1 /* $NetBSD: bpf.c,v 1.142 2009/01/11 02:45:54 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.142 2009/01/11 02:45:54 christos Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timespec *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_close(struct file *); 155 static int bpf_kqfilter(struct file *, struct knote *); 156 static void bpf_softintr(void *); 157 158 static const struct fileops bpf_fileops = { 159 bpf_read, 160 bpf_write, 161 bpf_ioctl, 162 fnullop_fcntl, 163 bpf_poll, 164 fbadop_stat, 165 bpf_close, 166 bpf_kqfilter, 167 }; 168 169 dev_type_open(bpfopen); 170 171 const struct cdevsw bpf_cdevsw = { 172 bpfopen, noclose, noread, nowrite, noioctl, 173 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 174 }; 175 176 static int 177 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 178 struct sockaddr *sockp) 179 { 180 struct mbuf *m; 181 int error; 182 int len; 183 int hlen; 184 int align; 185 186 /* 187 * Build a sockaddr based on the data link layer type. 188 * We do this at this level because the ethernet header 189 * is copied directly into the data field of the sockaddr. 190 * In the case of SLIP, there is no header and the packet 191 * is forwarded as is. 192 * Also, we are careful to leave room at the front of the mbuf 193 * for the link level header. 194 */ 195 switch (linktype) { 196 197 case DLT_SLIP: 198 sockp->sa_family = AF_INET; 199 hlen = 0; 200 align = 0; 201 break; 202 203 case DLT_PPP: 204 sockp->sa_family = AF_UNSPEC; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_EN10MB: 210 sockp->sa_family = AF_UNSPEC; 211 /* XXX Would MAXLINKHDR be better? */ 212 /* 6(dst)+6(src)+2(type) */ 213 hlen = sizeof(struct ether_header); 214 align = 2; 215 break; 216 217 case DLT_ARCNET: 218 sockp->sa_family = AF_UNSPEC; 219 hlen = ARC_HDRLEN; 220 align = 5; 221 break; 222 223 case DLT_FDDI: 224 sockp->sa_family = AF_LINK; 225 /* XXX 4(FORMAC)+6(dst)+6(src) */ 226 hlen = 16; 227 align = 0; 228 break; 229 230 case DLT_ECONET: 231 sockp->sa_family = AF_UNSPEC; 232 hlen = 6; 233 align = 2; 234 break; 235 236 case DLT_NULL: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 0; 239 align = 0; 240 break; 241 242 default: 243 return (EIO); 244 } 245 246 len = uio->uio_resid; 247 /* 248 * If there aren't enough bytes for a link level header or the 249 * packet length exceeds the interface mtu, return an error. 250 */ 251 if (len < hlen || len - hlen > mtu) 252 return (EMSGSIZE); 253 254 /* 255 * XXX Avoid complicated buffer chaining --- 256 * bail if it won't fit in a single mbuf. 257 * (Take into account possible alignment bytes) 258 */ 259 if ((unsigned)len > MCLBYTES - align) 260 return (EIO); 261 262 m = m_gethdr(M_WAIT, MT_DATA); 263 m->m_pkthdr.rcvif = 0; 264 m->m_pkthdr.len = len - hlen; 265 if (len > MHLEN - align) { 266 m_clget(m, M_WAIT); 267 if ((m->m_flags & M_EXT) == 0) { 268 error = ENOBUFS; 269 goto bad; 270 } 271 } 272 273 /* Insure the data is properly aligned */ 274 if (align > 0) { 275 m->m_data += align; 276 m->m_len -= align; 277 } 278 279 error = uiomove(mtod(m, void *), len, uio); 280 if (error) 281 goto bad; 282 if (hlen != 0) { 283 memcpy(sockp->sa_data, mtod(m, void *), hlen); 284 m->m_data += hlen; /* XXX */ 285 len -= hlen; 286 } 287 m->m_len = len; 288 *mp = m; 289 return (0); 290 291 bad: 292 m_freem(m); 293 return (error); 294 } 295 296 /* 297 * Attach file to the bpf interface, i.e. make d listen on bp. 298 * Must be called at splnet. 299 */ 300 static void 301 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 302 { 303 /* 304 * Point d at bp, and add d to the interface's list of listeners. 305 * Finally, point the driver's bpf cookie at the interface so 306 * it will divert packets to bpf. 307 */ 308 d->bd_bif = bp; 309 d->bd_next = bp->bif_dlist; 310 bp->bif_dlist = d; 311 312 *bp->bif_driverp = bp; 313 } 314 315 /* 316 * Detach a file from its interface. 317 */ 318 static void 319 bpf_detachd(struct bpf_d *d) 320 { 321 struct bpf_d **p; 322 struct bpf_if *bp; 323 324 bp = d->bd_bif; 325 /* 326 * Check if this descriptor had requested promiscuous mode. 327 * If so, turn it off. 328 */ 329 if (d->bd_promisc) { 330 int error; 331 332 d->bd_promisc = 0; 333 /* 334 * Take device out of promiscuous mode. Since we were 335 * able to enter promiscuous mode, we should be able 336 * to turn it off. But we can get an error if 337 * the interface was configured down, so only panic 338 * if we don't get an unexpected error. 339 */ 340 error = ifpromisc(bp->bif_ifp, 0); 341 if (error && error != EINVAL) 342 panic("bpf: ifpromisc failed"); 343 } 344 /* Remove d from the interface's descriptor list. */ 345 p = &bp->bif_dlist; 346 while (*p != d) { 347 p = &(*p)->bd_next; 348 if (*p == 0) 349 panic("bpf_detachd: descriptor not in list"); 350 } 351 *p = (*p)->bd_next; 352 if (bp->bif_dlist == 0) 353 /* 354 * Let the driver know that there are no more listeners. 355 */ 356 *d->bd_bif->bif_driverp = 0; 357 d->bd_bif = 0; 358 } 359 360 361 /* 362 * Mark a descriptor free by making it point to itself. 363 * This is probably cheaper than marking with a constant since 364 * the address should be in a register anyway. 365 */ 366 367 /* 368 * bpfilterattach() is called at boot time. 369 */ 370 /* ARGSUSED */ 371 void 372 bpfilterattach(int n) 373 { 374 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 mutex_enter(&bpf_mtx); 377 LIST_INIT(&bpf_list); 378 mutex_exit(&bpf_mtx); 379 380 bpf_gstats.bs_recv = 0; 381 bpf_gstats.bs_drop = 0; 382 bpf_gstats.bs_capt = 0; 383 } 384 385 /* 386 * Open ethernet device. Clones. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 391 { 392 struct bpf_d *d; 393 struct file *fp; 394 int error, fd; 395 396 /* falloc() will use the descriptor for us. */ 397 if ((error = fd_allocfile(&fp, &fd)) != 0) 398 return error; 399 400 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 401 d->bd_bufsize = bpf_bufsize; 402 d->bd_seesent = 1; 403 d->bd_pid = l->l_proc->p_pid; 404 callout_init(&d->bd_callout, 0); 405 selinit(&d->bd_sel); 406 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 407 408 mutex_enter(&bpf_mtx); 409 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 410 mutex_exit(&bpf_mtx); 411 412 return fd_clone(fp, fd, flag, &bpf_fileops, d); 413 } 414 415 /* 416 * Close the descriptor by detaching it from its interface, 417 * deallocating its buffers, and marking it free. 418 */ 419 /* ARGSUSED */ 420 static int 421 bpf_close(struct file *fp) 422 { 423 struct bpf_d *d = fp->f_data; 424 int s; 425 426 KERNEL_LOCK(1, NULL); 427 428 /* 429 * Refresh the PID associated with this bpf file. 430 */ 431 d->bd_pid = curproc->p_pid; 432 433 s = splnet(); 434 if (d->bd_state == BPF_WAITING) 435 callout_stop(&d->bd_callout); 436 d->bd_state = BPF_IDLE; 437 if (d->bd_bif) 438 bpf_detachd(d); 439 splx(s); 440 bpf_freed(d); 441 mutex_enter(&bpf_mtx); 442 LIST_REMOVE(d, bd_list); 443 mutex_exit(&bpf_mtx); 444 callout_destroy(&d->bd_callout); 445 seldestroy(&d->bd_sel); 446 softint_disestablish(d->bd_sih); 447 free(d, M_DEVBUF); 448 fp->f_data = NULL; 449 450 KERNEL_UNLOCK_ONE(NULL); 451 452 return (0); 453 } 454 455 /* 456 * Rotate the packet buffers in descriptor d. Move the store buffer 457 * into the hold slot, and the free buffer into the store slot. 458 * Zero the length of the new store buffer. 459 */ 460 #define ROTATE_BUFFERS(d) \ 461 (d)->bd_hbuf = (d)->bd_sbuf; \ 462 (d)->bd_hlen = (d)->bd_slen; \ 463 (d)->bd_sbuf = (d)->bd_fbuf; \ 464 (d)->bd_slen = 0; \ 465 (d)->bd_fbuf = 0; 466 /* 467 * bpfread - read next chunk of packets from buffers 468 */ 469 static int 470 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 471 kauth_cred_t cred, int flags) 472 { 473 struct bpf_d *d = fp->f_data; 474 int timed_out; 475 int error; 476 int s; 477 478 /* 479 * Restrict application to use a buffer the same size as 480 * the kernel buffers. 481 */ 482 if (uio->uio_resid != d->bd_bufsize) 483 return (EINVAL); 484 485 KERNEL_LOCK(1, NULL); 486 s = splnet(); 487 if (d->bd_state == BPF_WAITING) 488 callout_stop(&d->bd_callout); 489 timed_out = (d->bd_state == BPF_TIMED_OUT); 490 d->bd_state = BPF_IDLE; 491 /* 492 * If the hold buffer is empty, then do a timed sleep, which 493 * ends when the timeout expires or when enough packets 494 * have arrived to fill the store buffer. 495 */ 496 while (d->bd_hbuf == 0) { 497 if (fp->f_flag & FNONBLOCK) { 498 if (d->bd_slen == 0) { 499 splx(s); 500 KERNEL_UNLOCK_ONE(NULL); 501 return (EWOULDBLOCK); 502 } 503 ROTATE_BUFFERS(d); 504 break; 505 } 506 507 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 508 /* 509 * A packet(s) either arrived since the previous 510 * read or arrived while we were asleep. 511 * Rotate the buffers and return what's here. 512 */ 513 ROTATE_BUFFERS(d); 514 break; 515 } 516 error = tsleep(d, PRINET|PCATCH, "bpf", 517 d->bd_rtout); 518 if (error == EINTR || error == ERESTART) { 519 splx(s); 520 KERNEL_UNLOCK_ONE(NULL); 521 return (error); 522 } 523 if (error == EWOULDBLOCK) { 524 /* 525 * On a timeout, return what's in the buffer, 526 * which may be nothing. If there is something 527 * in the store buffer, we can rotate the buffers. 528 */ 529 if (d->bd_hbuf) 530 /* 531 * We filled up the buffer in between 532 * getting the timeout and arriving 533 * here, so we don't need to rotate. 534 */ 535 break; 536 537 if (d->bd_slen == 0) { 538 splx(s); 539 KERNEL_UNLOCK_ONE(NULL); 540 return (0); 541 } 542 ROTATE_BUFFERS(d); 543 break; 544 } 545 if (error != 0) 546 goto done; 547 } 548 /* 549 * At this point, we know we have something in the hold slot. 550 */ 551 splx(s); 552 553 /* 554 * Move data from hold buffer into user space. 555 * We know the entire buffer is transferred since 556 * we checked above that the read buffer is bpf_bufsize bytes. 557 */ 558 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 559 560 s = splnet(); 561 d->bd_fbuf = d->bd_hbuf; 562 d->bd_hbuf = 0; 563 d->bd_hlen = 0; 564 done: 565 splx(s); 566 KERNEL_UNLOCK_ONE(NULL); 567 return (error); 568 } 569 570 571 /* 572 * If there are processes sleeping on this descriptor, wake them up. 573 */ 574 static inline void 575 bpf_wakeup(struct bpf_d *d) 576 { 577 wakeup(d); 578 if (d->bd_async) 579 softint_schedule(d->bd_sih); 580 selnotify(&d->bd_sel, 0, 0); 581 } 582 583 static void 584 bpf_softintr(void *cookie) 585 { 586 struct bpf_d *d; 587 588 d = cookie; 589 if (d->bd_async) 590 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 591 } 592 593 static void 594 bpf_timed_out(void *arg) 595 { 596 struct bpf_d *d = arg; 597 int s; 598 599 s = splnet(); 600 if (d->bd_state == BPF_WAITING) { 601 d->bd_state = BPF_TIMED_OUT; 602 if (d->bd_slen != 0) 603 bpf_wakeup(d); 604 } 605 splx(s); 606 } 607 608 609 static int 610 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 611 kauth_cred_t cred, int flags) 612 { 613 struct bpf_d *d = fp->f_data; 614 struct ifnet *ifp; 615 struct mbuf *m; 616 int error, s; 617 static struct sockaddr_storage dst; 618 619 m = NULL; /* XXX gcc */ 620 621 KERNEL_LOCK(1, NULL); 622 623 if (d->bd_bif == 0) { 624 KERNEL_UNLOCK_ONE(NULL); 625 return (ENXIO); 626 } 627 628 ifp = d->bd_bif->bif_ifp; 629 630 if (uio->uio_resid == 0) { 631 KERNEL_UNLOCK_ONE(NULL); 632 return (0); 633 } 634 635 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 636 (struct sockaddr *) &dst); 637 if (error) { 638 KERNEL_UNLOCK_ONE(NULL); 639 return (error); 640 } 641 642 if (m->m_pkthdr.len > ifp->if_mtu) { 643 KERNEL_UNLOCK_ONE(NULL); 644 m_freem(m); 645 return (EMSGSIZE); 646 } 647 648 if (d->bd_hdrcmplt) 649 dst.ss_family = pseudo_AF_HDRCMPLT; 650 651 s = splsoftnet(); 652 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 653 splx(s); 654 KERNEL_UNLOCK_ONE(NULL); 655 /* 656 * The driver frees the mbuf. 657 */ 658 return (error); 659 } 660 661 /* 662 * Reset a descriptor by flushing its packet buffer and clearing the 663 * receive and drop counts. Should be called at splnet. 664 */ 665 static void 666 reset_d(struct bpf_d *d) 667 { 668 if (d->bd_hbuf) { 669 /* Free the hold buffer. */ 670 d->bd_fbuf = d->bd_hbuf; 671 d->bd_hbuf = 0; 672 } 673 d->bd_slen = 0; 674 d->bd_hlen = 0; 675 d->bd_rcount = 0; 676 d->bd_dcount = 0; 677 d->bd_ccount = 0; 678 } 679 680 /* 681 * FIONREAD Check for read packet available. 682 * BIOCGBLEN Get buffer len [for read()]. 683 * BIOCSETF Set ethernet read filter. 684 * BIOCFLUSH Flush read packet buffer. 685 * BIOCPROMISC Put interface into promiscuous mode. 686 * BIOCGDLT Get link layer type. 687 * BIOCGETIF Get interface name. 688 * BIOCSETIF Set interface. 689 * BIOCSRTIMEOUT Set read timeout. 690 * BIOCGRTIMEOUT Get read timeout. 691 * BIOCGSTATS Get packet stats. 692 * BIOCIMMEDIATE Set immediate mode. 693 * BIOCVERSION Get filter language version. 694 * BIOCGHDRCMPLT Get "header already complete" flag. 695 * BIOCSHDRCMPLT Set "header already complete" flag. 696 */ 697 /* ARGSUSED */ 698 static int 699 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 700 { 701 struct bpf_d *d = fp->f_data; 702 int s, error = 0; 703 704 /* 705 * Refresh the PID associated with this bpf file. 706 */ 707 KERNEL_LOCK(1, NULL); 708 d->bd_pid = curproc->p_pid; 709 710 s = splnet(); 711 if (d->bd_state == BPF_WAITING) 712 callout_stop(&d->bd_callout); 713 d->bd_state = BPF_IDLE; 714 splx(s); 715 716 switch (cmd) { 717 718 default: 719 error = EINVAL; 720 break; 721 722 /* 723 * Check for read packet available. 724 */ 725 case FIONREAD: 726 { 727 int n; 728 729 s = splnet(); 730 n = d->bd_slen; 731 if (d->bd_hbuf) 732 n += d->bd_hlen; 733 splx(s); 734 735 *(int *)addr = n; 736 break; 737 } 738 739 /* 740 * Get buffer len [for read()]. 741 */ 742 case BIOCGBLEN: 743 *(u_int *)addr = d->bd_bufsize; 744 break; 745 746 /* 747 * Set buffer length. 748 */ 749 case BIOCSBLEN: 750 if (d->bd_bif != 0) 751 error = EINVAL; 752 else { 753 u_int size = *(u_int *)addr; 754 755 if (size > bpf_maxbufsize) 756 *(u_int *)addr = size = bpf_maxbufsize; 757 else if (size < BPF_MINBUFSIZE) 758 *(u_int *)addr = size = BPF_MINBUFSIZE; 759 d->bd_bufsize = size; 760 } 761 break; 762 763 /* 764 * Set link layer read filter. 765 */ 766 case BIOCSETF: 767 error = bpf_setf(d, addr); 768 break; 769 770 /* 771 * Flush read packet buffer. 772 */ 773 case BIOCFLUSH: 774 s = splnet(); 775 reset_d(d); 776 splx(s); 777 break; 778 779 /* 780 * Put interface into promiscuous mode. 781 */ 782 case BIOCPROMISC: 783 if (d->bd_bif == 0) { 784 /* 785 * No interface attached yet. 786 */ 787 error = EINVAL; 788 break; 789 } 790 s = splnet(); 791 if (d->bd_promisc == 0) { 792 error = ifpromisc(d->bd_bif->bif_ifp, 1); 793 if (error == 0) 794 d->bd_promisc = 1; 795 } 796 splx(s); 797 break; 798 799 /* 800 * Get device parameters. 801 */ 802 case BIOCGDLT: 803 if (d->bd_bif == 0) 804 error = EINVAL; 805 else 806 *(u_int *)addr = d->bd_bif->bif_dlt; 807 break; 808 809 /* 810 * Get a list of supported device parameters. 811 */ 812 case BIOCGDLTLIST: 813 if (d->bd_bif == 0) 814 error = EINVAL; 815 else 816 error = bpf_getdltlist(d, addr); 817 break; 818 819 /* 820 * Set device parameters. 821 */ 822 case BIOCSDLT: 823 if (d->bd_bif == 0) 824 error = EINVAL; 825 else 826 error = bpf_setdlt(d, *(u_int *)addr); 827 break; 828 829 /* 830 * Set interface name. 831 */ 832 #ifdef OBIOCGETIF 833 case OBIOCGETIF: 834 #endif 835 case BIOCGETIF: 836 if (d->bd_bif == 0) 837 error = EINVAL; 838 else 839 bpf_ifname(d->bd_bif->bif_ifp, addr); 840 break; 841 842 /* 843 * Set interface. 844 */ 845 #ifdef OBIOCSETIF 846 case OBIOCSETIF: 847 #endif 848 case BIOCSETIF: 849 error = bpf_setif(d, addr); 850 break; 851 852 /* 853 * Set read timeout. 854 */ 855 case BIOCSRTIMEOUT: 856 { 857 struct timeval *tv = addr; 858 859 /* Compute number of ticks. */ 860 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 861 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 862 d->bd_rtout = 1; 863 break; 864 } 865 866 #ifdef BIOCGORTIMEOUT 867 /* 868 * Get read timeout. 869 */ 870 case BIOCGORTIMEOUT: 871 { 872 struct timeval50 *tv = addr; 873 874 tv->tv_sec = d->bd_rtout / hz; 875 tv->tv_usec = (d->bd_rtout % hz) * tick; 876 break; 877 } 878 #endif 879 880 #ifdef BIOCSORTIMEOUT 881 /* 882 * Set read timeout. 883 */ 884 case BIOCSORTIMEOUT: 885 { 886 struct timeval50 *tv = addr; 887 888 /* Compute number of ticks. */ 889 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 890 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 891 d->bd_rtout = 1; 892 break; 893 } 894 #endif 895 896 /* 897 * Get read timeout. 898 */ 899 case BIOCGRTIMEOUT: 900 { 901 struct timeval *tv = addr; 902 903 tv->tv_sec = d->bd_rtout / hz; 904 tv->tv_usec = (d->bd_rtout % hz) * tick; 905 break; 906 } 907 /* 908 * Get packet stats. 909 */ 910 case BIOCGSTATS: 911 { 912 struct bpf_stat *bs = addr; 913 914 bs->bs_recv = d->bd_rcount; 915 bs->bs_drop = d->bd_dcount; 916 bs->bs_capt = d->bd_ccount; 917 break; 918 } 919 920 case BIOCGSTATSOLD: 921 { 922 struct bpf_stat_old *bs = addr; 923 924 bs->bs_recv = d->bd_rcount; 925 bs->bs_drop = d->bd_dcount; 926 break; 927 } 928 929 /* 930 * Set immediate mode. 931 */ 932 case BIOCIMMEDIATE: 933 d->bd_immediate = *(u_int *)addr; 934 break; 935 936 case BIOCVERSION: 937 { 938 struct bpf_version *bv = addr; 939 940 bv->bv_major = BPF_MAJOR_VERSION; 941 bv->bv_minor = BPF_MINOR_VERSION; 942 break; 943 } 944 945 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 946 *(u_int *)addr = d->bd_hdrcmplt; 947 break; 948 949 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 950 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 951 break; 952 953 /* 954 * Get "see sent packets" flag 955 */ 956 case BIOCGSEESENT: 957 *(u_int *)addr = d->bd_seesent; 958 break; 959 960 /* 961 * Set "see sent" packets flag 962 */ 963 case BIOCSSEESENT: 964 d->bd_seesent = *(u_int *)addr; 965 break; 966 967 case FIONBIO: /* Non-blocking I/O */ 968 /* 969 * No need to do anything special as we use IO_NDELAY in 970 * bpfread() as an indication of whether or not to block 971 * the read. 972 */ 973 break; 974 975 case FIOASYNC: /* Send signal on receive packets */ 976 d->bd_async = *(int *)addr; 977 break; 978 979 case TIOCSPGRP: /* Process or group to send signals to */ 980 case FIOSETOWN: 981 error = fsetown(&d->bd_pgid, cmd, addr); 982 break; 983 984 case TIOCGPGRP: 985 case FIOGETOWN: 986 error = fgetown(d->bd_pgid, cmd, addr); 987 break; 988 } 989 KERNEL_UNLOCK_ONE(NULL); 990 return (error); 991 } 992 993 /* 994 * Set d's packet filter program to fp. If this file already has a filter, 995 * free it and replace it. Returns EINVAL for bogus requests. 996 */ 997 int 998 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 999 { 1000 struct bpf_insn *fcode, *old; 1001 u_int flen, size; 1002 int s; 1003 1004 old = d->bd_filter; 1005 if (fp->bf_insns == 0) { 1006 if (fp->bf_len != 0) 1007 return (EINVAL); 1008 s = splnet(); 1009 d->bd_filter = 0; 1010 reset_d(d); 1011 splx(s); 1012 if (old != 0) 1013 free(old, M_DEVBUF); 1014 return (0); 1015 } 1016 flen = fp->bf_len; 1017 if (flen > BPF_MAXINSNS) 1018 return (EINVAL); 1019 1020 size = flen * sizeof(*fp->bf_insns); 1021 fcode = malloc(size, M_DEVBUF, M_WAITOK); 1022 if (copyin(fp->bf_insns, fcode, size) == 0 && 1023 bpf_validate(fcode, (int)flen)) { 1024 s = splnet(); 1025 d->bd_filter = fcode; 1026 reset_d(d); 1027 splx(s); 1028 if (old != 0) 1029 free(old, M_DEVBUF); 1030 1031 return (0); 1032 } 1033 free(fcode, M_DEVBUF); 1034 return (EINVAL); 1035 } 1036 1037 /* 1038 * Detach a file from its current interface (if attached at all) and attach 1039 * to the interface indicated by the name stored in ifr. 1040 * Return an errno or 0. 1041 */ 1042 static int 1043 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1044 { 1045 struct bpf_if *bp; 1046 char *cp; 1047 int unit_seen, i, s, error; 1048 1049 /* 1050 * Make sure the provided name has a unit number, and default 1051 * it to '0' if not specified. 1052 * XXX This is ugly ... do this differently? 1053 */ 1054 unit_seen = 0; 1055 cp = ifr->ifr_name; 1056 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1057 while (*cp++) 1058 if (*cp >= '0' && *cp <= '9') 1059 unit_seen = 1; 1060 if (!unit_seen) { 1061 /* Make sure to leave room for the '\0'. */ 1062 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1063 if ((ifr->ifr_name[i] >= 'a' && 1064 ifr->ifr_name[i] <= 'z') || 1065 (ifr->ifr_name[i] >= 'A' && 1066 ifr->ifr_name[i] <= 'Z')) 1067 continue; 1068 ifr->ifr_name[i] = '0'; 1069 } 1070 } 1071 1072 /* 1073 * Look through attached interfaces for the named one. 1074 */ 1075 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1076 struct ifnet *ifp = bp->bif_ifp; 1077 1078 if (ifp == 0 || 1079 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1080 continue; 1081 /* skip additional entry */ 1082 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1083 continue; 1084 /* 1085 * We found the requested interface. 1086 * Allocate the packet buffers if we need to. 1087 * If we're already attached to requested interface, 1088 * just flush the buffer. 1089 */ 1090 if (d->bd_sbuf == 0) { 1091 error = bpf_allocbufs(d); 1092 if (error != 0) 1093 return (error); 1094 } 1095 s = splnet(); 1096 if (bp != d->bd_bif) { 1097 if (d->bd_bif) 1098 /* 1099 * Detach if attached to something else. 1100 */ 1101 bpf_detachd(d); 1102 1103 bpf_attachd(d, bp); 1104 } 1105 reset_d(d); 1106 splx(s); 1107 return (0); 1108 } 1109 /* Not found. */ 1110 return (ENXIO); 1111 } 1112 1113 /* 1114 * Copy the interface name to the ifreq. 1115 */ 1116 static void 1117 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1118 { 1119 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1120 } 1121 1122 /* 1123 * Support for poll() system call 1124 * 1125 * Return true iff the specific operation will not block indefinitely - with 1126 * the assumption that it is safe to positively acknowledge a request for the 1127 * ability to write to the BPF device. 1128 * Otherwise, return false but make a note that a selnotify() must be done. 1129 */ 1130 static int 1131 bpf_poll(struct file *fp, int events) 1132 { 1133 struct bpf_d *d = fp->f_data; 1134 int s = splnet(); 1135 int revents; 1136 1137 /* 1138 * Refresh the PID associated with this bpf file. 1139 */ 1140 KERNEL_LOCK(1, NULL); 1141 d->bd_pid = curproc->p_pid; 1142 1143 revents = events & (POLLOUT | POLLWRNORM); 1144 if (events & (POLLIN | POLLRDNORM)) { 1145 /* 1146 * An imitation of the FIONREAD ioctl code. 1147 */ 1148 if (d->bd_hlen != 0 || 1149 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1150 d->bd_slen != 0)) { 1151 revents |= events & (POLLIN | POLLRDNORM); 1152 } else { 1153 selrecord(curlwp, &d->bd_sel); 1154 /* Start the read timeout if necessary */ 1155 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1156 callout_reset(&d->bd_callout, d->bd_rtout, 1157 bpf_timed_out, d); 1158 d->bd_state = BPF_WAITING; 1159 } 1160 } 1161 } 1162 1163 KERNEL_UNLOCK_ONE(NULL); 1164 splx(s); 1165 return (revents); 1166 } 1167 1168 static void 1169 filt_bpfrdetach(struct knote *kn) 1170 { 1171 struct bpf_d *d = kn->kn_hook; 1172 int s; 1173 1174 KERNEL_LOCK(1, NULL); 1175 s = splnet(); 1176 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1177 splx(s); 1178 KERNEL_UNLOCK_ONE(NULL); 1179 } 1180 1181 static int 1182 filt_bpfread(struct knote *kn, long hint) 1183 { 1184 struct bpf_d *d = kn->kn_hook; 1185 int rv; 1186 1187 KERNEL_LOCK(1, NULL); 1188 kn->kn_data = d->bd_hlen; 1189 if (d->bd_immediate) 1190 kn->kn_data += d->bd_slen; 1191 rv = (kn->kn_data > 0); 1192 KERNEL_UNLOCK_ONE(NULL); 1193 return rv; 1194 } 1195 1196 static const struct filterops bpfread_filtops = 1197 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1198 1199 static int 1200 bpf_kqfilter(struct file *fp, struct knote *kn) 1201 { 1202 struct bpf_d *d = fp->f_data; 1203 struct klist *klist; 1204 int s; 1205 1206 KERNEL_LOCK(1, NULL); 1207 1208 switch (kn->kn_filter) { 1209 case EVFILT_READ: 1210 klist = &d->bd_sel.sel_klist; 1211 kn->kn_fop = &bpfread_filtops; 1212 break; 1213 1214 default: 1215 KERNEL_UNLOCK_ONE(NULL); 1216 return (EINVAL); 1217 } 1218 1219 kn->kn_hook = d; 1220 1221 s = splnet(); 1222 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1223 splx(s); 1224 KERNEL_UNLOCK_ONE(NULL); 1225 1226 return (0); 1227 } 1228 1229 /* 1230 * Incoming linkage from device drivers. Process the packet pkt, of length 1231 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1232 * by each process' filter, and if accepted, stashed into the corresponding 1233 * buffer. 1234 */ 1235 void 1236 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1237 { 1238 struct bpf_if *bp; 1239 struct bpf_d *d; 1240 u_int slen; 1241 struct timespec ts; 1242 int gottime=0; 1243 1244 /* 1245 * Note that the ipl does not have to be raised at this point. 1246 * The only problem that could arise here is that if two different 1247 * interfaces shared any data. This is not the case. 1248 */ 1249 bp = arg; 1250 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1251 ++d->bd_rcount; 1252 ++bpf_gstats.bs_recv; 1253 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1254 if (slen != 0) { 1255 if (!gottime) { 1256 nanotime(&ts); 1257 gottime = 1; 1258 } 1259 catchpacket(d, pkt, pktlen, slen, memcpy, &ts); 1260 } 1261 } 1262 } 1263 1264 /* 1265 * Copy data from an mbuf chain into a buffer. This code is derived 1266 * from m_copydata in sys/uipc_mbuf.c. 1267 */ 1268 static void * 1269 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1270 { 1271 const struct mbuf *m; 1272 u_int count; 1273 u_char *dst; 1274 1275 m = src_arg; 1276 dst = dst_arg; 1277 while (len > 0) { 1278 if (m == NULL) 1279 panic("bpf_mcpy"); 1280 count = min(m->m_len, len); 1281 memcpy(dst, mtod(m, const void *), count); 1282 m = m->m_next; 1283 dst += count; 1284 len -= count; 1285 } 1286 return dst_arg; 1287 } 1288 1289 /* 1290 * Dispatch a packet to all the listeners on interface bp. 1291 * 1292 * marg pointer to the packet, either a data buffer or an mbuf chain 1293 * buflen buffer length, if marg is a data buffer 1294 * cpfn a function that can copy marg into the listener's buffer 1295 * pktlen length of the packet 1296 * rcvif either NULL or the interface the packet came in on. 1297 */ 1298 static inline void 1299 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1300 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1301 { 1302 u_int slen; 1303 struct bpf_d *d; 1304 struct timespec ts; 1305 int gottime = 0; 1306 1307 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1308 if (!d->bd_seesent && (rcvif == NULL)) 1309 continue; 1310 ++d->bd_rcount; 1311 ++bpf_gstats.bs_recv; 1312 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1313 if (slen != 0) { 1314 if(!gottime) { 1315 nanotime(&ts); 1316 gottime = 1; 1317 } 1318 catchpacket(d, marg, pktlen, slen, cpfn, &ts); 1319 } 1320 } 1321 } 1322 1323 /* 1324 * Incoming linkage from device drivers, when the head of the packet is in 1325 * a buffer, and the tail is in an mbuf chain. 1326 */ 1327 void 1328 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1329 { 1330 struct bpf_if *bp = arg; 1331 u_int pktlen; 1332 struct mbuf mb; 1333 1334 pktlen = m_length(m) + dlen; 1335 1336 /* 1337 * Craft on-stack mbuf suitable for passing to bpf_filter. 1338 * Note that we cut corners here; we only setup what's 1339 * absolutely needed--this mbuf should never go anywhere else. 1340 */ 1341 (void)memset(&mb, 0, sizeof(mb)); 1342 mb.m_next = m; 1343 mb.m_data = data; 1344 mb.m_len = dlen; 1345 1346 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1347 } 1348 1349 /* 1350 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1351 */ 1352 void 1353 bpf_mtap(void *arg, struct mbuf *m) 1354 { 1355 void *(*cpfn)(void *, const void *, size_t); 1356 struct bpf_if *bp = arg; 1357 u_int pktlen, buflen; 1358 void *marg; 1359 1360 pktlen = m_length(m); 1361 1362 if (pktlen == m->m_len) { 1363 cpfn = (void *)memcpy; 1364 marg = mtod(m, void *); 1365 buflen = pktlen; 1366 } else { 1367 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1368 cpfn = bpf_mcpy; 1369 marg = m; 1370 buflen = 0; 1371 } 1372 1373 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1374 } 1375 1376 /* 1377 * We need to prepend the address family as 1378 * a four byte field. Cons up a dummy header 1379 * to pacify bpf. This is safe because bpf 1380 * will only read from the mbuf (i.e., it won't 1381 * try to free it or keep a pointer a to it). 1382 */ 1383 void 1384 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1385 { 1386 struct mbuf m0; 1387 1388 m0.m_flags = 0; 1389 m0.m_next = m; 1390 m0.m_len = 4; 1391 m0.m_data = (char *)⁡ 1392 1393 bpf_mtap(arg, &m0); 1394 } 1395 1396 void 1397 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1398 { 1399 struct mbuf m0; 1400 1401 m0.m_flags = 0; 1402 m0.m_next = m; 1403 m0.m_len = 14; 1404 m0.m_data = m0.m_dat; 1405 1406 ((uint32_t *)m0.m_data)[0] = 0; 1407 ((uint32_t *)m0.m_data)[1] = 0; 1408 ((uint32_t *)m0.m_data)[2] = 0; 1409 ((uint16_t *)m0.m_data)[6] = et; 1410 1411 bpf_mtap(arg, &m0); 1412 } 1413 1414 #if NSL > 0 || NSTRIP > 0 1415 /* 1416 * Put the SLIP pseudo-"link header" in place. 1417 * Note this M_PREPEND() should never fail, 1418 * swince we know we always have enough space 1419 * in the input buffer. 1420 */ 1421 void 1422 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1423 { 1424 int s; 1425 u_char *hp; 1426 1427 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1428 if (*m == NULL) 1429 return; 1430 1431 hp = mtod(*m, u_char *); 1432 hp[SLX_DIR] = SLIPDIR_IN; 1433 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1434 1435 s = splnet(); 1436 bpf_mtap(arg, *m); 1437 splx(s); 1438 1439 m_adj(*m, SLIP_HDRLEN); 1440 } 1441 1442 /* 1443 * Put the SLIP pseudo-"link header" in 1444 * place. The compressed header is now 1445 * at the beginning of the mbuf. 1446 */ 1447 void 1448 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1449 { 1450 struct mbuf m0; 1451 u_char *hp; 1452 int s; 1453 1454 m0.m_flags = 0; 1455 m0.m_next = m; 1456 m0.m_data = m0.m_dat; 1457 m0.m_len = SLIP_HDRLEN; 1458 1459 hp = mtod(&m0, u_char *); 1460 1461 hp[SLX_DIR] = SLIPDIR_OUT; 1462 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1463 1464 s = splnet(); 1465 bpf_mtap(arg, &m0); 1466 splx(s); 1467 m_freem(m); 1468 } 1469 #endif 1470 1471 /* 1472 * Move the packet data from interface memory (pkt) into the 1473 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1474 * otherwise 0. "copy" is the routine called to do the actual data 1475 * transfer. memcpy is passed in to copy contiguous chunks, while 1476 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1477 * pkt is really an mbuf. 1478 */ 1479 static void 1480 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1481 void *(*cpfn)(void *, const void *, size_t), struct timespec *ts) 1482 { 1483 struct bpf_hdr *hp; 1484 int totlen, curlen; 1485 int hdrlen = d->bd_bif->bif_hdrlen; 1486 int do_wakeup = 0; 1487 1488 ++d->bd_ccount; 1489 ++bpf_gstats.bs_capt; 1490 /* 1491 * Figure out how many bytes to move. If the packet is 1492 * greater or equal to the snapshot length, transfer that 1493 * much. Otherwise, transfer the whole packet (unless 1494 * we hit the buffer size limit). 1495 */ 1496 totlen = hdrlen + min(snaplen, pktlen); 1497 if (totlen > d->bd_bufsize) 1498 totlen = d->bd_bufsize; 1499 1500 /* 1501 * Round up the end of the previous packet to the next longword. 1502 */ 1503 curlen = BPF_WORDALIGN(d->bd_slen); 1504 if (curlen + totlen > d->bd_bufsize) { 1505 /* 1506 * This packet will overflow the storage buffer. 1507 * Rotate the buffers if we can, then wakeup any 1508 * pending reads. 1509 */ 1510 if (d->bd_fbuf == 0) { 1511 /* 1512 * We haven't completed the previous read yet, 1513 * so drop the packet. 1514 */ 1515 ++d->bd_dcount; 1516 ++bpf_gstats.bs_drop; 1517 return; 1518 } 1519 ROTATE_BUFFERS(d); 1520 do_wakeup = 1; 1521 curlen = 0; 1522 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1523 /* 1524 * Immediate mode is set, or the read timeout has 1525 * already expired during a select call. A packet 1526 * arrived, so the reader should be woken up. 1527 */ 1528 do_wakeup = 1; 1529 } 1530 1531 /* 1532 * Append the bpf header. 1533 */ 1534 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1535 hp->bh_tstamp.tv_sec = ts->tv_sec; 1536 hp->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1537 hp->bh_datalen = pktlen; 1538 hp->bh_hdrlen = hdrlen; 1539 /* 1540 * Copy the packet data into the store buffer and update its length. 1541 */ 1542 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1543 d->bd_slen = curlen + totlen; 1544 1545 /* 1546 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1547 * will cause filt_bpfread() to be called with it adjusted. 1548 */ 1549 if (do_wakeup) 1550 bpf_wakeup(d); 1551 } 1552 1553 /* 1554 * Initialize all nonzero fields of a descriptor. 1555 */ 1556 static int 1557 bpf_allocbufs(struct bpf_d *d) 1558 { 1559 1560 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1561 if (!d->bd_fbuf) 1562 return (ENOBUFS); 1563 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1564 if (!d->bd_sbuf) { 1565 free(d->bd_fbuf, M_DEVBUF); 1566 return (ENOBUFS); 1567 } 1568 d->bd_slen = 0; 1569 d->bd_hlen = 0; 1570 return (0); 1571 } 1572 1573 /* 1574 * Free buffers currently in use by a descriptor. 1575 * Called on close. 1576 */ 1577 static void 1578 bpf_freed(struct bpf_d *d) 1579 { 1580 /* 1581 * We don't need to lock out interrupts since this descriptor has 1582 * been detached from its interface and it yet hasn't been marked 1583 * free. 1584 */ 1585 if (d->bd_sbuf != 0) { 1586 free(d->bd_sbuf, M_DEVBUF); 1587 if (d->bd_hbuf != 0) 1588 free(d->bd_hbuf, M_DEVBUF); 1589 if (d->bd_fbuf != 0) 1590 free(d->bd_fbuf, M_DEVBUF); 1591 } 1592 if (d->bd_filter) 1593 free(d->bd_filter, M_DEVBUF); 1594 } 1595 1596 /* 1597 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1598 * fixed size of the link header (variable length headers not yet supported). 1599 */ 1600 void 1601 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1602 { 1603 1604 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1605 } 1606 1607 /* 1608 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1609 * hdrlen is the fixed size of the link header for the specified dlt 1610 * (variable length headers not yet supported). 1611 */ 1612 void 1613 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1614 { 1615 struct bpf_if *bp; 1616 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1617 if (bp == 0) 1618 panic("bpfattach"); 1619 1620 bp->bif_dlist = 0; 1621 bp->bif_driverp = driverp; 1622 bp->bif_ifp = ifp; 1623 bp->bif_dlt = dlt; 1624 1625 bp->bif_next = bpf_iflist; 1626 bpf_iflist = bp; 1627 1628 *bp->bif_driverp = 0; 1629 1630 /* 1631 * Compute the length of the bpf header. This is not necessarily 1632 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1633 * that the network layer header begins on a longword boundary (for 1634 * performance reasons and to alleviate alignment restrictions). 1635 */ 1636 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1637 1638 #if 0 1639 printf("bpf: %s attached\n", ifp->if_xname); 1640 #endif 1641 } 1642 1643 /* 1644 * Remove an interface from bpf. 1645 */ 1646 void 1647 bpfdetach(struct ifnet *ifp) 1648 { 1649 struct bpf_if *bp, **pbp; 1650 struct bpf_d *d; 1651 int s; 1652 1653 /* Nuke the vnodes for any open instances */ 1654 LIST_FOREACH(d, &bpf_list, bd_list) { 1655 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1656 /* 1657 * Detach the descriptor from an interface now. 1658 * It will be free'ed later by close routine. 1659 */ 1660 s = splnet(); 1661 d->bd_promisc = 0; /* we can't touch device. */ 1662 bpf_detachd(d); 1663 splx(s); 1664 } 1665 } 1666 1667 again: 1668 for (bp = bpf_iflist, pbp = &bpf_iflist; 1669 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1670 if (bp->bif_ifp == ifp) { 1671 *pbp = bp->bif_next; 1672 free(bp, M_DEVBUF); 1673 goto again; 1674 } 1675 } 1676 } 1677 1678 /* 1679 * Change the data link type of a interface. 1680 */ 1681 void 1682 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1683 { 1684 struct bpf_if *bp; 1685 1686 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1687 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1688 break; 1689 } 1690 if (bp == NULL) 1691 panic("bpf_change_type"); 1692 1693 bp->bif_dlt = dlt; 1694 1695 /* 1696 * Compute the length of the bpf header. This is not necessarily 1697 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1698 * that the network layer header begins on a longword boundary (for 1699 * performance reasons and to alleviate alignment restrictions). 1700 */ 1701 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1702 } 1703 1704 /* 1705 * Get a list of available data link type of the interface. 1706 */ 1707 static int 1708 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1709 { 1710 int n, error; 1711 struct ifnet *ifp; 1712 struct bpf_if *bp; 1713 1714 ifp = d->bd_bif->bif_ifp; 1715 n = 0; 1716 error = 0; 1717 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1718 if (bp->bif_ifp != ifp) 1719 continue; 1720 if (bfl->bfl_list != NULL) { 1721 if (n >= bfl->bfl_len) 1722 return ENOMEM; 1723 error = copyout(&bp->bif_dlt, 1724 bfl->bfl_list + n, sizeof(u_int)); 1725 } 1726 n++; 1727 } 1728 bfl->bfl_len = n; 1729 return error; 1730 } 1731 1732 /* 1733 * Set the data link type of a BPF instance. 1734 */ 1735 static int 1736 bpf_setdlt(struct bpf_d *d, u_int dlt) 1737 { 1738 int s, error, opromisc; 1739 struct ifnet *ifp; 1740 struct bpf_if *bp; 1741 1742 if (d->bd_bif->bif_dlt == dlt) 1743 return 0; 1744 ifp = d->bd_bif->bif_ifp; 1745 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1746 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1747 break; 1748 } 1749 if (bp == NULL) 1750 return EINVAL; 1751 s = splnet(); 1752 opromisc = d->bd_promisc; 1753 bpf_detachd(d); 1754 bpf_attachd(d, bp); 1755 reset_d(d); 1756 if (opromisc) { 1757 error = ifpromisc(bp->bif_ifp, 1); 1758 if (error) 1759 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1760 bp->bif_ifp->if_xname, error); 1761 else 1762 d->bd_promisc = 1; 1763 } 1764 splx(s); 1765 return 0; 1766 } 1767 1768 static int 1769 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1770 { 1771 int newsize, error; 1772 struct sysctlnode node; 1773 1774 node = *rnode; 1775 node.sysctl_data = &newsize; 1776 newsize = bpf_maxbufsize; 1777 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1778 if (error || newp == NULL) 1779 return (error); 1780 1781 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1782 return (EINVAL); 1783 1784 bpf_maxbufsize = newsize; 1785 1786 return (0); 1787 } 1788 1789 static int 1790 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1791 { 1792 int error, elem_count; 1793 struct bpf_d *dp; 1794 struct bpf_d_ext dpe; 1795 size_t len, needed, elem_size, out_size; 1796 char *sp; 1797 1798 if (namelen == 1 && name[0] == CTL_QUERY) 1799 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1800 1801 if (namelen != 2) 1802 return (EINVAL); 1803 1804 /* BPF peers is privileged information. */ 1805 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1806 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1807 if (error) 1808 return (EPERM); 1809 1810 len = (oldp != NULL) ? *oldlenp : 0; 1811 sp = oldp; 1812 elem_size = name[0]; 1813 elem_count = name[1]; 1814 out_size = MIN(sizeof(dpe), elem_size); 1815 needed = 0; 1816 1817 if (elem_size < 1 || elem_count < 0) 1818 return (EINVAL); 1819 1820 mutex_enter(&bpf_mtx); 1821 LIST_FOREACH(dp, &bpf_list, bd_list) { 1822 if (len >= elem_size && elem_count > 0) { 1823 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1824 BPF_EXT(bufsize); 1825 BPF_EXT(promisc); 1826 BPF_EXT(promisc); 1827 BPF_EXT(state); 1828 BPF_EXT(immediate); 1829 BPF_EXT(hdrcmplt); 1830 BPF_EXT(seesent); 1831 BPF_EXT(pid); 1832 BPF_EXT(rcount); 1833 BPF_EXT(dcount); 1834 BPF_EXT(ccount); 1835 #undef BPF_EXT 1836 if (dp->bd_bif) 1837 (void)strlcpy(dpe.bde_ifname, 1838 dp->bd_bif->bif_ifp->if_xname, 1839 IFNAMSIZ - 1); 1840 else 1841 dpe.bde_ifname[0] = '\0'; 1842 1843 error = copyout(&dpe, sp, out_size); 1844 if (error) 1845 break; 1846 sp += elem_size; 1847 len -= elem_size; 1848 } 1849 if (elem_count > 0) { 1850 needed += elem_size; 1851 if (elem_count != INT_MAX) 1852 elem_count--; 1853 } 1854 } 1855 mutex_exit(&bpf_mtx); 1856 1857 *oldlenp = needed; 1858 1859 return (error); 1860 } 1861 1862 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1863 { 1864 const struct sysctlnode *node; 1865 1866 sysctl_createv(clog, 0, NULL, NULL, 1867 CTLFLAG_PERMANENT, 1868 CTLTYPE_NODE, "net", NULL, 1869 NULL, 0, NULL, 0, 1870 CTL_NET, CTL_EOL); 1871 1872 node = NULL; 1873 sysctl_createv(clog, 0, NULL, &node, 1874 CTLFLAG_PERMANENT, 1875 CTLTYPE_NODE, "bpf", 1876 SYSCTL_DESCR("BPF options"), 1877 NULL, 0, NULL, 0, 1878 CTL_NET, CTL_CREATE, CTL_EOL); 1879 if (node != NULL) { 1880 sysctl_createv(clog, 0, NULL, NULL, 1881 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1882 CTLTYPE_INT, "maxbufsize", 1883 SYSCTL_DESCR("Maximum size for data capture buffer"), 1884 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1885 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1886 sysctl_createv(clog, 0, NULL, NULL, 1887 CTLFLAG_PERMANENT, 1888 CTLTYPE_STRUCT, "stats", 1889 SYSCTL_DESCR("BPF stats"), 1890 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1891 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1892 sysctl_createv(clog, 0, NULL, NULL, 1893 CTLFLAG_PERMANENT, 1894 CTLTYPE_STRUCT, "peers", 1895 SYSCTL_DESCR("BPF peers"), 1896 sysctl_net_bpf_peers, 0, NULL, 0, 1897 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1898 } 1899 1900 } 1901