 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 952 break; 953 954 /* 955 * Get "see sent packets" flag 956 */ 957 case BIOCGSEESENT: 958 *(u_int *)addr = d->bd_seesent; 959 break; 960 961 /* 962 * Set "see sent" packets flag 963 */ 964 case BIOCSSEESENT: 965 d->bd_seesent = *(u_int *)addr; 966 break; 967 968 case FIONBIO: /* Non-blocking I/O */ 969 /* 970 * No need to do anything special as we use IO_NDELAY in 971 * bpfread() as an indication of whether or not to block 972 * the read. 973 */ 974 break; 975 976 case FIOASYNC: /* Send signal on receive packets */ 977 d->bd_async = *(int *)addr; 978 break; 979 980 case TIOCSPGRP: /* Process or group to send signals to */ 981 case FIOSETOWN: 982 error = fsetown(&d->bd_pgid, cmd, addr); 983 break; 984 985 case TIOCGPGRP: 986 case FIOGETOWN: 987 error = fgetown(d->bd_pgid, cmd, addr); 988 break; 989 } 990 KERNEL_UNLOCK_ONE(NULL); 991 return (error); 992 } 993 994 /* 995 * Set d's packet filter program to fp. If this file already has a filter, 996 * free it and replace it. Returns EINVAL for bogus requests. 997 */ 998 int 999 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 1000 { 1001 struct bpf_insn *fcode, *old; 1002 u_int flen, size; 1003 int s; 1004 1005 old = d->bd_filter; 1006 if (fp->bf_insns == 0) { 1007 if (fp->bf_len != 0) 1008 return (EINVAL); 1009 s = splnet(); 1010 d->bd_filter = 0; 1011 reset_d(d); 1012 splx(s); 1013 if (old != 0) 1014 free(old, M_DEVBUF); 1015 return (0); 1016 } 1017 flen = fp->bf_len; 1018 if (flen > BPF_MAXINSNS) 1019 return (EINVAL); 1020 1021 size = flen * sizeof(*fp->bf_insns); 1022 fcode = malloc(size, M_DEVBUF, M_WAITOK); 1023 if (copyin(fp->bf_insns, fcode, size) == 0 && 1024 bpf_validate(fcode, (int)flen)) { 1025 s = splnet(); 1026 d->bd_filter = fcode; 1027 reset_d(d); 1028 splx(s); 1029 if (old != 0) 1030 free(old, M_DEVBUF); 1031 1032 return (0); 1033 } 1034 free(fcode, M_DEVBUF); 1035 return (EINVAL); 1036 } 1037 1038 /* 1039 * Detach a file from its current interface (if attached at all) and attach 1040 * to the interface indicated by the name stored in ifr. 1041 * Return an errno or 0. 1042 */ 1043 static int 1044 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1045 { 1046 struct bpf_if *bp; 1047 char *cp; 1048 int unit_seen, i, s, error; 1049 1050 /* 1051 * Make sure the provided name has a unit number, and default 1052 * it to '0' if not specified. 1053 * XXX This is ugly ... do this differently? 1054 */ 1055 unit_seen = 0; 1056 cp = ifr->ifr_name; 1057 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1058 while (*cp++) 1059 if (*cp >= '0' && *cp <= '9') 1060 unit_seen = 1; 1061 if (!unit_seen) { 1062 /* Make sure to leave room for the '\0'. */ 1063 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1064 if ((ifr->ifr_name[i] >= 'a' && 1065 ifr->ifr_name[i] <= 'z') || 1066 (ifr->ifr_name[i] >= 'A' && 1067 ifr->ifr_name[i] <= 'Z')) 1068 continue; 1069 ifr->ifr_name[i] = '0'; 1070 } 1071 } 1072 1073 /* 1074 * Look through attached interfaces for the named one. 1075 */ 1076 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1077 struct ifnet *ifp = bp->bif_ifp; 1078 1079 if (ifp == 0 || 1080 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1081 continue; 1082 /* skip additional entry */ 1083 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1084 continue; 1085 /* 1086 * We found the requested interface. 1087 * Allocate the packet buffers if we need to. 1088 * If we're already attached to requested interface, 1089 * just flush the buffer. 1090 */ 1091 if (d->bd_sbuf == 0) { 1092 error = bpf_allocbufs(d); 1093 if (error != 0) 1094 return (error); 1095 } 1096 s = splnet(); 1097 if (bp != d->bd_bif) { 1098 if (d->bd_bif) 1099 /* 1100 * Detach if attached to something else. 1101 */ 1102 bpf_detachd(d); 1103 1104 bpf_attachd(d, bp); 1105 } 1106 reset_d(d); 1107 splx(s); 1108 return (0); 1109 } 1110 /* Not found. */ 1111 return (ENXIO); 1112 } 1113 1114 /* 1115 * Copy the interface name to the ifreq. 1116 */ 1117 static void 1118 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1119 { 1120 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1121 } 1122 1123 /* 1124 * Support for poll() system call 1125 * 1126 * Return true iff the specific operation will not block indefinitely - with 1127 * the assumption that it is safe to positively acknowledge a request for the 1128 * ability to write to the BPF device. 1129 * Otherwise, return false but make a note that a selnotify() must be done. 1130 */ 1131 static int 1132 bpf_poll(struct file *fp, int events) 1133 { 1134 struct bpf_d *d = fp->f_data; 1135 int s = splnet(); 1136 int revents; 1137 1138 /* 1139 * Refresh the PID associated with this bpf file. 1140 */ 1141 KERNEL_LOCK(1, NULL); 1142 d->bd_pid = curproc->p_pid; 1143 1144 revents = events & (POLLOUT | POLLWRNORM); 1145 if (events & (POLLIN | POLLRDNORM)) { 1146 /* 1147 * An imitation of the FIONREAD ioctl code. 1148 */ 1149 if (d->bd_hlen != 0 || 1150 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1151 d->bd_slen != 0)) { 1152 revents |= events & (POLLIN | POLLRDNORM); 1153 } else { 1154 selrecord(curlwp, &d->bd_sel); 1155 /* Start the read timeout if necessary */ 1156 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1157 callout_reset(&d->bd_callout, d->bd_rtout, 1158 bpf_timed_out, d); 1159 d->bd_state = BPF_WAITING; 1160 } 1161 } 1162 } 1163 1164 KERNEL_UNLOCK_ONE(NULL); 1165 splx(s); 1166 return (revents); 1167 } 1168 1169 static void 1170 filt_bpfrdetach(struct knote *kn) 1171 { 1172 struct bpf_d *d = kn->kn_hook; 1173 int s; 1174 1175 KERNEL_LOCK(1, NULL); 1176 s = splnet(); 1177 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1178 splx(s); 1179 KERNEL_UNLOCK_ONE(NULL); 1180 } 1181 1182 static int 1183 filt_bpfread(struct knote *kn, long hint) 1184 { 1185 struct bpf_d *d = kn->kn_hook; 1186 int rv; 1187 1188 KERNEL_LOCK(1, NULL); 1189 kn->kn_data = d->bd_hlen; 1190 if (d->bd_immediate) 1191 kn->kn_data += d->bd_slen; 1192 rv = (kn->kn_data > 0); 1193 KERNEL_UNLOCK_ONE(NULL); 1194 return rv; 1195 } 1196 1197 static const struct filterops bpfread_filtops = 1198 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1199 1200 static int 1201 bpf_kqfilter(struct file *fp, struct knote *kn) 1202 { 1203 struct bpf_d *d = fp->f_data; 1204 struct klist *klist; 1205 int s; 1206 1207 KERNEL_LOCK(1, NULL); 1208 1209 switch (kn->kn_filter) { 1210 case EVFILT_READ: 1211 klist = &d->bd_sel.sel_klist; 1212 kn->kn_fop = &bpfread_filtops; 1213 break; 1214 1215 default: 1216 KERNEL_UNLOCK_ONE(NULL); 1217 return (EINVAL); 1218 } 1219 1220 kn->kn_hook = d; 1221 1222 s = splnet(); 1223 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1224 splx(s); 1225 KERNEL_UNLOCK_ONE(NULL); 1226 1227 return (0); 1228 } 1229 1230 /* 1231 * Incoming linkage from device drivers. Process the packet pkt, of length 1232 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1233 * by each process' filter, and if accepted, stashed into the corresponding 1234 * buffer. 1235 */ 1236 void 1237 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1238 { 1239 struct bpf_if *bp; 1240 struct bpf_d *d; 1241 u_int slen; 1242 struct timespec ts; 1243 int gottime=0; 1244 1245 /* 1246 * Note that the ipl does not have to be raised at this point. 1247 * The only problem that could arise here is that if two different 1248 * interfaces shared any data. This is not the case. 1249 */ 1250 bp = arg; 1251 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1252 ++d->bd_rcount; 1253 ++bpf_gstats.bs_recv; 1254 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1255 if (slen != 0) { 1256 if (!gottime) { 1257 nanotime(&ts); 1258 gottime = 1; 1259 } 1260 catchpacket(d, pkt, pktlen, slen, memcpy, &ts); 1261 } 1262 } 1263 } 1264 1265 /* 1266 * Copy data from an mbuf chain into a buffer. This code is derived 1267 * from m_copydata in sys/uipc_mbuf.c. 1268 */ 1269 static void * 1270 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1271 { 1272 const struct mbuf *m; 1273 u_int count; 1274 u_char *dst; 1275 1276 m = src_arg; 1277 dst = dst_arg; 1278 while (len > 0) { 1279 if (m == NULL) 1280 panic("bpf_mcpy"); 1281 count = min(m->m_len, len); 1282 memcpy(dst, mtod(m, const void *), count); 1283 m = m->m_next; 1284 dst += count; 1285 len -= count; 1286 } 1287 return dst_arg; 1288 } 1289 1290 /* 1291 * Dispatch a packet to all the listeners on interface bp. 1292 * 1293 * marg pointer to the packet, either a data buffer or an mbuf chain 1294 * buflen buffer length, if marg is a data buffer 1295 * cpfn a function that can copy marg into the listener's buffer 1296 * pktlen length of the packet 1297 * rcvif either NULL or the interface the packet came in on. 1298 */ 1299 static inline void 1300 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1301 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1302 { 1303 u_int slen; 1304 struct bpf_d *d; 1305 struct timespec ts; 1306 int gottime = 0; 1307 1308 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1309 if (!d->bd_seesent && (rcvif == NULL)) 1310 continue; 1311 ++d->bd_rcount; 1312 ++bpf_gstats.bs_recv; 1313 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1314 if (slen != 0) { 1315 if(!gottime) { 1316 nanotime(&ts); 1317 gottime = 1; 1318 } 1319 catchpacket(d, marg, pktlen, slen, cpfn, &ts); 1320 } 1321 } 1322 } 1323 1324 /* 1325 * Incoming linkage from device drivers, when the head of the packet is in 1326 * a buffer, and the tail is in an mbuf chain. 1327 */ 1328 void 1329 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1330 { 1331 struct bpf_if *bp = arg; 1332 u_int pktlen; 1333 struct mbuf mb; 1334 1335 pktlen = m_length(m) + dlen; 1336 1337 /* 1338 * Craft on-stack mbuf suitable for passing to bpf_filter. 1339 * Note that we cut corners here; we only setup what's 1340 * absolutely needed--this mbuf should never go anywhere else. 1341 */ 1342 (void)memset(&mb, 0, sizeof(mb)); 1343 mb.m_next = m; 1344 mb.m_data = data; 1345 mb.m_len = dlen; 1346 1347 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1348 } 1349 1350 /* 1351 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1352 */ 1353 void 1354 bpf_mtap(void *arg, struct mbuf *m) 1355 { 1356 void *(*cpfn)(void *, const void *, size_t); 1357 struct bpf_if *bp = arg; 1358 u_int pktlen, buflen; 1359 void *marg; 1360 1361 pktlen = m_length(m); 1362 1363 if (pktlen == m->m_len) { 1364 cpfn = (void *)memcpy; 1365 marg = mtod(m, void *); 1366 buflen = pktlen; 1367 } else { 1368 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1369 cpfn = bpf_mcpy; 1370 marg = m; 1371 buflen = 0; 1372 } 1373 1374 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1375 } 1376 1377 /* 1378 * We need to prepend the address family as 1379 * a four byte field. Cons up a dummy header 1380 * to pacify bpf. This is safe because bpf 1381 * will only read from the mbuf (i.e., it won't 1382 * try to free it or keep a pointer a to it). 1383 */ 1384 void 1385 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1386 { 1387 struct mbuf m0; 1388 1389 m0.m_flags = 0; 1390 m0.m_next = m; 1391 m0.m_len = 4; 1392 m0.m_data = (char *)⁡ 1393 1394 bpf_mtap(arg, &m0); 1395 } 1396 1397 void 1398 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1399 { 1400 struct mbuf m0; 1401 1402 m0.m_flags = 0; 1403 m0.m_next = m; 1404 m0.m_len = 14; 1405 m0.m_data = m0.m_dat; 1406 1407 ((uint32_t *)m0.m_data)[0] = 0; 1408 ((uint32_t *)m0.m_data)[1] = 0; 1409 ((uint32_t *)m0.m_data)[2] = 0; 1410 ((uint16_t *)m0.m_data)[6] = et; 1411 1412 bpf_mtap(arg, &m0); 1413 } 1414 1415 #if NSL > 0 || NSTRIP > 0 1416 /* 1417 * Put the SLIP pseudo-"link header" in place. 1418 * Note this M_PREPEND() should never fail, 1419 * swince we know we always have enough space 1420 * in the input buffer. 1421 */ 1422 void 1423 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1424 { 1425 int s; 1426 u_char *hp; 1427 1428 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1429 if (*m == NULL) 1430 return; 1431 1432 hp = mtod(*m, u_char *); 1433 hp[SLX_DIR] = SLIPDIR_IN; 1434 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1435 1436 s = splnet(); 1437 bpf_mtap(arg, *m); 1438 splx(s); 1439 1440 m_adj(*m, SLIP_HDRLEN); 1441 } 1442 1443 /* 1444 * Put the SLIP pseudo-"link header" in 1445 * place. The compressed header is now 1446 * at the beginning of the mbuf. 1447 */ 1448 void 1449 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1450 { 1451 struct mbuf m0; 1452 u_char *hp; 1453 int s; 1454 1455 m0.m_flags = 0; 1456 m0.m_next = m; 1457 m0.m_data = m0.m_dat; 1458 m0.m_len = SLIP_HDRLEN; 1459 1460 hp = mtod(&m0, u_char *); 1461 1462 hp[SLX_DIR] = SLIPDIR_OUT; 1463 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1464 1465 s = splnet(); 1466 bpf_mtap(arg, &m0); 1467 splx(s); 1468 m_freem(m); 1469 } 1470 #endif 1471 1472 /* 1473 * Move the packet data from interface memory (pkt) into the 1474 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1475 * otherwise 0. "copy" is the routine called to do the actual data 1476 * transfer. memcpy is passed in to copy contiguous chunks, while 1477 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1478 * pkt is really an mbuf. 1479 */ 1480 static void 1481 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1482 void *(*cpfn)(void *, const void *, size_t), struct timespec *ts) 1483 { 1484 struct bpf_hdr *hp; 1485 int totlen, curlen; 1486 int hdrlen = d->bd_bif->bif_hdrlen; 1487 int do_wakeup = 0; 1488 1489 ++d->bd_ccount; 1490 ++bpf_gstats.bs_capt; 1491 /* 1492 * Figure out how many bytes to move. If the packet is 1493 * greater or equal to the snapshot length, transfer that 1494 * much. Otherwise, transfer the whole packet (unless 1495 * we hit the buffer size limit). 1496 */ 1497 totlen = hdrlen + min(snaplen, pktlen); 1498 if (totlen > d->bd_bufsize) 1499 totlen = d->bd_bufsize; 1500 1501 /* 1502 * Round up the end of the previous packet to the next longword. 1503 */ 1504 curlen = BPF_WORDALIGN(d->bd_slen); 1505 if (curlen + totlen > d->bd_bufsize) { 1506 /* 1507 * This packet will overflow the storage buffer. 1508 * Rotate the buffers if we can, then wakeup any 1509 * pending reads. 1510 */ 1511 if (d->bd_fbuf == 0) { 1512 /* 1513 * We haven't completed the previous read yet, 1514 * so drop the packet. 1515 */ 1516 ++d->bd_dcount; 1517 ++bpf_gstats.bs_drop; 1518 return; 1519 } 1520 ROTATE_BUFFERS(d); 1521 do_wakeup = 1; 1522 curlen = 0; 1523 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1524 /* 1525 * Immediate mode is set, or the read timeout has 1526 * already expired during a select call. A packet 1527 * arrived, so the reader should be woken up. 1528 */ 1529 do_wakeup = 1; 1530 } 1531 1532 /* 1533 * Append the bpf header. 1534 */ 1535 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1536 hp->bh_tstamp.tv_sec = ts->tv_sec; 1537 hp->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1538 hp->bh_datalen = pktlen; 1539 hp->bh_hdrlen = hdrlen; 1540 /* 1541 * Copy the packet data into the store buffer and update its length. 1542 */ 1543 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1544 d->bd_slen = curlen + totlen; 1545 1546 /* 1547 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1548 * will cause filt_bpfread() to be called with it adjusted. 1549 */ 1550 if (do_wakeup) 1551 bpf_wakeup(d); 1552 } 1553 1554 /* 1555 * Initialize all nonzero fields of a descriptor. 1556 */ 1557 static int 1558 bpf_allocbufs(struct bpf_d *d) 1559 { 1560 1561 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1562 if (!d->bd_fbuf) 1563 return (ENOBUFS); 1564 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1565 if (!d->bd_sbuf) { 1566 free(d->bd_fbuf, M_DEVBUF); 1567 return (ENOBUFS); 1568 } 1569 d->bd_slen = 0; 1570 d->bd_hlen = 0; 1571 return (0); 1572 } 1573 1574 /* 1575 * Free buffers currently in use by a descriptor. 1576 * Called on close. 1577 */ 1578 static void 1579 bpf_freed(struct bpf_d *d) 1580 { 1581 /* 1582 * We don't need to lock out interrupts since this descriptor has 1583 * been detached from its interface and it yet hasn't been marked 1584 * free. 1585 */ 1586 if (d->bd_sbuf != 0) { 1587 free(d->bd_sbuf, M_DEVBUF); 1588 if (d->bd_hbuf != 0) 1589 free(d->bd_hbuf, M_DEVBUF); 1590 if (d->bd_fbuf != 0) 1591 free(d->bd_fbuf, M_DEVBUF); 1592 } 1593 if (d->bd_filter) 1594 free(d->bd_filter, M_DEVBUF); 1595 } 1596 1597 /* 1598 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1599 * fixed size of the link header (variable length headers not yet supported). 1600 */ 1601 void 1602 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1603 { 1604 1605 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1606 } 1607 1608 /* 1609 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1610 * hdrlen is the fixed size of the link header for the specified dlt 1611 * (variable length headers not yet supported). 1612 */ 1613 void 1614 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1615 { 1616 struct bpf_if *bp; 1617 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1618 if (bp == 0) 1619 panic("bpfattach"); 1620 1621 bp->bif_dlist = 0; 1622 bp->bif_driverp = driverp; 1623 bp->bif_ifp = ifp; 1624 bp->bif_dlt = dlt; 1625 1626 bp->bif_next = bpf_iflist; 1627 bpf_iflist = bp; 1628 1629 *bp->bif_driverp = 0; 1630 1631 /* 1632 * Compute the length of the bpf header. This is not necessarily 1633 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1634 * that the network layer header begins on a longword boundary (for 1635 * performance reasons and to alleviate alignment restrictions). 1636 */ 1637 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1638 1639 #if 0 1640 printf("bpf: %s attached\n", ifp->if_xname); 1641 #endif 1642 } 1643 1644 /* 1645 * Remove an interface from bpf. 1646 */ 1647 void 1648 bpfdetach(struct ifnet *ifp) 1649 { 1650 struct bpf_if *bp, **pbp; 1651 struct bpf_d *d; 1652 int s; 1653 1654 /* Nuke the vnodes for any open instances */ 1655 LIST_FOREACH(d, &bpf_list, bd_list) { 1656 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1657 /* 1658 * Detach the descriptor from an interface now. 1659 * It will be free'ed later by close routine. 1660 */ 1661 s = splnet(); 1662 d->bd_promisc = 0; /* we can't touch device. */ 1663 bpf_detachd(d); 1664 splx(s); 1665 } 1666 } 1667 1668 again: 1669 for (bp = bpf_iflist, pbp = &bpf_iflist; 1670 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1671 if (bp->bif_ifp == ifp) { 1672 *pbp = bp->bif_next; 1673 free(bp, M_DEVBUF); 1674 goto again; 1675 } 1676 } 1677 } 1678 1679 /* 1680 * Change the data link type of a interface. 1681 */ 1682 void 1683 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1684 { 1685 struct bpf_if *bp; 1686 1687 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1688 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1689 break; 1690 } 1691 if (bp == NULL) 1692 panic("bpf_change_type"); 1693 1694 bp->bif_dlt = dlt; 1695 1696 /* 1697 * Compute the length of the bpf header. This is not necessarily 1698 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1699 * that the network layer header begins on a longword boundary (for 1700 * performance reasons and to alleviate alignment restrictions). 1701 */ 1702 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1703 } 1704 1705 /* 1706 * Get a list of available data link type of the interface. 1707 */ 1708 static int 1709 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1710 { 1711 int n, error; 1712 struct ifnet *ifp; 1713 struct bpf_if *bp; 1714 1715 ifp = d->bd_bif->bif_ifp; 1716 n = 0; 1717 error = 0; 1718 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1719 if (bp->bif_ifp != ifp) 1720 continue; 1721 if (bfl->bfl_list != NULL) { 1722 if (n >= bfl->bfl_len) 1723 return ENOMEM; 1724 error = copyout(&bp->bif_dlt, 1725 bfl->bfl_list + n, sizeof(u_int)); 1726 } 1727 n++; 1728 } 1729 bfl->bfl_len = n; 1730 return error; 1731 } 1732 1733 /* 1734 * Set the data link type of a BPF instance. 1735 */ 1736 static int 1737 bpf_setdlt(struct bpf_d *d, u_int dlt) 1738 { 1739 int s, error, opromisc; 1740 struct ifnet *ifp; 1741 struct bpf_if *bp; 1742 1743 if (d->bd_bif->bif_dlt == dlt) 1744 return 0; 1745 ifp = d->bd_bif->bif_ifp; 1746 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1747 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1748 break; 1749 } 1750 if (bp == NULL) 1751 return EINVAL; 1752 s = splnet(); 1753 opromisc = d->bd_promisc; 1754 bpf_detachd(d); 1755 bpf_attachd(d, bp); 1756 reset_d(d); 1757 if (opromisc) { 1758 error = ifpromisc(bp->bif_ifp, 1); 1759 if (error) 1760 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1761 bp->bif_ifp->if_xname, error); 1762 else 1763 d->bd_promisc = 1; 1764 } 1765 splx(s); 1766 return 0; 1767 } 1768 1769 static int 1770 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1771 { 1772 int newsize, error; 1773 struct sysctlnode node; 1774 1775 node = *rnode; 1776 node.sysctl_data = &newsize; 1777 newsize = bpf_maxbufsize; 1778 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1779 if (error || newp == NULL) 1780 return (error); 1781 1782 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1783 return (EINVAL); 1784 1785 bpf_maxbufsize = newsize; 1786 1787 return (0); 1788 } 1789 1790 static int 1791 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1792 { 1793 int error, elem_count; 1794 struct bpf_d *dp; 1795 struct bpf_d_ext dpe; 1796 size_t len, needed, elem_size, out_size; 1797 char *sp; 1798 1799 if (namelen == 1 && name[0] == CTL_QUERY) 1800 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1801 1802 if (namelen != 2) 1803 return (EINVAL); 1804 1805 /* BPF peers is privileged information. */ 1806 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1807 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1808 if (error) 1809 return (EPERM); 1810 1811 len = (oldp != NULL) ? *oldlenp : 0; 1812 sp = oldp; 1813 elem_size = name[0]; 1814 elem_count = name[1]; 1815 out_size = MIN(sizeof(dpe), elem_size); 1816 needed = 0; 1817 1818 if (elem_size < 1 || elem_count < 0) 1819 return (EINVAL); 1820 1821 mutex_enter(&bpf_mtx); 1822 LIST_FOREACH(dp, &bpf_list, bd_list) { 1823 if (len >= elem_size && elem_count > 0) { 1824 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1825 BPF_EXT(bufsize); 1826 BPF_EXT(promisc); 1827 BPF_EXT(promisc); 1828 BPF_EXT(state); 1829 BPF_EXT(immediate); 1830 BPF_EXT(hdrcmplt); 1831 BPF_EXT(seesent); 1832 BPF_EXT(pid); 1833 BPF_EXT(rcount); 1834 BPF_EXT(dcount); 1835 BPF_EXT(ccount); 1836 #undef BPF_EXT 1837 if (dp->bd_bif) 1838 (void)strlcpy(dpe.bde_ifname, 1839 dp->bd_bif->bif_ifp->if_xname, 1840 IFNAMSIZ - 1); 1841 else 1842 dpe.bde_ifname[0] = '\0'; 1843 1844 error = copyout(&dpe, sp, out_size); 1845 if (error) 1846 break; 1847 sp += elem_size; 1848 len -= elem_size; 1849 } 1850 needed += elem_size; 1851 if (elem_count > 0 && elem_count != INT_MAX) 1852 elem_count--; 1853 } 1854 mutex_exit(&bpf_mtx); 1855 1856 *oldlenp = needed; 1857 1858 return (error); 1859 } 1860 1861 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1862 { 1863 const struct sysctlnode *node; 1864 1865 sysctl_createv(clog, 0, NULL, NULL, 1866 CTLFLAG_PERMANENT, 1867 CTLTYPE_NODE, "net", NULL, 1868 NULL, 0, NULL, 0, 1869 CTL_NET, CTL_EOL); 1870 1871 node = NULL; 1872 sysctl_createv(clog, 0, NULL, &node, 1873 CTLFLAG_PERMANENT, 1874 CTLTYPE_NODE, "bpf", 1875 SYSCTL_DESCR("BPF options"), 1876 NULL, 0, NULL, 0, 1877 CTL_NET, CTL_CREATE, CTL_EOL); 1878 if (node != NULL) { 1879 sysctl_createv(clog, 0, NULL, NULL, 1880 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1881 CTLTYPE_INT, "maxbufsize", 1882 SYSCTL_DESCR("Maximum size for data capture buffer"), 1883 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1884 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1885 sysctl_createv(clog, 0, NULL, NULL, 1886 CTLFLAG_PERMANENT, 1887 CTLTYPE_STRUCT, "stats", 1888 SYSCTL_DESCR("BPF stats"), 1889 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1890 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1891 sysctl_createv(clog, 0, NULL, NULL, 1892 CTLFLAG_PERMANENT, 1893 CTLTYPE_STRUCT, "peers", 1894 SYSCTL_DESCR("BPF peers"), 1895 sysctl_net_bpf_peers, 0, NULL, 0, 1896 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1897 } 1898 1899 } 1900