1 /* $NetBSD: bpf.c,v 1.74 2002/09/25 22:21:46 thorpej Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 41 * static char rcsid[] = 42 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 43 */ 44 45 #include <sys/cdefs.h> 46 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.74 2002/09/25 22:21:46 thorpej Exp $"); 47 48 #include "bpfilter.h" 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 61 #include <sys/file.h> 62 #include <sys/tty.h> 63 #include <sys/uio.h> 64 65 #include <sys/protosw.h> 66 #include <sys/socket.h> 67 #include <sys/errno.h> 68 #include <sys/kernel.h> 69 #include <sys/poll.h> 70 71 #include <net/if.h> 72 73 #include <net/bpf.h> 74 #include <net/bpfdesc.h> 75 76 #include <net/if_arc.h> 77 #include <net/if_ether.h> 78 79 #include <netinet/in.h> 80 #include <netinet/if_inarp.h> 81 82 #if defined(_KERNEL_OPT) 83 #include "bpf.h" 84 #endif 85 86 #ifndef BPF_BUFSIZE 87 # define BPF_BUFSIZE 8192 /* 4096 too small for FDDI frames */ 88 #endif 89 90 #define PRINET 26 /* interruptible */ 91 92 /* 93 * The default read buffer size is patchable. 94 */ 95 int bpf_bufsize = BPF_BUFSIZE; 96 97 /* 98 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 99 * bpf_dtab holds the descriptors, indexed by minor device # 100 */ 101 struct bpf_if *bpf_iflist; 102 struct bpf_d bpf_dtab[NBPFILTER]; 103 104 static int bpf_allocbufs __P((struct bpf_d *)); 105 static void bpf_freed __P((struct bpf_d *)); 106 static void bpf_ifname __P((struct ifnet *, struct ifreq *)); 107 static void *bpf_mcpy __P((void *, const void *, size_t)); 108 static int bpf_movein __P((struct uio *, int, int, 109 struct mbuf **, struct sockaddr *)); 110 static void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 111 static void bpf_detachd __P((struct bpf_d *)); 112 static int bpf_setif __P((struct bpf_d *, struct ifreq *)); 113 static __inline void 114 bpf_wakeup __P((struct bpf_d *)); 115 static void catchpacket __P((struct bpf_d *, u_char *, u_int, u_int, 116 void *(*)(void *, const void *, size_t))); 117 static void reset_d __P((struct bpf_d *)); 118 static int bpf_getdltlist __P((struct bpf_d *, struct bpf_dltlist *)); 119 static int bpf_setdlt __P((struct bpf_d *, u_int)); 120 121 dev_type_open(bpfopen); 122 dev_type_close(bpfclose); 123 dev_type_read(bpfread); 124 dev_type_write(bpfwrite); 125 dev_type_ioctl(bpfioctl); 126 dev_type_poll(bpfpoll); 127 128 const struct cdevsw bpf_cdevsw = { 129 bpfopen, bpfclose, bpfread, bpfwrite, bpfioctl, 130 nostop, notty, bpfpoll, nommap, 131 }; 132 133 static int 134 bpf_movein(uio, linktype, mtu, mp, sockp) 135 struct uio *uio; 136 int linktype; 137 int mtu; 138 struct mbuf **mp; 139 struct sockaddr *sockp; 140 { 141 struct mbuf *m; 142 int error; 143 int len; 144 int hlen; 145 int align; 146 147 /* 148 * Build a sockaddr based on the data link layer type. 149 * We do this at this level because the ethernet header 150 * is copied directly into the data field of the sockaddr. 151 * In the case of SLIP, there is no header and the packet 152 * is forwarded as is. 153 * Also, we are careful to leave room at the front of the mbuf 154 * for the link level header. 155 */ 156 switch (linktype) { 157 158 case DLT_SLIP: 159 sockp->sa_family = AF_INET; 160 hlen = 0; 161 align = 0; 162 break; 163 164 case DLT_PPP: 165 sockp->sa_family = AF_UNSPEC; 166 hlen = 0; 167 align = 0; 168 break; 169 170 case DLT_EN10MB: 171 sockp->sa_family = AF_UNSPEC; 172 /* XXX Would MAXLINKHDR be better? */ 173 /* 6(dst)+6(src)+2(type) */ 174 hlen = sizeof(struct ether_header); 175 align = 2; 176 break; 177 178 case DLT_ARCNET: 179 sockp->sa_family = AF_UNSPEC; 180 hlen = ARC_HDRLEN; 181 align = 5; 182 break; 183 184 case DLT_FDDI: 185 sockp->sa_family = AF_LINK; 186 /* XXX 4(FORMAC)+6(dst)+6(src) */ 187 hlen = 16; 188 align = 0; 189 break; 190 191 case DLT_ECONET: 192 sockp->sa_family = AF_UNSPEC; 193 hlen = 6; 194 align = 2; 195 break; 196 197 case DLT_NULL: 198 sockp->sa_family = AF_UNSPEC; 199 hlen = 0; 200 align = 0; 201 break; 202 203 default: 204 return (EIO); 205 } 206 207 len = uio->uio_resid; 208 /* 209 * If there aren't enough bytes for a link level header or the 210 * packet length exceeds the interface mtu, return an error. 211 */ 212 if (len < hlen || len - hlen > mtu) 213 return (EMSGSIZE); 214 215 /* 216 * XXX Avoid complicated buffer chaining --- 217 * bail if it won't fit in a single mbuf. 218 * (Take into account possible alignment bytes) 219 */ 220 if ((unsigned)len > MCLBYTES - align) 221 return (EIO); 222 223 MGETHDR(m, M_WAIT, MT_DATA); 224 if (m == 0) 225 return (ENOBUFS); 226 m->m_pkthdr.rcvif = 0; 227 m->m_pkthdr.len = len - hlen; 228 if (len > MHLEN - align) { 229 MCLGET(m, M_WAIT); 230 if ((m->m_flags & M_EXT) == 0) { 231 error = ENOBUFS; 232 goto bad; 233 } 234 } 235 236 /* Insure the data is properly aligned */ 237 if (align > 0) { 238 m->m_data += align; 239 m->m_len -= align; 240 } 241 242 error = uiomove(mtod(m, caddr_t), len, uio); 243 if (error) 244 goto bad; 245 if (hlen != 0) { 246 memcpy(sockp->sa_data, mtod(m, caddr_t), hlen); 247 m->m_data += hlen; /* XXX */ 248 len -= hlen; 249 } 250 m->m_len = len; 251 *mp = m; 252 return (0); 253 254 bad: 255 m_freem(m); 256 return (error); 257 } 258 259 /* 260 * Attach file to the bpf interface, i.e. make d listen on bp. 261 * Must be called at splnet. 262 */ 263 static void 264 bpf_attachd(d, bp) 265 struct bpf_d *d; 266 struct bpf_if *bp; 267 { 268 /* 269 * Point d at bp, and add d to the interface's list of listeners. 270 * Finally, point the driver's bpf cookie at the interface so 271 * it will divert packets to bpf. 272 */ 273 d->bd_bif = bp; 274 d->bd_next = bp->bif_dlist; 275 bp->bif_dlist = d; 276 277 *bp->bif_driverp = bp; 278 } 279 280 /* 281 * Detach a file from its interface. 282 */ 283 static void 284 bpf_detachd(d) 285 struct bpf_d *d; 286 { 287 struct bpf_d **p; 288 struct bpf_if *bp; 289 290 bp = d->bd_bif; 291 /* 292 * Check if this descriptor had requested promiscuous mode. 293 * If so, turn it off. 294 */ 295 if (d->bd_promisc) { 296 int error; 297 298 d->bd_promisc = 0; 299 /* 300 * Take device out of promiscuous mode. Since we were 301 * able to enter promiscuous mode, we should be able 302 * to turn it off. But we can get an error if 303 * the interface was configured down, so only panic 304 * if we don't get an unexpected error. 305 */ 306 error = ifpromisc(bp->bif_ifp, 0); 307 if (error && error != EINVAL) 308 panic("bpf: ifpromisc failed"); 309 } 310 /* Remove d from the interface's descriptor list. */ 311 p = &bp->bif_dlist; 312 while (*p != d) { 313 p = &(*p)->bd_next; 314 if (*p == 0) 315 panic("bpf_detachd: descriptor not in list"); 316 } 317 *p = (*p)->bd_next; 318 if (bp->bif_dlist == 0) 319 /* 320 * Let the driver know that there are no more listeners. 321 */ 322 *d->bd_bif->bif_driverp = 0; 323 d->bd_bif = 0; 324 } 325 326 327 /* 328 * Mark a descriptor free by making it point to itself. 329 * This is probably cheaper than marking with a constant since 330 * the address should be in a register anyway. 331 */ 332 #define D_ISFREE(d) ((d) == (d)->bd_next) 333 #define D_MARKFREE(d) ((d)->bd_next = (d)) 334 #define D_MARKUSED(d) ((d)->bd_next = 0) 335 336 /* 337 * bpfilterattach() is called at boot time. 338 */ 339 /* ARGSUSED */ 340 void 341 bpfilterattach(n) 342 int n; 343 { 344 int i; 345 /* 346 * Mark all the descriptors free. 347 */ 348 for (i = 0; i < NBPFILTER; ++i) 349 D_MARKFREE(&bpf_dtab[i]); 350 351 } 352 353 /* 354 * Open ethernet device. Returns ENXIO for illegal minor device number, 355 * EBUSY if file is open by another process. 356 */ 357 /* ARGSUSED */ 358 int 359 bpfopen(dev, flag, mode, p) 360 dev_t dev; 361 int flag; 362 int mode; 363 struct proc *p; 364 { 365 struct bpf_d *d; 366 367 if (minor(dev) >= NBPFILTER) 368 return (ENXIO); 369 /* 370 * Each minor can be opened by only one process. If the requested 371 * minor is in use, return EBUSY. 372 */ 373 d = &bpf_dtab[minor(dev)]; 374 if (!D_ISFREE(d)) 375 return (EBUSY); 376 377 /* Mark "free" and do most initialization. */ 378 memset((char *)d, 0, sizeof(*d)); 379 d->bd_bufsize = bpf_bufsize; 380 381 return (0); 382 } 383 384 /* 385 * Close the descriptor by detaching it from its interface, 386 * deallocating its buffers, and marking it free. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfclose(dev, flag, mode, p) 391 dev_t dev; 392 int flag; 393 int mode; 394 struct proc *p; 395 { 396 struct bpf_d *d = &bpf_dtab[minor(dev)]; 397 int s; 398 399 s = splnet(); 400 if (d->bd_bif) 401 bpf_detachd(d); 402 splx(s); 403 bpf_freed(d); 404 405 return (0); 406 } 407 408 /* 409 * Rotate the packet buffers in descriptor d. Move the store buffer 410 * into the hold slot, and the free buffer into the store slot. 411 * Zero the length of the new store buffer. 412 */ 413 #define ROTATE_BUFFERS(d) \ 414 (d)->bd_hbuf = (d)->bd_sbuf; \ 415 (d)->bd_hlen = (d)->bd_slen; \ 416 (d)->bd_sbuf = (d)->bd_fbuf; \ 417 (d)->bd_slen = 0; \ 418 (d)->bd_fbuf = 0; 419 /* 420 * bpfread - read next chunk of packets from buffers 421 */ 422 int 423 bpfread(dev, uio, ioflag) 424 dev_t dev; 425 struct uio *uio; 426 int ioflag; 427 { 428 struct bpf_d *d = &bpf_dtab[minor(dev)]; 429 int error; 430 int s; 431 432 /* 433 * Restrict application to use a buffer the same size as 434 * as kernel buffers. 435 */ 436 if (uio->uio_resid != d->bd_bufsize) 437 return (EINVAL); 438 439 s = splnet(); 440 /* 441 * If the hold buffer is empty, then do a timed sleep, which 442 * ends when the timeout expires or when enough packets 443 * have arrived to fill the store buffer. 444 */ 445 while (d->bd_hbuf == 0) { 446 if (d->bd_immediate) { 447 if (d->bd_slen == 0) { 448 splx(s); 449 return (EWOULDBLOCK); 450 } 451 /* 452 * A packet(s) either arrived since the previous 453 * read or arrived while we were asleep. 454 * Rotate the buffers and return what's here. 455 */ 456 ROTATE_BUFFERS(d); 457 break; 458 } 459 if (d->bd_rtout != -1) 460 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 461 d->bd_rtout); 462 else { 463 if (d->bd_rtout == -1) { 464 /* User requested non-blocking I/O */ 465 error = EWOULDBLOCK; 466 } else 467 error = 0; 468 } 469 if (error == EINTR || error == ERESTART) { 470 splx(s); 471 return (error); 472 } 473 if (error == EWOULDBLOCK) { 474 /* 475 * On a timeout, return what's in the buffer, 476 * which may be nothing. If there is something 477 * in the store buffer, we can rotate the buffers. 478 */ 479 if (d->bd_hbuf) 480 /* 481 * We filled up the buffer in between 482 * getting the timeout and arriving 483 * here, so we don't need to rotate. 484 */ 485 break; 486 487 if (d->bd_slen == 0) { 488 splx(s); 489 return (0); 490 } 491 ROTATE_BUFFERS(d); 492 break; 493 } 494 if (error != 0) 495 goto done; 496 } 497 /* 498 * At this point, we know we have something in the hold slot. 499 */ 500 splx(s); 501 502 /* 503 * Move data from hold buffer into user space. 504 * We know the entire buffer is transferred since 505 * we checked above that the read buffer is bpf_bufsize bytes. 506 */ 507 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 508 509 s = splnet(); 510 d->bd_fbuf = d->bd_hbuf; 511 d->bd_hbuf = 0; 512 d->bd_hlen = 0; 513 done: 514 splx(s); 515 return (error); 516 } 517 518 519 /* 520 * If there are processes sleeping on this descriptor, wake them up. 521 */ 522 static __inline void 523 bpf_wakeup(d) 524 struct bpf_d *d; 525 { 526 struct proc *p; 527 528 wakeup((caddr_t)d); 529 if (d->bd_async) { 530 if (d->bd_pgid > 0) 531 gsignal (d->bd_pgid, SIGIO); 532 else if (d->bd_pgid && (p = pfind (-d->bd_pgid)) != NULL) 533 psignal (p, SIGIO); 534 } 535 536 selwakeup(&d->bd_sel); 537 /* XXX */ 538 d->bd_sel.si_pid = 0; 539 } 540 541 int 542 bpfwrite(dev, uio, ioflag) 543 dev_t dev; 544 struct uio *uio; 545 int ioflag; 546 { 547 struct bpf_d *d = &bpf_dtab[minor(dev)]; 548 struct ifnet *ifp; 549 struct mbuf *m; 550 int error, s; 551 static struct sockaddr_storage dst; 552 553 if (d->bd_bif == 0) 554 return (ENXIO); 555 556 ifp = d->bd_bif->bif_ifp; 557 558 if (uio->uio_resid == 0) 559 return (0); 560 561 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 562 (struct sockaddr *) &dst); 563 if (error) 564 return (error); 565 566 if (m->m_pkthdr.len > ifp->if_mtu) 567 return (EMSGSIZE); 568 569 if (d->bd_hdrcmplt) 570 dst.ss_family = pseudo_AF_HDRCMPLT; 571 572 s = splsoftnet(); 573 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 574 splx(s); 575 /* 576 * The driver frees the mbuf. 577 */ 578 return (error); 579 } 580 581 /* 582 * Reset a descriptor by flushing its packet buffer and clearing the 583 * receive and drop counts. Should be called at splnet. 584 */ 585 static void 586 reset_d(d) 587 struct bpf_d *d; 588 { 589 if (d->bd_hbuf) { 590 /* Free the hold buffer. */ 591 d->bd_fbuf = d->bd_hbuf; 592 d->bd_hbuf = 0; 593 } 594 d->bd_slen = 0; 595 d->bd_hlen = 0; 596 d->bd_rcount = 0; 597 d->bd_dcount = 0; 598 } 599 600 #ifdef BPF_KERN_FILTER 601 extern struct bpf_insn *bpf_tcp_filter; 602 extern struct bpf_insn *bpf_udp_filter; 603 #endif 604 605 /* 606 * FIONREAD Check for read packet available. 607 * BIOCGBLEN Get buffer len [for read()]. 608 * BIOCSETF Set ethernet read filter. 609 * BIOCFLUSH Flush read packet buffer. 610 * BIOCPROMISC Put interface into promiscuous mode. 611 * BIOCGDLT Get link layer type. 612 * BIOCGETIF Get interface name. 613 * BIOCSETIF Set interface. 614 * BIOCSRTIMEOUT Set read timeout. 615 * BIOCGRTIMEOUT Get read timeout. 616 * BIOCGSTATS Get packet stats. 617 * BIOCIMMEDIATE Set immediate mode. 618 * BIOCVERSION Get filter language version. 619 * BIOGHDRCMPLT Get "header already complete" flag. 620 * BIOSHDRCMPLT Set "header already complete" flag. 621 */ 622 /* ARGSUSED */ 623 int 624 bpfioctl(dev, cmd, addr, flag, p) 625 dev_t dev; 626 u_long cmd; 627 caddr_t addr; 628 int flag; 629 struct proc *p; 630 { 631 struct bpf_d *d = &bpf_dtab[minor(dev)]; 632 int s, error = 0; 633 #ifdef BPF_KERN_FILTER 634 struct bpf_insn **p; 635 #endif 636 637 switch (cmd) { 638 639 default: 640 error = EINVAL; 641 break; 642 643 /* 644 * Check for read packet available. 645 */ 646 case FIONREAD: 647 { 648 int n; 649 650 s = splnet(); 651 n = d->bd_slen; 652 if (d->bd_hbuf) 653 n += d->bd_hlen; 654 splx(s); 655 656 *(int *)addr = n; 657 break; 658 } 659 660 /* 661 * Get buffer len [for read()]. 662 */ 663 case BIOCGBLEN: 664 *(u_int *)addr = d->bd_bufsize; 665 break; 666 667 /* 668 * Set buffer length. 669 */ 670 case BIOCSBLEN: 671 if (d->bd_bif != 0) 672 error = EINVAL; 673 else { 674 u_int size = *(u_int *)addr; 675 676 if (size > BPF_MAXBUFSIZE) 677 *(u_int *)addr = size = BPF_MAXBUFSIZE; 678 else if (size < BPF_MINBUFSIZE) 679 *(u_int *)addr = size = BPF_MINBUFSIZE; 680 d->bd_bufsize = size; 681 } 682 break; 683 684 /* 685 * Set link layer read filter. 686 */ 687 case BIOCSETF: 688 error = bpf_setf(d, (struct bpf_program *)addr); 689 break; 690 691 #ifdef BPF_KERN_FILTER 692 /* 693 * Set TCP or UDP reject filter. 694 */ 695 case BIOCSTCPF: 696 case BIOCSUDPF: 697 if (!suser()) { 698 error = EPERM; 699 break; 700 } 701 702 /* Validate and store filter */ 703 error = bpf_setf(d, (struct bpf_program *)addr); 704 705 /* Free possible old filter */ 706 if (cmd == BIOCSTCPF) 707 p = &bpf_tcp_filter; 708 else 709 p = &bpf_udp_filter; 710 if (*p != NULL) 711 free((caddr_t)*p, M_DEVBUF); 712 713 /* Steal new filter (noop if error) */ 714 s = splnet(); 715 *p = d->bd_filter; 716 d->bd_filter = NULL; 717 splx(s); 718 break; 719 #endif 720 721 /* 722 * Flush read packet buffer. 723 */ 724 case BIOCFLUSH: 725 s = splnet(); 726 reset_d(d); 727 splx(s); 728 break; 729 730 /* 731 * Put interface into promiscuous mode. 732 */ 733 case BIOCPROMISC: 734 if (d->bd_bif == 0) { 735 /* 736 * No interface attached yet. 737 */ 738 error = EINVAL; 739 break; 740 } 741 s = splnet(); 742 if (d->bd_promisc == 0) { 743 error = ifpromisc(d->bd_bif->bif_ifp, 1); 744 if (error == 0) 745 d->bd_promisc = 1; 746 } 747 splx(s); 748 break; 749 750 /* 751 * Get device parameters. 752 */ 753 case BIOCGDLT: 754 if (d->bd_bif == 0) 755 error = EINVAL; 756 else 757 *(u_int *)addr = d->bd_bif->bif_dlt; 758 break; 759 760 /* 761 * Get a list of supported device parameters. 762 */ 763 case BIOCGDLTLIST: 764 if (d->bd_bif == 0) 765 error = EINVAL; 766 else 767 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 768 break; 769 770 /* 771 * Set device parameters. 772 */ 773 case BIOCSDLT: 774 if (d->bd_bif == 0) 775 error = EINVAL; 776 else 777 error = bpf_setdlt(d, *(u_int *)addr); 778 break; 779 780 /* 781 * Set interface name. 782 */ 783 case BIOCGETIF: 784 if (d->bd_bif == 0) 785 error = EINVAL; 786 else 787 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 788 break; 789 790 /* 791 * Set interface. 792 */ 793 case BIOCSETIF: 794 error = bpf_setif(d, (struct ifreq *)addr); 795 break; 796 797 /* 798 * Set read timeout. 799 */ 800 case BIOCSRTIMEOUT: 801 { 802 struct timeval *tv = (struct timeval *)addr; 803 804 /* Compute number of ticks. */ 805 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 806 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 807 d->bd_rtout = 1; 808 break; 809 } 810 811 /* 812 * Get read timeout. 813 */ 814 case BIOCGRTIMEOUT: 815 { 816 struct timeval *tv = (struct timeval *)addr; 817 818 tv->tv_sec = d->bd_rtout / hz; 819 tv->tv_usec = (d->bd_rtout % hz) * tick; 820 break; 821 } 822 823 /* 824 * Get packet stats. 825 */ 826 case BIOCGSTATS: 827 { 828 struct bpf_stat *bs = (struct bpf_stat *)addr; 829 830 bs->bs_recv = d->bd_rcount; 831 bs->bs_drop = d->bd_dcount; 832 break; 833 } 834 835 /* 836 * Set immediate mode. 837 */ 838 case BIOCIMMEDIATE: 839 d->bd_immediate = *(u_int *)addr; 840 break; 841 842 case BIOCVERSION: 843 { 844 struct bpf_version *bv = (struct bpf_version *)addr; 845 846 bv->bv_major = BPF_MAJOR_VERSION; 847 bv->bv_minor = BPF_MINOR_VERSION; 848 break; 849 } 850 851 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 852 *(u_int *)addr = d->bd_hdrcmplt; 853 break; 854 855 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 856 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 857 break; 858 859 case FIONBIO: /* Non-blocking I/O */ 860 if (*(int *)addr) 861 d->bd_rtout = -1; 862 else 863 d->bd_rtout = 0; 864 break; 865 866 case FIOASYNC: /* Send signal on receive packets */ 867 d->bd_async = *(int *)addr; 868 break; 869 870 /* 871 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 872 * the equivalent of a TIOCSPGRP and hence end up here. *However* 873 * TIOCSPGRP's arg is a process group if it's positive and a process 874 * id if it's negative. This is exactly the opposite of what the 875 * other two functions want! Therefore there is code in ioctl and 876 * fcntl to negate the arg before calling here. 877 */ 878 case TIOCSPGRP: /* Process or group to send signals to */ 879 d->bd_pgid = *(int *)addr; 880 break; 881 882 case TIOCGPGRP: 883 *(int *)addr = d->bd_pgid; 884 break; 885 } 886 return (error); 887 } 888 889 /* 890 * Set d's packet filter program to fp. If this file already has a filter, 891 * free it and replace it. Returns EINVAL for bogus requests. 892 */ 893 int 894 bpf_setf(d, fp) 895 struct bpf_d *d; 896 struct bpf_program *fp; 897 { 898 struct bpf_insn *fcode, *old; 899 u_int flen, size; 900 int s; 901 902 old = d->bd_filter; 903 if (fp->bf_insns == 0) { 904 if (fp->bf_len != 0) 905 return (EINVAL); 906 s = splnet(); 907 d->bd_filter = 0; 908 reset_d(d); 909 splx(s); 910 if (old != 0) 911 free((caddr_t)old, M_DEVBUF); 912 return (0); 913 } 914 flen = fp->bf_len; 915 if (flen > BPF_MAXINSNS) 916 return (EINVAL); 917 918 size = flen * sizeof(*fp->bf_insns); 919 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 920 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 921 bpf_validate(fcode, (int)flen)) { 922 s = splnet(); 923 d->bd_filter = fcode; 924 reset_d(d); 925 splx(s); 926 if (old != 0) 927 free((caddr_t)old, M_DEVBUF); 928 929 return (0); 930 } 931 free((caddr_t)fcode, M_DEVBUF); 932 return (EINVAL); 933 } 934 935 /* 936 * Detach a file from its current interface (if attached at all) and attach 937 * to the interface indicated by the name stored in ifr. 938 * Return an errno or 0. 939 */ 940 static int 941 bpf_setif(d, ifr) 942 struct bpf_d *d; 943 struct ifreq *ifr; 944 { 945 struct bpf_if *bp; 946 char *cp; 947 int unit_seen, i, s, error; 948 949 /* 950 * Make sure the provided name has a unit number, and default 951 * it to '0' if not specified. 952 * XXX This is ugly ... do this differently? 953 */ 954 unit_seen = 0; 955 cp = ifr->ifr_name; 956 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 957 while (*cp++) 958 if (*cp >= '0' && *cp <= '9') 959 unit_seen = 1; 960 if (!unit_seen) { 961 /* Make sure to leave room for the '\0'. */ 962 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 963 if ((ifr->ifr_name[i] >= 'a' && 964 ifr->ifr_name[i] <= 'z') || 965 (ifr->ifr_name[i] >= 'A' && 966 ifr->ifr_name[i] <= 'Z')) 967 continue; 968 ifr->ifr_name[i] = '0'; 969 } 970 } 971 972 /* 973 * Look through attached interfaces for the named one. 974 */ 975 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 976 struct ifnet *ifp = bp->bif_ifp; 977 978 if (ifp == 0 || 979 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 980 continue; 981 /* skip additional entry */ 982 if (bp->bif_driverp != (struct bpf_if **)&ifp->if_bpf) 983 continue; 984 /* 985 * We found the requested interface. 986 * If it's not up, return an error. 987 * Allocate the packet buffers if we need to. 988 * If we're already attached to requested interface, 989 * just flush the buffer. 990 */ 991 if ((ifp->if_flags & IFF_UP) == 0) 992 return (ENETDOWN); 993 994 if (d->bd_sbuf == 0) { 995 error = bpf_allocbufs(d); 996 if (error != 0) 997 return (error); 998 } 999 s = splnet(); 1000 if (bp != d->bd_bif) { 1001 if (d->bd_bif) 1002 /* 1003 * Detach if attached to something else. 1004 */ 1005 bpf_detachd(d); 1006 1007 bpf_attachd(d, bp); 1008 } 1009 reset_d(d); 1010 splx(s); 1011 return (0); 1012 } 1013 /* Not found. */ 1014 return (ENXIO); 1015 } 1016 1017 /* 1018 * Copy the interface name to the ifreq. 1019 */ 1020 static void 1021 bpf_ifname(ifp, ifr) 1022 struct ifnet *ifp; 1023 struct ifreq *ifr; 1024 { 1025 1026 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1027 } 1028 1029 /* 1030 * Support for poll() system call 1031 * 1032 * Return true iff the specific operation will not block indefinitely - with 1033 * the assumption that it is safe to positively acknowledge a request for the 1034 * ability to write to the BPF device. 1035 * Otherwise, return false but make a note that a selwakeup() must be done. 1036 */ 1037 int 1038 bpfpoll(dev, events, p) 1039 dev_t dev; 1040 int events; 1041 struct proc *p; 1042 { 1043 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1044 int s = splnet(); 1045 int revents; 1046 1047 revents = events & (POLLOUT | POLLWRNORM); 1048 if (events & (POLLIN | POLLRDNORM)) { 1049 /* 1050 * An imitation of the FIONREAD ioctl code. 1051 */ 1052 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) 1053 revents |= events & (POLLIN | POLLRDNORM); 1054 else 1055 selrecord(p, &d->bd_sel); 1056 } 1057 1058 splx(s); 1059 return (revents); 1060 } 1061 1062 /* 1063 * Incoming linkage from device drivers. Process the packet pkt, of length 1064 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1065 * by each process' filter, and if accepted, stashed into the corresponding 1066 * buffer. 1067 */ 1068 void 1069 bpf_tap(arg, pkt, pktlen) 1070 caddr_t arg; 1071 u_char *pkt; 1072 u_int pktlen; 1073 { 1074 struct bpf_if *bp; 1075 struct bpf_d *d; 1076 u_int slen; 1077 /* 1078 * Note that the ipl does not have to be raised at this point. 1079 * The only problem that could arise here is that if two different 1080 * interfaces shared any data. This is not the case. 1081 */ 1082 bp = (struct bpf_if *)arg; 1083 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1084 ++d->bd_rcount; 1085 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1086 if (slen != 0) 1087 catchpacket(d, pkt, pktlen, slen, memcpy); 1088 } 1089 } 1090 1091 /* 1092 * Copy data from an mbuf chain into a buffer. This code is derived 1093 * from m_copydata in sys/uipc_mbuf.c. 1094 */ 1095 static void * 1096 bpf_mcpy(dst_arg, src_arg, len) 1097 void *dst_arg; 1098 const void *src_arg; 1099 size_t len; 1100 { 1101 const struct mbuf *m; 1102 u_int count; 1103 u_char *dst; 1104 1105 m = src_arg; 1106 dst = dst_arg; 1107 while (len > 0) { 1108 if (m == 0) 1109 panic("bpf_mcpy"); 1110 count = min(m->m_len, len); 1111 memcpy((caddr_t)dst, mtod(m, caddr_t), count); 1112 m = m->m_next; 1113 dst += count; 1114 len -= count; 1115 } 1116 return (dst_arg); 1117 } 1118 1119 /* 1120 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1121 */ 1122 void 1123 bpf_mtap(arg, m) 1124 caddr_t arg; 1125 struct mbuf *m; 1126 { 1127 struct bpf_if *bp = (struct bpf_if *)arg; 1128 struct bpf_d *d; 1129 u_int pktlen, slen; 1130 struct mbuf *m0; 1131 1132 pktlen = 0; 1133 for (m0 = m; m0 != 0; m0 = m0->m_next) 1134 pktlen += m0->m_len; 1135 1136 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1137 ++d->bd_rcount; 1138 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1139 if (slen != 0) 1140 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcpy); 1141 } 1142 } 1143 1144 /* 1145 * Move the packet data from interface memory (pkt) into the 1146 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1147 * otherwise 0. "copy" is the routine called to do the actual data 1148 * transfer. memcpy is passed in to copy contiguous chunks, while 1149 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1150 * pkt is really an mbuf. 1151 */ 1152 static void 1153 catchpacket(d, pkt, pktlen, snaplen, cpfn) 1154 struct bpf_d *d; 1155 u_char *pkt; 1156 u_int pktlen, snaplen; 1157 void *(*cpfn) __P((void *, const void *, size_t)); 1158 { 1159 struct bpf_hdr *hp; 1160 int totlen, curlen; 1161 int hdrlen = d->bd_bif->bif_hdrlen; 1162 /* 1163 * Figure out how many bytes to move. If the packet is 1164 * greater or equal to the snapshot length, transfer that 1165 * much. Otherwise, transfer the whole packet (unless 1166 * we hit the buffer size limit). 1167 */ 1168 totlen = hdrlen + min(snaplen, pktlen); 1169 if (totlen > d->bd_bufsize) 1170 totlen = d->bd_bufsize; 1171 1172 /* 1173 * Round up the end of the previous packet to the next longword. 1174 */ 1175 curlen = BPF_WORDALIGN(d->bd_slen); 1176 if (curlen + totlen > d->bd_bufsize) { 1177 /* 1178 * This packet will overflow the storage buffer. 1179 * Rotate the buffers if we can, then wakeup any 1180 * pending reads. 1181 */ 1182 if (d->bd_fbuf == 0) { 1183 /* 1184 * We haven't completed the previous read yet, 1185 * so drop the packet. 1186 */ 1187 ++d->bd_dcount; 1188 return; 1189 } 1190 ROTATE_BUFFERS(d); 1191 bpf_wakeup(d); 1192 curlen = 0; 1193 } 1194 else if (d->bd_immediate) 1195 /* 1196 * Immediate mode is set. A packet arrived so any 1197 * reads should be woken up. 1198 */ 1199 bpf_wakeup(d); 1200 1201 /* 1202 * Append the bpf header. 1203 */ 1204 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1205 microtime(&hp->bh_tstamp); 1206 hp->bh_datalen = pktlen; 1207 hp->bh_hdrlen = hdrlen; 1208 /* 1209 * Copy the packet data into the store buffer and update its length. 1210 */ 1211 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1212 d->bd_slen = curlen + totlen; 1213 } 1214 1215 /* 1216 * Initialize all nonzero fields of a descriptor. 1217 */ 1218 static int 1219 bpf_allocbufs(d) 1220 struct bpf_d *d; 1221 { 1222 1223 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1224 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1225 d->bd_slen = 0; 1226 d->bd_hlen = 0; 1227 return (0); 1228 } 1229 1230 /* 1231 * Free buffers currently in use by a descriptor. 1232 * Called on close. 1233 */ 1234 static void 1235 bpf_freed(d) 1236 struct bpf_d *d; 1237 { 1238 /* 1239 * We don't need to lock out interrupts since this descriptor has 1240 * been detached from its interface and it yet hasn't been marked 1241 * free. 1242 */ 1243 if (d->bd_sbuf != 0) { 1244 free(d->bd_sbuf, M_DEVBUF); 1245 if (d->bd_hbuf != 0) 1246 free(d->bd_hbuf, M_DEVBUF); 1247 if (d->bd_fbuf != 0) 1248 free(d->bd_fbuf, M_DEVBUF); 1249 } 1250 if (d->bd_filter) 1251 free((caddr_t)d->bd_filter, M_DEVBUF); 1252 1253 D_MARKFREE(d); 1254 } 1255 1256 /* 1257 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1258 * fixed size of the link header (variable length headers not yet supported). 1259 */ 1260 void 1261 bpfattach(ifp, dlt, hdrlen) 1262 struct ifnet *ifp; 1263 u_int dlt, hdrlen; 1264 { 1265 1266 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1267 } 1268 1269 /* 1270 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1271 * hdrlen is the fixed size of the link header for the specified dlt 1272 * (variable length headers not yet supported). 1273 */ 1274 void 1275 bpfattach2(ifp, dlt, hdrlen, driverp) 1276 struct ifnet *ifp; 1277 u_int dlt, hdrlen; 1278 caddr_t *driverp; 1279 { 1280 struct bpf_if *bp; 1281 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1282 if (bp == 0) 1283 panic("bpfattach"); 1284 1285 bp->bif_dlist = 0; 1286 bp->bif_driverp = (struct bpf_if **)driverp; 1287 bp->bif_ifp = ifp; 1288 bp->bif_dlt = dlt; 1289 1290 bp->bif_next = bpf_iflist; 1291 bpf_iflist = bp; 1292 1293 *bp->bif_driverp = 0; 1294 1295 /* 1296 * Compute the length of the bpf header. This is not necessarily 1297 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1298 * that the network layer header begins on a longword boundary (for 1299 * performance reasons and to alleviate alignment restrictions). 1300 */ 1301 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1302 1303 #if 0 1304 printf("bpf: %s attached\n", ifp->if_xname); 1305 #endif 1306 } 1307 1308 /* 1309 * Remove an interface from bpf. 1310 */ 1311 void 1312 bpfdetach(ifp) 1313 struct ifnet *ifp; 1314 { 1315 struct bpf_if *bp, **pbp; 1316 struct bpf_d *d; 1317 int i, s, cmaj; 1318 1319 /* locate the major number */ 1320 cmaj = cdevsw_lookup_major(&bpf_cdevsw); 1321 1322 /* Nuke the vnodes for any open instances */ 1323 for (i = 0; i < NBPFILTER; ++i) { 1324 d = &bpf_dtab[i]; 1325 if (!D_ISFREE(d) && d->bd_bif != NULL && 1326 d->bd_bif->bif_ifp == ifp) { 1327 /* 1328 * Detach the descriptor from an interface now. 1329 * It will be free'ed later by close routine. 1330 */ 1331 s = splnet(); 1332 d->bd_promisc = 0; /* we can't touch device. */ 1333 bpf_detachd(d); 1334 splx(s); 1335 vdevgone(cmaj, i, i, VCHR); 1336 } 1337 } 1338 1339 again: 1340 for (bp = bpf_iflist, pbp = &bpf_iflist; 1341 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1342 if (bp->bif_ifp == ifp) { 1343 *pbp = bp->bif_next; 1344 free(bp, M_DEVBUF); 1345 goto again; 1346 } 1347 } 1348 } 1349 1350 /* 1351 * Change the data link type of a interface. 1352 */ 1353 void 1354 bpf_change_type(ifp, dlt, hdrlen) 1355 struct ifnet *ifp; 1356 u_int dlt, hdrlen; 1357 { 1358 struct bpf_if *bp; 1359 1360 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1361 if (bp->bif_driverp == (struct bpf_if **)&ifp->if_bpf) 1362 break; 1363 } 1364 if (bp == NULL) 1365 panic("bpf_change_type"); 1366 1367 bp->bif_dlt = dlt; 1368 1369 /* 1370 * Compute the length of the bpf header. This is not necessarily 1371 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1372 * that the network layer header begins on a longword boundary (for 1373 * performance reasons and to alleviate alignment restrictions). 1374 */ 1375 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1376 } 1377 1378 /* 1379 * Get a list of available data link type of the interface. 1380 */ 1381 static int 1382 bpf_getdltlist(d, bfl) 1383 struct bpf_d *d; 1384 struct bpf_dltlist *bfl; 1385 { 1386 int n, error; 1387 struct ifnet *ifp; 1388 struct bpf_if *bp; 1389 1390 ifp = d->bd_bif->bif_ifp; 1391 n = 0; 1392 error = 0; 1393 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1394 if (bp->bif_ifp != ifp) 1395 continue; 1396 if (bfl->bfl_list != NULL) { 1397 if (n >= bfl->bfl_len) 1398 return ENOMEM; 1399 error = copyout(&bp->bif_dlt, 1400 bfl->bfl_list + n, sizeof(u_int)); 1401 } 1402 n++; 1403 } 1404 bfl->bfl_len = n; 1405 return error; 1406 } 1407 1408 /* 1409 * Set the data link type of a BPF instance. 1410 */ 1411 static int 1412 bpf_setdlt(d, dlt) 1413 struct bpf_d *d; 1414 u_int dlt; 1415 { 1416 int s, error, opromisc; 1417 struct ifnet *ifp; 1418 struct bpf_if *bp; 1419 1420 if (d->bd_bif->bif_dlt == dlt) 1421 return 0; 1422 ifp = d->bd_bif->bif_ifp; 1423 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1424 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1425 break; 1426 } 1427 if (bp == NULL) 1428 return EINVAL; 1429 s = splnet(); 1430 opromisc = d->bd_promisc; 1431 bpf_detachd(d); 1432 bpf_attachd(d, bp); 1433 reset_d(d); 1434 if (opromisc) { 1435 error = ifpromisc(bp->bif_ifp, 1); 1436 if (error) 1437 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1438 bp->bif_ifp->if_xname, error); 1439 else 1440 d->bd_promisc = 1; 1441 } 1442 splx(s); 1443 return 0; 1444 } 1445