1 /* $NetBSD: bpf.c,v 1.150 2009/12/20 09:36:06 dsl Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.150 2009/12/20 09:36:06 dsl Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/ioctl.h> 57 #include <sys/conf.h> 58 #include <sys/vnode.h> 59 #include <sys/queue.h> 60 #include <sys/stat.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timespec *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_stat(struct file *, struct stat *); 155 static int bpf_close(struct file *); 156 static int bpf_kqfilter(struct file *, struct knote *); 157 static void bpf_softintr(void *); 158 159 static const struct fileops bpf_fileops = { 160 .fo_read = bpf_read, 161 .fo_write = bpf_write, 162 .fo_ioctl = bpf_ioctl, 163 .fo_fcntl = fnullop_fcntl, 164 .fo_poll = bpf_poll, 165 .fo_stat = bpf_stat, 166 .fo_close = bpf_close, 167 .fo_kqfilter = bpf_kqfilter, 168 .fo_restart = fnullop_restart, 169 }; 170 171 dev_type_open(bpfopen); 172 173 const struct cdevsw bpf_cdevsw = { 174 bpfopen, noclose, noread, nowrite, noioctl, 175 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 176 }; 177 178 static int 179 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 180 struct sockaddr *sockp) 181 { 182 struct mbuf *m; 183 int error; 184 int len; 185 int hlen; 186 int align; 187 188 /* 189 * Build a sockaddr based on the data link layer type. 190 * We do this at this level because the ethernet header 191 * is copied directly into the data field of the sockaddr. 192 * In the case of SLIP, there is no header and the packet 193 * is forwarded as is. 194 * Also, we are careful to leave room at the front of the mbuf 195 * for the link level header. 196 */ 197 switch (linktype) { 198 199 case DLT_SLIP: 200 sockp->sa_family = AF_INET; 201 hlen = 0; 202 align = 0; 203 break; 204 205 case DLT_PPP: 206 sockp->sa_family = AF_UNSPEC; 207 hlen = 0; 208 align = 0; 209 break; 210 211 case DLT_EN10MB: 212 sockp->sa_family = AF_UNSPEC; 213 /* XXX Would MAXLINKHDR be better? */ 214 /* 6(dst)+6(src)+2(type) */ 215 hlen = sizeof(struct ether_header); 216 align = 2; 217 break; 218 219 case DLT_ARCNET: 220 sockp->sa_family = AF_UNSPEC; 221 hlen = ARC_HDRLEN; 222 align = 5; 223 break; 224 225 case DLT_FDDI: 226 sockp->sa_family = AF_LINK; 227 /* XXX 4(FORMAC)+6(dst)+6(src) */ 228 hlen = 16; 229 align = 0; 230 break; 231 232 case DLT_ECONET: 233 sockp->sa_family = AF_UNSPEC; 234 hlen = 6; 235 align = 2; 236 break; 237 238 case DLT_NULL: 239 sockp->sa_family = AF_UNSPEC; 240 hlen = 0; 241 align = 0; 242 break; 243 244 default: 245 return (EIO); 246 } 247 248 len = uio->uio_resid; 249 /* 250 * If there aren't enough bytes for a link level header or the 251 * packet length exceeds the interface mtu, return an error. 252 */ 253 if (len < hlen || len - hlen > mtu) 254 return (EMSGSIZE); 255 256 /* 257 * XXX Avoid complicated buffer chaining --- 258 * bail if it won't fit in a single mbuf. 259 * (Take into account possible alignment bytes) 260 */ 261 if ((unsigned)len > MCLBYTES - align) 262 return (EIO); 263 264 m = m_gethdr(M_WAIT, MT_DATA); 265 m->m_pkthdr.rcvif = 0; 266 m->m_pkthdr.len = len - hlen; 267 if (len > MHLEN - align) { 268 m_clget(m, M_WAIT); 269 if ((m->m_flags & M_EXT) == 0) { 270 error = ENOBUFS; 271 goto bad; 272 } 273 } 274 275 /* Insure the data is properly aligned */ 276 if (align > 0) { 277 m->m_data += align; 278 m->m_len -= align; 279 } 280 281 error = uiomove(mtod(m, void *), len, uio); 282 if (error) 283 goto bad; 284 if (hlen != 0) { 285 memcpy(sockp->sa_data, mtod(m, void *), hlen); 286 m->m_data += hlen; /* XXX */ 287 len -= hlen; 288 } 289 m->m_len = len; 290 *mp = m; 291 return (0); 292 293 bad: 294 m_freem(m); 295 return (error); 296 } 297 298 /* 299 * Attach file to the bpf interface, i.e. make d listen on bp. 300 * Must be called at splnet. 301 */ 302 static void 303 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 304 { 305 /* 306 * Point d at bp, and add d to the interface's list of listeners. 307 * Finally, point the driver's bpf cookie at the interface so 308 * it will divert packets to bpf. 309 */ 310 d->bd_bif = bp; 311 d->bd_next = bp->bif_dlist; 312 bp->bif_dlist = d; 313 314 *bp->bif_driverp = bp; 315 } 316 317 /* 318 * Detach a file from its interface. 319 */ 320 static void 321 bpf_detachd(struct bpf_d *d) 322 { 323 struct bpf_d **p; 324 struct bpf_if *bp; 325 326 bp = d->bd_bif; 327 /* 328 * Check if this descriptor had requested promiscuous mode. 329 * If so, turn it off. 330 */ 331 if (d->bd_promisc) { 332 int error; 333 334 d->bd_promisc = 0; 335 /* 336 * Take device out of promiscuous mode. Since we were 337 * able to enter promiscuous mode, we should be able 338 * to turn it off. But we can get an error if 339 * the interface was configured down, so only panic 340 * if we don't get an unexpected error. 341 */ 342 error = ifpromisc(bp->bif_ifp, 0); 343 if (error && error != EINVAL) 344 panic("%s: ifpromisc failed: %d", __func__, error); 345 } 346 /* Remove d from the interface's descriptor list. */ 347 p = &bp->bif_dlist; 348 while (*p != d) { 349 p = &(*p)->bd_next; 350 if (*p == 0) 351 panic("%s: descriptor not in list", __func__); 352 } 353 *p = (*p)->bd_next; 354 if (bp->bif_dlist == 0) 355 /* 356 * Let the driver know that there are no more listeners. 357 */ 358 *d->bd_bif->bif_driverp = 0; 359 d->bd_bif = 0; 360 } 361 362 363 /* 364 * Mark a descriptor free by making it point to itself. 365 * This is probably cheaper than marking with a constant since 366 * the address should be in a register anyway. 367 */ 368 369 /* 370 * bpfilterattach() is called at boot time. 371 */ 372 /* ARGSUSED */ 373 void 374 bpfilterattach(int n) 375 { 376 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 377 378 mutex_enter(&bpf_mtx); 379 LIST_INIT(&bpf_list); 380 mutex_exit(&bpf_mtx); 381 382 bpf_gstats.bs_recv = 0; 383 bpf_gstats.bs_drop = 0; 384 bpf_gstats.bs_capt = 0; 385 } 386 387 /* 388 * Open ethernet device. Clones. 389 */ 390 /* ARGSUSED */ 391 int 392 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 393 { 394 struct bpf_d *d; 395 struct file *fp; 396 int error, fd; 397 398 /* falloc() will use the descriptor for us. */ 399 if ((error = fd_allocfile(&fp, &fd)) != 0) 400 return error; 401 402 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 403 d->bd_bufsize = bpf_bufsize; 404 d->bd_seesent = 1; 405 d->bd_pid = l->l_proc->p_pid; 406 getnanotime(&d->bd_btime); 407 d->bd_atime = d->bd_mtime = d->bd_btime; 408 callout_init(&d->bd_callout, 0); 409 selinit(&d->bd_sel); 410 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 411 412 mutex_enter(&bpf_mtx); 413 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 414 mutex_exit(&bpf_mtx); 415 416 return fd_clone(fp, fd, flag, &bpf_fileops, d); 417 } 418 419 /* 420 * Close the descriptor by detaching it from its interface, 421 * deallocating its buffers, and marking it free. 422 */ 423 /* ARGSUSED */ 424 static int 425 bpf_close(struct file *fp) 426 { 427 struct bpf_d *d = fp->f_data; 428 int s; 429 430 KERNEL_LOCK(1, NULL); 431 432 /* 433 * Refresh the PID associated with this bpf file. 434 */ 435 d->bd_pid = curproc->p_pid; 436 437 s = splnet(); 438 if (d->bd_state == BPF_WAITING) 439 callout_stop(&d->bd_callout); 440 d->bd_state = BPF_IDLE; 441 if (d->bd_bif) 442 bpf_detachd(d); 443 splx(s); 444 bpf_freed(d); 445 mutex_enter(&bpf_mtx); 446 LIST_REMOVE(d, bd_list); 447 mutex_exit(&bpf_mtx); 448 callout_destroy(&d->bd_callout); 449 seldestroy(&d->bd_sel); 450 softint_disestablish(d->bd_sih); 451 free(d, M_DEVBUF); 452 fp->f_data = NULL; 453 454 KERNEL_UNLOCK_ONE(NULL); 455 456 return (0); 457 } 458 459 /* 460 * Rotate the packet buffers in descriptor d. Move the store buffer 461 * into the hold slot, and the free buffer into the store slot. 462 * Zero the length of the new store buffer. 463 */ 464 #define ROTATE_BUFFERS(d) \ 465 (d)->bd_hbuf = (d)->bd_sbuf; \ 466 (d)->bd_hlen = (d)->bd_slen; \ 467 (d)->bd_sbuf = (d)->bd_fbuf; \ 468 (d)->bd_slen = 0; \ 469 (d)->bd_fbuf = 0; 470 /* 471 * bpfread - read next chunk of packets from buffers 472 */ 473 static int 474 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 475 kauth_cred_t cred, int flags) 476 { 477 struct bpf_d *d = fp->f_data; 478 int timed_out; 479 int error; 480 int s; 481 482 getnanotime(&d->bd_atime); 483 /* 484 * Restrict application to use a buffer the same size as 485 * the kernel buffers. 486 */ 487 if (uio->uio_resid != d->bd_bufsize) 488 return (EINVAL); 489 490 KERNEL_LOCK(1, NULL); 491 s = splnet(); 492 if (d->bd_state == BPF_WAITING) 493 callout_stop(&d->bd_callout); 494 timed_out = (d->bd_state == BPF_TIMED_OUT); 495 d->bd_state = BPF_IDLE; 496 /* 497 * If the hold buffer is empty, then do a timed sleep, which 498 * ends when the timeout expires or when enough packets 499 * have arrived to fill the store buffer. 500 */ 501 while (d->bd_hbuf == 0) { 502 if (fp->f_flag & FNONBLOCK) { 503 if (d->bd_slen == 0) { 504 splx(s); 505 KERNEL_UNLOCK_ONE(NULL); 506 return (EWOULDBLOCK); 507 } 508 ROTATE_BUFFERS(d); 509 break; 510 } 511 512 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 513 /* 514 * A packet(s) either arrived since the previous 515 * read or arrived while we were asleep. 516 * Rotate the buffers and return what's here. 517 */ 518 ROTATE_BUFFERS(d); 519 break; 520 } 521 error = tsleep(d, PRINET|PCATCH, "bpf", 522 d->bd_rtout); 523 if (error == EINTR || error == ERESTART) { 524 splx(s); 525 KERNEL_UNLOCK_ONE(NULL); 526 return (error); 527 } 528 if (error == EWOULDBLOCK) { 529 /* 530 * On a timeout, return what's in the buffer, 531 * which may be nothing. If there is something 532 * in the store buffer, we can rotate the buffers. 533 */ 534 if (d->bd_hbuf) 535 /* 536 * We filled up the buffer in between 537 * getting the timeout and arriving 538 * here, so we don't need to rotate. 539 */ 540 break; 541 542 if (d->bd_slen == 0) { 543 splx(s); 544 KERNEL_UNLOCK_ONE(NULL); 545 return (0); 546 } 547 ROTATE_BUFFERS(d); 548 break; 549 } 550 if (error != 0) 551 goto done; 552 } 553 /* 554 * At this point, we know we have something in the hold slot. 555 */ 556 splx(s); 557 558 /* 559 * Move data from hold buffer into user space. 560 * We know the entire buffer is transferred since 561 * we checked above that the read buffer is bpf_bufsize bytes. 562 */ 563 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 564 565 s = splnet(); 566 d->bd_fbuf = d->bd_hbuf; 567 d->bd_hbuf = 0; 568 d->bd_hlen = 0; 569 done: 570 splx(s); 571 KERNEL_UNLOCK_ONE(NULL); 572 return (error); 573 } 574 575 576 /* 577 * If there are processes sleeping on this descriptor, wake them up. 578 */ 579 static inline void 580 bpf_wakeup(struct bpf_d *d) 581 { 582 wakeup(d); 583 if (d->bd_async) 584 softint_schedule(d->bd_sih); 585 selnotify(&d->bd_sel, 0, 0); 586 } 587 588 static void 589 bpf_softintr(void *cookie) 590 { 591 struct bpf_d *d; 592 593 d = cookie; 594 if (d->bd_async) 595 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 596 } 597 598 static void 599 bpf_timed_out(void *arg) 600 { 601 struct bpf_d *d = arg; 602 int s; 603 604 s = splnet(); 605 if (d->bd_state == BPF_WAITING) { 606 d->bd_state = BPF_TIMED_OUT; 607 if (d->bd_slen != 0) 608 bpf_wakeup(d); 609 } 610 splx(s); 611 } 612 613 614 static int 615 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 616 kauth_cred_t cred, int flags) 617 { 618 struct bpf_d *d = fp->f_data; 619 struct ifnet *ifp; 620 struct mbuf *m; 621 int error, s; 622 static struct sockaddr_storage dst; 623 624 m = NULL; /* XXX gcc */ 625 626 KERNEL_LOCK(1, NULL); 627 628 if (d->bd_bif == 0) { 629 KERNEL_UNLOCK_ONE(NULL); 630 return (ENXIO); 631 } 632 getnanotime(&d->bd_mtime); 633 634 ifp = d->bd_bif->bif_ifp; 635 636 if (uio->uio_resid == 0) { 637 KERNEL_UNLOCK_ONE(NULL); 638 return (0); 639 } 640 641 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 642 (struct sockaddr *) &dst); 643 if (error) { 644 KERNEL_UNLOCK_ONE(NULL); 645 return (error); 646 } 647 648 if (m->m_pkthdr.len > ifp->if_mtu) { 649 KERNEL_UNLOCK_ONE(NULL); 650 m_freem(m); 651 return (EMSGSIZE); 652 } 653 654 if (d->bd_hdrcmplt) 655 dst.ss_family = pseudo_AF_HDRCMPLT; 656 657 s = splsoftnet(); 658 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 659 splx(s); 660 KERNEL_UNLOCK_ONE(NULL); 661 /* 662 * The driver frees the mbuf. 663 */ 664 return (error); 665 } 666 667 /* 668 * Reset a descriptor by flushing its packet buffer and clearing the 669 * receive and drop counts. Should be called at splnet. 670 */ 671 static void 672 reset_d(struct bpf_d *d) 673 { 674 if (d->bd_hbuf) { 675 /* Free the hold buffer. */ 676 d->bd_fbuf = d->bd_hbuf; 677 d->bd_hbuf = 0; 678 } 679 d->bd_slen = 0; 680 d->bd_hlen = 0; 681 d->bd_rcount = 0; 682 d->bd_dcount = 0; 683 d->bd_ccount = 0; 684 } 685 686 /* 687 * FIONREAD Check for read packet available. 688 * BIOCGBLEN Get buffer len [for read()]. 689 * BIOCSETF Set ethernet read filter. 690 * BIOCFLUSH Flush read packet buffer. 691 * BIOCPROMISC Put interface into promiscuous mode. 692 * BIOCGDLT Get link layer type. 693 * BIOCGETIF Get interface name. 694 * BIOCSETIF Set interface. 695 * BIOCSRTIMEOUT Set read timeout. 696 * BIOCGRTIMEOUT Get read timeout. 697 * BIOCGSTATS Get packet stats. 698 * BIOCIMMEDIATE Set immediate mode. 699 * BIOCVERSION Get filter language version. 700 * BIOCGHDRCMPLT Get "header already complete" flag. 701 * BIOCSHDRCMPLT Set "header already complete" flag. 702 */ 703 /* ARGSUSED */ 704 static int 705 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 706 { 707 struct bpf_d *d = fp->f_data; 708 int s, error = 0; 709 710 /* 711 * Refresh the PID associated with this bpf file. 712 */ 713 KERNEL_LOCK(1, NULL); 714 d->bd_pid = curproc->p_pid; 715 716 s = splnet(); 717 if (d->bd_state == BPF_WAITING) 718 callout_stop(&d->bd_callout); 719 d->bd_state = BPF_IDLE; 720 splx(s); 721 722 switch (cmd) { 723 724 default: 725 error = EINVAL; 726 break; 727 728 /* 729 * Check for read packet available. 730 */ 731 case FIONREAD: 732 { 733 int n; 734 735 s = splnet(); 736 n = d->bd_slen; 737 if (d->bd_hbuf) 738 n += d->bd_hlen; 739 splx(s); 740 741 *(int *)addr = n; 742 break; 743 } 744 745 /* 746 * Get buffer len [for read()]. 747 */ 748 case BIOCGBLEN: 749 *(u_int *)addr = d->bd_bufsize; 750 break; 751 752 /* 753 * Set buffer length. 754 */ 755 case BIOCSBLEN: 756 if (d->bd_bif != 0) 757 error = EINVAL; 758 else { 759 u_int size = *(u_int *)addr; 760 761 if (size > bpf_maxbufsize) 762 *(u_int *)addr = size = bpf_maxbufsize; 763 else if (size < BPF_MINBUFSIZE) 764 *(u_int *)addr = size = BPF_MINBUFSIZE; 765 d->bd_bufsize = size; 766 } 767 break; 768 769 /* 770 * Set link layer read filter. 771 */ 772 case BIOCSETF: 773 error = bpf_setf(d, addr); 774 break; 775 776 /* 777 * Flush read packet buffer. 778 */ 779 case BIOCFLUSH: 780 s = splnet(); 781 reset_d(d); 782 splx(s); 783 break; 784 785 /* 786 * Put interface into promiscuous mode. 787 */ 788 case BIOCPROMISC: 789 if (d->bd_bif == 0) { 790 /* 791 * No interface attached yet. 792 */ 793 error = EINVAL; 794 break; 795 } 796 s = splnet(); 797 if (d->bd_promisc == 0) { 798 error = ifpromisc(d->bd_bif->bif_ifp, 1); 799 if (error == 0) 800 d->bd_promisc = 1; 801 } 802 splx(s); 803 break; 804 805 /* 806 * Get device parameters. 807 */ 808 case BIOCGDLT: 809 if (d->bd_bif == 0) 810 error = EINVAL; 811 else 812 *(u_int *)addr = d->bd_bif->bif_dlt; 813 break; 814 815 /* 816 * Get a list of supported device parameters. 817 */ 818 case BIOCGDLTLIST: 819 if (d->bd_bif == 0) 820 error = EINVAL; 821 else 822 error = bpf_getdltlist(d, addr); 823 break; 824 825 /* 826 * Set device parameters. 827 */ 828 case BIOCSDLT: 829 if (d->bd_bif == 0) 830 error = EINVAL; 831 else 832 error = bpf_setdlt(d, *(u_int *)addr); 833 break; 834 835 /* 836 * Set interface name. 837 */ 838 #ifdef OBIOCGETIF 839 case OBIOCGETIF: 840 #endif 841 case BIOCGETIF: 842 if (d->bd_bif == 0) 843 error = EINVAL; 844 else 845 bpf_ifname(d->bd_bif->bif_ifp, addr); 846 break; 847 848 /* 849 * Set interface. 850 */ 851 #ifdef OBIOCSETIF 852 case OBIOCSETIF: 853 #endif 854 case BIOCSETIF: 855 error = bpf_setif(d, addr); 856 break; 857 858 /* 859 * Set read timeout. 860 */ 861 case BIOCSRTIMEOUT: 862 { 863 struct timeval *tv = addr; 864 865 /* Compute number of ticks. */ 866 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 867 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 868 d->bd_rtout = 1; 869 break; 870 } 871 872 #ifdef BIOCGORTIMEOUT 873 /* 874 * Get read timeout. 875 */ 876 case BIOCGORTIMEOUT: 877 { 878 struct timeval50 *tv = addr; 879 880 tv->tv_sec = d->bd_rtout / hz; 881 tv->tv_usec = (d->bd_rtout % hz) * tick; 882 break; 883 } 884 #endif 885 886 #ifdef BIOCSORTIMEOUT 887 /* 888 * Set read timeout. 889 */ 890 case BIOCSORTIMEOUT: 891 { 892 struct timeval50 *tv = addr; 893 894 /* Compute number of ticks. */ 895 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 896 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 897 d->bd_rtout = 1; 898 break; 899 } 900 #endif 901 902 /* 903 * Get read timeout. 904 */ 905 case BIOCGRTIMEOUT: 906 { 907 struct timeval *tv = addr; 908 909 tv->tv_sec = d->bd_rtout / hz; 910 tv->tv_usec = (d->bd_rtout % hz) * tick; 911 break; 912 } 913 /* 914 * Get packet stats. 915 */ 916 case BIOCGSTATS: 917 { 918 struct bpf_stat *bs = addr; 919 920 bs->bs_recv = d->bd_rcount; 921 bs->bs_drop = d->bd_dcount; 922 bs->bs_capt = d->bd_ccount; 923 break; 924 } 925 926 case BIOCGSTATSOLD: 927 { 928 struct bpf_stat_old *bs = addr; 929 930 bs->bs_recv = d->bd_rcount; 931 bs->bs_drop = d->bd_dcount; 932 break; 933 } 934 935 /* 936 * Set immediate mode. 937 */ 938 case BIOCIMMEDIATE: 939 d->bd_immediate = *(u_int *)addr; 940 break; 941 942 case BIOCVERSION: 943 { 944 struct bpf_version *bv = addr; 945 946 bv->bv_major = BPF_MAJOR_VERSION; 947 bv->bv_minor = BPF_MINOR_VERSION; 948 break; 949 } 950 951 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 952 *(u_int *)addr = d->bd_hdrcmplt; 953 break; 954 955 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 956 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 957 break; 958 959 /* 960 * Get "see sent packets" flag 961 */ 962 case BIOCGSEESENT: 963 *(u_int *)addr = d->bd_seesent; 964 break; 965 966 /* 967 * Set "see sent" packets flag 968 */ 969 case BIOCSSEESENT: 970 d->bd_seesent = *(u_int *)addr; 971 break; 972 973 case FIONBIO: /* Non-blocking I/O */ 974 /* 975 * No need to do anything special as we use IO_NDELAY in 976 * bpfread() as an indication of whether or not to block 977 * the read. 978 */ 979 break; 980 981 case FIOASYNC: /* Send signal on receive packets */ 982 d->bd_async = *(int *)addr; 983 break; 984 985 case TIOCSPGRP: /* Process or group to send signals to */ 986 case FIOSETOWN: 987 error = fsetown(&d->bd_pgid, cmd, addr); 988 break; 989 990 case TIOCGPGRP: 991 case FIOGETOWN: 992 error = fgetown(d->bd_pgid, cmd, addr); 993 break; 994 } 995 KERNEL_UNLOCK_ONE(NULL); 996 return (error); 997 } 998 999 /* 1000 * Set d's packet filter program to fp. If this file already has a filter, 1001 * free it and replace it. Returns EINVAL for bogus requests. 1002 */ 1003 int 1004 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 1005 { 1006 struct bpf_insn *fcode, *old; 1007 u_int flen, size; 1008 int s; 1009 1010 old = d->bd_filter; 1011 if (fp->bf_insns == 0) { 1012 if (fp->bf_len != 0) 1013 return (EINVAL); 1014 s = splnet(); 1015 d->bd_filter = 0; 1016 reset_d(d); 1017 splx(s); 1018 if (old != 0) 1019 free(old, M_DEVBUF); 1020 return (0); 1021 } 1022 flen = fp->bf_len; 1023 if (flen > BPF_MAXINSNS) 1024 return (EINVAL); 1025 1026 size = flen * sizeof(*fp->bf_insns); 1027 fcode = malloc(size, M_DEVBUF, M_WAITOK); 1028 if (copyin(fp->bf_insns, fcode, size) == 0 && 1029 bpf_validate(fcode, (int)flen)) { 1030 s = splnet(); 1031 d->bd_filter = fcode; 1032 reset_d(d); 1033 splx(s); 1034 if (old != 0) 1035 free(old, M_DEVBUF); 1036 1037 return (0); 1038 } 1039 free(fcode, M_DEVBUF); 1040 return (EINVAL); 1041 } 1042 1043 /* 1044 * Detach a file from its current interface (if attached at all) and attach 1045 * to the interface indicated by the name stored in ifr. 1046 * Return an errno or 0. 1047 */ 1048 static int 1049 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1050 { 1051 struct bpf_if *bp; 1052 char *cp; 1053 int unit_seen, i, s, error; 1054 1055 /* 1056 * Make sure the provided name has a unit number, and default 1057 * it to '0' if not specified. 1058 * XXX This is ugly ... do this differently? 1059 */ 1060 unit_seen = 0; 1061 cp = ifr->ifr_name; 1062 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1063 while (*cp++) 1064 if (*cp >= '0' && *cp <= '9') 1065 unit_seen = 1; 1066 if (!unit_seen) { 1067 /* Make sure to leave room for the '\0'. */ 1068 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1069 if ((ifr->ifr_name[i] >= 'a' && 1070 ifr->ifr_name[i] <= 'z') || 1071 (ifr->ifr_name[i] >= 'A' && 1072 ifr->ifr_name[i] <= 'Z')) 1073 continue; 1074 ifr->ifr_name[i] = '0'; 1075 } 1076 } 1077 1078 /* 1079 * Look through attached interfaces for the named one. 1080 */ 1081 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1082 struct ifnet *ifp = bp->bif_ifp; 1083 1084 if (ifp == 0 || 1085 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1086 continue; 1087 /* skip additional entry */ 1088 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1089 continue; 1090 /* 1091 * We found the requested interface. 1092 * Allocate the packet buffers if we need to. 1093 * If we're already attached to requested interface, 1094 * just flush the buffer. 1095 */ 1096 if (d->bd_sbuf == 0) { 1097 error = bpf_allocbufs(d); 1098 if (error != 0) 1099 return (error); 1100 } 1101 s = splnet(); 1102 if (bp != d->bd_bif) { 1103 if (d->bd_bif) 1104 /* 1105 * Detach if attached to something else. 1106 */ 1107 bpf_detachd(d); 1108 1109 bpf_attachd(d, bp); 1110 } 1111 reset_d(d); 1112 splx(s); 1113 return (0); 1114 } 1115 /* Not found. */ 1116 return (ENXIO); 1117 } 1118 1119 /* 1120 * Copy the interface name to the ifreq. 1121 */ 1122 static void 1123 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1124 { 1125 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1126 } 1127 1128 static int 1129 bpf_stat(struct file *fp, struct stat *st) 1130 { 1131 struct bpf_d *d = fp->f_data; 1132 1133 (void)memset(st, 0, sizeof(*st)); 1134 KERNEL_LOCK(1, NULL); 1135 st->st_dev = makedev(cdevsw_lookup_major(&bpf_cdevsw), d->bd_pid); 1136 st->st_atimespec = d->bd_atime; 1137 st->st_mtimespec = d->bd_mtime; 1138 st->st_ctimespec = st->st_birthtimespec = d->bd_btime; 1139 st->st_uid = kauth_cred_geteuid(fp->f_cred); 1140 st->st_gid = kauth_cred_getegid(fp->f_cred); 1141 KERNEL_UNLOCK_ONE(NULL); 1142 return 0; 1143 } 1144 1145 /* 1146 * Support for poll() system call 1147 * 1148 * Return true iff the specific operation will not block indefinitely - with 1149 * the assumption that it is safe to positively acknowledge a request for the 1150 * ability to write to the BPF device. 1151 * Otherwise, return false but make a note that a selnotify() must be done. 1152 */ 1153 static int 1154 bpf_poll(struct file *fp, int events) 1155 { 1156 struct bpf_d *d = fp->f_data; 1157 int s = splnet(); 1158 int revents; 1159 1160 /* 1161 * Refresh the PID associated with this bpf file. 1162 */ 1163 KERNEL_LOCK(1, NULL); 1164 d->bd_pid = curproc->p_pid; 1165 1166 revents = events & (POLLOUT | POLLWRNORM); 1167 if (events & (POLLIN | POLLRDNORM)) { 1168 /* 1169 * An imitation of the FIONREAD ioctl code. 1170 */ 1171 if (d->bd_hlen != 0 || 1172 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1173 d->bd_slen != 0)) { 1174 revents |= events & (POLLIN | POLLRDNORM); 1175 } else { 1176 selrecord(curlwp, &d->bd_sel); 1177 /* Start the read timeout if necessary */ 1178 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1179 callout_reset(&d->bd_callout, d->bd_rtout, 1180 bpf_timed_out, d); 1181 d->bd_state = BPF_WAITING; 1182 } 1183 } 1184 } 1185 1186 KERNEL_UNLOCK_ONE(NULL); 1187 splx(s); 1188 return (revents); 1189 } 1190 1191 static void 1192 filt_bpfrdetach(struct knote *kn) 1193 { 1194 struct bpf_d *d = kn->kn_hook; 1195 int s; 1196 1197 KERNEL_LOCK(1, NULL); 1198 s = splnet(); 1199 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1200 splx(s); 1201 KERNEL_UNLOCK_ONE(NULL); 1202 } 1203 1204 static int 1205 filt_bpfread(struct knote *kn, long hint) 1206 { 1207 struct bpf_d *d = kn->kn_hook; 1208 int rv; 1209 1210 KERNEL_LOCK(1, NULL); 1211 kn->kn_data = d->bd_hlen; 1212 if (d->bd_immediate) 1213 kn->kn_data += d->bd_slen; 1214 rv = (kn->kn_data > 0); 1215 KERNEL_UNLOCK_ONE(NULL); 1216 return rv; 1217 } 1218 1219 static const struct filterops bpfread_filtops = 1220 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1221 1222 static int 1223 bpf_kqfilter(struct file *fp, struct knote *kn) 1224 { 1225 struct bpf_d *d = fp->f_data; 1226 struct klist *klist; 1227 int s; 1228 1229 KERNEL_LOCK(1, NULL); 1230 1231 switch (kn->kn_filter) { 1232 case EVFILT_READ: 1233 klist = &d->bd_sel.sel_klist; 1234 kn->kn_fop = &bpfread_filtops; 1235 break; 1236 1237 default: 1238 KERNEL_UNLOCK_ONE(NULL); 1239 return (EINVAL); 1240 } 1241 1242 kn->kn_hook = d; 1243 1244 s = splnet(); 1245 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1246 splx(s); 1247 KERNEL_UNLOCK_ONE(NULL); 1248 1249 return (0); 1250 } 1251 1252 /* 1253 * Incoming linkage from device drivers. Process the packet pkt, of length 1254 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1255 * by each process' filter, and if accepted, stashed into the corresponding 1256 * buffer. 1257 */ 1258 void 1259 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1260 { 1261 struct bpf_if *bp; 1262 struct bpf_d *d; 1263 u_int slen; 1264 struct timespec ts; 1265 int gottime=0; 1266 1267 /* 1268 * Note that the ipl does not have to be raised at this point. 1269 * The only problem that could arise here is that if two different 1270 * interfaces shared any data. This is not the case. 1271 */ 1272 bp = arg; 1273 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1274 ++d->bd_rcount; 1275 ++bpf_gstats.bs_recv; 1276 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1277 if (slen != 0) { 1278 if (!gottime) { 1279 nanotime(&ts); 1280 gottime = 1; 1281 } 1282 catchpacket(d, pkt, pktlen, slen, memcpy, &ts); 1283 } 1284 } 1285 } 1286 1287 /* 1288 * Copy data from an mbuf chain into a buffer. This code is derived 1289 * from m_copydata in sys/uipc_mbuf.c. 1290 */ 1291 static void * 1292 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1293 { 1294 const struct mbuf *m; 1295 u_int count; 1296 u_char *dst; 1297 1298 m = src_arg; 1299 dst = dst_arg; 1300 while (len > 0) { 1301 if (m == NULL) 1302 panic("bpf_mcpy"); 1303 count = min(m->m_len, len); 1304 memcpy(dst, mtod(m, const void *), count); 1305 m = m->m_next; 1306 dst += count; 1307 len -= count; 1308 } 1309 return dst_arg; 1310 } 1311 1312 /* 1313 * Dispatch a packet to all the listeners on interface bp. 1314 * 1315 * marg pointer to the packet, either a data buffer or an mbuf chain 1316 * buflen buffer length, if marg is a data buffer 1317 * cpfn a function that can copy marg into the listener's buffer 1318 * pktlen length of the packet 1319 * rcvif either NULL or the interface the packet came in on. 1320 */ 1321 static inline void 1322 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1323 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1324 { 1325 u_int slen; 1326 struct bpf_d *d; 1327 struct timespec ts; 1328 int gottime = 0; 1329 1330 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1331 if (!d->bd_seesent && (rcvif == NULL)) 1332 continue; 1333 ++d->bd_rcount; 1334 ++bpf_gstats.bs_recv; 1335 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1336 if (slen != 0) { 1337 if(!gottime) { 1338 nanotime(&ts); 1339 gottime = 1; 1340 } 1341 catchpacket(d, marg, pktlen, slen, cpfn, &ts); 1342 } 1343 } 1344 } 1345 1346 /* 1347 * Incoming linkage from device drivers, when the head of the packet is in 1348 * a buffer, and the tail is in an mbuf chain. 1349 */ 1350 void 1351 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1352 { 1353 struct bpf_if *bp = arg; 1354 u_int pktlen; 1355 struct mbuf mb; 1356 1357 pktlen = m_length(m) + dlen; 1358 1359 /* 1360 * Craft on-stack mbuf suitable for passing to bpf_filter. 1361 * Note that we cut corners here; we only setup what's 1362 * absolutely needed--this mbuf should never go anywhere else. 1363 */ 1364 (void)memset(&mb, 0, sizeof(mb)); 1365 mb.m_next = m; 1366 mb.m_data = data; 1367 mb.m_len = dlen; 1368 1369 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1370 } 1371 1372 /* 1373 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1374 */ 1375 void 1376 bpf_mtap(void *arg, struct mbuf *m) 1377 { 1378 void *(*cpfn)(void *, const void *, size_t); 1379 struct bpf_if *bp = arg; 1380 u_int pktlen, buflen; 1381 void *marg; 1382 1383 pktlen = m_length(m); 1384 1385 if (pktlen == m->m_len) { 1386 cpfn = (void *)memcpy; 1387 marg = mtod(m, void *); 1388 buflen = pktlen; 1389 } else { 1390 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1391 cpfn = bpf_mcpy; 1392 marg = m; 1393 buflen = 0; 1394 } 1395 1396 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1397 } 1398 1399 /* 1400 * We need to prepend the address family as 1401 * a four byte field. Cons up a dummy header 1402 * to pacify bpf. This is safe because bpf 1403 * will only read from the mbuf (i.e., it won't 1404 * try to free it or keep a pointer a to it). 1405 */ 1406 void 1407 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1408 { 1409 struct mbuf m0; 1410 1411 m0.m_flags = 0; 1412 m0.m_next = m; 1413 m0.m_len = 4; 1414 m0.m_data = (char *)⁡ 1415 1416 bpf_mtap(arg, &m0); 1417 } 1418 1419 void 1420 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1421 { 1422 struct mbuf m0; 1423 1424 m0.m_flags = 0; 1425 m0.m_next = m; 1426 m0.m_len = 14; 1427 m0.m_data = m0.m_dat; 1428 1429 ((uint32_t *)m0.m_data)[0] = 0; 1430 ((uint32_t *)m0.m_data)[1] = 0; 1431 ((uint32_t *)m0.m_data)[2] = 0; 1432 ((uint16_t *)m0.m_data)[6] = et; 1433 1434 bpf_mtap(arg, &m0); 1435 } 1436 1437 #if NSL > 0 || NSTRIP > 0 1438 /* 1439 * Put the SLIP pseudo-"link header" in place. 1440 * Note this M_PREPEND() should never fail, 1441 * swince we know we always have enough space 1442 * in the input buffer. 1443 */ 1444 void 1445 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1446 { 1447 int s; 1448 u_char *hp; 1449 1450 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1451 if (*m == NULL) 1452 return; 1453 1454 hp = mtod(*m, u_char *); 1455 hp[SLX_DIR] = SLIPDIR_IN; 1456 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1457 1458 s = splnet(); 1459 bpf_mtap(arg, *m); 1460 splx(s); 1461 1462 m_adj(*m, SLIP_HDRLEN); 1463 } 1464 1465 /* 1466 * Put the SLIP pseudo-"link header" in 1467 * place. The compressed header is now 1468 * at the beginning of the mbuf. 1469 */ 1470 void 1471 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1472 { 1473 struct mbuf m0; 1474 u_char *hp; 1475 int s; 1476 1477 m0.m_flags = 0; 1478 m0.m_next = m; 1479 m0.m_data = m0.m_dat; 1480 m0.m_len = SLIP_HDRLEN; 1481 1482 hp = mtod(&m0, u_char *); 1483 1484 hp[SLX_DIR] = SLIPDIR_OUT; 1485 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1486 1487 s = splnet(); 1488 bpf_mtap(arg, &m0); 1489 splx(s); 1490 m_freem(m); 1491 } 1492 #endif 1493 1494 /* 1495 * Move the packet data from interface memory (pkt) into the 1496 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1497 * otherwise 0. "copy" is the routine called to do the actual data 1498 * transfer. memcpy is passed in to copy contiguous chunks, while 1499 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1500 * pkt is really an mbuf. 1501 */ 1502 static void 1503 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1504 void *(*cpfn)(void *, const void *, size_t), struct timespec *ts) 1505 { 1506 struct bpf_hdr *hp; 1507 int totlen, curlen; 1508 int hdrlen = d->bd_bif->bif_hdrlen; 1509 int do_wakeup = 0; 1510 1511 ++d->bd_ccount; 1512 ++bpf_gstats.bs_capt; 1513 /* 1514 * Figure out how many bytes to move. If the packet is 1515 * greater or equal to the snapshot length, transfer that 1516 * much. Otherwise, transfer the whole packet (unless 1517 * we hit the buffer size limit). 1518 */ 1519 totlen = hdrlen + min(snaplen, pktlen); 1520 if (totlen > d->bd_bufsize) 1521 totlen = d->bd_bufsize; 1522 1523 /* 1524 * Round up the end of the previous packet to the next longword. 1525 */ 1526 curlen = BPF_WORDALIGN(d->bd_slen); 1527 if (curlen + totlen > d->bd_bufsize) { 1528 /* 1529 * This packet will overflow the storage buffer. 1530 * Rotate the buffers if we can, then wakeup any 1531 * pending reads. 1532 */ 1533 if (d->bd_fbuf == 0) { 1534 /* 1535 * We haven't completed the previous read yet, 1536 * so drop the packet. 1537 */ 1538 ++d->bd_dcount; 1539 ++bpf_gstats.bs_drop; 1540 return; 1541 } 1542 ROTATE_BUFFERS(d); 1543 do_wakeup = 1; 1544 curlen = 0; 1545 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1546 /* 1547 * Immediate mode is set, or the read timeout has 1548 * already expired during a select call. A packet 1549 * arrived, so the reader should be woken up. 1550 */ 1551 do_wakeup = 1; 1552 } 1553 1554 /* 1555 * Append the bpf header. 1556 */ 1557 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1558 hp->bh_tstamp.tv_sec = ts->tv_sec; 1559 hp->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1560 hp->bh_datalen = pktlen; 1561 hp->bh_hdrlen = hdrlen; 1562 /* 1563 * Copy the packet data into the store buffer and update its length. 1564 */ 1565 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1566 d->bd_slen = curlen + totlen; 1567 1568 /* 1569 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1570 * will cause filt_bpfread() to be called with it adjusted. 1571 */ 1572 if (do_wakeup) 1573 bpf_wakeup(d); 1574 } 1575 1576 /* 1577 * Initialize all nonzero fields of a descriptor. 1578 */ 1579 static int 1580 bpf_allocbufs(struct bpf_d *d) 1581 { 1582 1583 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1584 if (!d->bd_fbuf) 1585 return (ENOBUFS); 1586 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1587 if (!d->bd_sbuf) { 1588 free(d->bd_fbuf, M_DEVBUF); 1589 return (ENOBUFS); 1590 } 1591 d->bd_slen = 0; 1592 d->bd_hlen = 0; 1593 return (0); 1594 } 1595 1596 /* 1597 * Free buffers currently in use by a descriptor. 1598 * Called on close. 1599 */ 1600 static void 1601 bpf_freed(struct bpf_d *d) 1602 { 1603 /* 1604 * We don't need to lock out interrupts since this descriptor has 1605 * been detached from its interface and it yet hasn't been marked 1606 * free. 1607 */ 1608 if (d->bd_sbuf != 0) { 1609 free(d->bd_sbuf, M_DEVBUF); 1610 if (d->bd_hbuf != 0) 1611 free(d->bd_hbuf, M_DEVBUF); 1612 if (d->bd_fbuf != 0) 1613 free(d->bd_fbuf, M_DEVBUF); 1614 } 1615 if (d->bd_filter) 1616 free(d->bd_filter, M_DEVBUF); 1617 } 1618 1619 /* 1620 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1621 * fixed size of the link header (variable length headers not yet supported). 1622 */ 1623 void 1624 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1625 { 1626 1627 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1628 } 1629 1630 /* 1631 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1632 * hdrlen is the fixed size of the link header for the specified dlt 1633 * (variable length headers not yet supported). 1634 */ 1635 void 1636 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1637 { 1638 struct bpf_if *bp; 1639 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1640 if (bp == 0) 1641 panic("bpfattach"); 1642 1643 bp->bif_dlist = 0; 1644 bp->bif_driverp = driverp; 1645 bp->bif_ifp = ifp; 1646 bp->bif_dlt = dlt; 1647 1648 bp->bif_next = bpf_iflist; 1649 bpf_iflist = bp; 1650 1651 *bp->bif_driverp = 0; 1652 1653 /* 1654 * Compute the length of the bpf header. This is not necessarily 1655 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1656 * that the network layer header begins on a longword boundary (for 1657 * performance reasons and to alleviate alignment restrictions). 1658 */ 1659 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1660 1661 #if 0 1662 printf("bpf: %s attached\n", ifp->if_xname); 1663 #endif 1664 } 1665 1666 /* 1667 * Remove an interface from bpf. 1668 */ 1669 void 1670 bpfdetach(struct ifnet *ifp) 1671 { 1672 struct bpf_if *bp, **pbp; 1673 struct bpf_d *d; 1674 int s; 1675 1676 /* Nuke the vnodes for any open instances */ 1677 LIST_FOREACH(d, &bpf_list, bd_list) { 1678 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1679 /* 1680 * Detach the descriptor from an interface now. 1681 * It will be free'ed later by close routine. 1682 */ 1683 s = splnet(); 1684 d->bd_promisc = 0; /* we can't touch device. */ 1685 bpf_detachd(d); 1686 splx(s); 1687 } 1688 } 1689 1690 again: 1691 for (bp = bpf_iflist, pbp = &bpf_iflist; 1692 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1693 if (bp->bif_ifp == ifp) { 1694 *pbp = bp->bif_next; 1695 free(bp, M_DEVBUF); 1696 goto again; 1697 } 1698 } 1699 } 1700 1701 /* 1702 * Change the data link type of a interface. 1703 */ 1704 void 1705 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1706 { 1707 struct bpf_if *bp; 1708 1709 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1710 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1711 break; 1712 } 1713 if (bp == NULL) 1714 panic("bpf_change_type"); 1715 1716 bp->bif_dlt = dlt; 1717 1718 /* 1719 * Compute the length of the bpf header. This is not necessarily 1720 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1721 * that the network layer header begins on a longword boundary (for 1722 * performance reasons and to alleviate alignment restrictions). 1723 */ 1724 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1725 } 1726 1727 /* 1728 * Get a list of available data link type of the interface. 1729 */ 1730 static int 1731 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1732 { 1733 int n, error; 1734 struct ifnet *ifp; 1735 struct bpf_if *bp; 1736 1737 ifp = d->bd_bif->bif_ifp; 1738 n = 0; 1739 error = 0; 1740 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1741 if (bp->bif_ifp != ifp) 1742 continue; 1743 if (bfl->bfl_list != NULL) { 1744 if (n >= bfl->bfl_len) 1745 return ENOMEM; 1746 error = copyout(&bp->bif_dlt, 1747 bfl->bfl_list + n, sizeof(u_int)); 1748 } 1749 n++; 1750 } 1751 bfl->bfl_len = n; 1752 return error; 1753 } 1754 1755 /* 1756 * Set the data link type of a BPF instance. 1757 */ 1758 static int 1759 bpf_setdlt(struct bpf_d *d, u_int dlt) 1760 { 1761 int s, error, opromisc; 1762 struct ifnet *ifp; 1763 struct bpf_if *bp; 1764 1765 if (d->bd_bif->bif_dlt == dlt) 1766 return 0; 1767 ifp = d->bd_bif->bif_ifp; 1768 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1769 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1770 break; 1771 } 1772 if (bp == NULL) 1773 return EINVAL; 1774 s = splnet(); 1775 opromisc = d->bd_promisc; 1776 bpf_detachd(d); 1777 bpf_attachd(d, bp); 1778 reset_d(d); 1779 if (opromisc) { 1780 error = ifpromisc(bp->bif_ifp, 1); 1781 if (error) 1782 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1783 bp->bif_ifp->if_xname, error); 1784 else 1785 d->bd_promisc = 1; 1786 } 1787 splx(s); 1788 return 0; 1789 } 1790 1791 static int 1792 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1793 { 1794 int newsize, error; 1795 struct sysctlnode node; 1796 1797 node = *rnode; 1798 node.sysctl_data = &newsize; 1799 newsize = bpf_maxbufsize; 1800 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1801 if (error || newp == NULL) 1802 return (error); 1803 1804 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1805 return (EINVAL); 1806 1807 bpf_maxbufsize = newsize; 1808 1809 return (0); 1810 } 1811 1812 static int 1813 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1814 { 1815 int error, elem_count; 1816 struct bpf_d *dp; 1817 struct bpf_d_ext dpe; 1818 size_t len, needed, elem_size, out_size; 1819 char *sp; 1820 1821 if (namelen == 1 && name[0] == CTL_QUERY) 1822 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1823 1824 if (namelen != 2) 1825 return (EINVAL); 1826 1827 /* BPF peers is privileged information. */ 1828 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1829 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1830 if (error) 1831 return (EPERM); 1832 1833 len = (oldp != NULL) ? *oldlenp : 0; 1834 sp = oldp; 1835 elem_size = name[0]; 1836 elem_count = name[1]; 1837 out_size = MIN(sizeof(dpe), elem_size); 1838 needed = 0; 1839 1840 if (elem_size < 1 || elem_count < 0) 1841 return (EINVAL); 1842 1843 mutex_enter(&bpf_mtx); 1844 LIST_FOREACH(dp, &bpf_list, bd_list) { 1845 if (len >= elem_size && elem_count > 0) { 1846 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1847 BPF_EXT(bufsize); 1848 BPF_EXT(promisc); 1849 BPF_EXT(promisc); 1850 BPF_EXT(state); 1851 BPF_EXT(immediate); 1852 BPF_EXT(hdrcmplt); 1853 BPF_EXT(seesent); 1854 BPF_EXT(pid); 1855 BPF_EXT(rcount); 1856 BPF_EXT(dcount); 1857 BPF_EXT(ccount); 1858 #undef BPF_EXT 1859 if (dp->bd_bif) 1860 (void)strlcpy(dpe.bde_ifname, 1861 dp->bd_bif->bif_ifp->if_xname, 1862 IFNAMSIZ - 1); 1863 else 1864 dpe.bde_ifname[0] = '\0'; 1865 1866 error = copyout(&dpe, sp, out_size); 1867 if (error) 1868 break; 1869 sp += elem_size; 1870 len -= elem_size; 1871 } 1872 needed += elem_size; 1873 if (elem_count > 0 && elem_count != INT_MAX) 1874 elem_count--; 1875 } 1876 mutex_exit(&bpf_mtx); 1877 1878 *oldlenp = needed; 1879 1880 return (error); 1881 } 1882 1883 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1884 { 1885 const struct sysctlnode *node; 1886 1887 sysctl_createv(clog, 0, NULL, NULL, 1888 CTLFLAG_PERMANENT, 1889 CTLTYPE_NODE, "net", NULL, 1890 NULL, 0, NULL, 0, 1891 CTL_NET, CTL_EOL); 1892 1893 node = NULL; 1894 sysctl_createv(clog, 0, NULL, &node, 1895 CTLFLAG_PERMANENT, 1896 CTLTYPE_NODE, "bpf", 1897 SYSCTL_DESCR("BPF options"), 1898 NULL, 0, NULL, 0, 1899 CTL_NET, CTL_CREATE, CTL_EOL); 1900 if (node != NULL) { 1901 sysctl_createv(clog, 0, NULL, NULL, 1902 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1903 CTLTYPE_INT, "maxbufsize", 1904 SYSCTL_DESCR("Maximum size for data capture buffer"), 1905 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1906 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1907 sysctl_createv(clog, 0, NULL, NULL, 1908 CTLFLAG_PERMANENT, 1909 CTLTYPE_STRUCT, "stats", 1910 SYSCTL_DESCR("BPF stats"), 1911 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1912 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1913 sysctl_createv(clog, 0, NULL, NULL, 1914 CTLFLAG_PERMANENT, 1915 CTLTYPE_STRUCT, "peers", 1916 SYSCTL_DESCR("BPF peers"), 1917 sysctl_net_bpf_peers, 0, NULL, 0, 1918 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1919 } 1920 1921 } 1922