1 /* $NetBSD: bpf.c,v 1.125 2006/11/16 01:33:40 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.125 2006/11/16 01:33:40 christos Exp $"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/mbuf.h> 47 #include <sys/buf.h> 48 #include <sys/time.h> 49 #include <sys/proc.h> 50 #include <sys/user.h> 51 #include <sys/ioctl.h> 52 #include <sys/conf.h> 53 #include <sys/vnode.h> 54 #include <sys/queue.h> 55 56 #include <sys/file.h> 57 #include <sys/filedesc.h> 58 #include <sys/tty.h> 59 #include <sys/uio.h> 60 61 #include <sys/protosw.h> 62 #include <sys/socket.h> 63 #include <sys/errno.h> 64 #include <sys/kernel.h> 65 #include <sys/poll.h> 66 #include <sys/sysctl.h> 67 #include <sys/kauth.h> 68 69 #include <net/if.h> 70 #include <net/slip.h> 71 72 #include <net/bpf.h> 73 #include <net/bpfdesc.h> 74 75 #include <net/if_arc.h> 76 #include <net/if_ether.h> 77 78 #include <netinet/in.h> 79 #include <netinet/if_inarp.h> 80 81 #if defined(_KERNEL_OPT) 82 #include "opt_bpf.h" 83 #include "sl.h" 84 #include "strip.h" 85 #endif 86 87 #ifndef BPF_BUFSIZE 88 /* 89 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 90 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 91 */ 92 # define BPF_BUFSIZE 32768 93 #endif 94 95 #define PRINET 26 /* interruptible */ 96 97 /* 98 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 99 * XXX the default values should be computed dynamically based 100 * on available memory size and available mbuf clusters. 101 */ 102 int bpf_bufsize = BPF_BUFSIZE; 103 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 104 105 106 /* 107 * Global BPF statistics returned by net.bpf.stats sysctl. 108 */ 109 struct bpf_stat bpf_gstats; 110 111 /* 112 * Use a mutex to avoid a race condition between gathering the stats/peers 113 * and opening/closing the device. 114 */ 115 struct simplelock bpf_slock; 116 117 /* 118 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 119 * bpf_dtab holds the descriptors, indexed by minor device # 120 */ 121 struct bpf_if *bpf_iflist; 122 LIST_HEAD(, bpf_d) bpf_list; 123 124 static int bpf_allocbufs(struct bpf_d *); 125 static void bpf_deliver(struct bpf_if *, 126 void *(*cpfn)(void *, const void *, size_t), 127 void *, u_int, u_int, struct ifnet *); 128 static void bpf_freed(struct bpf_d *); 129 static void bpf_ifname(struct ifnet *, struct ifreq *); 130 static void *bpf_mcpy(void *, const void *, size_t); 131 static int bpf_movein(struct uio *, int, int, 132 struct mbuf **, struct sockaddr *); 133 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 134 static void bpf_detachd(struct bpf_d *); 135 static int bpf_setif(struct bpf_d *, struct ifreq *); 136 static void bpf_timed_out(void *); 137 static inline void 138 bpf_wakeup(struct bpf_d *); 139 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 140 void *(*)(void *, const void *, size_t), 141 struct timeval*); 142 static void reset_d(struct bpf_d *); 143 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 144 static int bpf_setdlt(struct bpf_d *, u_int); 145 146 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 147 int); 148 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_ioctl(struct file *, u_long, void *, struct lwp *); 151 static int bpf_poll(struct file *, int, struct lwp *); 152 static int bpf_close(struct file *, struct lwp *); 153 static int bpf_kqfilter(struct file *, struct knote *); 154 155 static const struct fileops bpf_fileops = { 156 bpf_read, 157 bpf_write, 158 bpf_ioctl, 159 fnullop_fcntl, 160 bpf_poll, 161 fbadop_stat, 162 bpf_close, 163 bpf_kqfilter, 164 }; 165 166 dev_type_open(bpfopen); 167 168 const struct cdevsw bpf_cdevsw = { 169 bpfopen, noclose, noread, nowrite, noioctl, 170 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 171 }; 172 173 static int 174 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 175 struct sockaddr *sockp) 176 { 177 struct mbuf *m; 178 int error; 179 int len; 180 int hlen; 181 int align; 182 183 /* 184 * Build a sockaddr based on the data link layer type. 185 * We do this at this level because the ethernet header 186 * is copied directly into the data field of the sockaddr. 187 * In the case of SLIP, there is no header and the packet 188 * is forwarded as is. 189 * Also, we are careful to leave room at the front of the mbuf 190 * for the link level header. 191 */ 192 switch (linktype) { 193 194 case DLT_SLIP: 195 sockp->sa_family = AF_INET; 196 hlen = 0; 197 align = 0; 198 break; 199 200 case DLT_PPP: 201 sockp->sa_family = AF_UNSPEC; 202 hlen = 0; 203 align = 0; 204 break; 205 206 case DLT_EN10MB: 207 sockp->sa_family = AF_UNSPEC; 208 /* XXX Would MAXLINKHDR be better? */ 209 /* 6(dst)+6(src)+2(type) */ 210 hlen = sizeof(struct ether_header); 211 align = 2; 212 break; 213 214 case DLT_ARCNET: 215 sockp->sa_family = AF_UNSPEC; 216 hlen = ARC_HDRLEN; 217 align = 5; 218 break; 219 220 case DLT_FDDI: 221 sockp->sa_family = AF_LINK; 222 /* XXX 4(FORMAC)+6(dst)+6(src) */ 223 hlen = 16; 224 align = 0; 225 break; 226 227 case DLT_ECONET: 228 sockp->sa_family = AF_UNSPEC; 229 hlen = 6; 230 align = 2; 231 break; 232 233 case DLT_NULL: 234 sockp->sa_family = AF_UNSPEC; 235 hlen = 0; 236 align = 0; 237 break; 238 239 default: 240 return (EIO); 241 } 242 243 len = uio->uio_resid; 244 /* 245 * If there aren't enough bytes for a link level header or the 246 * packet length exceeds the interface mtu, return an error. 247 */ 248 if (len < hlen || len - hlen > mtu) 249 return (EMSGSIZE); 250 251 /* 252 * XXX Avoid complicated buffer chaining --- 253 * bail if it won't fit in a single mbuf. 254 * (Take into account possible alignment bytes) 255 */ 256 if ((unsigned)len > MCLBYTES - align) 257 return (EIO); 258 259 m = m_gethdr(M_WAIT, MT_DATA); 260 m->m_pkthdr.rcvif = 0; 261 m->m_pkthdr.len = len - hlen; 262 if (len > MHLEN - align) { 263 m_clget(m, M_WAIT); 264 if ((m->m_flags & M_EXT) == 0) { 265 error = ENOBUFS; 266 goto bad; 267 } 268 } 269 270 /* Insure the data is properly aligned */ 271 if (align > 0) { 272 m->m_data += align; 273 m->m_len -= align; 274 } 275 276 error = uiomove(mtod(m, void *), len, uio); 277 if (error) 278 goto bad; 279 if (hlen != 0) { 280 memcpy(sockp->sa_data, mtod(m, void *), hlen); 281 m->m_data += hlen; /* XXX */ 282 len -= hlen; 283 } 284 m->m_len = len; 285 *mp = m; 286 return (0); 287 288 bad: 289 m_freem(m); 290 return (error); 291 } 292 293 /* 294 * Attach file to the bpf interface, i.e. make d listen on bp. 295 * Must be called at splnet. 296 */ 297 static void 298 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 299 { 300 /* 301 * Point d at bp, and add d to the interface's list of listeners. 302 * Finally, point the driver's bpf cookie at the interface so 303 * it will divert packets to bpf. 304 */ 305 d->bd_bif = bp; 306 d->bd_next = bp->bif_dlist; 307 bp->bif_dlist = d; 308 309 *bp->bif_driverp = bp; 310 } 311 312 /* 313 * Detach a file from its interface. 314 */ 315 static void 316 bpf_detachd(struct bpf_d *d) 317 { 318 struct bpf_d **p; 319 struct bpf_if *bp; 320 321 bp = d->bd_bif; 322 /* 323 * Check if this descriptor had requested promiscuous mode. 324 * If so, turn it off. 325 */ 326 if (d->bd_promisc) { 327 int error; 328 329 d->bd_promisc = 0; 330 /* 331 * Take device out of promiscuous mode. Since we were 332 * able to enter promiscuous mode, we should be able 333 * to turn it off. But we can get an error if 334 * the interface was configured down, so only panic 335 * if we don't get an unexpected error. 336 */ 337 error = ifpromisc(bp->bif_ifp, 0); 338 if (error && error != EINVAL) 339 panic("bpf: ifpromisc failed"); 340 } 341 /* Remove d from the interface's descriptor list. */ 342 p = &bp->bif_dlist; 343 while (*p != d) { 344 p = &(*p)->bd_next; 345 if (*p == 0) 346 panic("bpf_detachd: descriptor not in list"); 347 } 348 *p = (*p)->bd_next; 349 if (bp->bif_dlist == 0) 350 /* 351 * Let the driver know that there are no more listeners. 352 */ 353 *d->bd_bif->bif_driverp = 0; 354 d->bd_bif = 0; 355 } 356 357 358 /* 359 * Mark a descriptor free by making it point to itself. 360 * This is probably cheaper than marking with a constant since 361 * the address should be in a register anyway. 362 */ 363 364 /* 365 * bpfilterattach() is called at boot time. 366 */ 367 /* ARGSUSED */ 368 void 369 bpfilterattach(int n) 370 { 371 simple_lock_init(&bpf_slock); 372 373 simple_lock(&bpf_slock); 374 LIST_INIT(&bpf_list); 375 simple_unlock(&bpf_slock); 376 377 bpf_gstats.bs_recv = 0; 378 bpf_gstats.bs_drop = 0; 379 bpf_gstats.bs_capt = 0; 380 } 381 382 /* 383 * Open ethernet device. Clones. 384 */ 385 /* ARGSUSED */ 386 int 387 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 388 { 389 struct bpf_d *d; 390 struct file *fp; 391 int error, fd; 392 393 /* falloc() will use the descriptor for us. */ 394 if ((error = falloc(l, &fp, &fd)) != 0) 395 return error; 396 397 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 398 (void)memset(d, 0, sizeof(*d)); 399 d->bd_bufsize = bpf_bufsize; 400 d->bd_seesent = 1; 401 d->bd_pid = l->l_proc->p_pid; 402 callout_init(&d->bd_callout); 403 404 simple_lock(&bpf_slock); 405 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 406 simple_unlock(&bpf_slock); 407 408 return fdclone(l, fp, fd, flag, &bpf_fileops, d); 409 } 410 411 /* 412 * Close the descriptor by detaching it from its interface, 413 * deallocating its buffers, and marking it free. 414 */ 415 /* ARGSUSED */ 416 static int 417 bpf_close(struct file *fp, struct lwp *l) 418 { 419 struct bpf_d *d = fp->f_data; 420 int s; 421 422 /* 423 * Refresh the PID associated with this bpf file. 424 */ 425 d->bd_pid = l->l_proc->p_pid; 426 427 s = splnet(); 428 if (d->bd_state == BPF_WAITING) 429 callout_stop(&d->bd_callout); 430 d->bd_state = BPF_IDLE; 431 if (d->bd_bif) 432 bpf_detachd(d); 433 splx(s); 434 bpf_freed(d); 435 simple_lock(&bpf_slock); 436 LIST_REMOVE(d, bd_list); 437 simple_unlock(&bpf_slock); 438 free(d, M_DEVBUF); 439 fp->f_data = NULL; 440 441 return (0); 442 } 443 444 /* 445 * Rotate the packet buffers in descriptor d. Move the store buffer 446 * into the hold slot, and the free buffer into the store slot. 447 * Zero the length of the new store buffer. 448 */ 449 #define ROTATE_BUFFERS(d) \ 450 (d)->bd_hbuf = (d)->bd_sbuf; \ 451 (d)->bd_hlen = (d)->bd_slen; \ 452 (d)->bd_sbuf = (d)->bd_fbuf; \ 453 (d)->bd_slen = 0; \ 454 (d)->bd_fbuf = 0; 455 /* 456 * bpfread - read next chunk of packets from buffers 457 */ 458 static int 459 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 460 kauth_cred_t cred, int flags) 461 { 462 struct bpf_d *d = fp->f_data; 463 int timed_out; 464 int error; 465 int s; 466 467 /* 468 * Restrict application to use a buffer the same size as 469 * the kernel buffers. 470 */ 471 if (uio->uio_resid != d->bd_bufsize) 472 return (EINVAL); 473 474 s = splnet(); 475 if (d->bd_state == BPF_WAITING) 476 callout_stop(&d->bd_callout); 477 timed_out = (d->bd_state == BPF_TIMED_OUT); 478 d->bd_state = BPF_IDLE; 479 /* 480 * If the hold buffer is empty, then do a timed sleep, which 481 * ends when the timeout expires or when enough packets 482 * have arrived to fill the store buffer. 483 */ 484 while (d->bd_hbuf == 0) { 485 if (fp->f_flag & FNONBLOCK) { 486 if (d->bd_slen == 0) { 487 splx(s); 488 return (EWOULDBLOCK); 489 } 490 ROTATE_BUFFERS(d); 491 break; 492 } 493 494 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 495 /* 496 * A packet(s) either arrived since the previous 497 * read or arrived while we were asleep. 498 * Rotate the buffers and return what's here. 499 */ 500 ROTATE_BUFFERS(d); 501 break; 502 } 503 error = tsleep(d, PRINET|PCATCH, "bpf", 504 d->bd_rtout); 505 if (error == EINTR || error == ERESTART) { 506 splx(s); 507 return (error); 508 } 509 if (error == EWOULDBLOCK) { 510 /* 511 * On a timeout, return what's in the buffer, 512 * which may be nothing. If there is something 513 * in the store buffer, we can rotate the buffers. 514 */ 515 if (d->bd_hbuf) 516 /* 517 * We filled up the buffer in between 518 * getting the timeout and arriving 519 * here, so we don't need to rotate. 520 */ 521 break; 522 523 if (d->bd_slen == 0) { 524 splx(s); 525 return (0); 526 } 527 ROTATE_BUFFERS(d); 528 break; 529 } 530 if (error != 0) 531 goto done; 532 } 533 /* 534 * At this point, we know we have something in the hold slot. 535 */ 536 splx(s); 537 538 /* 539 * Move data from hold buffer into user space. 540 * We know the entire buffer is transferred since 541 * we checked above that the read buffer is bpf_bufsize bytes. 542 */ 543 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 544 545 s = splnet(); 546 d->bd_fbuf = d->bd_hbuf; 547 d->bd_hbuf = 0; 548 d->bd_hlen = 0; 549 done: 550 splx(s); 551 return (error); 552 } 553 554 555 /* 556 * If there are processes sleeping on this descriptor, wake them up. 557 */ 558 static inline void 559 bpf_wakeup(struct bpf_d *d) 560 { 561 wakeup(d); 562 if (d->bd_async) 563 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 564 565 selnotify(&d->bd_sel, 0); 566 /* XXX */ 567 d->bd_sel.sel_pid = 0; 568 } 569 570 571 static void 572 bpf_timed_out(void *arg) 573 { 574 struct bpf_d *d = arg; 575 int s; 576 577 s = splnet(); 578 if (d->bd_state == BPF_WAITING) { 579 d->bd_state = BPF_TIMED_OUT; 580 if (d->bd_slen != 0) 581 bpf_wakeup(d); 582 } 583 splx(s); 584 } 585 586 587 static int 588 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 589 kauth_cred_t cred, int flags) 590 { 591 struct bpf_d *d = fp->f_data; 592 struct ifnet *ifp; 593 struct mbuf *m; 594 int error, s; 595 static struct sockaddr_storage dst; 596 597 m = NULL; /* XXX gcc */ 598 599 if (d->bd_bif == 0) 600 return (ENXIO); 601 602 ifp = d->bd_bif->bif_ifp; 603 604 if (uio->uio_resid == 0) 605 return (0); 606 607 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 608 (struct sockaddr *) &dst); 609 if (error) 610 return (error); 611 612 if (m->m_pkthdr.len > ifp->if_mtu) { 613 m_freem(m); 614 return (EMSGSIZE); 615 } 616 617 if (d->bd_hdrcmplt) 618 dst.ss_family = pseudo_AF_HDRCMPLT; 619 620 s = splsoftnet(); 621 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 622 splx(s); 623 /* 624 * The driver frees the mbuf. 625 */ 626 return (error); 627 } 628 629 /* 630 * Reset a descriptor by flushing its packet buffer and clearing the 631 * receive and drop counts. Should be called at splnet. 632 */ 633 static void 634 reset_d(struct bpf_d *d) 635 { 636 if (d->bd_hbuf) { 637 /* Free the hold buffer. */ 638 d->bd_fbuf = d->bd_hbuf; 639 d->bd_hbuf = 0; 640 } 641 d->bd_slen = 0; 642 d->bd_hlen = 0; 643 d->bd_rcount = 0; 644 d->bd_dcount = 0; 645 d->bd_ccount = 0; 646 } 647 648 /* 649 * FIONREAD Check for read packet available. 650 * BIOCGBLEN Get buffer len [for read()]. 651 * BIOCSETF Set ethernet read filter. 652 * BIOCFLUSH Flush read packet buffer. 653 * BIOCPROMISC Put interface into promiscuous mode. 654 * BIOCGDLT Get link layer type. 655 * BIOCGETIF Get interface name. 656 * BIOCSETIF Set interface. 657 * BIOCSRTIMEOUT Set read timeout. 658 * BIOCGRTIMEOUT Get read timeout. 659 * BIOCGSTATS Get packet stats. 660 * BIOCIMMEDIATE Set immediate mode. 661 * BIOCVERSION Get filter language version. 662 * BIOCGHDRCMPLT Get "header already complete" flag. 663 * BIOCSHDRCMPLT Set "header already complete" flag. 664 */ 665 /* ARGSUSED */ 666 static int 667 bpf_ioctl(struct file *fp, u_long cmd, void *addr, struct lwp *l) 668 { 669 struct bpf_d *d = fp->f_data; 670 int s, error = 0; 671 672 /* 673 * Refresh the PID associated with this bpf file. 674 */ 675 d->bd_pid = l->l_proc->p_pid; 676 677 s = splnet(); 678 if (d->bd_state == BPF_WAITING) 679 callout_stop(&d->bd_callout); 680 d->bd_state = BPF_IDLE; 681 splx(s); 682 683 switch (cmd) { 684 685 default: 686 error = EINVAL; 687 break; 688 689 /* 690 * Check for read packet available. 691 */ 692 case FIONREAD: 693 { 694 int n; 695 696 s = splnet(); 697 n = d->bd_slen; 698 if (d->bd_hbuf) 699 n += d->bd_hlen; 700 splx(s); 701 702 *(int *)addr = n; 703 break; 704 } 705 706 /* 707 * Get buffer len [for read()]. 708 */ 709 case BIOCGBLEN: 710 *(u_int *)addr = d->bd_bufsize; 711 break; 712 713 /* 714 * Set buffer length. 715 */ 716 case BIOCSBLEN: 717 if (d->bd_bif != 0) 718 error = EINVAL; 719 else { 720 u_int size = *(u_int *)addr; 721 722 if (size > bpf_maxbufsize) 723 *(u_int *)addr = size = bpf_maxbufsize; 724 else if (size < BPF_MINBUFSIZE) 725 *(u_int *)addr = size = BPF_MINBUFSIZE; 726 d->bd_bufsize = size; 727 } 728 break; 729 730 /* 731 * Set link layer read filter. 732 */ 733 case BIOCSETF: 734 error = bpf_setf(d, addr); 735 break; 736 737 /* 738 * Flush read packet buffer. 739 */ 740 case BIOCFLUSH: 741 s = splnet(); 742 reset_d(d); 743 splx(s); 744 break; 745 746 /* 747 * Put interface into promiscuous mode. 748 */ 749 case BIOCPROMISC: 750 if (d->bd_bif == 0) { 751 /* 752 * No interface attached yet. 753 */ 754 error = EINVAL; 755 break; 756 } 757 s = splnet(); 758 if (d->bd_promisc == 0) { 759 error = ifpromisc(d->bd_bif->bif_ifp, 1); 760 if (error == 0) 761 d->bd_promisc = 1; 762 } 763 splx(s); 764 break; 765 766 /* 767 * Get device parameters. 768 */ 769 case BIOCGDLT: 770 if (d->bd_bif == 0) 771 error = EINVAL; 772 else 773 *(u_int *)addr = d->bd_bif->bif_dlt; 774 break; 775 776 /* 777 * Get a list of supported device parameters. 778 */ 779 case BIOCGDLTLIST: 780 if (d->bd_bif == 0) 781 error = EINVAL; 782 else 783 error = bpf_getdltlist(d, addr); 784 break; 785 786 /* 787 * Set device parameters. 788 */ 789 case BIOCSDLT: 790 if (d->bd_bif == 0) 791 error = EINVAL; 792 else 793 error = bpf_setdlt(d, *(u_int *)addr); 794 break; 795 796 /* 797 * Set interface name. 798 */ 799 case BIOCGETIF: 800 if (d->bd_bif == 0) 801 error = EINVAL; 802 else 803 bpf_ifname(d->bd_bif->bif_ifp, addr); 804 break; 805 806 /* 807 * Set interface. 808 */ 809 case BIOCSETIF: 810 error = bpf_setif(d, addr); 811 break; 812 813 /* 814 * Set read timeout. 815 */ 816 case BIOCSRTIMEOUT: 817 { 818 struct timeval *tv = addr; 819 820 /* Compute number of ticks. */ 821 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 822 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 823 d->bd_rtout = 1; 824 break; 825 } 826 827 /* 828 * Get read timeout. 829 */ 830 case BIOCGRTIMEOUT: 831 { 832 struct timeval *tv = addr; 833 834 tv->tv_sec = d->bd_rtout / hz; 835 tv->tv_usec = (d->bd_rtout % hz) * tick; 836 break; 837 } 838 839 /* 840 * Get packet stats. 841 */ 842 case BIOCGSTATS: 843 { 844 struct bpf_stat *bs = addr; 845 846 bs->bs_recv = d->bd_rcount; 847 bs->bs_drop = d->bd_dcount; 848 bs->bs_capt = d->bd_ccount; 849 break; 850 } 851 852 case BIOCGSTATSOLD: 853 { 854 struct bpf_stat_old *bs = addr; 855 856 bs->bs_recv = d->bd_rcount; 857 bs->bs_drop = d->bd_dcount; 858 break; 859 } 860 861 /* 862 * Set immediate mode. 863 */ 864 case BIOCIMMEDIATE: 865 d->bd_immediate = *(u_int *)addr; 866 break; 867 868 case BIOCVERSION: 869 { 870 struct bpf_version *bv = addr; 871 872 bv->bv_major = BPF_MAJOR_VERSION; 873 bv->bv_minor = BPF_MINOR_VERSION; 874 break; 875 } 876 877 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 878 *(u_int *)addr = d->bd_hdrcmplt; 879 break; 880 881 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 882 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 883 break; 884 885 /* 886 * Get "see sent packets" flag 887 */ 888 case BIOCGSEESENT: 889 *(u_int *)addr = d->bd_seesent; 890 break; 891 892 /* 893 * Set "see sent" packets flag 894 */ 895 case BIOCSSEESENT: 896 d->bd_seesent = *(u_int *)addr; 897 break; 898 899 case FIONBIO: /* Non-blocking I/O */ 900 /* 901 * No need to do anything special as we use IO_NDELAY in 902 * bpfread() as an indication of whether or not to block 903 * the read. 904 */ 905 break; 906 907 case FIOASYNC: /* Send signal on receive packets */ 908 d->bd_async = *(int *)addr; 909 break; 910 911 case TIOCSPGRP: /* Process or group to send signals to */ 912 case FIOSETOWN: 913 error = fsetown(l->l_proc, &d->bd_pgid, cmd, addr); 914 break; 915 916 case TIOCGPGRP: 917 case FIOGETOWN: 918 error = fgetown(l->l_proc, d->bd_pgid, cmd, addr); 919 break; 920 } 921 return (error); 922 } 923 924 /* 925 * Set d's packet filter program to fp. If this file already has a filter, 926 * free it and replace it. Returns EINVAL for bogus requests. 927 */ 928 int 929 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 930 { 931 struct bpf_insn *fcode, *old; 932 u_int flen, size; 933 int s; 934 935 old = d->bd_filter; 936 if (fp->bf_insns == 0) { 937 if (fp->bf_len != 0) 938 return (EINVAL); 939 s = splnet(); 940 d->bd_filter = 0; 941 reset_d(d); 942 splx(s); 943 if (old != 0) 944 free(old, M_DEVBUF); 945 return (0); 946 } 947 flen = fp->bf_len; 948 if (flen > BPF_MAXINSNS) 949 return (EINVAL); 950 951 size = flen * sizeof(*fp->bf_insns); 952 fcode = malloc(size, M_DEVBUF, M_WAITOK); 953 if (copyin(fp->bf_insns, fcode, size) == 0 && 954 bpf_validate(fcode, (int)flen)) { 955 s = splnet(); 956 d->bd_filter = fcode; 957 reset_d(d); 958 splx(s); 959 if (old != 0) 960 free(old, M_DEVBUF); 961 962 return (0); 963 } 964 free(fcode, M_DEVBUF); 965 return (EINVAL); 966 } 967 968 /* 969 * Detach a file from its current interface (if attached at all) and attach 970 * to the interface indicated by the name stored in ifr. 971 * Return an errno or 0. 972 */ 973 static int 974 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 975 { 976 struct bpf_if *bp; 977 char *cp; 978 int unit_seen, i, s, error; 979 980 /* 981 * Make sure the provided name has a unit number, and default 982 * it to '0' if not specified. 983 * XXX This is ugly ... do this differently? 984 */ 985 unit_seen = 0; 986 cp = ifr->ifr_name; 987 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 988 while (*cp++) 989 if (*cp >= '0' && *cp <= '9') 990 unit_seen = 1; 991 if (!unit_seen) { 992 /* Make sure to leave room for the '\0'. */ 993 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 994 if ((ifr->ifr_name[i] >= 'a' && 995 ifr->ifr_name[i] <= 'z') || 996 (ifr->ifr_name[i] >= 'A' && 997 ifr->ifr_name[i] <= 'Z')) 998 continue; 999 ifr->ifr_name[i] = '0'; 1000 } 1001 } 1002 1003 /* 1004 * Look through attached interfaces for the named one. 1005 */ 1006 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1007 struct ifnet *ifp = bp->bif_ifp; 1008 1009 if (ifp == 0 || 1010 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1011 continue; 1012 /* skip additional entry */ 1013 if ((caddr_t *)bp->bif_driverp != &ifp->if_bpf) 1014 continue; 1015 /* 1016 * We found the requested interface. 1017 * Allocate the packet buffers if we need to. 1018 * If we're already attached to requested interface, 1019 * just flush the buffer. 1020 */ 1021 if (d->bd_sbuf == 0) { 1022 error = bpf_allocbufs(d); 1023 if (error != 0) 1024 return (error); 1025 } 1026 s = splnet(); 1027 if (bp != d->bd_bif) { 1028 if (d->bd_bif) 1029 /* 1030 * Detach if attached to something else. 1031 */ 1032 bpf_detachd(d); 1033 1034 bpf_attachd(d, bp); 1035 } 1036 reset_d(d); 1037 splx(s); 1038 return (0); 1039 } 1040 /* Not found. */ 1041 return (ENXIO); 1042 } 1043 1044 /* 1045 * Copy the interface name to the ifreq. 1046 */ 1047 static void 1048 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1049 { 1050 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1051 } 1052 1053 /* 1054 * Support for poll() system call 1055 * 1056 * Return true iff the specific operation will not block indefinitely - with 1057 * the assumption that it is safe to positively acknowledge a request for the 1058 * ability to write to the BPF device. 1059 * Otherwise, return false but make a note that a selwakeup() must be done. 1060 */ 1061 static int 1062 bpf_poll(struct file *fp, int events, struct lwp *l) 1063 { 1064 struct bpf_d *d = fp->f_data; 1065 int s = splnet(); 1066 int revents; 1067 1068 /* 1069 * Refresh the PID associated with this bpf file. 1070 */ 1071 d->bd_pid = l->l_proc->p_pid; 1072 1073 revents = events & (POLLOUT | POLLWRNORM); 1074 if (events & (POLLIN | POLLRDNORM)) { 1075 /* 1076 * An imitation of the FIONREAD ioctl code. 1077 */ 1078 if ((d->bd_hlen != 0) || 1079 (d->bd_immediate && d->bd_slen != 0)) { 1080 revents |= events & (POLLIN | POLLRDNORM); 1081 } else if (d->bd_state == BPF_TIMED_OUT) { 1082 if (d->bd_slen != 0) 1083 revents |= events & (POLLIN | POLLRDNORM); 1084 else 1085 revents |= events & POLLIN; 1086 } else { 1087 selrecord(l, &d->bd_sel); 1088 /* Start the read timeout if necessary */ 1089 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1090 callout_reset(&d->bd_callout, d->bd_rtout, 1091 bpf_timed_out, d); 1092 d->bd_state = BPF_WAITING; 1093 } 1094 } 1095 } 1096 1097 splx(s); 1098 return (revents); 1099 } 1100 1101 static void 1102 filt_bpfrdetach(struct knote *kn) 1103 { 1104 struct bpf_d *d = kn->kn_hook; 1105 int s; 1106 1107 s = splnet(); 1108 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1109 splx(s); 1110 } 1111 1112 static int 1113 filt_bpfread(struct knote *kn, long hint) 1114 { 1115 struct bpf_d *d = kn->kn_hook; 1116 1117 kn->kn_data = d->bd_hlen; 1118 if (d->bd_immediate) 1119 kn->kn_data += d->bd_slen; 1120 return (kn->kn_data > 0); 1121 } 1122 1123 static const struct filterops bpfread_filtops = 1124 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1125 1126 static int 1127 bpf_kqfilter(struct file *fp, struct knote *kn) 1128 { 1129 struct bpf_d *d = fp->f_data; 1130 struct klist *klist; 1131 int s; 1132 1133 switch (kn->kn_filter) { 1134 case EVFILT_READ: 1135 klist = &d->bd_sel.sel_klist; 1136 kn->kn_fop = &bpfread_filtops; 1137 break; 1138 1139 default: 1140 return (1); 1141 } 1142 1143 kn->kn_hook = d; 1144 1145 s = splnet(); 1146 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1147 splx(s); 1148 1149 return (0); 1150 } 1151 1152 /* 1153 * Incoming linkage from device drivers. Process the packet pkt, of length 1154 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1155 * by each process' filter, and if accepted, stashed into the corresponding 1156 * buffer. 1157 */ 1158 void 1159 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1160 { 1161 struct bpf_if *bp; 1162 struct bpf_d *d; 1163 u_int slen; 1164 struct timeval tv; 1165 int gottime=0; 1166 1167 /* 1168 * Note that the ipl does not have to be raised at this point. 1169 * The only problem that could arise here is that if two different 1170 * interfaces shared any data. This is not the case. 1171 */ 1172 bp = arg; 1173 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1174 ++d->bd_rcount; 1175 ++bpf_gstats.bs_recv; 1176 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1177 if (slen != 0) { 1178 if (!gottime) { 1179 microtime(&tv); 1180 gottime = 1; 1181 } 1182 catchpacket(d, pkt, pktlen, slen, memcpy, &tv); 1183 } 1184 } 1185 } 1186 1187 /* 1188 * Copy data from an mbuf chain into a buffer. This code is derived 1189 * from m_copydata in sys/uipc_mbuf.c. 1190 */ 1191 static void * 1192 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1193 { 1194 const struct mbuf *m; 1195 u_int count; 1196 u_char *dst; 1197 1198 m = src_arg; 1199 dst = dst_arg; 1200 while (len > 0) { 1201 if (m == 0) 1202 panic("bpf_mcpy"); 1203 count = min(m->m_len, len); 1204 memcpy(dst, mtod(m, void *), count); 1205 m = m->m_next; 1206 dst += count; 1207 len -= count; 1208 } 1209 return (dst_arg); 1210 } 1211 1212 /* 1213 * Dispatch a packet to all the listeners on interface bp. 1214 * 1215 * marg pointer to the packet, either a data buffer or an mbuf chain 1216 * buflen buffer length, if marg is a data buffer 1217 * cpfn a function that can copy marg into the listener's buffer 1218 * pktlen length of the packet 1219 * rcvif either NULL or the interface the packet came in on. 1220 */ 1221 static inline void 1222 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1223 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1224 { 1225 u_int slen; 1226 struct bpf_d *d; 1227 struct timeval tv; 1228 int gottime = 0; 1229 1230 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1231 if (!d->bd_seesent && (rcvif == NULL)) 1232 continue; 1233 ++d->bd_rcount; 1234 ++bpf_gstats.bs_recv; 1235 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1236 if (slen != 0) { 1237 if(!gottime) { 1238 microtime(&tv); 1239 gottime = 1; 1240 } 1241 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1242 } 1243 } 1244 } 1245 1246 /* 1247 * Incoming linkage from device drivers, when the head of the packet is in 1248 * a buffer, and the tail is in an mbuf chain. 1249 */ 1250 void 1251 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1252 { 1253 struct bpf_if *bp = arg; 1254 u_int pktlen; 1255 struct mbuf mb; 1256 1257 pktlen = m_length(m) + dlen; 1258 1259 /* 1260 * Craft on-stack mbuf suitable for passing to bpf_filter. 1261 * Note that we cut corners here; we only setup what's 1262 * absolutely needed--this mbuf should never go anywhere else. 1263 */ 1264 (void)memset(&mb, 0, sizeof(mb)); 1265 mb.m_next = m; 1266 mb.m_data = data; 1267 mb.m_len = dlen; 1268 1269 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1270 } 1271 1272 /* 1273 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1274 */ 1275 void 1276 bpf_mtap(void *arg, struct mbuf *m) 1277 { 1278 void *(*cpfn)(void *, const void *, size_t); 1279 struct bpf_if *bp = arg; 1280 u_int pktlen, buflen; 1281 void *marg; 1282 1283 pktlen = m_length(m); 1284 1285 if (pktlen == m->m_len) { 1286 cpfn = memcpy; 1287 marg = mtod(m, void *); 1288 buflen = pktlen; 1289 } else { 1290 cpfn = bpf_mcpy; 1291 marg = m; 1292 buflen = 0; 1293 } 1294 1295 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1296 } 1297 1298 /* 1299 * We need to prepend the address family as 1300 * a four byte field. Cons up a dummy header 1301 * to pacify bpf. This is safe because bpf 1302 * will only read from the mbuf (i.e., it won't 1303 * try to free it or keep a pointer a to it). 1304 */ 1305 void 1306 bpf_mtap_af(void *arg, u_int32_t af, struct mbuf *m) 1307 { 1308 struct mbuf m0; 1309 1310 m0.m_flags = 0; 1311 m0.m_next = m; 1312 m0.m_len = 4; 1313 m0.m_data = (char *)⁡ 1314 1315 bpf_mtap(arg, &m0); 1316 } 1317 1318 void 1319 bpf_mtap_et(void *arg, u_int16_t et, struct mbuf *m) 1320 { 1321 struct mbuf m0; 1322 1323 m0.m_flags = 0; 1324 m0.m_next = m; 1325 m0.m_len = 14; 1326 m0.m_data = m0.m_dat; 1327 1328 ((u_int32_t *)m0.m_data)[0] = 0; 1329 ((u_int32_t *)m0.m_data)[1] = 0; 1330 ((u_int32_t *)m0.m_data)[2] = 0; 1331 ((u_int16_t *)m0.m_data)[6] = et; 1332 1333 bpf_mtap(arg, &m0); 1334 } 1335 1336 #if NSL > 0 || NSTRIP > 0 1337 /* 1338 * Put the SLIP pseudo-"link header" in place. 1339 * Note this M_PREPEND() should never fail, 1340 * swince we know we always have enough space 1341 * in the input buffer. 1342 */ 1343 void 1344 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1345 { 1346 int s; 1347 u_char *hp; 1348 1349 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1350 if (*m == NULL) 1351 return; 1352 1353 hp = mtod(*m, u_char *); 1354 hp[SLX_DIR] = SLIPDIR_IN; 1355 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1356 1357 s = splnet(); 1358 bpf_mtap(arg, *m); 1359 splx(s); 1360 1361 m_adj(*m, SLIP_HDRLEN); 1362 } 1363 1364 /* 1365 * Put the SLIP pseudo-"link header" in 1366 * place. The compressed header is now 1367 * at the beginning of the mbuf. 1368 */ 1369 void 1370 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1371 { 1372 struct mbuf m0; 1373 u_char *hp; 1374 int s; 1375 1376 m0.m_flags = 0; 1377 m0.m_next = m; 1378 m0.m_data = m0.m_dat; 1379 m0.m_len = SLIP_HDRLEN; 1380 1381 hp = mtod(&m0, u_char *); 1382 1383 hp[SLX_DIR] = SLIPDIR_OUT; 1384 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1385 1386 s = splnet(); 1387 bpf_mtap(arg, &m0); 1388 splx(s); 1389 m_freem(m); 1390 } 1391 #endif 1392 1393 /* 1394 * Move the packet data from interface memory (pkt) into the 1395 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1396 * otherwise 0. "copy" is the routine called to do the actual data 1397 * transfer. memcpy is passed in to copy contiguous chunks, while 1398 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1399 * pkt is really an mbuf. 1400 */ 1401 static void 1402 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1403 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1404 { 1405 struct bpf_hdr *hp; 1406 int totlen, curlen; 1407 int hdrlen = d->bd_bif->bif_hdrlen; 1408 1409 ++d->bd_ccount; 1410 ++bpf_gstats.bs_capt; 1411 /* 1412 * Figure out how many bytes to move. If the packet is 1413 * greater or equal to the snapshot length, transfer that 1414 * much. Otherwise, transfer the whole packet (unless 1415 * we hit the buffer size limit). 1416 */ 1417 totlen = hdrlen + min(snaplen, pktlen); 1418 if (totlen > d->bd_bufsize) 1419 totlen = d->bd_bufsize; 1420 1421 /* 1422 * Round up the end of the previous packet to the next longword. 1423 */ 1424 curlen = BPF_WORDALIGN(d->bd_slen); 1425 if (curlen + totlen > d->bd_bufsize) { 1426 /* 1427 * This packet will overflow the storage buffer. 1428 * Rotate the buffers if we can, then wakeup any 1429 * pending reads. 1430 */ 1431 if (d->bd_fbuf == 0) { 1432 /* 1433 * We haven't completed the previous read yet, 1434 * so drop the packet. 1435 */ 1436 ++d->bd_dcount; 1437 ++bpf_gstats.bs_drop; 1438 return; 1439 } 1440 ROTATE_BUFFERS(d); 1441 bpf_wakeup(d); 1442 curlen = 0; 1443 } 1444 1445 /* 1446 * Append the bpf header. 1447 */ 1448 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1449 hp->bh_tstamp = *tv; 1450 hp->bh_datalen = pktlen; 1451 hp->bh_hdrlen = hdrlen; 1452 /* 1453 * Copy the packet data into the store buffer and update its length. 1454 */ 1455 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1456 d->bd_slen = curlen + totlen; 1457 1458 /* 1459 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1460 * will cause filt_bpfread() to be called with it adjusted. 1461 */ 1462 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1463 /* 1464 * Immediate mode is set, or the read timeout has 1465 * already expired during a select call. A packet 1466 * arrived, so the reader should be woken up. 1467 */ 1468 bpf_wakeup(d); 1469 } 1470 1471 /* 1472 * Initialize all nonzero fields of a descriptor. 1473 */ 1474 static int 1475 bpf_allocbufs(struct bpf_d *d) 1476 { 1477 1478 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1479 if (!d->bd_fbuf) 1480 return (ENOBUFS); 1481 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1482 if (!d->bd_sbuf) { 1483 free(d->bd_fbuf, M_DEVBUF); 1484 return (ENOBUFS); 1485 } 1486 d->bd_slen = 0; 1487 d->bd_hlen = 0; 1488 return (0); 1489 } 1490 1491 /* 1492 * Free buffers currently in use by a descriptor. 1493 * Called on close. 1494 */ 1495 static void 1496 bpf_freed(struct bpf_d *d) 1497 { 1498 /* 1499 * We don't need to lock out interrupts since this descriptor has 1500 * been detached from its interface and it yet hasn't been marked 1501 * free. 1502 */ 1503 if (d->bd_sbuf != 0) { 1504 free(d->bd_sbuf, M_DEVBUF); 1505 if (d->bd_hbuf != 0) 1506 free(d->bd_hbuf, M_DEVBUF); 1507 if (d->bd_fbuf != 0) 1508 free(d->bd_fbuf, M_DEVBUF); 1509 } 1510 if (d->bd_filter) 1511 free(d->bd_filter, M_DEVBUF); 1512 } 1513 1514 /* 1515 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1516 * fixed size of the link header (variable length headers not yet supported). 1517 */ 1518 void 1519 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1520 { 1521 1522 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1523 } 1524 1525 /* 1526 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1527 * hdrlen is the fixed size of the link header for the specified dlt 1528 * (variable length headers not yet supported). 1529 */ 1530 void 1531 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1532 { 1533 struct bpf_if *bp; 1534 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1535 if (bp == 0) 1536 panic("bpfattach"); 1537 1538 bp->bif_dlist = 0; 1539 bp->bif_driverp = driverp; 1540 bp->bif_ifp = ifp; 1541 bp->bif_dlt = dlt; 1542 1543 bp->bif_next = bpf_iflist; 1544 bpf_iflist = bp; 1545 1546 *bp->bif_driverp = 0; 1547 1548 /* 1549 * Compute the length of the bpf header. This is not necessarily 1550 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1551 * that the network layer header begins on a longword boundary (for 1552 * performance reasons and to alleviate alignment restrictions). 1553 */ 1554 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1555 1556 #if 0 1557 printf("bpf: %s attached\n", ifp->if_xname); 1558 #endif 1559 } 1560 1561 /* 1562 * Remove an interface from bpf. 1563 */ 1564 void 1565 bpfdetach(struct ifnet *ifp) 1566 { 1567 struct bpf_if *bp, **pbp; 1568 struct bpf_d *d; 1569 int s; 1570 1571 /* Nuke the vnodes for any open instances */ 1572 for (d = LIST_FIRST(&bpf_list); d != NULL; d = LIST_NEXT(d, bd_list)) { 1573 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1574 /* 1575 * Detach the descriptor from an interface now. 1576 * It will be free'ed later by close routine. 1577 */ 1578 s = splnet(); 1579 d->bd_promisc = 0; /* we can't touch device. */ 1580 bpf_detachd(d); 1581 splx(s); 1582 } 1583 } 1584 1585 again: 1586 for (bp = bpf_iflist, pbp = &bpf_iflist; 1587 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1588 if (bp->bif_ifp == ifp) { 1589 *pbp = bp->bif_next; 1590 free(bp, M_DEVBUF); 1591 goto again; 1592 } 1593 } 1594 } 1595 1596 /* 1597 * Change the data link type of a interface. 1598 */ 1599 void 1600 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1601 { 1602 struct bpf_if *bp; 1603 1604 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1605 if ((caddr_t *)bp->bif_driverp == &ifp->if_bpf) 1606 break; 1607 } 1608 if (bp == NULL) 1609 panic("bpf_change_type"); 1610 1611 bp->bif_dlt = dlt; 1612 1613 /* 1614 * Compute the length of the bpf header. This is not necessarily 1615 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1616 * that the network layer header begins on a longword boundary (for 1617 * performance reasons and to alleviate alignment restrictions). 1618 */ 1619 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1620 } 1621 1622 /* 1623 * Get a list of available data link type of the interface. 1624 */ 1625 static int 1626 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1627 { 1628 int n, error; 1629 struct ifnet *ifp; 1630 struct bpf_if *bp; 1631 1632 ifp = d->bd_bif->bif_ifp; 1633 n = 0; 1634 error = 0; 1635 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1636 if (bp->bif_ifp != ifp) 1637 continue; 1638 if (bfl->bfl_list != NULL) { 1639 if (n >= bfl->bfl_len) 1640 return ENOMEM; 1641 error = copyout(&bp->bif_dlt, 1642 bfl->bfl_list + n, sizeof(u_int)); 1643 } 1644 n++; 1645 } 1646 bfl->bfl_len = n; 1647 return error; 1648 } 1649 1650 /* 1651 * Set the data link type of a BPF instance. 1652 */ 1653 static int 1654 bpf_setdlt(struct bpf_d *d, u_int dlt) 1655 { 1656 int s, error, opromisc; 1657 struct ifnet *ifp; 1658 struct bpf_if *bp; 1659 1660 if (d->bd_bif->bif_dlt == dlt) 1661 return 0; 1662 ifp = d->bd_bif->bif_ifp; 1663 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1664 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1665 break; 1666 } 1667 if (bp == NULL) 1668 return EINVAL; 1669 s = splnet(); 1670 opromisc = d->bd_promisc; 1671 bpf_detachd(d); 1672 bpf_attachd(d, bp); 1673 reset_d(d); 1674 if (opromisc) { 1675 error = ifpromisc(bp->bif_ifp, 1); 1676 if (error) 1677 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1678 bp->bif_ifp->if_xname, error); 1679 else 1680 d->bd_promisc = 1; 1681 } 1682 splx(s); 1683 return 0; 1684 } 1685 1686 static int 1687 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1688 { 1689 int newsize, error; 1690 struct sysctlnode node; 1691 1692 node = *rnode; 1693 node.sysctl_data = &newsize; 1694 newsize = bpf_maxbufsize; 1695 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1696 if (error || newp == NULL) 1697 return (error); 1698 1699 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1700 return (EINVAL); 1701 1702 bpf_maxbufsize = newsize; 1703 1704 return (0); 1705 } 1706 1707 static int 1708 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1709 { 1710 int error, elem_count; 1711 struct bpf_d *dp; 1712 struct bpf_d_ext dpe; 1713 size_t len, needed, elem_size, out_size; 1714 char *sp; 1715 1716 if (namelen == 1 && name[0] == CTL_QUERY) 1717 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1718 1719 if (namelen != 2) 1720 return (EINVAL); 1721 1722 /* BPF peers is privileged information. */ 1723 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1724 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1725 if (error) 1726 return (EPERM); 1727 1728 len = (oldp != NULL) ? *oldlenp : 0; 1729 sp = oldp; 1730 elem_size = name[0]; 1731 elem_count = name[1]; 1732 out_size = MIN(sizeof(dpe), elem_size); 1733 needed = 0; 1734 1735 if (elem_size < 1 || elem_count < 0) 1736 return (EINVAL); 1737 1738 simple_lock(&bpf_slock); 1739 LIST_FOREACH(dp, &bpf_list, bd_list) { 1740 if (len >= elem_size && elem_count > 0) { 1741 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1742 BPF_EXT(bufsize); 1743 BPF_EXT(promisc); 1744 BPF_EXT(promisc); 1745 BPF_EXT(state); 1746 BPF_EXT(immediate); 1747 BPF_EXT(hdrcmplt); 1748 BPF_EXT(seesent); 1749 BPF_EXT(pid); 1750 BPF_EXT(rcount); 1751 BPF_EXT(dcount); 1752 BPF_EXT(ccount); 1753 #undef BPF_EXT 1754 if (dp->bd_bif) 1755 (void)strlcpy(dpe.bde_ifname, 1756 dp->bd_bif->bif_ifp->if_xname, 1757 IFNAMSIZ - 1); 1758 else 1759 dpe.bde_ifname[0] = '\0'; 1760 1761 error = copyout(&dpe, sp, out_size); 1762 if (error) 1763 break; 1764 sp += elem_size; 1765 len -= elem_size; 1766 } 1767 if (elem_count > 0) { 1768 needed += elem_size; 1769 if (elem_count != INT_MAX) 1770 elem_count--; 1771 } 1772 } 1773 simple_unlock(&bpf_slock); 1774 1775 *oldlenp = needed; 1776 1777 return (error); 1778 } 1779 1780 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1781 { 1782 const struct sysctlnode *node; 1783 1784 sysctl_createv(clog, 0, NULL, NULL, 1785 CTLFLAG_PERMANENT, 1786 CTLTYPE_NODE, "net", NULL, 1787 NULL, 0, NULL, 0, 1788 CTL_NET, CTL_EOL); 1789 1790 node = NULL; 1791 sysctl_createv(clog, 0, NULL, &node, 1792 CTLFLAG_PERMANENT, 1793 CTLTYPE_NODE, "bpf", 1794 SYSCTL_DESCR("BPF options"), 1795 NULL, 0, NULL, 0, 1796 CTL_NET, CTL_CREATE, CTL_EOL); 1797 if (node != NULL) { 1798 sysctl_createv(clog, 0, NULL, NULL, 1799 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1800 CTLTYPE_INT, "maxbufsize", 1801 SYSCTL_DESCR("Maximum size for data capture buffer"), 1802 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1803 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1804 sysctl_createv(clog, 0, NULL, NULL, 1805 CTLFLAG_PERMANENT, 1806 CTLTYPE_STRUCT, "stats", 1807 SYSCTL_DESCR("BPF stats"), 1808 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1809 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1810 sysctl_createv(clog, 0, NULL, NULL, 1811 CTLFLAG_PERMANENT, 1812 CTLTYPE_STRUCT, "peers", 1813 SYSCTL_DESCR("BPF peers"), 1814 sysctl_net_bpf_peers, 0, NULL, 0, 1815 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1816 } 1817 1818 } 1819