1 /* $NetBSD: bpf.c,v 1.131 2007/12/05 17:20:00 pooka Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.131 2007/12/05 17:20:00 pooka Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), 144 struct timeval*); 145 static void reset_d(struct bpf_d *); 146 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 147 static int bpf_setdlt(struct bpf_d *, u_int); 148 149 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 150 int); 151 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 152 int); 153 static int bpf_ioctl(struct file *, u_long, void *, struct lwp *); 154 static int bpf_poll(struct file *, int, struct lwp *); 155 static int bpf_close(struct file *, struct lwp *); 156 static int bpf_kqfilter(struct file *, struct knote *); 157 158 static const struct fileops bpf_fileops = { 159 bpf_read, 160 bpf_write, 161 bpf_ioctl, 162 fnullop_fcntl, 163 bpf_poll, 164 fbadop_stat, 165 bpf_close, 166 bpf_kqfilter, 167 }; 168 169 dev_type_open(bpfopen); 170 171 const struct cdevsw bpf_cdevsw = { 172 bpfopen, noclose, noread, nowrite, noioctl, 173 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 174 }; 175 176 static int 177 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 178 struct sockaddr *sockp) 179 { 180 struct mbuf *m; 181 int error; 182 int len; 183 int hlen; 184 int align; 185 186 /* 187 * Build a sockaddr based on the data link layer type. 188 * We do this at this level because the ethernet header 189 * is copied directly into the data field of the sockaddr. 190 * In the case of SLIP, there is no header and the packet 191 * is forwarded as is. 192 * Also, we are careful to leave room at the front of the mbuf 193 * for the link level header. 194 */ 195 switch (linktype) { 196 197 case DLT_SLIP: 198 sockp->sa_family = AF_INET; 199 hlen = 0; 200 align = 0; 201 break; 202 203 case DLT_PPP: 204 sockp->sa_family = AF_UNSPEC; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_EN10MB: 210 sockp->sa_family = AF_UNSPEC; 211 /* XXX Would MAXLINKHDR be better? */ 212 /* 6(dst)+6(src)+2(type) */ 213 hlen = sizeof(struct ether_header); 214 align = 2; 215 break; 216 217 case DLT_ARCNET: 218 sockp->sa_family = AF_UNSPEC; 219 hlen = ARC_HDRLEN; 220 align = 5; 221 break; 222 223 case DLT_FDDI: 224 sockp->sa_family = AF_LINK; 225 /* XXX 4(FORMAC)+6(dst)+6(src) */ 226 hlen = 16; 227 align = 0; 228 break; 229 230 case DLT_ECONET: 231 sockp->sa_family = AF_UNSPEC; 232 hlen = 6; 233 align = 2; 234 break; 235 236 case DLT_NULL: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 0; 239 align = 0; 240 break; 241 242 default: 243 return (EIO); 244 } 245 246 len = uio->uio_resid; 247 /* 248 * If there aren't enough bytes for a link level header or the 249 * packet length exceeds the interface mtu, return an error. 250 */ 251 if (len < hlen || len - hlen > mtu) 252 return (EMSGSIZE); 253 254 /* 255 * XXX Avoid complicated buffer chaining --- 256 * bail if it won't fit in a single mbuf. 257 * (Take into account possible alignment bytes) 258 */ 259 if ((unsigned)len > MCLBYTES - align) 260 return (EIO); 261 262 m = m_gethdr(M_WAIT, MT_DATA); 263 m->m_pkthdr.rcvif = 0; 264 m->m_pkthdr.len = len - hlen; 265 if (len > MHLEN - align) { 266 m_clget(m, M_WAIT); 267 if ((m->m_flags & M_EXT) == 0) { 268 error = ENOBUFS; 269 goto bad; 270 } 271 } 272 273 /* Insure the data is properly aligned */ 274 if (align > 0) { 275 m->m_data += align; 276 m->m_len -= align; 277 } 278 279 error = uiomove(mtod(m, void *), len, uio); 280 if (error) 281 goto bad; 282 if (hlen != 0) { 283 memcpy(sockp->sa_data, mtod(m, void *), hlen); 284 m->m_data += hlen; /* XXX */ 285 len -= hlen; 286 } 287 m->m_len = len; 288 *mp = m; 289 return (0); 290 291 bad: 292 m_freem(m); 293 return (error); 294 } 295 296 /* 297 * Attach file to the bpf interface, i.e. make d listen on bp. 298 * Must be called at splnet. 299 */ 300 static void 301 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 302 { 303 /* 304 * Point d at bp, and add d to the interface's list of listeners. 305 * Finally, point the driver's bpf cookie at the interface so 306 * it will divert packets to bpf. 307 */ 308 d->bd_bif = bp; 309 d->bd_next = bp->bif_dlist; 310 bp->bif_dlist = d; 311 312 *bp->bif_driverp = bp; 313 } 314 315 /* 316 * Detach a file from its interface. 317 */ 318 static void 319 bpf_detachd(struct bpf_d *d) 320 { 321 struct bpf_d **p; 322 struct bpf_if *bp; 323 324 bp = d->bd_bif; 325 /* 326 * Check if this descriptor had requested promiscuous mode. 327 * If so, turn it off. 328 */ 329 if (d->bd_promisc) { 330 int error; 331 332 d->bd_promisc = 0; 333 /* 334 * Take device out of promiscuous mode. Since we were 335 * able to enter promiscuous mode, we should be able 336 * to turn it off. But we can get an error if 337 * the interface was configured down, so only panic 338 * if we don't get an unexpected error. 339 */ 340 error = ifpromisc(bp->bif_ifp, 0); 341 if (error && error != EINVAL) 342 panic("bpf: ifpromisc failed"); 343 } 344 /* Remove d from the interface's descriptor list. */ 345 p = &bp->bif_dlist; 346 while (*p != d) { 347 p = &(*p)->bd_next; 348 if (*p == 0) 349 panic("bpf_detachd: descriptor not in list"); 350 } 351 *p = (*p)->bd_next; 352 if (bp->bif_dlist == 0) 353 /* 354 * Let the driver know that there are no more listeners. 355 */ 356 *d->bd_bif->bif_driverp = 0; 357 d->bd_bif = 0; 358 } 359 360 361 /* 362 * Mark a descriptor free by making it point to itself. 363 * This is probably cheaper than marking with a constant since 364 * the address should be in a register anyway. 365 */ 366 367 /* 368 * bpfilterattach() is called at boot time. 369 */ 370 /* ARGSUSED */ 371 void 372 bpfilterattach(int n) 373 { 374 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 mutex_enter(&bpf_mtx); 377 LIST_INIT(&bpf_list); 378 mutex_exit(&bpf_mtx); 379 380 bpf_gstats.bs_recv = 0; 381 bpf_gstats.bs_drop = 0; 382 bpf_gstats.bs_capt = 0; 383 } 384 385 /* 386 * Open ethernet device. Clones. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 391 { 392 struct bpf_d *d; 393 struct file *fp; 394 int error, fd; 395 396 /* falloc() will use the descriptor for us. */ 397 if ((error = falloc(l, &fp, &fd)) != 0) 398 return error; 399 400 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 401 (void)memset(d, 0, sizeof(*d)); 402 d->bd_bufsize = bpf_bufsize; 403 d->bd_seesent = 1; 404 d->bd_pid = l->l_proc->p_pid; 405 callout_init(&d->bd_callout, 0); 406 407 mutex_enter(&bpf_mtx); 408 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 409 mutex_exit(&bpf_mtx); 410 411 return fdclone(l, fp, fd, flag, &bpf_fileops, d); 412 } 413 414 /* 415 * Close the descriptor by detaching it from its interface, 416 * deallocating its buffers, and marking it free. 417 */ 418 /* ARGSUSED */ 419 static int 420 bpf_close(struct file *fp, struct lwp *l) 421 { 422 struct bpf_d *d = fp->f_data; 423 int s; 424 425 /* 426 * Refresh the PID associated with this bpf file. 427 */ 428 d->bd_pid = l->l_proc->p_pid; 429 430 s = splnet(); 431 if (d->bd_state == BPF_WAITING) 432 callout_stop(&d->bd_callout); 433 d->bd_state = BPF_IDLE; 434 if (d->bd_bif) 435 bpf_detachd(d); 436 splx(s); 437 bpf_freed(d); 438 mutex_enter(&bpf_mtx); 439 LIST_REMOVE(d, bd_list); 440 mutex_exit(&bpf_mtx); 441 callout_destroy(&d->bd_callout); 442 free(d, M_DEVBUF); 443 fp->f_data = NULL; 444 445 return (0); 446 } 447 448 /* 449 * Rotate the packet buffers in descriptor d. Move the store buffer 450 * into the hold slot, and the free buffer into the store slot. 451 * Zero the length of the new store buffer. 452 */ 453 #define ROTATE_BUFFERS(d) \ 454 (d)->bd_hbuf = (d)->bd_sbuf; \ 455 (d)->bd_hlen = (d)->bd_slen; \ 456 (d)->bd_sbuf = (d)->bd_fbuf; \ 457 (d)->bd_slen = 0; \ 458 (d)->bd_fbuf = 0; 459 /* 460 * bpfread - read next chunk of packets from buffers 461 */ 462 static int 463 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 464 kauth_cred_t cred, int flags) 465 { 466 struct bpf_d *d = fp->f_data; 467 int timed_out; 468 int error; 469 int s; 470 471 /* 472 * Restrict application to use a buffer the same size as 473 * the kernel buffers. 474 */ 475 if (uio->uio_resid != d->bd_bufsize) 476 return (EINVAL); 477 478 s = splnet(); 479 if (d->bd_state == BPF_WAITING) 480 callout_stop(&d->bd_callout); 481 timed_out = (d->bd_state == BPF_TIMED_OUT); 482 d->bd_state = BPF_IDLE; 483 /* 484 * If the hold buffer is empty, then do a timed sleep, which 485 * ends when the timeout expires or when enough packets 486 * have arrived to fill the store buffer. 487 */ 488 while (d->bd_hbuf == 0) { 489 if (fp->f_flag & FNONBLOCK) { 490 if (d->bd_slen == 0) { 491 splx(s); 492 return (EWOULDBLOCK); 493 } 494 ROTATE_BUFFERS(d); 495 break; 496 } 497 498 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 499 /* 500 * A packet(s) either arrived since the previous 501 * read or arrived while we were asleep. 502 * Rotate the buffers and return what's here. 503 */ 504 ROTATE_BUFFERS(d); 505 break; 506 } 507 error = tsleep(d, PRINET|PCATCH, "bpf", 508 d->bd_rtout); 509 if (error == EINTR || error == ERESTART) { 510 splx(s); 511 return (error); 512 } 513 if (error == EWOULDBLOCK) { 514 /* 515 * On a timeout, return what's in the buffer, 516 * which may be nothing. If there is something 517 * in the store buffer, we can rotate the buffers. 518 */ 519 if (d->bd_hbuf) 520 /* 521 * We filled up the buffer in between 522 * getting the timeout and arriving 523 * here, so we don't need to rotate. 524 */ 525 break; 526 527 if (d->bd_slen == 0) { 528 splx(s); 529 return (0); 530 } 531 ROTATE_BUFFERS(d); 532 break; 533 } 534 if (error != 0) 535 goto done; 536 } 537 /* 538 * At this point, we know we have something in the hold slot. 539 */ 540 splx(s); 541 542 /* 543 * Move data from hold buffer into user space. 544 * We know the entire buffer is transferred since 545 * we checked above that the read buffer is bpf_bufsize bytes. 546 */ 547 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 548 549 s = splnet(); 550 d->bd_fbuf = d->bd_hbuf; 551 d->bd_hbuf = 0; 552 d->bd_hlen = 0; 553 done: 554 splx(s); 555 return (error); 556 } 557 558 559 /* 560 * If there are processes sleeping on this descriptor, wake them up. 561 */ 562 static inline void 563 bpf_wakeup(struct bpf_d *d) 564 { 565 wakeup(d); 566 if (d->bd_async) 567 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 568 569 selnotify(&d->bd_sel, 0); 570 } 571 572 573 static void 574 bpf_timed_out(void *arg) 575 { 576 struct bpf_d *d = arg; 577 int s; 578 579 s = splnet(); 580 if (d->bd_state == BPF_WAITING) { 581 d->bd_state = BPF_TIMED_OUT; 582 if (d->bd_slen != 0) 583 bpf_wakeup(d); 584 } 585 splx(s); 586 } 587 588 589 static int 590 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 591 kauth_cred_t cred, int flags) 592 { 593 struct bpf_d *d = fp->f_data; 594 struct ifnet *ifp; 595 struct mbuf *m; 596 int error, s; 597 static struct sockaddr_storage dst; 598 599 m = NULL; /* XXX gcc */ 600 601 if (d->bd_bif == 0) 602 return (ENXIO); 603 604 ifp = d->bd_bif->bif_ifp; 605 606 if (uio->uio_resid == 0) 607 return (0); 608 609 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 610 (struct sockaddr *) &dst); 611 if (error) 612 return (error); 613 614 if (m->m_pkthdr.len > ifp->if_mtu) { 615 m_freem(m); 616 return (EMSGSIZE); 617 } 618 619 if (d->bd_hdrcmplt) 620 dst.ss_family = pseudo_AF_HDRCMPLT; 621 622 s = splsoftnet(); 623 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 624 splx(s); 625 /* 626 * The driver frees the mbuf. 627 */ 628 return (error); 629 } 630 631 /* 632 * Reset a descriptor by flushing its packet buffer and clearing the 633 * receive and drop counts. Should be called at splnet. 634 */ 635 static void 636 reset_d(struct bpf_d *d) 637 { 638 if (d->bd_hbuf) { 639 /* Free the hold buffer. */ 640 d->bd_fbuf = d->bd_hbuf; 641 d->bd_hbuf = 0; 642 } 643 d->bd_slen = 0; 644 d->bd_hlen = 0; 645 d->bd_rcount = 0; 646 d->bd_dcount = 0; 647 d->bd_ccount = 0; 648 } 649 650 /* 651 * FIONREAD Check for read packet available. 652 * BIOCGBLEN Get buffer len [for read()]. 653 * BIOCSETF Set ethernet read filter. 654 * BIOCFLUSH Flush read packet buffer. 655 * BIOCPROMISC Put interface into promiscuous mode. 656 * BIOCGDLT Get link layer type. 657 * BIOCGETIF Get interface name. 658 * BIOCSETIF Set interface. 659 * BIOCSRTIMEOUT Set read timeout. 660 * BIOCGRTIMEOUT Get read timeout. 661 * BIOCGSTATS Get packet stats. 662 * BIOCIMMEDIATE Set immediate mode. 663 * BIOCVERSION Get filter language version. 664 * BIOCGHDRCMPLT Get "header already complete" flag. 665 * BIOCSHDRCMPLT Set "header already complete" flag. 666 */ 667 /* ARGSUSED */ 668 static int 669 bpf_ioctl(struct file *fp, u_long cmd, void *addr, struct lwp *l) 670 { 671 struct bpf_d *d = fp->f_data; 672 int s, error = 0; 673 674 /* 675 * Refresh the PID associated with this bpf file. 676 */ 677 d->bd_pid = l->l_proc->p_pid; 678 679 s = splnet(); 680 if (d->bd_state == BPF_WAITING) 681 callout_stop(&d->bd_callout); 682 d->bd_state = BPF_IDLE; 683 splx(s); 684 685 switch (cmd) { 686 687 default: 688 error = EINVAL; 689 break; 690 691 /* 692 * Check for read packet available. 693 */ 694 case FIONREAD: 695 { 696 int n; 697 698 s = splnet(); 699 n = d->bd_slen; 700 if (d->bd_hbuf) 701 n += d->bd_hlen; 702 splx(s); 703 704 *(int *)addr = n; 705 break; 706 } 707 708 /* 709 * Get buffer len [for read()]. 710 */ 711 case BIOCGBLEN: 712 *(u_int *)addr = d->bd_bufsize; 713 break; 714 715 /* 716 * Set buffer length. 717 */ 718 case BIOCSBLEN: 719 if (d->bd_bif != 0) 720 error = EINVAL; 721 else { 722 u_int size = *(u_int *)addr; 723 724 if (size > bpf_maxbufsize) 725 *(u_int *)addr = size = bpf_maxbufsize; 726 else if (size < BPF_MINBUFSIZE) 727 *(u_int *)addr = size = BPF_MINBUFSIZE; 728 d->bd_bufsize = size; 729 } 730 break; 731 732 /* 733 * Set link layer read filter. 734 */ 735 case BIOCSETF: 736 error = bpf_setf(d, addr); 737 break; 738 739 /* 740 * Flush read packet buffer. 741 */ 742 case BIOCFLUSH: 743 s = splnet(); 744 reset_d(d); 745 splx(s); 746 break; 747 748 /* 749 * Put interface into promiscuous mode. 750 */ 751 case BIOCPROMISC: 752 if (d->bd_bif == 0) { 753 /* 754 * No interface attached yet. 755 */ 756 error = EINVAL; 757 break; 758 } 759 s = splnet(); 760 if (d->bd_promisc == 0) { 761 error = ifpromisc(d->bd_bif->bif_ifp, 1); 762 if (error == 0) 763 d->bd_promisc = 1; 764 } 765 splx(s); 766 break; 767 768 /* 769 * Get device parameters. 770 */ 771 case BIOCGDLT: 772 if (d->bd_bif == 0) 773 error = EINVAL; 774 else 775 *(u_int *)addr = d->bd_bif->bif_dlt; 776 break; 777 778 /* 779 * Get a list of supported device parameters. 780 */ 781 case BIOCGDLTLIST: 782 if (d->bd_bif == 0) 783 error = EINVAL; 784 else 785 error = bpf_getdltlist(d, addr); 786 break; 787 788 /* 789 * Set device parameters. 790 */ 791 case BIOCSDLT: 792 if (d->bd_bif == 0) 793 error = EINVAL; 794 else 795 error = bpf_setdlt(d, *(u_int *)addr); 796 break; 797 798 /* 799 * Set interface name. 800 */ 801 #ifdef OBIOCGETIF 802 case OBIOCGETIF: 803 #endif 804 case BIOCGETIF: 805 if (d->bd_bif == 0) 806 error = EINVAL; 807 else 808 bpf_ifname(d->bd_bif->bif_ifp, addr); 809 break; 810 811 /* 812 * Set interface. 813 */ 814 #ifdef OBIOCSETIF 815 case OBIOCSETIF: 816 #endif 817 case BIOCSETIF: 818 error = bpf_setif(d, addr); 819 break; 820 821 /* 822 * Set read timeout. 823 */ 824 case BIOCSRTIMEOUT: 825 { 826 struct timeval *tv = addr; 827 828 /* Compute number of ticks. */ 829 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 830 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 831 d->bd_rtout = 1; 832 break; 833 } 834 835 /* 836 * Get read timeout. 837 */ 838 case BIOCGRTIMEOUT: 839 { 840 struct timeval *tv = addr; 841 842 tv->tv_sec = d->bd_rtout / hz; 843 tv->tv_usec = (d->bd_rtout % hz) * tick; 844 break; 845 } 846 847 /* 848 * Get packet stats. 849 */ 850 case BIOCGSTATS: 851 { 852 struct bpf_stat *bs = addr; 853 854 bs->bs_recv = d->bd_rcount; 855 bs->bs_drop = d->bd_dcount; 856 bs->bs_capt = d->bd_ccount; 857 break; 858 } 859 860 case BIOCGSTATSOLD: 861 { 862 struct bpf_stat_old *bs = addr; 863 864 bs->bs_recv = d->bd_rcount; 865 bs->bs_drop = d->bd_dcount; 866 break; 867 } 868 869 /* 870 * Set immediate mode. 871 */ 872 case BIOCIMMEDIATE: 873 d->bd_immediate = *(u_int *)addr; 874 break; 875 876 case BIOCVERSION: 877 { 878 struct bpf_version *bv = addr; 879 880 bv->bv_major = BPF_MAJOR_VERSION; 881 bv->bv_minor = BPF_MINOR_VERSION; 882 break; 883 } 884 885 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 886 *(u_int *)addr = d->bd_hdrcmplt; 887 break; 888 889 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 890 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 891 break; 892 893 /* 894 * Get "see sent packets" flag 895 */ 896 case BIOCGSEESENT: 897 *(u_int *)addr = d->bd_seesent; 898 break; 899 900 /* 901 * Set "see sent" packets flag 902 */ 903 case BIOCSSEESENT: 904 d->bd_seesent = *(u_int *)addr; 905 break; 906 907 case FIONBIO: /* Non-blocking I/O */ 908 /* 909 * No need to do anything special as we use IO_NDELAY in 910 * bpfread() as an indication of whether or not to block 911 * the read. 912 */ 913 break; 914 915 case FIOASYNC: /* Send signal on receive packets */ 916 d->bd_async = *(int *)addr; 917 break; 918 919 case TIOCSPGRP: /* Process or group to send signals to */ 920 case FIOSETOWN: 921 error = fsetown(l->l_proc, &d->bd_pgid, cmd, addr); 922 break; 923 924 case TIOCGPGRP: 925 case FIOGETOWN: 926 error = fgetown(l->l_proc, d->bd_pgid, cmd, addr); 927 break; 928 } 929 return (error); 930 } 931 932 /* 933 * Set d's packet filter program to fp. If this file already has a filter, 934 * free it and replace it. Returns EINVAL for bogus requests. 935 */ 936 int 937 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 938 { 939 struct bpf_insn *fcode, *old; 940 u_int flen, size; 941 int s; 942 943 old = d->bd_filter; 944 if (fp->bf_insns == 0) { 945 if (fp->bf_len != 0) 946 return (EINVAL); 947 s = splnet(); 948 d->bd_filter = 0; 949 reset_d(d); 950 splx(s); 951 if (old != 0) 952 free(old, M_DEVBUF); 953 return (0); 954 } 955 flen = fp->bf_len; 956 if (flen > BPF_MAXINSNS) 957 return (EINVAL); 958 959 size = flen * sizeof(*fp->bf_insns); 960 fcode = malloc(size, M_DEVBUF, M_WAITOK); 961 if (copyin(fp->bf_insns, fcode, size) == 0 && 962 bpf_validate(fcode, (int)flen)) { 963 s = splnet(); 964 d->bd_filter = fcode; 965 reset_d(d); 966 splx(s); 967 if (old != 0) 968 free(old, M_DEVBUF); 969 970 return (0); 971 } 972 free(fcode, M_DEVBUF); 973 return (EINVAL); 974 } 975 976 /* 977 * Detach a file from its current interface (if attached at all) and attach 978 * to the interface indicated by the name stored in ifr. 979 * Return an errno or 0. 980 */ 981 static int 982 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 983 { 984 struct bpf_if *bp; 985 char *cp; 986 int unit_seen, i, s, error; 987 988 /* 989 * Make sure the provided name has a unit number, and default 990 * it to '0' if not specified. 991 * XXX This is ugly ... do this differently? 992 */ 993 unit_seen = 0; 994 cp = ifr->ifr_name; 995 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 996 while (*cp++) 997 if (*cp >= '0' && *cp <= '9') 998 unit_seen = 1; 999 if (!unit_seen) { 1000 /* Make sure to leave room for the '\0'. */ 1001 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1002 if ((ifr->ifr_name[i] >= 'a' && 1003 ifr->ifr_name[i] <= 'z') || 1004 (ifr->ifr_name[i] >= 'A' && 1005 ifr->ifr_name[i] <= 'Z')) 1006 continue; 1007 ifr->ifr_name[i] = '0'; 1008 } 1009 } 1010 1011 /* 1012 * Look through attached interfaces for the named one. 1013 */ 1014 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1015 struct ifnet *ifp = bp->bif_ifp; 1016 1017 if (ifp == 0 || 1018 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1019 continue; 1020 /* skip additional entry */ 1021 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1022 continue; 1023 /* 1024 * We found the requested interface. 1025 * Allocate the packet buffers if we need to. 1026 * If we're already attached to requested interface, 1027 * just flush the buffer. 1028 */ 1029 if (d->bd_sbuf == 0) { 1030 error = bpf_allocbufs(d); 1031 if (error != 0) 1032 return (error); 1033 } 1034 s = splnet(); 1035 if (bp != d->bd_bif) { 1036 if (d->bd_bif) 1037 /* 1038 * Detach if attached to something else. 1039 */ 1040 bpf_detachd(d); 1041 1042 bpf_attachd(d, bp); 1043 } 1044 reset_d(d); 1045 splx(s); 1046 return (0); 1047 } 1048 /* Not found. */ 1049 return (ENXIO); 1050 } 1051 1052 /* 1053 * Copy the interface name to the ifreq. 1054 */ 1055 static void 1056 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1057 { 1058 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1059 } 1060 1061 /* 1062 * Support for poll() system call 1063 * 1064 * Return true iff the specific operation will not block indefinitely - with 1065 * the assumption that it is safe to positively acknowledge a request for the 1066 * ability to write to the BPF device. 1067 * Otherwise, return false but make a note that a selwakeup() must be done. 1068 */ 1069 static int 1070 bpf_poll(struct file *fp, int events, struct lwp *l) 1071 { 1072 struct bpf_d *d = fp->f_data; 1073 int s = splnet(); 1074 int revents; 1075 1076 /* 1077 * Refresh the PID associated with this bpf file. 1078 */ 1079 d->bd_pid = l->l_proc->p_pid; 1080 1081 revents = events & (POLLOUT | POLLWRNORM); 1082 if (events & (POLLIN | POLLRDNORM)) { 1083 /* 1084 * An imitation of the FIONREAD ioctl code. 1085 */ 1086 if ((d->bd_hlen != 0) || 1087 (d->bd_immediate && d->bd_slen != 0)) { 1088 revents |= events & (POLLIN | POLLRDNORM); 1089 } else if (d->bd_state == BPF_TIMED_OUT) { 1090 if (d->bd_slen != 0) 1091 revents |= events & (POLLIN | POLLRDNORM); 1092 else 1093 revents |= events & POLLIN; 1094 } else { 1095 selrecord(l, &d->bd_sel); 1096 /* Start the read timeout if necessary */ 1097 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1098 callout_reset(&d->bd_callout, d->bd_rtout, 1099 bpf_timed_out, d); 1100 d->bd_state = BPF_WAITING; 1101 } 1102 } 1103 } 1104 1105 splx(s); 1106 return (revents); 1107 } 1108 1109 static void 1110 filt_bpfrdetach(struct knote *kn) 1111 { 1112 struct bpf_d *d = kn->kn_hook; 1113 int s; 1114 1115 s = splnet(); 1116 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1117 splx(s); 1118 } 1119 1120 static int 1121 filt_bpfread(struct knote *kn, long hint) 1122 { 1123 struct bpf_d *d = kn->kn_hook; 1124 1125 kn->kn_data = d->bd_hlen; 1126 if (d->bd_immediate) 1127 kn->kn_data += d->bd_slen; 1128 return (kn->kn_data > 0); 1129 } 1130 1131 static const struct filterops bpfread_filtops = 1132 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1133 1134 static int 1135 bpf_kqfilter(struct file *fp, struct knote *kn) 1136 { 1137 struct bpf_d *d = fp->f_data; 1138 struct klist *klist; 1139 int s; 1140 1141 switch (kn->kn_filter) { 1142 case EVFILT_READ: 1143 klist = &d->bd_sel.sel_klist; 1144 kn->kn_fop = &bpfread_filtops; 1145 break; 1146 1147 default: 1148 return (EINVAL); 1149 } 1150 1151 kn->kn_hook = d; 1152 1153 s = splnet(); 1154 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1155 splx(s); 1156 1157 return (0); 1158 } 1159 1160 /* 1161 * Incoming linkage from device drivers. Process the packet pkt, of length 1162 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1163 * by each process' filter, and if accepted, stashed into the corresponding 1164 * buffer. 1165 */ 1166 void 1167 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1168 { 1169 struct bpf_if *bp; 1170 struct bpf_d *d; 1171 u_int slen; 1172 struct timeval tv; 1173 int gottime=0; 1174 1175 /* 1176 * Note that the ipl does not have to be raised at this point. 1177 * The only problem that could arise here is that if two different 1178 * interfaces shared any data. This is not the case. 1179 */ 1180 bp = arg; 1181 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1182 ++d->bd_rcount; 1183 ++bpf_gstats.bs_recv; 1184 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1185 if (slen != 0) { 1186 if (!gottime) { 1187 microtime(&tv); 1188 gottime = 1; 1189 } 1190 catchpacket(d, pkt, pktlen, slen, memcpy, &tv); 1191 } 1192 } 1193 } 1194 1195 /* 1196 * Copy data from an mbuf chain into a buffer. This code is derived 1197 * from m_copydata in sys/uipc_mbuf.c. 1198 */ 1199 static void * 1200 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1201 { 1202 const struct mbuf *m; 1203 u_int count; 1204 u_char *dst; 1205 1206 m = src_arg; 1207 dst = dst_arg; 1208 while (len > 0) { 1209 if (m == 0) 1210 panic("bpf_mcpy"); 1211 count = min(m->m_len, len); 1212 memcpy(dst, mtod(m, void *), count); 1213 m = m->m_next; 1214 dst += count; 1215 len -= count; 1216 } 1217 return (dst_arg); 1218 } 1219 1220 /* 1221 * Dispatch a packet to all the listeners on interface bp. 1222 * 1223 * marg pointer to the packet, either a data buffer or an mbuf chain 1224 * buflen buffer length, if marg is a data buffer 1225 * cpfn a function that can copy marg into the listener's buffer 1226 * pktlen length of the packet 1227 * rcvif either NULL or the interface the packet came in on. 1228 */ 1229 static inline void 1230 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1231 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1232 { 1233 u_int slen; 1234 struct bpf_d *d; 1235 struct timeval tv; 1236 int gottime = 0; 1237 1238 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1239 if (!d->bd_seesent && (rcvif == NULL)) 1240 continue; 1241 ++d->bd_rcount; 1242 ++bpf_gstats.bs_recv; 1243 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1244 if (slen != 0) { 1245 if(!gottime) { 1246 microtime(&tv); 1247 gottime = 1; 1248 } 1249 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1250 } 1251 } 1252 } 1253 1254 /* 1255 * Incoming linkage from device drivers, when the head of the packet is in 1256 * a buffer, and the tail is in an mbuf chain. 1257 */ 1258 void 1259 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1260 { 1261 struct bpf_if *bp = arg; 1262 u_int pktlen; 1263 struct mbuf mb; 1264 1265 pktlen = m_length(m) + dlen; 1266 1267 /* 1268 * Craft on-stack mbuf suitable for passing to bpf_filter. 1269 * Note that we cut corners here; we only setup what's 1270 * absolutely needed--this mbuf should never go anywhere else. 1271 */ 1272 (void)memset(&mb, 0, sizeof(mb)); 1273 mb.m_next = m; 1274 mb.m_data = data; 1275 mb.m_len = dlen; 1276 1277 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1278 } 1279 1280 /* 1281 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1282 */ 1283 void 1284 bpf_mtap(void *arg, struct mbuf *m) 1285 { 1286 void *(*cpfn)(void *, const void *, size_t); 1287 struct bpf_if *bp = arg; 1288 u_int pktlen, buflen; 1289 void *marg; 1290 1291 pktlen = m_length(m); 1292 1293 if (pktlen == m->m_len) { 1294 cpfn = memcpy; 1295 marg = mtod(m, void *); 1296 buflen = pktlen; 1297 } else { 1298 cpfn = bpf_mcpy; 1299 marg = m; 1300 buflen = 0; 1301 } 1302 1303 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1304 } 1305 1306 /* 1307 * We need to prepend the address family as 1308 * a four byte field. Cons up a dummy header 1309 * to pacify bpf. This is safe because bpf 1310 * will only read from the mbuf (i.e., it won't 1311 * try to free it or keep a pointer a to it). 1312 */ 1313 void 1314 bpf_mtap_af(void *arg, u_int32_t af, struct mbuf *m) 1315 { 1316 struct mbuf m0; 1317 1318 m0.m_flags = 0; 1319 m0.m_next = m; 1320 m0.m_len = 4; 1321 m0.m_data = (char *)⁡ 1322 1323 bpf_mtap(arg, &m0); 1324 } 1325 1326 void 1327 bpf_mtap_et(void *arg, u_int16_t et, struct mbuf *m) 1328 { 1329 struct mbuf m0; 1330 1331 m0.m_flags = 0; 1332 m0.m_next = m; 1333 m0.m_len = 14; 1334 m0.m_data = m0.m_dat; 1335 1336 ((u_int32_t *)m0.m_data)[0] = 0; 1337 ((u_int32_t *)m0.m_data)[1] = 0; 1338 ((u_int32_t *)m0.m_data)[2] = 0; 1339 ((u_int16_t *)m0.m_data)[6] = et; 1340 1341 bpf_mtap(arg, &m0); 1342 } 1343 1344 #if NSL > 0 || NSTRIP > 0 1345 /* 1346 * Put the SLIP pseudo-"link header" in place. 1347 * Note this M_PREPEND() should never fail, 1348 * swince we know we always have enough space 1349 * in the input buffer. 1350 */ 1351 void 1352 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1353 { 1354 int s; 1355 u_char *hp; 1356 1357 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1358 if (*m == NULL) 1359 return; 1360 1361 hp = mtod(*m, u_char *); 1362 hp[SLX_DIR] = SLIPDIR_IN; 1363 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1364 1365 s = splnet(); 1366 bpf_mtap(arg, *m); 1367 splx(s); 1368 1369 m_adj(*m, SLIP_HDRLEN); 1370 } 1371 1372 /* 1373 * Put the SLIP pseudo-"link header" in 1374 * place. The compressed header is now 1375 * at the beginning of the mbuf. 1376 */ 1377 void 1378 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1379 { 1380 struct mbuf m0; 1381 u_char *hp; 1382 int s; 1383 1384 m0.m_flags = 0; 1385 m0.m_next = m; 1386 m0.m_data = m0.m_dat; 1387 m0.m_len = SLIP_HDRLEN; 1388 1389 hp = mtod(&m0, u_char *); 1390 1391 hp[SLX_DIR] = SLIPDIR_OUT; 1392 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1393 1394 s = splnet(); 1395 bpf_mtap(arg, &m0); 1396 splx(s); 1397 m_freem(m); 1398 } 1399 #endif 1400 1401 /* 1402 * Move the packet data from interface memory (pkt) into the 1403 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1404 * otherwise 0. "copy" is the routine called to do the actual data 1405 * transfer. memcpy is passed in to copy contiguous chunks, while 1406 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1407 * pkt is really an mbuf. 1408 */ 1409 static void 1410 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1411 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1412 { 1413 struct bpf_hdr *hp; 1414 int totlen, curlen; 1415 int hdrlen = d->bd_bif->bif_hdrlen; 1416 1417 ++d->bd_ccount; 1418 ++bpf_gstats.bs_capt; 1419 /* 1420 * Figure out how many bytes to move. If the packet is 1421 * greater or equal to the snapshot length, transfer that 1422 * much. Otherwise, transfer the whole packet (unless 1423 * we hit the buffer size limit). 1424 */ 1425 totlen = hdrlen + min(snaplen, pktlen); 1426 if (totlen > d->bd_bufsize) 1427 totlen = d->bd_bufsize; 1428 1429 /* 1430 * Round up the end of the previous packet to the next longword. 1431 */ 1432 curlen = BPF_WORDALIGN(d->bd_slen); 1433 if (curlen + totlen > d->bd_bufsize) { 1434 /* 1435 * This packet will overflow the storage buffer. 1436 * Rotate the buffers if we can, then wakeup any 1437 * pending reads. 1438 */ 1439 if (d->bd_fbuf == 0) { 1440 /* 1441 * We haven't completed the previous read yet, 1442 * so drop the packet. 1443 */ 1444 ++d->bd_dcount; 1445 ++bpf_gstats.bs_drop; 1446 return; 1447 } 1448 ROTATE_BUFFERS(d); 1449 bpf_wakeup(d); 1450 curlen = 0; 1451 } 1452 1453 /* 1454 * Append the bpf header. 1455 */ 1456 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1457 hp->bh_tstamp = *tv; 1458 hp->bh_datalen = pktlen; 1459 hp->bh_hdrlen = hdrlen; 1460 /* 1461 * Copy the packet data into the store buffer and update its length. 1462 */ 1463 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1464 d->bd_slen = curlen + totlen; 1465 1466 /* 1467 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1468 * will cause filt_bpfread() to be called with it adjusted. 1469 */ 1470 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1471 /* 1472 * Immediate mode is set, or the read timeout has 1473 * already expired during a select call. A packet 1474 * arrived, so the reader should be woken up. 1475 */ 1476 bpf_wakeup(d); 1477 } 1478 1479 /* 1480 * Initialize all nonzero fields of a descriptor. 1481 */ 1482 static int 1483 bpf_allocbufs(struct bpf_d *d) 1484 { 1485 1486 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1487 if (!d->bd_fbuf) 1488 return (ENOBUFS); 1489 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1490 if (!d->bd_sbuf) { 1491 free(d->bd_fbuf, M_DEVBUF); 1492 return (ENOBUFS); 1493 } 1494 d->bd_slen = 0; 1495 d->bd_hlen = 0; 1496 return (0); 1497 } 1498 1499 /* 1500 * Free buffers currently in use by a descriptor. 1501 * Called on close. 1502 */ 1503 static void 1504 bpf_freed(struct bpf_d *d) 1505 { 1506 /* 1507 * We don't need to lock out interrupts since this descriptor has 1508 * been detached from its interface and it yet hasn't been marked 1509 * free. 1510 */ 1511 if (d->bd_sbuf != 0) { 1512 free(d->bd_sbuf, M_DEVBUF); 1513 if (d->bd_hbuf != 0) 1514 free(d->bd_hbuf, M_DEVBUF); 1515 if (d->bd_fbuf != 0) 1516 free(d->bd_fbuf, M_DEVBUF); 1517 } 1518 if (d->bd_filter) 1519 free(d->bd_filter, M_DEVBUF); 1520 } 1521 1522 /* 1523 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1524 * fixed size of the link header (variable length headers not yet supported). 1525 */ 1526 void 1527 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1528 { 1529 1530 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1531 } 1532 1533 /* 1534 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1535 * hdrlen is the fixed size of the link header for the specified dlt 1536 * (variable length headers not yet supported). 1537 */ 1538 void 1539 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1540 { 1541 struct bpf_if *bp; 1542 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1543 if (bp == 0) 1544 panic("bpfattach"); 1545 1546 bp->bif_dlist = 0; 1547 bp->bif_driverp = driverp; 1548 bp->bif_ifp = ifp; 1549 bp->bif_dlt = dlt; 1550 1551 bp->bif_next = bpf_iflist; 1552 bpf_iflist = bp; 1553 1554 *bp->bif_driverp = 0; 1555 1556 /* 1557 * Compute the length of the bpf header. This is not necessarily 1558 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1559 * that the network layer header begins on a longword boundary (for 1560 * performance reasons and to alleviate alignment restrictions). 1561 */ 1562 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1563 1564 #if 0 1565 printf("bpf: %s attached\n", ifp->if_xname); 1566 #endif 1567 } 1568 1569 /* 1570 * Remove an interface from bpf. 1571 */ 1572 void 1573 bpfdetach(struct ifnet *ifp) 1574 { 1575 struct bpf_if *bp, **pbp; 1576 struct bpf_d *d; 1577 int s; 1578 1579 /* Nuke the vnodes for any open instances */ 1580 for (d = LIST_FIRST(&bpf_list); d != NULL; d = LIST_NEXT(d, bd_list)) { 1581 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1582 /* 1583 * Detach the descriptor from an interface now. 1584 * It will be free'ed later by close routine. 1585 */ 1586 s = splnet(); 1587 d->bd_promisc = 0; /* we can't touch device. */ 1588 bpf_detachd(d); 1589 splx(s); 1590 } 1591 } 1592 1593 again: 1594 for (bp = bpf_iflist, pbp = &bpf_iflist; 1595 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1596 if (bp->bif_ifp == ifp) { 1597 *pbp = bp->bif_next; 1598 free(bp, M_DEVBUF); 1599 goto again; 1600 } 1601 } 1602 } 1603 1604 /* 1605 * Change the data link type of a interface. 1606 */ 1607 void 1608 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1609 { 1610 struct bpf_if *bp; 1611 1612 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1613 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1614 break; 1615 } 1616 if (bp == NULL) 1617 panic("bpf_change_type"); 1618 1619 bp->bif_dlt = dlt; 1620 1621 /* 1622 * Compute the length of the bpf header. This is not necessarily 1623 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1624 * that the network layer header begins on a longword boundary (for 1625 * performance reasons and to alleviate alignment restrictions). 1626 */ 1627 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1628 } 1629 1630 /* 1631 * Get a list of available data link type of the interface. 1632 */ 1633 static int 1634 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1635 { 1636 int n, error; 1637 struct ifnet *ifp; 1638 struct bpf_if *bp; 1639 1640 ifp = d->bd_bif->bif_ifp; 1641 n = 0; 1642 error = 0; 1643 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1644 if (bp->bif_ifp != ifp) 1645 continue; 1646 if (bfl->bfl_list != NULL) { 1647 if (n >= bfl->bfl_len) 1648 return ENOMEM; 1649 error = copyout(&bp->bif_dlt, 1650 bfl->bfl_list + n, sizeof(u_int)); 1651 } 1652 n++; 1653 } 1654 bfl->bfl_len = n; 1655 return error; 1656 } 1657 1658 /* 1659 * Set the data link type of a BPF instance. 1660 */ 1661 static int 1662 bpf_setdlt(struct bpf_d *d, u_int dlt) 1663 { 1664 int s, error, opromisc; 1665 struct ifnet *ifp; 1666 struct bpf_if *bp; 1667 1668 if (d->bd_bif->bif_dlt == dlt) 1669 return 0; 1670 ifp = d->bd_bif->bif_ifp; 1671 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1672 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1673 break; 1674 } 1675 if (bp == NULL) 1676 return EINVAL; 1677 s = splnet(); 1678 opromisc = d->bd_promisc; 1679 bpf_detachd(d); 1680 bpf_attachd(d, bp); 1681 reset_d(d); 1682 if (opromisc) { 1683 error = ifpromisc(bp->bif_ifp, 1); 1684 if (error) 1685 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1686 bp->bif_ifp->if_xname, error); 1687 else 1688 d->bd_promisc = 1; 1689 } 1690 splx(s); 1691 return 0; 1692 } 1693 1694 static int 1695 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1696 { 1697 int newsize, error; 1698 struct sysctlnode node; 1699 1700 node = *rnode; 1701 node.sysctl_data = &newsize; 1702 newsize = bpf_maxbufsize; 1703 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1704 if (error || newp == NULL) 1705 return (error); 1706 1707 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1708 return (EINVAL); 1709 1710 bpf_maxbufsize = newsize; 1711 1712 return (0); 1713 } 1714 1715 static int 1716 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1717 { 1718 int error, elem_count; 1719 struct bpf_d *dp; 1720 struct bpf_d_ext dpe; 1721 size_t len, needed, elem_size, out_size; 1722 char *sp; 1723 1724 if (namelen == 1 && name[0] == CTL_QUERY) 1725 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1726 1727 if (namelen != 2) 1728 return (EINVAL); 1729 1730 /* BPF peers is privileged information. */ 1731 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1732 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1733 if (error) 1734 return (EPERM); 1735 1736 len = (oldp != NULL) ? *oldlenp : 0; 1737 sp = oldp; 1738 elem_size = name[0]; 1739 elem_count = name[1]; 1740 out_size = MIN(sizeof(dpe), elem_size); 1741 needed = 0; 1742 1743 if (elem_size < 1 || elem_count < 0) 1744 return (EINVAL); 1745 1746 mutex_enter(&bpf_mtx); 1747 LIST_FOREACH(dp, &bpf_list, bd_list) { 1748 if (len >= elem_size && elem_count > 0) { 1749 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1750 BPF_EXT(bufsize); 1751 BPF_EXT(promisc); 1752 BPF_EXT(promisc); 1753 BPF_EXT(state); 1754 BPF_EXT(immediate); 1755 BPF_EXT(hdrcmplt); 1756 BPF_EXT(seesent); 1757 BPF_EXT(pid); 1758 BPF_EXT(rcount); 1759 BPF_EXT(dcount); 1760 BPF_EXT(ccount); 1761 #undef BPF_EXT 1762 if (dp->bd_bif) 1763 (void)strlcpy(dpe.bde_ifname, 1764 dp->bd_bif->bif_ifp->if_xname, 1765 IFNAMSIZ - 1); 1766 else 1767 dpe.bde_ifname[0] = '\0'; 1768 1769 error = copyout(&dpe, sp, out_size); 1770 if (error) 1771 break; 1772 sp += elem_size; 1773 len -= elem_size; 1774 } 1775 if (elem_count > 0) { 1776 needed += elem_size; 1777 if (elem_count != INT_MAX) 1778 elem_count--; 1779 } 1780 } 1781 mutex_exit(&bpf_mtx); 1782 1783 *oldlenp = needed; 1784 1785 return (error); 1786 } 1787 1788 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1789 { 1790 const struct sysctlnode *node; 1791 1792 sysctl_createv(clog, 0, NULL, NULL, 1793 CTLFLAG_PERMANENT, 1794 CTLTYPE_NODE, "net", NULL, 1795 NULL, 0, NULL, 0, 1796 CTL_NET, CTL_EOL); 1797 1798 node = NULL; 1799 sysctl_createv(clog, 0, NULL, &node, 1800 CTLFLAG_PERMANENT, 1801 CTLTYPE_NODE, "bpf", 1802 SYSCTL_DESCR("BPF options"), 1803 NULL, 0, NULL, 0, 1804 CTL_NET, CTL_CREATE, CTL_EOL); 1805 if (node != NULL) { 1806 sysctl_createv(clog, 0, NULL, NULL, 1807 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1808 CTLTYPE_INT, "maxbufsize", 1809 SYSCTL_DESCR("Maximum size for data capture buffer"), 1810 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1811 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1812 sysctl_createv(clog, 0, NULL, NULL, 1813 CTLFLAG_PERMANENT, 1814 CTLTYPE_STRUCT, "stats", 1815 SYSCTL_DESCR("BPF stats"), 1816 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1817 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1818 sysctl_createv(clog, 0, NULL, NULL, 1819 CTLFLAG_PERMANENT, 1820 CTLTYPE_STRUCT, "peers", 1821 SYSCTL_DESCR("BPF peers"), 1822 sysctl_net_bpf_peers, 0, NULL, 0, 1823 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1824 } 1825 1826 } 1827