1 /* $NetBSD: bpf.c,v 1.139 2008/04/24 15:35:30 ad Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.139 2008/04/24 15:35:30 ad Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timeval *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_close(struct file *); 155 static int bpf_kqfilter(struct file *, struct knote *); 156 static void bpf_softintr(void *); 157 158 static const struct fileops bpf_fileops = { 159 bpf_read, 160 bpf_write, 161 bpf_ioctl, 162 fnullop_fcntl, 163 bpf_poll, 164 fbadop_stat, 165 bpf_close, 166 bpf_kqfilter, 167 }; 168 169 dev_type_open(bpfopen); 170 171 const struct cdevsw bpf_cdevsw = { 172 bpfopen, noclose, noread, nowrite, noioctl, 173 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 174 }; 175 176 static int 177 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 178 struct sockaddr *sockp) 179 { 180 struct mbuf *m; 181 int error; 182 int len; 183 int hlen; 184 int align; 185 186 /* 187 * Build a sockaddr based on the data link layer type. 188 * We do this at this level because the ethernet header 189 * is copied directly into the data field of the sockaddr. 190 * In the case of SLIP, there is no header and the packet 191 * is forwarded as is. 192 * Also, we are careful to leave room at the front of the mbuf 193 * for the link level header. 194 */ 195 switch (linktype) { 196 197 case DLT_SLIP: 198 sockp->sa_family = AF_INET; 199 hlen = 0; 200 align = 0; 201 break; 202 203 case DLT_PPP: 204 sockp->sa_family = AF_UNSPEC; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_EN10MB: 210 sockp->sa_family = AF_UNSPEC; 211 /* XXX Would MAXLINKHDR be better? */ 212 /* 6(dst)+6(src)+2(type) */ 213 hlen = sizeof(struct ether_header); 214 align = 2; 215 break; 216 217 case DLT_ARCNET: 218 sockp->sa_family = AF_UNSPEC; 219 hlen = ARC_HDRLEN; 220 align = 5; 221 break; 222 223 case DLT_FDDI: 224 sockp->sa_family = AF_LINK; 225 /* XXX 4(FORMAC)+6(dst)+6(src) */ 226 hlen = 16; 227 align = 0; 228 break; 229 230 case DLT_ECONET: 231 sockp->sa_family = AF_UNSPEC; 232 hlen = 6; 233 align = 2; 234 break; 235 236 case DLT_NULL: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 0; 239 align = 0; 240 break; 241 242 default: 243 return (EIO); 244 } 245 246 len = uio->uio_resid; 247 /* 248 * If there aren't enough bytes for a link level header or the 249 * packet length exceeds the interface mtu, return an error. 250 */ 251 if (len < hlen || len - hlen > mtu) 252 return (EMSGSIZE); 253 254 /* 255 * XXX Avoid complicated buffer chaining --- 256 * bail if it won't fit in a single mbuf. 257 * (Take into account possible alignment bytes) 258 */ 259 if ((unsigned)len > MCLBYTES - align) 260 return (EIO); 261 262 m = m_gethdr(M_WAIT, MT_DATA); 263 m->m_pkthdr.rcvif = 0; 264 m->m_pkthdr.len = len - hlen; 265 if (len > MHLEN - align) { 266 m_clget(m, M_WAIT); 267 if ((m->m_flags & M_EXT) == 0) { 268 error = ENOBUFS; 269 goto bad; 270 } 271 } 272 273 /* Insure the data is properly aligned */ 274 if (align > 0) { 275 m->m_data += align; 276 m->m_len -= align; 277 } 278 279 error = uiomove(mtod(m, void *), len, uio); 280 if (error) 281 goto bad; 282 if (hlen != 0) { 283 memcpy(sockp->sa_data, mtod(m, void *), hlen); 284 m->m_data += hlen; /* XXX */ 285 len -= hlen; 286 } 287 m->m_len = len; 288 *mp = m; 289 return (0); 290 291 bad: 292 m_freem(m); 293 return (error); 294 } 295 296 /* 297 * Attach file to the bpf interface, i.e. make d listen on bp. 298 * Must be called at splnet. 299 */ 300 static void 301 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 302 { 303 /* 304 * Point d at bp, and add d to the interface's list of listeners. 305 * Finally, point the driver's bpf cookie at the interface so 306 * it will divert packets to bpf. 307 */ 308 d->bd_bif = bp; 309 d->bd_next = bp->bif_dlist; 310 bp->bif_dlist = d; 311 312 *bp->bif_driverp = bp; 313 } 314 315 /* 316 * Detach a file from its interface. 317 */ 318 static void 319 bpf_detachd(struct bpf_d *d) 320 { 321 struct bpf_d **p; 322 struct bpf_if *bp; 323 324 bp = d->bd_bif; 325 /* 326 * Check if this descriptor had requested promiscuous mode. 327 * If so, turn it off. 328 */ 329 if (d->bd_promisc) { 330 int error; 331 332 d->bd_promisc = 0; 333 /* 334 * Take device out of promiscuous mode. Since we were 335 * able to enter promiscuous mode, we should be able 336 * to turn it off. But we can get an error if 337 * the interface was configured down, so only panic 338 * if we don't get an unexpected error. 339 */ 340 error = ifpromisc(bp->bif_ifp, 0); 341 if (error && error != EINVAL) 342 panic("bpf: ifpromisc failed"); 343 } 344 /* Remove d from the interface's descriptor list. */ 345 p = &bp->bif_dlist; 346 while (*p != d) { 347 p = &(*p)->bd_next; 348 if (*p == 0) 349 panic("bpf_detachd: descriptor not in list"); 350 } 351 *p = (*p)->bd_next; 352 if (bp->bif_dlist == 0) 353 /* 354 * Let the driver know that there are no more listeners. 355 */ 356 *d->bd_bif->bif_driverp = 0; 357 d->bd_bif = 0; 358 } 359 360 361 /* 362 * Mark a descriptor free by making it point to itself. 363 * This is probably cheaper than marking with a constant since 364 * the address should be in a register anyway. 365 */ 366 367 /* 368 * bpfilterattach() is called at boot time. 369 */ 370 /* ARGSUSED */ 371 void 372 bpfilterattach(int n) 373 { 374 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 375 376 mutex_enter(&bpf_mtx); 377 LIST_INIT(&bpf_list); 378 mutex_exit(&bpf_mtx); 379 380 bpf_gstats.bs_recv = 0; 381 bpf_gstats.bs_drop = 0; 382 bpf_gstats.bs_capt = 0; 383 } 384 385 /* 386 * Open ethernet device. Clones. 387 */ 388 /* ARGSUSED */ 389 int 390 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 391 { 392 struct bpf_d *d; 393 struct file *fp; 394 int error, fd; 395 396 /* falloc() will use the descriptor for us. */ 397 if ((error = fd_allocfile(&fp, &fd)) != 0) 398 return error; 399 400 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 401 (void)memset(d, 0, sizeof(*d)); 402 d->bd_bufsize = bpf_bufsize; 403 d->bd_seesent = 1; 404 d->bd_pid = l->l_proc->p_pid; 405 callout_init(&d->bd_callout, 0); 406 selinit(&d->bd_sel); 407 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 408 409 mutex_enter(&bpf_mtx); 410 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 411 mutex_exit(&bpf_mtx); 412 413 return fd_clone(fp, fd, flag, &bpf_fileops, d); 414 } 415 416 /* 417 * Close the descriptor by detaching it from its interface, 418 * deallocating its buffers, and marking it free. 419 */ 420 /* ARGSUSED */ 421 static int 422 bpf_close(struct file *fp) 423 { 424 struct bpf_d *d = fp->f_data; 425 int s; 426 427 /* 428 * Refresh the PID associated with this bpf file. 429 */ 430 d->bd_pid = curproc->p_pid; 431 432 s = splnet(); 433 if (d->bd_state == BPF_WAITING) 434 callout_stop(&d->bd_callout); 435 d->bd_state = BPF_IDLE; 436 if (d->bd_bif) 437 bpf_detachd(d); 438 splx(s); 439 bpf_freed(d); 440 mutex_enter(&bpf_mtx); 441 LIST_REMOVE(d, bd_list); 442 mutex_exit(&bpf_mtx); 443 callout_destroy(&d->bd_callout); 444 seldestroy(&d->bd_sel); 445 softint_disestablish(d->bd_sih); 446 free(d, M_DEVBUF); 447 fp->f_data = NULL; 448 449 return (0); 450 } 451 452 /* 453 * Rotate the packet buffers in descriptor d. Move the store buffer 454 * into the hold slot, and the free buffer into the store slot. 455 * Zero the length of the new store buffer. 456 */ 457 #define ROTATE_BUFFERS(d) \ 458 (d)->bd_hbuf = (d)->bd_sbuf; \ 459 (d)->bd_hlen = (d)->bd_slen; \ 460 (d)->bd_sbuf = (d)->bd_fbuf; \ 461 (d)->bd_slen = 0; \ 462 (d)->bd_fbuf = 0; 463 /* 464 * bpfread - read next chunk of packets from buffers 465 */ 466 static int 467 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 468 kauth_cred_t cred, int flags) 469 { 470 struct bpf_d *d = fp->f_data; 471 int timed_out; 472 int error; 473 int s; 474 475 /* 476 * Restrict application to use a buffer the same size as 477 * the kernel buffers. 478 */ 479 if (uio->uio_resid != d->bd_bufsize) 480 return (EINVAL); 481 482 s = splnet(); 483 if (d->bd_state == BPF_WAITING) 484 callout_stop(&d->bd_callout); 485 timed_out = (d->bd_state == BPF_TIMED_OUT); 486 d->bd_state = BPF_IDLE; 487 /* 488 * If the hold buffer is empty, then do a timed sleep, which 489 * ends when the timeout expires or when enough packets 490 * have arrived to fill the store buffer. 491 */ 492 while (d->bd_hbuf == 0) { 493 if (fp->f_flag & FNONBLOCK) { 494 if (d->bd_slen == 0) { 495 splx(s); 496 return (EWOULDBLOCK); 497 } 498 ROTATE_BUFFERS(d); 499 break; 500 } 501 502 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 503 /* 504 * A packet(s) either arrived since the previous 505 * read or arrived while we were asleep. 506 * Rotate the buffers and return what's here. 507 */ 508 ROTATE_BUFFERS(d); 509 break; 510 } 511 error = tsleep(d, PRINET|PCATCH, "bpf", 512 d->bd_rtout); 513 if (error == EINTR || error == ERESTART) { 514 splx(s); 515 return (error); 516 } 517 if (error == EWOULDBLOCK) { 518 /* 519 * On a timeout, return what's in the buffer, 520 * which may be nothing. If there is something 521 * in the store buffer, we can rotate the buffers. 522 */ 523 if (d->bd_hbuf) 524 /* 525 * We filled up the buffer in between 526 * getting the timeout and arriving 527 * here, so we don't need to rotate. 528 */ 529 break; 530 531 if (d->bd_slen == 0) { 532 splx(s); 533 return (0); 534 } 535 ROTATE_BUFFERS(d); 536 break; 537 } 538 if (error != 0) 539 goto done; 540 } 541 /* 542 * At this point, we know we have something in the hold slot. 543 */ 544 splx(s); 545 546 /* 547 * Move data from hold buffer into user space. 548 * We know the entire buffer is transferred since 549 * we checked above that the read buffer is bpf_bufsize bytes. 550 */ 551 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 552 553 s = splnet(); 554 d->bd_fbuf = d->bd_hbuf; 555 d->bd_hbuf = 0; 556 d->bd_hlen = 0; 557 done: 558 splx(s); 559 return (error); 560 } 561 562 563 /* 564 * If there are processes sleeping on this descriptor, wake them up. 565 */ 566 static inline void 567 bpf_wakeup(struct bpf_d *d) 568 { 569 wakeup(d); 570 if (d->bd_async) 571 softint_schedule(d->bd_sih); 572 selnotify(&d->bd_sel, 0, 0); 573 } 574 575 static void 576 bpf_softintr(void *cookie) 577 { 578 struct bpf_d *d; 579 580 d = cookie; 581 if (d->bd_async) 582 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 583 } 584 585 static void 586 bpf_timed_out(void *arg) 587 { 588 struct bpf_d *d = arg; 589 int s; 590 591 s = splnet(); 592 if (d->bd_state == BPF_WAITING) { 593 d->bd_state = BPF_TIMED_OUT; 594 if (d->bd_slen != 0) 595 bpf_wakeup(d); 596 } 597 splx(s); 598 } 599 600 601 static int 602 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 603 kauth_cred_t cred, int flags) 604 { 605 struct bpf_d *d = fp->f_data; 606 struct ifnet *ifp; 607 struct mbuf *m; 608 int error, s; 609 static struct sockaddr_storage dst; 610 611 m = NULL; /* XXX gcc */ 612 613 if (d->bd_bif == 0) 614 return (ENXIO); 615 616 ifp = d->bd_bif->bif_ifp; 617 618 if (uio->uio_resid == 0) 619 return (0); 620 621 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 622 (struct sockaddr *) &dst); 623 if (error) 624 return (error); 625 626 if (m->m_pkthdr.len > ifp->if_mtu) { 627 m_freem(m); 628 return (EMSGSIZE); 629 } 630 631 if (d->bd_hdrcmplt) 632 dst.ss_family = pseudo_AF_HDRCMPLT; 633 634 s = splsoftnet(); 635 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 636 splx(s); 637 /* 638 * The driver frees the mbuf. 639 */ 640 return (error); 641 } 642 643 /* 644 * Reset a descriptor by flushing its packet buffer and clearing the 645 * receive and drop counts. Should be called at splnet. 646 */ 647 static void 648 reset_d(struct bpf_d *d) 649 { 650 if (d->bd_hbuf) { 651 /* Free the hold buffer. */ 652 d->bd_fbuf = d->bd_hbuf; 653 d->bd_hbuf = 0; 654 } 655 d->bd_slen = 0; 656 d->bd_hlen = 0; 657 d->bd_rcount = 0; 658 d->bd_dcount = 0; 659 d->bd_ccount = 0; 660 } 661 662 /* 663 * FIONREAD Check for read packet available. 664 * BIOCGBLEN Get buffer len [for read()]. 665 * BIOCSETF Set ethernet read filter. 666 * BIOCFLUSH Flush read packet buffer. 667 * BIOCPROMISC Put interface into promiscuous mode. 668 * BIOCGDLT Get link layer type. 669 * BIOCGETIF Get interface name. 670 * BIOCSETIF Set interface. 671 * BIOCSRTIMEOUT Set read timeout. 672 * BIOCGRTIMEOUT Get read timeout. 673 * BIOCGSTATS Get packet stats. 674 * BIOCIMMEDIATE Set immediate mode. 675 * BIOCVERSION Get filter language version. 676 * BIOCGHDRCMPLT Get "header already complete" flag. 677 * BIOCSHDRCMPLT Set "header already complete" flag. 678 */ 679 /* ARGSUSED */ 680 static int 681 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 682 { 683 struct bpf_d *d = fp->f_data; 684 int s, error = 0; 685 686 /* 687 * Refresh the PID associated with this bpf file. 688 */ 689 d->bd_pid = curproc->p_pid; 690 691 s = splnet(); 692 if (d->bd_state == BPF_WAITING) 693 callout_stop(&d->bd_callout); 694 d->bd_state = BPF_IDLE; 695 splx(s); 696 697 switch (cmd) { 698 699 default: 700 error = EINVAL; 701 break; 702 703 /* 704 * Check for read packet available. 705 */ 706 case FIONREAD: 707 { 708 int n; 709 710 s = splnet(); 711 n = d->bd_slen; 712 if (d->bd_hbuf) 713 n += d->bd_hlen; 714 splx(s); 715 716 *(int *)addr = n; 717 break; 718 } 719 720 /* 721 * Get buffer len [for read()]. 722 */ 723 case BIOCGBLEN: 724 *(u_int *)addr = d->bd_bufsize; 725 break; 726 727 /* 728 * Set buffer length. 729 */ 730 case BIOCSBLEN: 731 if (d->bd_bif != 0) 732 error = EINVAL; 733 else { 734 u_int size = *(u_int *)addr; 735 736 if (size > bpf_maxbufsize) 737 *(u_int *)addr = size = bpf_maxbufsize; 738 else if (size < BPF_MINBUFSIZE) 739 *(u_int *)addr = size = BPF_MINBUFSIZE; 740 d->bd_bufsize = size; 741 } 742 break; 743 744 /* 745 * Set link layer read filter. 746 */ 747 case BIOCSETF: 748 error = bpf_setf(d, addr); 749 break; 750 751 /* 752 * Flush read packet buffer. 753 */ 754 case BIOCFLUSH: 755 s = splnet(); 756 reset_d(d); 757 splx(s); 758 break; 759 760 /* 761 * Put interface into promiscuous mode. 762 */ 763 case BIOCPROMISC: 764 if (d->bd_bif == 0) { 765 /* 766 * No interface attached yet. 767 */ 768 error = EINVAL; 769 break; 770 } 771 s = splnet(); 772 if (d->bd_promisc == 0) { 773 error = ifpromisc(d->bd_bif->bif_ifp, 1); 774 if (error == 0) 775 d->bd_promisc = 1; 776 } 777 splx(s); 778 break; 779 780 /* 781 * Get device parameters. 782 */ 783 case BIOCGDLT: 784 if (d->bd_bif == 0) 785 error = EINVAL; 786 else 787 *(u_int *)addr = d->bd_bif->bif_dlt; 788 break; 789 790 /* 791 * Get a list of supported device parameters. 792 */ 793 case BIOCGDLTLIST: 794 if (d->bd_bif == 0) 795 error = EINVAL; 796 else 797 error = bpf_getdltlist(d, addr); 798 break; 799 800 /* 801 * Set device parameters. 802 */ 803 case BIOCSDLT: 804 if (d->bd_bif == 0) 805 error = EINVAL; 806 else 807 error = bpf_setdlt(d, *(u_int *)addr); 808 break; 809 810 /* 811 * Set interface name. 812 */ 813 #ifdef OBIOCGETIF 814 case OBIOCGETIF: 815 #endif 816 case BIOCGETIF: 817 if (d->bd_bif == 0) 818 error = EINVAL; 819 else 820 bpf_ifname(d->bd_bif->bif_ifp, addr); 821 break; 822 823 /* 824 * Set interface. 825 */ 826 #ifdef OBIOCSETIF 827 case OBIOCSETIF: 828 #endif 829 case BIOCSETIF: 830 error = bpf_setif(d, addr); 831 break; 832 833 /* 834 * Set read timeout. 835 */ 836 case BIOCSRTIMEOUT: 837 { 838 struct timeval *tv = addr; 839 840 /* Compute number of ticks. */ 841 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 842 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 843 d->bd_rtout = 1; 844 break; 845 } 846 847 /* 848 * Get read timeout. 849 */ 850 case BIOCGRTIMEOUT: 851 { 852 struct timeval *tv = addr; 853 854 tv->tv_sec = d->bd_rtout / hz; 855 tv->tv_usec = (d->bd_rtout % hz) * tick; 856 break; 857 } 858 859 /* 860 * Get packet stats. 861 */ 862 case BIOCGSTATS: 863 { 864 struct bpf_stat *bs = addr; 865 866 bs->bs_recv = d->bd_rcount; 867 bs->bs_drop = d->bd_dcount; 868 bs->bs_capt = d->bd_ccount; 869 break; 870 } 871 872 case BIOCGSTATSOLD: 873 { 874 struct bpf_stat_old *bs = addr; 875 876 bs->bs_recv = d->bd_rcount; 877 bs->bs_drop = d->bd_dcount; 878 break; 879 } 880 881 /* 882 * Set immediate mode. 883 */ 884 case BIOCIMMEDIATE: 885 d->bd_immediate = *(u_int *)addr; 886 break; 887 888 case BIOCVERSION: 889 { 890 struct bpf_version *bv = addr; 891 892 bv->bv_major = BPF_MAJOR_VERSION; 893 bv->bv_minor = BPF_MINOR_VERSION; 894 break; 895 } 896 897 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 898 *(u_int *)addr = d->bd_hdrcmplt; 899 break; 900 901 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 902 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 903 break; 904 905 /* 906 * Get "see sent packets" flag 907 */ 908 case BIOCGSEESENT: 909 *(u_int *)addr = d->bd_seesent; 910 break; 911 912 /* 913 * Set "see sent" packets flag 914 */ 915 case BIOCSSEESENT: 916 d->bd_seesent = *(u_int *)addr; 917 break; 918 919 case FIONBIO: /* Non-blocking I/O */ 920 /* 921 * No need to do anything special as we use IO_NDELAY in 922 * bpfread() as an indication of whether or not to block 923 * the read. 924 */ 925 break; 926 927 case FIOASYNC: /* Send signal on receive packets */ 928 d->bd_async = *(int *)addr; 929 break; 930 931 case TIOCSPGRP: /* Process or group to send signals to */ 932 case FIOSETOWN: 933 error = fsetown(&d->bd_pgid, cmd, addr); 934 break; 935 936 case TIOCGPGRP: 937 case FIOGETOWN: 938 error = fgetown(d->bd_pgid, cmd, addr); 939 break; 940 } 941 return (error); 942 } 943 944 /* 945 * Set d's packet filter program to fp. If this file already has a filter, 946 * free it and replace it. Returns EINVAL for bogus requests. 947 */ 948 int 949 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 950 { 951 struct bpf_insn *fcode, *old; 952 u_int flen, size; 953 int s; 954 955 old = d->bd_filter; 956 if (fp->bf_insns == 0) { 957 if (fp->bf_len != 0) 958 return (EINVAL); 959 s = splnet(); 960 d->bd_filter = 0; 961 reset_d(d); 962 splx(s); 963 if (old != 0) 964 free(old, M_DEVBUF); 965 return (0); 966 } 967 flen = fp->bf_len; 968 if (flen > BPF_MAXINSNS) 969 return (EINVAL); 970 971 size = flen * sizeof(*fp->bf_insns); 972 fcode = malloc(size, M_DEVBUF, M_WAITOK); 973 if (copyin(fp->bf_insns, fcode, size) == 0 && 974 bpf_validate(fcode, (int)flen)) { 975 s = splnet(); 976 d->bd_filter = fcode; 977 reset_d(d); 978 splx(s); 979 if (old != 0) 980 free(old, M_DEVBUF); 981 982 return (0); 983 } 984 free(fcode, M_DEVBUF); 985 return (EINVAL); 986 } 987 988 /* 989 * Detach a file from its current interface (if attached at all) and attach 990 * to the interface indicated by the name stored in ifr. 991 * Return an errno or 0. 992 */ 993 static int 994 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 995 { 996 struct bpf_if *bp; 997 char *cp; 998 int unit_seen, i, s, error; 999 1000 /* 1001 * Make sure the provided name has a unit number, and default 1002 * it to '0' if not specified. 1003 * XXX This is ugly ... do this differently? 1004 */ 1005 unit_seen = 0; 1006 cp = ifr->ifr_name; 1007 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1008 while (*cp++) 1009 if (*cp >= '0' && *cp <= '9') 1010 unit_seen = 1; 1011 if (!unit_seen) { 1012 /* Make sure to leave room for the '\0'. */ 1013 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1014 if ((ifr->ifr_name[i] >= 'a' && 1015 ifr->ifr_name[i] <= 'z') || 1016 (ifr->ifr_name[i] >= 'A' && 1017 ifr->ifr_name[i] <= 'Z')) 1018 continue; 1019 ifr->ifr_name[i] = '0'; 1020 } 1021 } 1022 1023 /* 1024 * Look through attached interfaces for the named one. 1025 */ 1026 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1027 struct ifnet *ifp = bp->bif_ifp; 1028 1029 if (ifp == 0 || 1030 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1031 continue; 1032 /* skip additional entry */ 1033 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1034 continue; 1035 /* 1036 * We found the requested interface. 1037 * Allocate the packet buffers if we need to. 1038 * If we're already attached to requested interface, 1039 * just flush the buffer. 1040 */ 1041 if (d->bd_sbuf == 0) { 1042 error = bpf_allocbufs(d); 1043 if (error != 0) 1044 return (error); 1045 } 1046 s = splnet(); 1047 if (bp != d->bd_bif) { 1048 if (d->bd_bif) 1049 /* 1050 * Detach if attached to something else. 1051 */ 1052 bpf_detachd(d); 1053 1054 bpf_attachd(d, bp); 1055 } 1056 reset_d(d); 1057 splx(s); 1058 return (0); 1059 } 1060 /* Not found. */ 1061 return (ENXIO); 1062 } 1063 1064 /* 1065 * Copy the interface name to the ifreq. 1066 */ 1067 static void 1068 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1069 { 1070 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1071 } 1072 1073 /* 1074 * Support for poll() system call 1075 * 1076 * Return true iff the specific operation will not block indefinitely - with 1077 * the assumption that it is safe to positively acknowledge a request for the 1078 * ability to write to the BPF device. 1079 * Otherwise, return false but make a note that a selnotify() must be done. 1080 */ 1081 static int 1082 bpf_poll(struct file *fp, int events) 1083 { 1084 struct bpf_d *d = fp->f_data; 1085 int s = splnet(); 1086 int revents; 1087 1088 /* 1089 * Refresh the PID associated with this bpf file. 1090 */ 1091 d->bd_pid = curproc->p_pid; 1092 1093 revents = events & (POLLOUT | POLLWRNORM); 1094 if (events & (POLLIN | POLLRDNORM)) { 1095 /* 1096 * An imitation of the FIONREAD ioctl code. 1097 */ 1098 if (d->bd_hlen != 0 || 1099 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1100 d->bd_slen != 0)) { 1101 revents |= events & (POLLIN | POLLRDNORM); 1102 } else { 1103 selrecord(curlwp, &d->bd_sel); 1104 /* Start the read timeout if necessary */ 1105 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1106 callout_reset(&d->bd_callout, d->bd_rtout, 1107 bpf_timed_out, d); 1108 d->bd_state = BPF_WAITING; 1109 } 1110 } 1111 } 1112 1113 splx(s); 1114 return (revents); 1115 } 1116 1117 static void 1118 filt_bpfrdetach(struct knote *kn) 1119 { 1120 struct bpf_d *d = kn->kn_hook; 1121 int s; 1122 1123 s = splnet(); 1124 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1125 splx(s); 1126 } 1127 1128 static int 1129 filt_bpfread(struct knote *kn, long hint) 1130 { 1131 struct bpf_d *d = kn->kn_hook; 1132 1133 kn->kn_data = d->bd_hlen; 1134 if (d->bd_immediate) 1135 kn->kn_data += d->bd_slen; 1136 return (kn->kn_data > 0); 1137 } 1138 1139 static const struct filterops bpfread_filtops = 1140 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1141 1142 static int 1143 bpf_kqfilter(struct file *fp, struct knote *kn) 1144 { 1145 struct bpf_d *d = fp->f_data; 1146 struct klist *klist; 1147 int s; 1148 1149 switch (kn->kn_filter) { 1150 case EVFILT_READ: 1151 klist = &d->bd_sel.sel_klist; 1152 kn->kn_fop = &bpfread_filtops; 1153 break; 1154 1155 default: 1156 return (EINVAL); 1157 } 1158 1159 kn->kn_hook = d; 1160 1161 s = splnet(); 1162 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1163 splx(s); 1164 1165 return (0); 1166 } 1167 1168 /* 1169 * Incoming linkage from device drivers. Process the packet pkt, of length 1170 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1171 * by each process' filter, and if accepted, stashed into the corresponding 1172 * buffer. 1173 */ 1174 void 1175 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1176 { 1177 struct bpf_if *bp; 1178 struct bpf_d *d; 1179 u_int slen; 1180 struct timeval tv; 1181 int gottime=0; 1182 1183 /* 1184 * Note that the ipl does not have to be raised at this point. 1185 * The only problem that could arise here is that if two different 1186 * interfaces shared any data. This is not the case. 1187 */ 1188 bp = arg; 1189 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1190 ++d->bd_rcount; 1191 ++bpf_gstats.bs_recv; 1192 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1193 if (slen != 0) { 1194 if (!gottime) { 1195 microtime(&tv); 1196 gottime = 1; 1197 } 1198 catchpacket(d, pkt, pktlen, slen, (void *)memcpy, &tv); 1199 } 1200 } 1201 } 1202 1203 /* 1204 * Copy data from an mbuf chain into a buffer. This code is derived 1205 * from m_copydata in sys/uipc_mbuf.c. 1206 */ 1207 static void * 1208 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1209 { 1210 const struct mbuf *m; 1211 u_int count; 1212 u_char *dst; 1213 1214 m = src_arg; 1215 dst = dst_arg; 1216 while (len > 0) { 1217 if (m == NULL) 1218 panic("bpf_mcpy"); 1219 count = min(m->m_len, len); 1220 memcpy(dst, mtod(m, const void *), count); 1221 m = m->m_next; 1222 dst += count; 1223 len -= count; 1224 } 1225 return dst_arg; 1226 } 1227 1228 /* 1229 * Dispatch a packet to all the listeners on interface bp. 1230 * 1231 * marg pointer to the packet, either a data buffer or an mbuf chain 1232 * buflen buffer length, if marg is a data buffer 1233 * cpfn a function that can copy marg into the listener's buffer 1234 * pktlen length of the packet 1235 * rcvif either NULL or the interface the packet came in on. 1236 */ 1237 static inline void 1238 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1239 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1240 { 1241 u_int slen; 1242 struct bpf_d *d; 1243 struct timeval tv; 1244 int gottime = 0; 1245 1246 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1247 if (!d->bd_seesent && (rcvif == NULL)) 1248 continue; 1249 ++d->bd_rcount; 1250 ++bpf_gstats.bs_recv; 1251 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1252 if (slen != 0) { 1253 if(!gottime) { 1254 microtime(&tv); 1255 gottime = 1; 1256 } 1257 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1258 } 1259 } 1260 } 1261 1262 /* 1263 * Incoming linkage from device drivers, when the head of the packet is in 1264 * a buffer, and the tail is in an mbuf chain. 1265 */ 1266 void 1267 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1268 { 1269 struct bpf_if *bp = arg; 1270 u_int pktlen; 1271 struct mbuf mb; 1272 1273 pktlen = m_length(m) + dlen; 1274 1275 /* 1276 * Craft on-stack mbuf suitable for passing to bpf_filter. 1277 * Note that we cut corners here; we only setup what's 1278 * absolutely needed--this mbuf should never go anywhere else. 1279 */ 1280 (void)memset(&mb, 0, sizeof(mb)); 1281 mb.m_next = m; 1282 mb.m_data = data; 1283 mb.m_len = dlen; 1284 1285 /*###1278 [cc] warning: passing argument 2 of 'bpf_deliver' from incompatible pointer type%%%*/ 1286 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1287 } 1288 1289 /* 1290 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1291 */ 1292 void 1293 bpf_mtap(void *arg, struct mbuf *m) 1294 { 1295 void *(*cpfn)(void *, const void *, size_t); 1296 struct bpf_if *bp = arg; 1297 u_int pktlen, buflen; 1298 void *marg; 1299 1300 pktlen = m_length(m); 1301 1302 if (pktlen == m->m_len) { 1303 cpfn = (void *)memcpy; 1304 marg = mtod(m, void *); 1305 buflen = pktlen; 1306 } else { 1307 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1308 cpfn = bpf_mcpy; 1309 marg = m; 1310 buflen = 0; 1311 } 1312 1313 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1314 } 1315 1316 /* 1317 * We need to prepend the address family as 1318 * a four byte field. Cons up a dummy header 1319 * to pacify bpf. This is safe because bpf 1320 * will only read from the mbuf (i.e., it won't 1321 * try to free it or keep a pointer a to it). 1322 */ 1323 void 1324 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1325 { 1326 struct mbuf m0; 1327 1328 m0.m_flags = 0; 1329 m0.m_next = m; 1330 m0.m_len = 4; 1331 m0.m_data = (char *)⁡ 1332 1333 bpf_mtap(arg, &m0); 1334 } 1335 1336 void 1337 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1338 { 1339 struct mbuf m0; 1340 1341 m0.m_flags = 0; 1342 m0.m_next = m; 1343 m0.m_len = 14; 1344 m0.m_data = m0.m_dat; 1345 1346 ((uint32_t *)m0.m_data)[0] = 0; 1347 ((uint32_t *)m0.m_data)[1] = 0; 1348 ((uint32_t *)m0.m_data)[2] = 0; 1349 ((uint16_t *)m0.m_data)[6] = et; 1350 1351 bpf_mtap(arg, &m0); 1352 } 1353 1354 #if NSL > 0 || NSTRIP > 0 1355 /* 1356 * Put the SLIP pseudo-"link header" in place. 1357 * Note this M_PREPEND() should never fail, 1358 * swince we know we always have enough space 1359 * in the input buffer. 1360 */ 1361 void 1362 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1363 { 1364 int s; 1365 u_char *hp; 1366 1367 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1368 if (*m == NULL) 1369 return; 1370 1371 hp = mtod(*m, u_char *); 1372 hp[SLX_DIR] = SLIPDIR_IN; 1373 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1374 1375 s = splnet(); 1376 bpf_mtap(arg, *m); 1377 splx(s); 1378 1379 m_adj(*m, SLIP_HDRLEN); 1380 } 1381 1382 /* 1383 * Put the SLIP pseudo-"link header" in 1384 * place. The compressed header is now 1385 * at the beginning of the mbuf. 1386 */ 1387 void 1388 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1389 { 1390 struct mbuf m0; 1391 u_char *hp; 1392 int s; 1393 1394 m0.m_flags = 0; 1395 m0.m_next = m; 1396 m0.m_data = m0.m_dat; 1397 m0.m_len = SLIP_HDRLEN; 1398 1399 hp = mtod(&m0, u_char *); 1400 1401 hp[SLX_DIR] = SLIPDIR_OUT; 1402 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1403 1404 s = splnet(); 1405 bpf_mtap(arg, &m0); 1406 splx(s); 1407 m_freem(m); 1408 } 1409 #endif 1410 1411 /* 1412 * Move the packet data from interface memory (pkt) into the 1413 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1414 * otherwise 0. "copy" is the routine called to do the actual data 1415 * transfer. memcpy is passed in to copy contiguous chunks, while 1416 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1417 * pkt is really an mbuf. 1418 */ 1419 static void 1420 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1421 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1422 { 1423 struct bpf_hdr *hp; 1424 int totlen, curlen; 1425 int hdrlen = d->bd_bif->bif_hdrlen; 1426 int do_wakeup = 0; 1427 1428 ++d->bd_ccount; 1429 ++bpf_gstats.bs_capt; 1430 /* 1431 * Figure out how many bytes to move. If the packet is 1432 * greater or equal to the snapshot length, transfer that 1433 * much. Otherwise, transfer the whole packet (unless 1434 * we hit the buffer size limit). 1435 */ 1436 totlen = hdrlen + min(snaplen, pktlen); 1437 if (totlen > d->bd_bufsize) 1438 totlen = d->bd_bufsize; 1439 1440 /* 1441 * Round up the end of the previous packet to the next longword. 1442 */ 1443 curlen = BPF_WORDALIGN(d->bd_slen); 1444 if (curlen + totlen > d->bd_bufsize) { 1445 /* 1446 * This packet will overflow the storage buffer. 1447 * Rotate the buffers if we can, then wakeup any 1448 * pending reads. 1449 */ 1450 if (d->bd_fbuf == 0) { 1451 /* 1452 * We haven't completed the previous read yet, 1453 * so drop the packet. 1454 */ 1455 ++d->bd_dcount; 1456 ++bpf_gstats.bs_drop; 1457 return; 1458 } 1459 ROTATE_BUFFERS(d); 1460 do_wakeup = 1; 1461 curlen = 0; 1462 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1463 /* 1464 * Immediate mode is set, or the read timeout has 1465 * already expired during a select call. A packet 1466 * arrived, so the reader should be woken up. 1467 */ 1468 do_wakeup = 1; 1469 } 1470 1471 /* 1472 * Append the bpf header. 1473 */ 1474 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1475 hp->bh_tstamp = *tv; 1476 hp->bh_datalen = pktlen; 1477 hp->bh_hdrlen = hdrlen; 1478 /* 1479 * Copy the packet data into the store buffer and update its length. 1480 */ 1481 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1482 d->bd_slen = curlen + totlen; 1483 1484 /* 1485 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1486 * will cause filt_bpfread() to be called with it adjusted. 1487 */ 1488 if (do_wakeup) 1489 bpf_wakeup(d); 1490 } 1491 1492 /* 1493 * Initialize all nonzero fields of a descriptor. 1494 */ 1495 static int 1496 bpf_allocbufs(struct bpf_d *d) 1497 { 1498 1499 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1500 if (!d->bd_fbuf) 1501 return (ENOBUFS); 1502 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1503 if (!d->bd_sbuf) { 1504 free(d->bd_fbuf, M_DEVBUF); 1505 return (ENOBUFS); 1506 } 1507 d->bd_slen = 0; 1508 d->bd_hlen = 0; 1509 return (0); 1510 } 1511 1512 /* 1513 * Free buffers currently in use by a descriptor. 1514 * Called on close. 1515 */ 1516 static void 1517 bpf_freed(struct bpf_d *d) 1518 { 1519 /* 1520 * We don't need to lock out interrupts since this descriptor has 1521 * been detached from its interface and it yet hasn't been marked 1522 * free. 1523 */ 1524 if (d->bd_sbuf != 0) { 1525 free(d->bd_sbuf, M_DEVBUF); 1526 if (d->bd_hbuf != 0) 1527 free(d->bd_hbuf, M_DEVBUF); 1528 if (d->bd_fbuf != 0) 1529 free(d->bd_fbuf, M_DEVBUF); 1530 } 1531 if (d->bd_filter) 1532 free(d->bd_filter, M_DEVBUF); 1533 } 1534 1535 /* 1536 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1537 * fixed size of the link header (variable length headers not yet supported). 1538 */ 1539 void 1540 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1541 { 1542 1543 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1544 } 1545 1546 /* 1547 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1548 * hdrlen is the fixed size of the link header for the specified dlt 1549 * (variable length headers not yet supported). 1550 */ 1551 void 1552 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1553 { 1554 struct bpf_if *bp; 1555 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1556 if (bp == 0) 1557 panic("bpfattach"); 1558 1559 bp->bif_dlist = 0; 1560 bp->bif_driverp = driverp; 1561 bp->bif_ifp = ifp; 1562 bp->bif_dlt = dlt; 1563 1564 bp->bif_next = bpf_iflist; 1565 bpf_iflist = bp; 1566 1567 *bp->bif_driverp = 0; 1568 1569 /* 1570 * Compute the length of the bpf header. This is not necessarily 1571 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1572 * that the network layer header begins on a longword boundary (for 1573 * performance reasons and to alleviate alignment restrictions). 1574 */ 1575 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1576 1577 #if 0 1578 printf("bpf: %s attached\n", ifp->if_xname); 1579 #endif 1580 } 1581 1582 /* 1583 * Remove an interface from bpf. 1584 */ 1585 void 1586 bpfdetach(struct ifnet *ifp) 1587 { 1588 struct bpf_if *bp, **pbp; 1589 struct bpf_d *d; 1590 int s; 1591 1592 /* Nuke the vnodes for any open instances */ 1593 LIST_FOREACH(d, &bpf_list, bd_list) { 1594 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1595 /* 1596 * Detach the descriptor from an interface now. 1597 * It will be free'ed later by close routine. 1598 */ 1599 s = splnet(); 1600 d->bd_promisc = 0; /* we can't touch device. */ 1601 bpf_detachd(d); 1602 splx(s); 1603 } 1604 } 1605 1606 again: 1607 for (bp = bpf_iflist, pbp = &bpf_iflist; 1608 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1609 if (bp->bif_ifp == ifp) { 1610 *pbp = bp->bif_next; 1611 free(bp, M_DEVBUF); 1612 goto again; 1613 } 1614 } 1615 } 1616 1617 /* 1618 * Change the data link type of a interface. 1619 */ 1620 void 1621 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1622 { 1623 struct bpf_if *bp; 1624 1625 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1626 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1627 break; 1628 } 1629 if (bp == NULL) 1630 panic("bpf_change_type"); 1631 1632 bp->bif_dlt = dlt; 1633 1634 /* 1635 * Compute the length of the bpf header. This is not necessarily 1636 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1637 * that the network layer header begins on a longword boundary (for 1638 * performance reasons and to alleviate alignment restrictions). 1639 */ 1640 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1641 } 1642 1643 /* 1644 * Get a list of available data link type of the interface. 1645 */ 1646 static int 1647 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1648 { 1649 int n, error; 1650 struct ifnet *ifp; 1651 struct bpf_if *bp; 1652 1653 ifp = d->bd_bif->bif_ifp; 1654 n = 0; 1655 error = 0; 1656 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1657 if (bp->bif_ifp != ifp) 1658 continue; 1659 if (bfl->bfl_list != NULL) { 1660 if (n >= bfl->bfl_len) 1661 return ENOMEM; 1662 error = copyout(&bp->bif_dlt, 1663 bfl->bfl_list + n, sizeof(u_int)); 1664 } 1665 n++; 1666 } 1667 bfl->bfl_len = n; 1668 return error; 1669 } 1670 1671 /* 1672 * Set the data link type of a BPF instance. 1673 */ 1674 static int 1675 bpf_setdlt(struct bpf_d *d, u_int dlt) 1676 { 1677 int s, error, opromisc; 1678 struct ifnet *ifp; 1679 struct bpf_if *bp; 1680 1681 if (d->bd_bif->bif_dlt == dlt) 1682 return 0; 1683 ifp = d->bd_bif->bif_ifp; 1684 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1685 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1686 break; 1687 } 1688 if (bp == NULL) 1689 return EINVAL; 1690 s = splnet(); 1691 opromisc = d->bd_promisc; 1692 bpf_detachd(d); 1693 bpf_attachd(d, bp); 1694 reset_d(d); 1695 if (opromisc) { 1696 error = ifpromisc(bp->bif_ifp, 1); 1697 if (error) 1698 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1699 bp->bif_ifp->if_xname, error); 1700 else 1701 d->bd_promisc = 1; 1702 } 1703 splx(s); 1704 return 0; 1705 } 1706 1707 static int 1708 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1709 { 1710 int newsize, error; 1711 struct sysctlnode node; 1712 1713 node = *rnode; 1714 node.sysctl_data = &newsize; 1715 newsize = bpf_maxbufsize; 1716 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1717 if (error || newp == NULL) 1718 return (error); 1719 1720 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1721 return (EINVAL); 1722 1723 bpf_maxbufsize = newsize; 1724 1725 return (0); 1726 } 1727 1728 static int 1729 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1730 { 1731 int error, elem_count; 1732 struct bpf_d *dp; 1733 struct bpf_d_ext dpe; 1734 size_t len, needed, elem_size, out_size; 1735 char *sp; 1736 1737 if (namelen == 1 && name[0] == CTL_QUERY) 1738 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1739 1740 if (namelen != 2) 1741 return (EINVAL); 1742 1743 /* BPF peers is privileged information. */ 1744 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1745 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1746 if (error) 1747 return (EPERM); 1748 1749 len = (oldp != NULL) ? *oldlenp : 0; 1750 sp = oldp; 1751 elem_size = name[0]; 1752 elem_count = name[1]; 1753 out_size = MIN(sizeof(dpe), elem_size); 1754 needed = 0; 1755 1756 if (elem_size < 1 || elem_count < 0) 1757 return (EINVAL); 1758 1759 mutex_enter(&bpf_mtx); 1760 LIST_FOREACH(dp, &bpf_list, bd_list) { 1761 if (len >= elem_size && elem_count > 0) { 1762 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1763 BPF_EXT(bufsize); 1764 BPF_EXT(promisc); 1765 BPF_EXT(promisc); 1766 BPF_EXT(state); 1767 BPF_EXT(immediate); 1768 BPF_EXT(hdrcmplt); 1769 BPF_EXT(seesent); 1770 BPF_EXT(pid); 1771 BPF_EXT(rcount); 1772 BPF_EXT(dcount); 1773 BPF_EXT(ccount); 1774 #undef BPF_EXT 1775 if (dp->bd_bif) 1776 (void)strlcpy(dpe.bde_ifname, 1777 dp->bd_bif->bif_ifp->if_xname, 1778 IFNAMSIZ - 1); 1779 else 1780 dpe.bde_ifname[0] = '\0'; 1781 1782 error = copyout(&dpe, sp, out_size); 1783 if (error) 1784 break; 1785 sp += elem_size; 1786 len -= elem_size; 1787 } 1788 if (elem_count > 0) { 1789 needed += elem_size; 1790 if (elem_count != INT_MAX) 1791 elem_count--; 1792 } 1793 } 1794 mutex_exit(&bpf_mtx); 1795 1796 *oldlenp = needed; 1797 1798 return (error); 1799 } 1800 1801 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1802 { 1803 const struct sysctlnode *node; 1804 1805 sysctl_createv(clog, 0, NULL, NULL, 1806 CTLFLAG_PERMANENT, 1807 CTLTYPE_NODE, "net", NULL, 1808 NULL, 0, NULL, 0, 1809 CTL_NET, CTL_EOL); 1810 1811 node = NULL; 1812 sysctl_createv(clog, 0, NULL, &node, 1813 CTLFLAG_PERMANENT, 1814 CTLTYPE_NODE, "bpf", 1815 SYSCTL_DESCR("BPF options"), 1816 NULL, 0, NULL, 0, 1817 CTL_NET, CTL_CREATE, CTL_EOL); 1818 if (node != NULL) { 1819 sysctl_createv(clog, 0, NULL, NULL, 1820 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1821 CTLTYPE_INT, "maxbufsize", 1822 SYSCTL_DESCR("Maximum size for data capture buffer"), 1823 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1824 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1825 sysctl_createv(clog, 0, NULL, NULL, 1826 CTLFLAG_PERMANENT, 1827 CTLTYPE_STRUCT, "stats", 1828 SYSCTL_DESCR("BPF stats"), 1829 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1830 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1831 sysctl_createv(clog, 0, NULL, NULL, 1832 CTLFLAG_PERMANENT, 1833 CTLTYPE_STRUCT, "peers", 1834 SYSCTL_DESCR("BPF peers"), 1835 sysctl_net_bpf_peers, 0, NULL, 0, 1836 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1837 } 1838 1839 } 1840