1 /* $NetBSD: bpf.c,v 1.141 2008/06/15 16:37:21 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.141 2008/06/15 16:37:21 christos Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timeval *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_close(struct file *); 155 static int bpf_kqfilter(struct file *, struct knote *); 156 static void bpf_softintr(void *); 157 158 static const struct fileops bpf_fileops = { 159 bpf_read, 160 bpf_write, 161 bpf_ioctl, 162 fnullop_fcntl, 163 bpf_poll, 164 fbadop_stat, 165 bpf_close, 166 bpf_kqfilter, 167 }; 168 169 dev_type_open(bpfopen); 170 171 const struct cdevsw bpf_cdevsw = { 172 bpfopen, noclose, noread, nowrite, noioctl, 173 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 174 }; 175 176 static int 177 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 178 struct sockaddr *sockp) 179 { 180 struct mbuf *m; 181 int error; 182 int len; 183 int hlen; 184 int align; 185 186 /* 187 * Build a sockaddr based on the data link layer type. 188 * We do this at this level because the ethernet header 189 * is copied directly into the data field of the sockaddr. 190 * In the case of SLIP, there is no header and the packet 191 * is forwarded as is. 192 * Also, we are careful to leave room at the front of the mbuf 193 * for the link level header. 194 */ 195 switch (linktype) { 196 197 case DLT_SLIP: 198 sockp->sa_family = AF_INET; 199 hlen = 0; 200 align = 0; 201 break; 202 203 case DLT_PPP: 204 sockp->sa_family = AF_UNSPEC; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_EN10MB: 210 sockp->sa_family = AF_UNSPEC; 211 /* XXX Would MAXLINKHDR be better? */ 212 /* 6(dst)+6(src)+2(type) */ 213 hlen = sizeof(struct ether_header); 214 align = 2; 215 break; 216 217 case DLT_ARCNET: 218 sockp->sa_family = AF_UNSPEC; 219 hlen = ARC_HDRLEN; 220 align = 5; 221 break; 222 223 case DLT_FDDI: 224 sockp->sa_family = AF_LINK; 225 /* XXX 4(FORMAC)+6(dst)+6(src) */ 226 hlen = 16; 227 align = 0; 228 break; 229 230 case DLT_ECONET: 231 sockp->sa_family = AF_UNSPEC; 232 hlen = 6; 233 align = 2; 234 break; 235 236 case DLT_NULL: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 0; 239 align = 0; 240 break; 241 242 default: 243 return (EIO); 244 } 245 246 len = uio->uio_resid; 247 /* 248 * If there aren't enough bytes for a link level header or the 249 * packet length exceeds the interface mtu, return an error. 250 */ 251 if (len < hlen || len - hlen > mtu) 252 return (EMSGSIZE); 253 254 /* 255 * XXX Avoid complicated buffer chaining --- 256 * bail if it won't fit in a single mbuf. 257 * (Take into account possible alignment bytes) 258 */ 259 if ((unsigned)len > MCLBYTES - align) 260 return (EIO); 261 262 m = m_gethdr(M_WAIT, MT_DATA); 263 m->m_pkthdr.rcvif = 0; 264 m->m_pkthdr.len = len - hlen; 265 if (len > MHLEN - align) { 266 m_clget(m, M_WAIT); 267 if ((m->m_flags & M_EXT) == 0) { 268 error = ENOBUFS; 269 goto bad; 270 } 271 } 272 273 /* Insure the data is properly aligned */ 274 if (align > 0) { 275 m->m_data += align; 276 m->m_len -= align; 277 } 278 279 error = uiomove(mtod(m, void *), len, uio); 280 if (error) 281 goto bad; 282 if (hlen != 0) { 283 memcpy(sockp->sa_data, mtod(m, void *), hlen); 284 m->m_data += hlen; /* XXX */ 285 len -= hlen; 286 } 287 m->m_len = len; 288 *mp = m; 289 return (0); 290 291 bad: 292 m_freem(m); 293 return (error); 294 } 295 296 /* 297 * Attach file to the bpf interface, i.e. make d listen on bp. 298 * Must be called at splnet. 299 */ 300 static void 301 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 302 { 303 /* 304 * Point d at bp, and add d to the interface's list of listeners. 305 * Finally, point the driver's bpf cookie at the interface so 306 * it will divert packets to bpf. 307 */ 308 d->bd_bif = bp; 309 d->bd_next = bp->bif_dlist; 310 bp->bif_dlist = d; 311 312 *bp->bif_driverp = bp; 313 } 314 315 /* 316 * Detach a file from its interface. 317 */ 318 static void 319 bpf_detachd(struct bpf_d *d) 320 { 321 struct bpf_d **p; 322 struct bpf_if *bp; 323 324 bp = d->bd_bif; 325 /* 326 * Check if this descriptor had requested promiscuous mode. 327 * If so, turn it off. 328 */ 329 if (d->bd_promisc) { 330 int error; 331 332 d->bd_promisc = 0; 333 /* 334 * Take device out of promiscuous mode. Since we were 335 * able to enter promiscuous mode, we should be able 336 * to turn it off. But we can get an error if 337 * the interface was configured down, so only panic 338 * if we don't get an unexpected error. 339 */ 340 error = ifpromisc(bp->bif_ifp, 0); 341 if (error && error != EINVAL) 342 panic("bpf: ifpromisc failed"); 343 } 344 /* Remove d from the interface's descriptor list. */ 345 p = &bp->bif_dlist; 346 while (*p != d) { 347 p = &(*p)->bd_next; 348 if (*p == 0) 349 panic("bpf_detachd: descriptor not in list"); 350 } 351 *p = (*p)->bd_next; 352 if (bp->bif_dlist == 0) 353 /* 354 * Let the driver know that there are no more listeners. 355 */ 356 *d->bd_bif->bif_driverp = 0; 357 d->bd_bif = 0; 358 } 359 360 361 /* 362 * Mark a descriptor free by making it point to itself. 363 * This is probably cheaper than marking with a constant since 364 * the address should be in a register anyway. 365 */ 366 367 /* 368 * bpfilterattach() is called at boot time. 369 */ 370 /* ARGSUSED */ 371 void 372 bpfilterattach(int n) 373 { 374 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 mutex_enter(&bpf_mtx); 377 LIST_INIT(&bpf_list); 378 mutex_exit(&bpf_mtx); 379 380 bpf_gstats.bs_recv = 0; 381 bpf_gstats.bs_drop = 0; 382 bpf_gstats.bs_capt = 0; 383 } 384 385 /* 386 * Open ethernet device. Clones. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 391 { 392 struct bpf_d *d; 393 struct file *fp; 394 int error, fd; 395 396 /* falloc() will use the descriptor for us. */ 397 if ((error = fd_allocfile(&fp, &fd)) != 0) 398 return error; 399 400 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 401 d->bd_bufsize = bpf_bufsize; 402 d->bd_seesent = 1; 403 d->bd_pid = l->l_proc->p_pid; 404 callout_init(&d->bd_callout, 0); 405 selinit(&d->bd_sel); 406 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 407 408 mutex_enter(&bpf_mtx); 409 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 410 mutex_exit(&bpf_mtx); 411 412 return fd_clone(fp, fd, flag, &bpf_fileops, d); 413 } 414 415 /* 416 * Close the descriptor by detaching it from its interface, 417 * deallocating its buffers, and marking it free. 418 */ 419 /* ARGSUSED */ 420 static int 421 bpf_close(struct file *fp) 422 { 423 struct bpf_d *d = fp->f_data; 424 int s; 425 426 KERNEL_LOCK(1, NULL); 427 428 /* 429 * Refresh the PID associated with this bpf file. 430 */ 431 d->bd_pid = curproc->p_pid; 432 433 s = splnet(); 434 if (d->bd_state == BPF_WAITING) 435 callout_stop(&d->bd_callout); 436 d->bd_state = BPF_IDLE; 437 if (d->bd_bif) 438 bpf_detachd(d); 439 splx(s); 440 bpf_freed(d); 441 mutex_enter(&bpf_mtx); 442 LIST_REMOVE(d, bd_list); 443 mutex_exit(&bpf_mtx); 444 callout_destroy(&d->bd_callout); 445 seldestroy(&d->bd_sel); 446 softint_disestablish(d->bd_sih); 447 free(d, M_DEVBUF); 448 fp->f_data = NULL; 449 450 KERNEL_UNLOCK_ONE(NULL); 451 452 return (0); 453 } 454 455 /* 456 * Rotate the packet buffers in descriptor d. Move the store buffer 457 * into the hold slot, and the free buffer into the store slot. 458 * Zero the length of the new store buffer. 459 */ 460 #define ROTATE_BUFFERS(d) \ 461 (d)->bd_hbuf = (d)->bd_sbuf; \ 462 (d)->bd_hlen = (d)->bd_slen; \ 463 (d)->bd_sbuf = (d)->bd_fbuf; \ 464 (d)->bd_slen = 0; \ 465 (d)->bd_fbuf = 0; 466 /* 467 * bpfread - read next chunk of packets from buffers 468 */ 469 static int 470 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 471 kauth_cred_t cred, int flags) 472 { 473 struct bpf_d *d = fp->f_data; 474 int timed_out; 475 int error; 476 int s; 477 478 /* 479 * Restrict application to use a buffer the same size as 480 * the kernel buffers. 481 */ 482 if (uio->uio_resid != d->bd_bufsize) 483 return (EINVAL); 484 485 KERNEL_LOCK(1, NULL); 486 s = splnet(); 487 if (d->bd_state == BPF_WAITING) 488 callout_stop(&d->bd_callout); 489 timed_out = (d->bd_state == BPF_TIMED_OUT); 490 d->bd_state = BPF_IDLE; 491 /* 492 * If the hold buffer is empty, then do a timed sleep, which 493 * ends when the timeout expires or when enough packets 494 * have arrived to fill the store buffer. 495 */ 496 while (d->bd_hbuf == 0) { 497 if (fp->f_flag & FNONBLOCK) { 498 if (d->bd_slen == 0) { 499 splx(s); 500 KERNEL_UNLOCK_ONE(NULL); 501 return (EWOULDBLOCK); 502 } 503 ROTATE_BUFFERS(d); 504 break; 505 } 506 507 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 508 /* 509 * A packet(s) either arrived since the previous 510 * read or arrived while we were asleep. 511 * Rotate the buffers and return what's here. 512 */ 513 ROTATE_BUFFERS(d); 514 break; 515 } 516 error = tsleep(d, PRINET|PCATCH, "bpf", 517 d->bd_rtout); 518 if (error == EINTR || error == ERESTART) { 519 splx(s); 520 KERNEL_UNLOCK_ONE(NULL); 521 return (error); 522 } 523 if (error == EWOULDBLOCK) { 524 /* 525 * On a timeout, return what's in the buffer, 526 * which may be nothing. If there is something 527 * in the store buffer, we can rotate the buffers. 528 */ 529 if (d->bd_hbuf) 530 /* 531 * We filled up the buffer in between 532 * getting the timeout and arriving 533 * here, so we don't need to rotate. 534 */ 535 break; 536 537 if (d->bd_slen == 0) { 538 splx(s); 539 KERNEL_UNLOCK_ONE(NULL); 540 return (0); 541 } 542 ROTATE_BUFFERS(d); 543 break; 544 } 545 if (error != 0) 546 goto done; 547 } 548 /* 549 * At this point, we know we have something in the hold slot. 550 */ 551 splx(s); 552 553 /* 554 * Move data from hold buffer into user space. 555 * We know the entire buffer is transferred since 556 * we checked above that the read buffer is bpf_bufsize bytes. 557 */ 558 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 559 560 s = splnet(); 561 d->bd_fbuf = d->bd_hbuf; 562 d->bd_hbuf = 0; 563 d->bd_hlen = 0; 564 done: 565 splx(s); 566 KERNEL_UNLOCK_ONE(NULL); 567 return (error); 568 } 569 570 571 /* 572 * If there are processes sleeping on this descriptor, wake them up. 573 */ 574 static inline void 575 bpf_wakeup(struct bpf_d *d) 576 { 577 wakeup(d); 578 if (d->bd_async) 579 softint_schedule(d->bd_sih); 580 selnotify(&d->bd_sel, 0, 0); 581 } 582 583 static void 584 bpf_softintr(void *cookie) 585 { 586 struct bpf_d *d; 587 588 d = cookie; 589 if (d->bd_async) 590 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 591 } 592 593 static void 594 bpf_timed_out(void *arg) 595 { 596 struct bpf_d *d = arg; 597 int s; 598 599 s = splnet(); 600 if (d->bd_state == BPF_WAITING) { 601 d->bd_state = BPF_TIMED_OUT; 602 if (d->bd_slen != 0) 603 bpf_wakeup(d); 604 } 605 splx(s); 606 } 607 608 609 static int 610 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 611 kauth_cred_t cred, int flags) 612 { 613 struct bpf_d *d = fp->f_data; 614 struct ifnet *ifp; 615 struct mbuf *m; 616 int error, s; 617 static struct sockaddr_storage dst; 618 619 m = NULL; /* XXX gcc */ 620 621 KERNEL_LOCK(1, NULL); 622 623 if (d->bd_bif == 0) { 624 KERNEL_UNLOCK_ONE(NULL); 625 return (ENXIO); 626 } 627 628 ifp = d->bd_bif->bif_ifp; 629 630 if (uio->uio_resid == 0) { 631 KERNEL_UNLOCK_ONE(NULL); 632 return (0); 633 } 634 635 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 636 (struct sockaddr *) &dst); 637 if (error) { 638 KERNEL_UNLOCK_ONE(NULL); 639 return (error); 640 } 641 642 if (m->m_pkthdr.len > ifp->if_mtu) { 643 KERNEL_UNLOCK_ONE(NULL); 644 m_freem(m); 645 return (EMSGSIZE); 646 } 647 648 if (d->bd_hdrcmplt) 649 dst.ss_family = pseudo_AF_HDRCMPLT; 650 651 s = splsoftnet(); 652 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 653 splx(s); 654 KERNEL_UNLOCK_ONE(NULL); 655 /* 656 * The driver frees the mbuf. 657 */ 658 return (error); 659 } 660 661 /* 662 * Reset a descriptor by flushing its packet buffer and clearing the 663 * receive and drop counts. Should be called at splnet. 664 */ 665 static void 666 reset_d(struct bpf_d *d) 667 { 668 if (d->bd_hbuf) { 669 /* Free the hold buffer. */ 670 d->bd_fbuf = d->bd_hbuf; 671 d->bd_hbuf = 0; 672 } 673 d->bd_slen = 0; 674 d->bd_hlen = 0; 675 d->bd_rcount = 0; 676 d->bd_dcount = 0; 677 d->bd_ccount = 0; 678 } 679 680 /* 681 * FIONREAD Check for read packet available. 682 * BIOCGBLEN Get buffer len [for read()]. 683 * BIOCSETF Set ethernet read filter. 684 * BIOCFLUSH Flush read packet buffer. 685 * BIOCPROMISC Put interface into promiscuous mode. 686 * BIOCGDLT Get link layer type. 687 * BIOCGETIF Get interface name. 688 * BIOCSETIF Set interface. 689 * BIOCSRTIMEOUT Set read timeout. 690 * BIOCGRTIMEOUT Get read timeout. 691 * BIOCGSTATS Get packet stats. 692 * BIOCIMMEDIATE Set immediate mode. 693 * BIOCVERSION Get filter language version. 694 * BIOCGHDRCMPLT Get "header already complete" flag. 695 * BIOCSHDRCMPLT Set "header already complete" flag. 696 */ 697 /* ARGSUSED */ 698 static int 699 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 700 { 701 struct bpf_d *d = fp->f_data; 702 int s, error = 0; 703 704 /* 705 * Refresh the PID associated with this bpf file. 706 */ 707 KERNEL_LOCK(1, NULL); 708 d->bd_pid = curproc->p_pid; 709 710 s = splnet(); 711 if (d->bd_state == BPF_WAITING) 712 callout_stop(&d->bd_callout); 713 d->bd_state = BPF_IDLE; 714 splx(s); 715 716 switch (cmd) { 717 718 default: 719 error = EINVAL; 720 break; 721 722 /* 723 * Check for read packet available. 724 */ 725 case FIONREAD: 726 { 727 int n; 728 729 s = splnet(); 730 n = d->bd_slen; 731 if (d->bd_hbuf) 732 n += d->bd_hlen; 733 splx(s); 734 735 *(int *)addr = n; 736 break; 737 } 738 739 /* 740 * Get buffer len [for read()]. 741 */ 742 case BIOCGBLEN: 743 *(u_int *)addr = d->bd_bufsize; 744 break; 745 746 /* 747 * Set buffer length. 748 */ 749 case BIOCSBLEN: 750 if (d->bd_bif != 0) 751 error = EINVAL; 752 else { 753 u_int size = *(u_int *)addr; 754 755 if (size > bpf_maxbufsize) 756 *(u_int *)addr = size = bpf_maxbufsize; 757 else if (size < BPF_MINBUFSIZE) 758 *(u_int *)addr = size = BPF_MINBUFSIZE; 759 d->bd_bufsize = size; 760 } 761 break; 762 763 /* 764 * Set link layer read filter. 765 */ 766 case BIOCSETF: 767 error = bpf_setf(d, addr); 768 break; 769 770 /* 771 * Flush read packet buffer. 772 */ 773 case BIOCFLUSH: 774 s = splnet(); 775 reset_d(d); 776 splx(s); 777 break; 778 779 /* 780 * Put interface into promiscuous mode. 781 */ 782 case BIOCPROMISC: 783 if (d->bd_bif == 0) { 784 /* 785 * No interface attached yet. 786 */ 787 error = EINVAL; 788 break; 789 } 790 s = splnet(); 791 if (d->bd_promisc == 0) { 792 error = ifpromisc(d->bd_bif->bif_ifp, 1); 793 if (error == 0) 794 d->bd_promisc = 1; 795 } 796 splx(s); 797 break; 798 799 /* 800 * Get device parameters. 801 */ 802 case BIOCGDLT: 803 if (d->bd_bif == 0) 804 error = EINVAL; 805 else 806 *(u_int *)addr = d->bd_bif->bif_dlt; 807 break; 808 809 /* 810 * Get a list of supported device parameters. 811 */ 812 case BIOCGDLTLIST: 813 if (d->bd_bif == 0) 814 error = EINVAL; 815 else 816 error = bpf_getdltlist(d, addr); 817 break; 818 819 /* 820 * Set device parameters. 821 */ 822 case BIOCSDLT: 823 if (d->bd_bif == 0) 824 error = EINVAL; 825 else 826 error = bpf_setdlt(d, *(u_int *)addr); 827 break; 828 829 /* 830 * Set interface name. 831 */ 832 #ifdef OBIOCGETIF 833 case OBIOCGETIF: 834 #endif 835 case BIOCGETIF: 836 if (d->bd_bif == 0) 837 error = EINVAL; 838 else 839 bpf_ifname(d->bd_bif->bif_ifp, addr); 840 break; 841 842 /* 843 * Set interface. 844 */ 845 #ifdef OBIOCSETIF 846 case OBIOCSETIF: 847 #endif 848 case BIOCSETIF: 849 error = bpf_setif(d, addr); 850 break; 851 852 /* 853 * Set read timeout. 854 */ 855 case BIOCSRTIMEOUT: 856 { 857 struct timeval *tv = addr; 858 859 /* Compute number of ticks. */ 860 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 861 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 862 d->bd_rtout = 1; 863 break; 864 } 865 866 /* 867 * Get read timeout. 868 */ 869 case BIOCGRTIMEOUT: 870 { 871 struct timeval *tv = addr; 872 873 tv->tv_sec = d->bd_rtout / hz; 874 tv->tv_usec = (d->bd_rtout % hz) * tick; 875 break; 876 } 877 878 /* 879 * Get packet stats. 880 */ 881 case BIOCGSTATS: 882 { 883 struct bpf_stat *bs = addr; 884 885 bs->bs_recv = d->bd_rcount; 886 bs->bs_drop = d->bd_dcount; 887 bs->bs_capt = d->bd_ccount; 888 break; 889 } 890 891 case BIOCGSTATSOLD: 892 { 893 struct bpf_stat_old *bs = addr; 894 895 bs->bs_recv = d->bd_rcount; 896 bs->bs_drop = d->bd_dcount; 897 break; 898 } 899 900 /* 901 * Set immediate mode. 902 */ 903 case BIOCIMMEDIATE: 904 d->bd_immediate = *(u_int *)addr; 905 break; 906 907 case BIOCVERSION: 908 { 909 struct bpf_version *bv = addr; 910 911 bv->bv_major = BPF_MAJOR_VERSION; 912 bv->bv_minor = BPF_MINOR_VERSION; 913 break; 914 } 915 916 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 917 *(u_int *)addr = d->bd_hdrcmplt; 918 break; 919 920 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 921 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 922 break; 923 924 /* 925 * Get "see sent packets" flag 926 */ 927 case BIOCGSEESENT: 928 *(u_int *)addr = d->bd_seesent; 929 break; 930 931 /* 932 * Set "see sent" packets flag 933 */ 934 case BIOCSSEESENT: 935 d->bd_seesent = *(u_int *)addr; 936 break; 937 938 case FIONBIO: /* Non-blocking I/O */ 939 /* 940 * No need to do anything special as we use IO_NDELAY in 941 * bpfread() as an indication of whether or not to block 942 * the read. 943 */ 944 break; 945 946 case FIOASYNC: /* Send signal on receive packets */ 947 d->bd_async = *(int *)addr; 948 break; 949 950 case TIOCSPGRP: /* Process or group to send signals to */ 951 case FIOSETOWN: 952 error = fsetown(&d->bd_pgid, cmd, addr); 953 break; 954 955 case TIOCGPGRP: 956 case FIOGETOWN: 957 error = fgetown(d->bd_pgid, cmd, addr); 958 break; 959 } 960 KERNEL_UNLOCK_ONE(NULL); 961 return (error); 962 } 963 964 /* 965 * Set d's packet filter program to fp. If this file already has a filter, 966 * free it and replace it. Returns EINVAL for bogus requests. 967 */ 968 int 969 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 970 { 971 struct bpf_insn *fcode, *old; 972 u_int flen, size; 973 int s; 974 975 old = d->bd_filter; 976 if (fp->bf_insns == 0) { 977 if (fp->bf_len != 0) 978 return (EINVAL); 979 s = splnet(); 980 d->bd_filter = 0; 981 reset_d(d); 982 splx(s); 983 if (old != 0) 984 free(old, M_DEVBUF); 985 return (0); 986 } 987 flen = fp->bf_len; 988 if (flen > BPF_MAXINSNS) 989 return (EINVAL); 990 991 size = flen * sizeof(*fp->bf_insns); 992 fcode = malloc(size, M_DEVBUF, M_WAITOK); 993 if (copyin(fp->bf_insns, fcode, size) == 0 && 994 bpf_validate(fcode, (int)flen)) { 995 s = splnet(); 996 d->bd_filter = fcode; 997 reset_d(d); 998 splx(s); 999 if (old != 0) 1000 free(old, M_DEVBUF); 1001 1002 return (0); 1003 } 1004 free(fcode, M_DEVBUF); 1005 return (EINVAL); 1006 } 1007 1008 /* 1009 * Detach a file from its current interface (if attached at all) and attach 1010 * to the interface indicated by the name stored in ifr. 1011 * Return an errno or 0. 1012 */ 1013 static int 1014 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1015 { 1016 struct bpf_if *bp; 1017 char *cp; 1018 int unit_seen, i, s, error; 1019 1020 /* 1021 * Make sure the provided name has a unit number, and default 1022 * it to '0' if not specified. 1023 * XXX This is ugly ... do this differently? 1024 */ 1025 unit_seen = 0; 1026 cp = ifr->ifr_name; 1027 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1028 while (*cp++) 1029 if (*cp >= '0' && *cp <= '9') 1030 unit_seen = 1; 1031 if (!unit_seen) { 1032 /* Make sure to leave room for the '\0'. */ 1033 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1034 if ((ifr->ifr_name[i] >= 'a' && 1035 ifr->ifr_name[i] <= 'z') || 1036 (ifr->ifr_name[i] >= 'A' && 1037 ifr->ifr_name[i] <= 'Z')) 1038 continue; 1039 ifr->ifr_name[i] = '0'; 1040 } 1041 } 1042 1043 /* 1044 * Look through attached interfaces for the named one. 1045 */ 1046 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1047 struct ifnet *ifp = bp->bif_ifp; 1048 1049 if (ifp == 0 || 1050 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1051 continue; 1052 /* skip additional entry */ 1053 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1054 continue; 1055 /* 1056 * We found the requested interface. 1057 * Allocate the packet buffers if we need to. 1058 * If we're already attached to requested interface, 1059 * just flush the buffer. 1060 */ 1061 if (d->bd_sbuf == 0) { 1062 error = bpf_allocbufs(d); 1063 if (error != 0) 1064 return (error); 1065 } 1066 s = splnet(); 1067 if (bp != d->bd_bif) { 1068 if (d->bd_bif) 1069 /* 1070 * Detach if attached to something else. 1071 */ 1072 bpf_detachd(d); 1073 1074 bpf_attachd(d, bp); 1075 } 1076 reset_d(d); 1077 splx(s); 1078 return (0); 1079 } 1080 /* Not found. */ 1081 return (ENXIO); 1082 } 1083 1084 /* 1085 * Copy the interface name to the ifreq. 1086 */ 1087 static void 1088 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1089 { 1090 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1091 } 1092 1093 /* 1094 * Support for poll() system call 1095 * 1096 * Return true iff the specific operation will not block indefinitely - with 1097 * the assumption that it is safe to positively acknowledge a request for the 1098 * ability to write to the BPF device. 1099 * Otherwise, return false but make a note that a selnotify() must be done. 1100 */ 1101 static int 1102 bpf_poll(struct file *fp, int events) 1103 { 1104 struct bpf_d *d = fp->f_data; 1105 int s = splnet(); 1106 int revents; 1107 1108 /* 1109 * Refresh the PID associated with this bpf file. 1110 */ 1111 KERNEL_LOCK(1, NULL); 1112 d->bd_pid = curproc->p_pid; 1113 1114 revents = events & (POLLOUT | POLLWRNORM); 1115 if (events & (POLLIN | POLLRDNORM)) { 1116 /* 1117 * An imitation of the FIONREAD ioctl code. 1118 */ 1119 if (d->bd_hlen != 0 || 1120 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1121 d->bd_slen != 0)) { 1122 revents |= events & (POLLIN | POLLRDNORM); 1123 } else { 1124 selrecord(curlwp, &d->bd_sel); 1125 /* Start the read timeout if necessary */ 1126 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1127 callout_reset(&d->bd_callout, d->bd_rtout, 1128 bpf_timed_out, d); 1129 d->bd_state = BPF_WAITING; 1130 } 1131 } 1132 } 1133 1134 KERNEL_UNLOCK_ONE(NULL); 1135 splx(s); 1136 return (revents); 1137 } 1138 1139 static void 1140 filt_bpfrdetach(struct knote *kn) 1141 { 1142 struct bpf_d *d = kn->kn_hook; 1143 int s; 1144 1145 KERNEL_LOCK(1, NULL); 1146 s = splnet(); 1147 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1148 splx(s); 1149 KERNEL_UNLOCK_ONE(NULL); 1150 } 1151 1152 static int 1153 filt_bpfread(struct knote *kn, long hint) 1154 { 1155 struct bpf_d *d = kn->kn_hook; 1156 int rv; 1157 1158 KERNEL_LOCK(1, NULL); 1159 kn->kn_data = d->bd_hlen; 1160 if (d->bd_immediate) 1161 kn->kn_data += d->bd_slen; 1162 rv = (kn->kn_data > 0); 1163 KERNEL_UNLOCK_ONE(NULL); 1164 return rv; 1165 } 1166 1167 static const struct filterops bpfread_filtops = 1168 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1169 1170 static int 1171 bpf_kqfilter(struct file *fp, struct knote *kn) 1172 { 1173 struct bpf_d *d = fp->f_data; 1174 struct klist *klist; 1175 int s; 1176 1177 KERNEL_LOCK(1, NULL); 1178 1179 switch (kn->kn_filter) { 1180 case EVFILT_READ: 1181 klist = &d->bd_sel.sel_klist; 1182 kn->kn_fop = &bpfread_filtops; 1183 break; 1184 1185 default: 1186 KERNEL_UNLOCK_ONE(NULL); 1187 return (EINVAL); 1188 } 1189 1190 kn->kn_hook = d; 1191 1192 s = splnet(); 1193 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1194 splx(s); 1195 KERNEL_UNLOCK_ONE(NULL); 1196 1197 return (0); 1198 } 1199 1200 /* 1201 * Incoming linkage from device drivers. Process the packet pkt, of length 1202 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1203 * by each process' filter, and if accepted, stashed into the corresponding 1204 * buffer. 1205 */ 1206 void 1207 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1208 { 1209 struct bpf_if *bp; 1210 struct bpf_d *d; 1211 u_int slen; 1212 struct timeval tv; 1213 int gottime=0; 1214 1215 /* 1216 * Note that the ipl does not have to be raised at this point. 1217 * The only problem that could arise here is that if two different 1218 * interfaces shared any data. This is not the case. 1219 */ 1220 bp = arg; 1221 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1222 ++d->bd_rcount; 1223 ++bpf_gstats.bs_recv; 1224 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1225 if (slen != 0) { 1226 if (!gottime) { 1227 microtime(&tv); 1228 gottime = 1; 1229 } 1230 catchpacket(d, pkt, pktlen, slen, (void *)memcpy, &tv); 1231 } 1232 } 1233 } 1234 1235 /* 1236 * Copy data from an mbuf chain into a buffer. This code is derived 1237 * from m_copydata in sys/uipc_mbuf.c. 1238 */ 1239 static void * 1240 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1241 { 1242 const struct mbuf *m; 1243 u_int count; 1244 u_char *dst; 1245 1246 m = src_arg; 1247 dst = dst_arg; 1248 while (len > 0) { 1249 if (m == NULL) 1250 panic("bpf_mcpy"); 1251 count = min(m->m_len, len); 1252 memcpy(dst, mtod(m, const void *), count); 1253 m = m->m_next; 1254 dst += count; 1255 len -= count; 1256 } 1257 return dst_arg; 1258 } 1259 1260 /* 1261 * Dispatch a packet to all the listeners on interface bp. 1262 * 1263 * marg pointer to the packet, either a data buffer or an mbuf chain 1264 * buflen buffer length, if marg is a data buffer 1265 * cpfn a function that can copy marg into the listener's buffer 1266 * pktlen length of the packet 1267 * rcvif either NULL or the interface the packet came in on. 1268 */ 1269 static inline void 1270 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1271 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1272 { 1273 u_int slen; 1274 struct bpf_d *d; 1275 struct timeval tv; 1276 int gottime = 0; 1277 1278 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1279 if (!d->bd_seesent && (rcvif == NULL)) 1280 continue; 1281 ++d->bd_rcount; 1282 ++bpf_gstats.bs_recv; 1283 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1284 if (slen != 0) { 1285 if(!gottime) { 1286 microtime(&tv); 1287 gottime = 1; 1288 } 1289 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1290 } 1291 } 1292 } 1293 1294 /* 1295 * Incoming linkage from device drivers, when the head of the packet is in 1296 * a buffer, and the tail is in an mbuf chain. 1297 */ 1298 void 1299 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1300 { 1301 struct bpf_if *bp = arg; 1302 u_int pktlen; 1303 struct mbuf mb; 1304 1305 pktlen = m_length(m) + dlen; 1306 1307 /* 1308 * Craft on-stack mbuf suitable for passing to bpf_filter. 1309 * Note that we cut corners here; we only setup what's 1310 * absolutely needed--this mbuf should never go anywhere else. 1311 */ 1312 (void)memset(&mb, 0, sizeof(mb)); 1313 mb.m_next = m; 1314 mb.m_data = data; 1315 mb.m_len = dlen; 1316 1317 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1318 } 1319 1320 /* 1321 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1322 */ 1323 void 1324 bpf_mtap(void *arg, struct mbuf *m) 1325 { 1326 void *(*cpfn)(void *, const void *, size_t); 1327 struct bpf_if *bp = arg; 1328 u_int pktlen, buflen; 1329 void *marg; 1330 1331 pktlen = m_length(m); 1332 1333 if (pktlen == m->m_len) { 1334 cpfn = (void *)memcpy; 1335 marg = mtod(m, void *); 1336 buflen = pktlen; 1337 } else { 1338 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1339 cpfn = bpf_mcpy; 1340 marg = m; 1341 buflen = 0; 1342 } 1343 1344 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1345 } 1346 1347 /* 1348 * We need to prepend the address family as 1349 * a four byte field. Cons up a dummy header 1350 * to pacify bpf. This is safe because bpf 1351 * will only read from the mbuf (i.e., it won't 1352 * try to free it or keep a pointer a to it). 1353 */ 1354 void 1355 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1356 { 1357 struct mbuf m0; 1358 1359 m0.m_flags = 0; 1360 m0.m_next = m; 1361 m0.m_len = 4; 1362 m0.m_data = (char *)⁡ 1363 1364 bpf_mtap(arg, &m0); 1365 } 1366 1367 void 1368 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1369 { 1370 struct mbuf m0; 1371 1372 m0.m_flags = 0; 1373 m0.m_next = m; 1374 m0.m_len = 14; 1375 m0.m_data = m0.m_dat; 1376 1377 ((uint32_t *)m0.m_data)[0] = 0; 1378 ((uint32_t *)m0.m_data)[1] = 0; 1379 ((uint32_t *)m0.m_data)[2] = 0; 1380 ((uint16_t *)m0.m_data)[6] = et; 1381 1382 bpf_mtap(arg, &m0); 1383 } 1384 1385 #if NSL > 0 || NSTRIP > 0 1386 /* 1387 * Put the SLIP pseudo-"link header" in place. 1388 * Note this M_PREPEND() should never fail, 1389 * swince we know we always have enough space 1390 * in the input buffer. 1391 */ 1392 void 1393 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1394 { 1395 int s; 1396 u_char *hp; 1397 1398 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1399 if (*m == NULL) 1400 return; 1401 1402 hp = mtod(*m, u_char *); 1403 hp[SLX_DIR] = SLIPDIR_IN; 1404 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1405 1406 s = splnet(); 1407 bpf_mtap(arg, *m); 1408 splx(s); 1409 1410 m_adj(*m, SLIP_HDRLEN); 1411 } 1412 1413 /* 1414 * Put the SLIP pseudo-"link header" in 1415 * place. The compressed header is now 1416 * at the beginning of the mbuf. 1417 */ 1418 void 1419 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1420 { 1421 struct mbuf m0; 1422 u_char *hp; 1423 int s; 1424 1425 m0.m_flags = 0; 1426 m0.m_next = m; 1427 m0.m_data = m0.m_dat; 1428 m0.m_len = SLIP_HDRLEN; 1429 1430 hp = mtod(&m0, u_char *); 1431 1432 hp[SLX_DIR] = SLIPDIR_OUT; 1433 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1434 1435 s = splnet(); 1436 bpf_mtap(arg, &m0); 1437 splx(s); 1438 m_freem(m); 1439 } 1440 #endif 1441 1442 /* 1443 * Move the packet data from interface memory (pkt) into the 1444 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1445 * otherwise 0. "copy" is the routine called to do the actual data 1446 * transfer. memcpy is passed in to copy contiguous chunks, while 1447 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1448 * pkt is really an mbuf. 1449 */ 1450 static void 1451 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1452 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1453 { 1454 struct bpf_hdr *hp; 1455 int totlen, curlen; 1456 int hdrlen = d->bd_bif->bif_hdrlen; 1457 int do_wakeup = 0; 1458 1459 ++d->bd_ccount; 1460 ++bpf_gstats.bs_capt; 1461 /* 1462 * Figure out how many bytes to move. If the packet is 1463 * greater or equal to the snapshot length, transfer that 1464 * much. Otherwise, transfer the whole packet (unless 1465 * we hit the buffer size limit). 1466 */ 1467 totlen = hdrlen + min(snaplen, pktlen); 1468 if (totlen > d->bd_bufsize) 1469 totlen = d->bd_bufsize; 1470 1471 /* 1472 * Round up the end of the previous packet to the next longword. 1473 */ 1474 curlen = BPF_WORDALIGN(d->bd_slen); 1475 if (curlen + totlen > d->bd_bufsize) { 1476 /* 1477 * This packet will overflow the storage buffer. 1478 * Rotate the buffers if we can, then wakeup any 1479 * pending reads. 1480 */ 1481 if (d->bd_fbuf == 0) { 1482 /* 1483 * We haven't completed the previous read yet, 1484 * so drop the packet. 1485 */ 1486 ++d->bd_dcount; 1487 ++bpf_gstats.bs_drop; 1488 return; 1489 } 1490 ROTATE_BUFFERS(d); 1491 do_wakeup = 1; 1492 curlen = 0; 1493 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1494 /* 1495 * Immediate mode is set, or the read timeout has 1496 * already expired during a select call. A packet 1497 * arrived, so the reader should be woken up. 1498 */ 1499 do_wakeup = 1; 1500 } 1501 1502 /* 1503 * Append the bpf header. 1504 */ 1505 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1506 hp->bh_tstamp = *tv; 1507 hp->bh_datalen = pktlen; 1508 hp->bh_hdrlen = hdrlen; 1509 /* 1510 * Copy the packet data into the store buffer and update its length. 1511 */ 1512 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1513 d->bd_slen = curlen + totlen; 1514 1515 /* 1516 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1517 * will cause filt_bpfread() to be called with it adjusted. 1518 */ 1519 if (do_wakeup) 1520 bpf_wakeup(d); 1521 } 1522 1523 /* 1524 * Initialize all nonzero fields of a descriptor. 1525 */ 1526 static int 1527 bpf_allocbufs(struct bpf_d *d) 1528 { 1529 1530 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1531 if (!d->bd_fbuf) 1532 return (ENOBUFS); 1533 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1534 if (!d->bd_sbuf) { 1535 free(d->bd_fbuf, M_DEVBUF); 1536 return (ENOBUFS); 1537 } 1538 d->bd_slen = 0; 1539 d->bd_hlen = 0; 1540 return (0); 1541 } 1542 1543 /* 1544 * Free buffers currently in use by a descriptor. 1545 * Called on close. 1546 */ 1547 static void 1548 bpf_freed(struct bpf_d *d) 1549 { 1550 /* 1551 * We don't need to lock out interrupts since this descriptor has 1552 * been detached from its interface and it yet hasn't been marked 1553 * free. 1554 */ 1555 if (d->bd_sbuf != 0) { 1556 free(d->bd_sbuf, M_DEVBUF); 1557 if (d->bd_hbuf != 0) 1558 free(d->bd_hbuf, M_DEVBUF); 1559 if (d->bd_fbuf != 0) 1560 free(d->bd_fbuf, M_DEVBUF); 1561 } 1562 if (d->bd_filter) 1563 free(d->bd_filter, M_DEVBUF); 1564 } 1565 1566 /* 1567 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1568 * fixed size of the link header (variable length headers not yet supported). 1569 */ 1570 void 1571 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1572 { 1573 1574 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1575 } 1576 1577 /* 1578 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1579 * hdrlen is the fixed size of the link header for the specified dlt 1580 * (variable length headers not yet supported). 1581 */ 1582 void 1583 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1584 { 1585 struct bpf_if *bp; 1586 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1587 if (bp == 0) 1588 panic("bpfattach"); 1589 1590 bp->bif_dlist = 0; 1591 bp->bif_driverp = driverp; 1592 bp->bif_ifp = ifp; 1593 bp->bif_dlt = dlt; 1594 1595 bp->bif_next = bpf_iflist; 1596 bpf_iflist = bp; 1597 1598 *bp->bif_driverp = 0; 1599 1600 /* 1601 * Compute the length of the bpf header. This is not necessarily 1602 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1603 * that the network layer header begins on a longword boundary (for 1604 * performance reasons and to alleviate alignment restrictions). 1605 */ 1606 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1607 1608 #if 0 1609 printf("bpf: %s attached\n", ifp->if_xname); 1610 #endif 1611 } 1612 1613 /* 1614 * Remove an interface from bpf. 1615 */ 1616 void 1617 bpfdetach(struct ifnet *ifp) 1618 { 1619 struct bpf_if *bp, **pbp; 1620 struct bpf_d *d; 1621 int s; 1622 1623 /* Nuke the vnodes for any open instances */ 1624 LIST_FOREACH(d, &bpf_list, bd_list) { 1625 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1626 /* 1627 * Detach the descriptor from an interface now. 1628 * It will be free'ed later by close routine. 1629 */ 1630 s = splnet(); 1631 d->bd_promisc = 0; /* we can't touch device. */ 1632 bpf_detachd(d); 1633 splx(s); 1634 } 1635 } 1636 1637 again: 1638 for (bp = bpf_iflist, pbp = &bpf_iflist; 1639 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1640 if (bp->bif_ifp == ifp) { 1641 *pbp = bp->bif_next; 1642 free(bp, M_DEVBUF); 1643 goto again; 1644 } 1645 } 1646 } 1647 1648 /* 1649 * Change the data link type of a interface. 1650 */ 1651 void 1652 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1653 { 1654 struct bpf_if *bp; 1655 1656 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1657 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1658 break; 1659 } 1660 if (bp == NULL) 1661 panic("bpf_change_type"); 1662 1663 bp->bif_dlt = dlt; 1664 1665 /* 1666 * Compute the length of the bpf header. This is not necessarily 1667 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1668 * that the network layer header begins on a longword boundary (for 1669 * performance reasons and to alleviate alignment restrictions). 1670 */ 1671 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1672 } 1673 1674 /* 1675 * Get a list of available data link type of the interface. 1676 */ 1677 static int 1678 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1679 { 1680 int n, error; 1681 struct ifnet *ifp; 1682 struct bpf_if *bp; 1683 1684 ifp = d->bd_bif->bif_ifp; 1685 n = 0; 1686 error = 0; 1687 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1688 if (bp->bif_ifp != ifp) 1689 continue; 1690 if (bfl->bfl_list != NULL) { 1691 if (n >= bfl->bfl_len) 1692 return ENOMEM; 1693 error = copyout(&bp->bif_dlt, 1694 bfl->bfl_list + n, sizeof(u_int)); 1695 } 1696 n++; 1697 } 1698 bfl->bfl_len = n; 1699 return error; 1700 } 1701 1702 /* 1703 * Set the data link type of a BPF instance. 1704 */ 1705 static int 1706 bpf_setdlt(struct bpf_d *d, u_int dlt) 1707 { 1708 int s, error, opromisc; 1709 struct ifnet *ifp; 1710 struct bpf_if *bp; 1711 1712 if (d->bd_bif->bif_dlt == dlt) 1713 return 0; 1714 ifp = d->bd_bif->bif_ifp; 1715 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1716 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1717 break; 1718 } 1719 if (bp == NULL) 1720 return EINVAL; 1721 s = splnet(); 1722 opromisc = d->bd_promisc; 1723 bpf_detachd(d); 1724 bpf_attachd(d, bp); 1725 reset_d(d); 1726 if (opromisc) { 1727 error = ifpromisc(bp->bif_ifp, 1); 1728 if (error) 1729 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1730 bp->bif_ifp->if_xname, error); 1731 else 1732 d->bd_promisc = 1; 1733 } 1734 splx(s); 1735 return 0; 1736 } 1737 1738 static int 1739 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1740 { 1741 int newsize, error; 1742 struct sysctlnode node; 1743 1744 node = *rnode; 1745 node.sysctl_data = &newsize; 1746 newsize = bpf_maxbufsize; 1747 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1748 if (error || newp == NULL) 1749 return (error); 1750 1751 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1752 return (EINVAL); 1753 1754 bpf_maxbufsize = newsize; 1755 1756 return (0); 1757 } 1758 1759 static int 1760 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1761 { 1762 int error, elem_count; 1763 struct bpf_d *dp; 1764 struct bpf_d_ext dpe; 1765 size_t len, needed, elem_size, out_size; 1766 char *sp; 1767 1768 if (namelen == 1 && name[0] == CTL_QUERY) 1769 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1770 1771 if (namelen != 2) 1772 return (EINVAL); 1773 1774 /* BPF peers is privileged information. */ 1775 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1776 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1777 if (error) 1778 return (EPERM); 1779 1780 len = (oldp != NULL) ? *oldlenp : 0; 1781 sp = oldp; 1782 elem_size = name[0]; 1783 elem_count = name[1]; 1784 out_size = MIN(sizeof(dpe), elem_size); 1785 needed = 0; 1786 1787 if (elem_size < 1 || elem_count < 0) 1788 return (EINVAL); 1789 1790 mutex_enter(&bpf_mtx); 1791 LIST_FOREACH(dp, &bpf_list, bd_list) { 1792 if (len >= elem_size && elem_count > 0) { 1793 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1794 BPF_EXT(bufsize); 1795 BPF_EXT(promisc); 1796 BPF_EXT(promisc); 1797 BPF_EXT(state); 1798 BPF_EXT(immediate); 1799 BPF_EXT(hdrcmplt); 1800 BPF_EXT(seesent); 1801 BPF_EXT(pid); 1802 BPF_EXT(rcount); 1803 BPF_EXT(dcount); 1804 BPF_EXT(ccount); 1805 #undef BPF_EXT 1806 if (dp->bd_bif) 1807 (void)strlcpy(dpe.bde_ifname, 1808 dp->bd_bif->bif_ifp->if_xname, 1809 IFNAMSIZ - 1); 1810 else 1811 dpe.bde_ifname[0] = '\0'; 1812 1813 error = copyout(&dpe, sp, out_size); 1814 if (error) 1815 break; 1816 sp += elem_size; 1817 len -= elem_size; 1818 } 1819 if (elem_count > 0) { 1820 needed += elem_size; 1821 if (elem_count != INT_MAX) 1822 elem_count--; 1823 } 1824 } 1825 mutex_exit(&bpf_mtx); 1826 1827 *oldlenp = needed; 1828 1829 return (error); 1830 } 1831 1832 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1833 { 1834 const struct sysctlnode *node; 1835 1836 sysctl_createv(clog, 0, NULL, NULL, 1837 CTLFLAG_PERMANENT, 1838 CTLTYPE_NODE, "net", NULL, 1839 NULL, 0, NULL, 0, 1840 CTL_NET, CTL_EOL); 1841 1842 node = NULL; 1843 sysctl_createv(clog, 0, NULL, &node, 1844 CTLFLAG_PERMANENT, 1845 CTLTYPE_NODE, "bpf", 1846 SYSCTL_DESCR("BPF options"), 1847 NULL, 0, NULL, 0, 1848 CTL_NET, CTL_CREATE, CTL_EOL); 1849 if (node != NULL) { 1850 sysctl_createv(clog, 0, NULL, NULL, 1851 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1852 CTLTYPE_INT, "maxbufsize", 1853 SYSCTL_DESCR("Maximum size for data capture buffer"), 1854 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1855 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1856 sysctl_createv(clog, 0, NULL, NULL, 1857 CTLFLAG_PERMANENT, 1858 CTLTYPE_STRUCT, "stats", 1859 SYSCTL_DESCR("BPF stats"), 1860 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1861 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1862 sysctl_createv(clog, 0, NULL, NULL, 1863 CTLFLAG_PERMANENT, 1864 CTLTYPE_STRUCT, "peers", 1865 SYSCTL_DESCR("BPF peers"), 1866 sysctl_net_bpf_peers, 0, NULL, 0, 1867 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1868 } 1869 1870 } 1871