1 /* $NetBSD: bpf.c,v 1.146 2009/04/11 23:05:26 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.146 2009/04/11 23:05:26 christos Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 #include <sys/stat.h> 62 63 #include <sys/file.h> 64 #include <sys/filedesc.h> 65 #include <sys/tty.h> 66 #include <sys/uio.h> 67 68 #include <sys/protosw.h> 69 #include <sys/socket.h> 70 #include <sys/errno.h> 71 #include <sys/kernel.h> 72 #include <sys/poll.h> 73 #include <sys/sysctl.h> 74 #include <sys/kauth.h> 75 76 #include <net/if.h> 77 #include <net/slip.h> 78 79 #include <net/bpf.h> 80 #include <net/bpfdesc.h> 81 82 #include <net/if_arc.h> 83 #include <net/if_ether.h> 84 85 #include <netinet/in.h> 86 #include <netinet/if_inarp.h> 87 88 89 #include <compat/sys/sockio.h> 90 91 #ifndef BPF_BUFSIZE 92 /* 93 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 94 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 95 */ 96 # define BPF_BUFSIZE 32768 97 #endif 98 99 #define PRINET 26 /* interruptible */ 100 101 /* 102 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 103 * XXX the default values should be computed dynamically based 104 * on available memory size and available mbuf clusters. 105 */ 106 int bpf_bufsize = BPF_BUFSIZE; 107 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 108 109 110 /* 111 * Global BPF statistics returned by net.bpf.stats sysctl. 112 */ 113 struct bpf_stat bpf_gstats; 114 115 /* 116 * Use a mutex to avoid a race condition between gathering the stats/peers 117 * and opening/closing the device. 118 */ 119 static kmutex_t bpf_mtx; 120 121 /* 122 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 123 * bpf_dtab holds the descriptors, indexed by minor device # 124 */ 125 struct bpf_if *bpf_iflist; 126 LIST_HEAD(, bpf_d) bpf_list; 127 128 static int bpf_allocbufs(struct bpf_d *); 129 static void bpf_deliver(struct bpf_if *, 130 void *(*cpfn)(void *, const void *, size_t), 131 void *, u_int, u_int, struct ifnet *); 132 static void bpf_freed(struct bpf_d *); 133 static void bpf_ifname(struct ifnet *, struct ifreq *); 134 static void *bpf_mcpy(void *, const void *, size_t); 135 static int bpf_movein(struct uio *, int, int, 136 struct mbuf **, struct sockaddr *); 137 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 138 static void bpf_detachd(struct bpf_d *); 139 static int bpf_setif(struct bpf_d *, struct ifreq *); 140 static void bpf_timed_out(void *); 141 static inline void 142 bpf_wakeup(struct bpf_d *); 143 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 144 void *(*)(void *, const void *, size_t), struct timespec *); 145 static void reset_d(struct bpf_d *); 146 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 147 static int bpf_setdlt(struct bpf_d *, u_int); 148 149 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 150 int); 151 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 152 int); 153 static int bpf_ioctl(struct file *, u_long, void *); 154 static int bpf_poll(struct file *, int); 155 static int bpf_stat(struct file *, struct stat *); 156 static int bpf_close(struct file *); 157 static int bpf_kqfilter(struct file *, struct knote *); 158 static void bpf_softintr(void *); 159 160 static const struct fileops bpf_fileops = { 161 .fo_read = bpf_read, 162 .fo_write = bpf_write, 163 .fo_ioctl = bpf_ioctl, 164 .fo_fcntl = fnullop_fcntl, 165 .fo_poll = bpf_poll, 166 .fo_stat = bpf_stat, 167 .fo_close = bpf_close, 168 .fo_kqfilter = bpf_kqfilter, 169 .fo_drain = fnullop_drain, 170 }; 171 172 dev_type_open(bpfopen); 173 174 const struct cdevsw bpf_cdevsw = { 175 bpfopen, noclose, noread, nowrite, noioctl, 176 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 177 }; 178 179 static int 180 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 181 struct sockaddr *sockp) 182 { 183 struct mbuf *m; 184 int error; 185 int len; 186 int hlen; 187 int align; 188 189 /* 190 * Build a sockaddr based on the data link layer type. 191 * We do this at this level because the ethernet header 192 * is copied directly into the data field of the sockaddr. 193 * In the case of SLIP, there is no header and the packet 194 * is forwarded as is. 195 * Also, we are careful to leave room at the front of the mbuf 196 * for the link level header. 197 */ 198 switch (linktype) { 199 200 case DLT_SLIP: 201 sockp->sa_family = AF_INET; 202 hlen = 0; 203 align = 0; 204 break; 205 206 case DLT_PPP: 207 sockp->sa_family = AF_UNSPEC; 208 hlen = 0; 209 align = 0; 210 break; 211 212 case DLT_EN10MB: 213 sockp->sa_family = AF_UNSPEC; 214 /* XXX Would MAXLINKHDR be better? */ 215 /* 6(dst)+6(src)+2(type) */ 216 hlen = sizeof(struct ether_header); 217 align = 2; 218 break; 219 220 case DLT_ARCNET: 221 sockp->sa_family = AF_UNSPEC; 222 hlen = ARC_HDRLEN; 223 align = 5; 224 break; 225 226 case DLT_FDDI: 227 sockp->sa_family = AF_LINK; 228 /* XXX 4(FORMAC)+6(dst)+6(src) */ 229 hlen = 16; 230 align = 0; 231 break; 232 233 case DLT_ECONET: 234 sockp->sa_family = AF_UNSPEC; 235 hlen = 6; 236 align = 2; 237 break; 238 239 case DLT_NULL: 240 sockp->sa_family = AF_UNSPEC; 241 hlen = 0; 242 align = 0; 243 break; 244 245 default: 246 return (EIO); 247 } 248 249 len = uio->uio_resid; 250 /* 251 * If there aren't enough bytes for a link level header or the 252 * packet length exceeds the interface mtu, return an error. 253 */ 254 if (len < hlen || len - hlen > mtu) 255 return (EMSGSIZE); 256 257 /* 258 * XXX Avoid complicated buffer chaining --- 259 * bail if it won't fit in a single mbuf. 260 * (Take into account possible alignment bytes) 261 */ 262 if ((unsigned)len > MCLBYTES - align) 263 return (EIO); 264 265 m = m_gethdr(M_WAIT, MT_DATA); 266 m->m_pkthdr.rcvif = 0; 267 m->m_pkthdr.len = len - hlen; 268 if (len > MHLEN - align) { 269 m_clget(m, M_WAIT); 270 if ((m->m_flags & M_EXT) == 0) { 271 error = ENOBUFS; 272 goto bad; 273 } 274 } 275 276 /* Insure the data is properly aligned */ 277 if (align > 0) { 278 m->m_data += align; 279 m->m_len -= align; 280 } 281 282 error = uiomove(mtod(m, void *), len, uio); 283 if (error) 284 goto bad; 285 if (hlen != 0) { 286 memcpy(sockp->sa_data, mtod(m, void *), hlen); 287 m->m_data += hlen; /* XXX */ 288 len -= hlen; 289 } 290 m->m_len = len; 291 *mp = m; 292 return (0); 293 294 bad: 295 m_freem(m); 296 return (error); 297 } 298 299 /* 300 * Attach file to the bpf interface, i.e. make d listen on bp. 301 * Must be called at splnet. 302 */ 303 static void 304 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 305 { 306 /* 307 * Point d at bp, and add d to the interface's list of listeners. 308 * Finally, point the driver's bpf cookie at the interface so 309 * it will divert packets to bpf. 310 */ 311 d->bd_bif = bp; 312 d->bd_next = bp->bif_dlist; 313 bp->bif_dlist = d; 314 315 *bp->bif_driverp = bp; 316 } 317 318 /* 319 * Detach a file from its interface. 320 */ 321 static void 322 bpf_detachd(struct bpf_d *d) 323 { 324 struct bpf_d **p; 325 struct bpf_if *bp; 326 327 bp = d->bd_bif; 328 /* 329 * Check if this descriptor had requested promiscuous mode. 330 * If so, turn it off. 331 */ 332 if (d->bd_promisc) { 333 int error; 334 335 d->bd_promisc = 0; 336 /* 337 * Take device out of promiscuous mode. Since we were 338 * able to enter promiscuous mode, we should be able 339 * to turn it off. But we can get an error if 340 * the interface was configured down, so only panic 341 * if we don't get an unexpected error. 342 */ 343 error = ifpromisc(bp->bif_ifp, 0); 344 if (error && error != EINVAL) 345 panic("bpf: ifpromisc failed"); 346 } 347 /* Remove d from the interface's descriptor list. */ 348 p = &bp->bif_dlist; 349 while (*p != d) { 350 p = &(*p)->bd_next; 351 if (*p == 0) 352 panic("bpf_detachd: descriptor not in list"); 353 } 354 *p = (*p)->bd_next; 355 if (bp->bif_dlist == 0) 356 /* 357 * Let the driver know that there are no more listeners. 358 */ 359 *d->bd_bif->bif_driverp = 0; 360 d->bd_bif = 0; 361 } 362 363 364 /* 365 * Mark a descriptor free by making it point to itself. 366 * This is probably cheaper than marking with a constant since 367 * the address should be in a register anyway. 368 */ 369 370 /* 371 * bpfilterattach() is called at boot time. 372 */ 373 /* ARGSUSED */ 374 void 375 bpfilterattach(int n) 376 { 377 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 378 379 mutex_enter(&bpf_mtx); 380 LIST_INIT(&bpf_list); 381 mutex_exit(&bpf_mtx); 382 383 bpf_gstats.bs_recv = 0; 384 bpf_gstats.bs_drop = 0; 385 bpf_gstats.bs_capt = 0; 386 } 387 388 /* 389 * Open ethernet device. Clones. 390 */ 391 /* ARGSUSED */ 392 int 393 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 394 { 395 struct bpf_d *d; 396 struct file *fp; 397 int error, fd; 398 399 /* falloc() will use the descriptor for us. */ 400 if ((error = fd_allocfile(&fp, &fd)) != 0) 401 return error; 402 403 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 404 d->bd_bufsize = bpf_bufsize; 405 d->bd_seesent = 1; 406 d->bd_pid = l->l_proc->p_pid; 407 getnanotime(&d->bd_btime); 408 d->bd_atime = d->bd_mtime = d->bd_btime; 409 callout_init(&d->bd_callout, 0); 410 selinit(&d->bd_sel); 411 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 412 413 mutex_enter(&bpf_mtx); 414 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 415 mutex_exit(&bpf_mtx); 416 417 return fd_clone(fp, fd, flag, &bpf_fileops, d); 418 } 419 420 /* 421 * Close the descriptor by detaching it from its interface, 422 * deallocating its buffers, and marking it free. 423 */ 424 /* ARGSUSED */ 425 static int 426 bpf_close(struct file *fp) 427 { 428 struct bpf_d *d = fp->f_data; 429 int s; 430 431 KERNEL_LOCK(1, NULL); 432 433 /* 434 * Refresh the PID associated with this bpf file. 435 */ 436 d->bd_pid = curproc->p_pid; 437 438 s = splnet(); 439 if (d->bd_state == BPF_WAITING) 440 callout_stop(&d->bd_callout); 441 d->bd_state = BPF_IDLE; 442 if (d->bd_bif) 443 bpf_detachd(d); 444 splx(s); 445 bpf_freed(d); 446 mutex_enter(&bpf_mtx); 447 LIST_REMOVE(d, bd_list); 448 mutex_exit(&bpf_mtx); 449 callout_destroy(&d->bd_callout); 450 seldestroy(&d->bd_sel); 451 softint_disestablish(d->bd_sih); 452 free(d, M_DEVBUF); 453 fp->f_data = NULL; 454 455 KERNEL_UNLOCK_ONE(NULL); 456 457 return (0); 458 } 459 460 /* 461 * Rotate the packet buffers in descriptor d. Move the store buffer 462 * into the hold slot, and the free buffer into the store slot. 463 * Zero the length of the new store buffer. 464 */ 465 #define ROTATE_BUFFERS(d) \ 466 (d)->bd_hbuf = (d)->bd_sbuf; \ 467 (d)->bd_hlen = (d)->bd_slen; \ 468 (d)->bd_sbuf = (d)->bd_fbuf; \ 469 (d)->bd_slen = 0; \ 470 (d)->bd_fbuf = 0; 471 /* 472 * bpfread - read next chunk of packets from buffers 473 */ 474 static int 475 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 476 kauth_cred_t cred, int flags) 477 { 478 struct bpf_d *d = fp->f_data; 479 int timed_out; 480 int error; 481 int s; 482 483 getnanotime(&d->bd_atime); 484 /* 485 * Restrict application to use a buffer the same size as 486 * the kernel buffers. 487 */ 488 if (uio->uio_resid != d->bd_bufsize) 489 return (EINVAL); 490 491 KERNEL_LOCK(1, NULL); 492 s = splnet(); 493 if (d->bd_state == BPF_WAITING) 494 callout_stop(&d->bd_callout); 495 timed_out = (d->bd_state == BPF_TIMED_OUT); 496 d->bd_state = BPF_IDLE; 497 /* 498 * If the hold buffer is empty, then do a timed sleep, which 499 * ends when the timeout expires or when enough packets 500 * have arrived to fill the store buffer. 501 */ 502 while (d->bd_hbuf == 0) { 503 if (fp->f_flag & FNONBLOCK) { 504 if (d->bd_slen == 0) { 505 splx(s); 506 KERNEL_UNLOCK_ONE(NULL); 507 return (EWOULDBLOCK); 508 } 509 ROTATE_BUFFERS(d); 510 break; 511 } 512 513 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 514 /* 515 * A packet(s) either arrived since the previous 516 * read or arrived while we were asleep. 517 * Rotate the buffers and return what's here. 518 */ 519 ROTATE_BUFFERS(d); 520 break; 521 } 522 error = tsleep(d, PRINET|PCATCH, "bpf", 523 d->bd_rtout); 524 if (error == EINTR || error == ERESTART) { 525 splx(s); 526 KERNEL_UNLOCK_ONE(NULL); 527 return (error); 528 } 529 if (error == EWOULDBLOCK) { 530 /* 531 * On a timeout, return what's in the buffer, 532 * which may be nothing. If there is something 533 * in the store buffer, we can rotate the buffers. 534 */ 535 if (d->bd_hbuf) 536 /* 537 * We filled up the buffer in between 538 * getting the timeout and arriving 539 * here, so we don't need to rotate. 540 */ 541 break; 542 543 if (d->bd_slen == 0) { 544 splx(s); 545 KERNEL_UNLOCK_ONE(NULL); 546 return (0); 547 } 548 ROTATE_BUFFERS(d); 549 break; 550 } 551 if (error != 0) 552 goto done; 553 } 554 /* 555 * At this point, we know we have something in the hold slot. 556 */ 557 splx(s); 558 559 /* 560 * Move data from hold buffer into user space. 561 * We know the entire buffer is transferred since 562 * we checked above that the read buffer is bpf_bufsize bytes. 563 */ 564 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 565 566 s = splnet(); 567 d->bd_fbuf = d->bd_hbuf; 568 d->bd_hbuf = 0; 569 d->bd_hlen = 0; 570 done: 571 splx(s); 572 KERNEL_UNLOCK_ONE(NULL); 573 return (error); 574 } 575 576 577 /* 578 * If there are processes sleeping on this descriptor, wake them up. 579 */ 580 static inline void 581 bpf_wakeup(struct bpf_d *d) 582 { 583 wakeup(d); 584 if (d->bd_async) 585 softint_schedule(d->bd_sih); 586 selnotify(&d->bd_sel, 0, 0); 587 } 588 589 static void 590 bpf_softintr(void *cookie) 591 { 592 struct bpf_d *d; 593 594 d = cookie; 595 if (d->bd_async) 596 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 597 } 598 599 static void 600 bpf_timed_out(void *arg) 601 { 602 struct bpf_d *d = arg; 603 int s; 604 605 s = splnet(); 606 if (d->bd_state == BPF_WAITING) { 607 d->bd_state = BPF_TIMED_OUT; 608 if (d->bd_slen != 0) 609 bpf_wakeup(d); 610 } 611 splx(s); 612 } 613 614 615 static int 616 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 617 kauth_cred_t cred, int flags) 618 { 619 struct bpf_d *d = fp->f_data; 620 struct ifnet *ifp; 621 struct mbuf *m; 622 int error, s; 623 static struct sockaddr_storage dst; 624 625 m = NULL; /* XXX gcc */ 626 627 KERNEL_LOCK(1, NULL); 628 629 if (d->bd_bif == 0) { 630 KERNEL_UNLOCK_ONE(NULL); 631 return (ENXIO); 632 } 633 getnanotime(&d->bd_mtime); 634 635 ifp = d->bd_bif->bif_ifp; 636 637 if (uio->uio_resid == 0) { 638 KERNEL_UNLOCK_ONE(NULL); 639 return (0); 640 } 641 642 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 643 (struct sockaddr *) &dst); 644 if (error) { 645 KERNEL_UNLOCK_ONE(NULL); 646 return (error); 647 } 648 649 if (m->m_pkthdr.len > ifp->if_mtu) { 650 KERNEL_UNLOCK_ONE(NULL); 651 m_freem(m); 652 return (EMSGSIZE); 653 } 654 655 if (d->bd_hdrcmplt) 656 dst.ss_family = pseudo_AF_HDRCMPLT; 657 658 s = splsoftnet(); 659 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 660 splx(s); 661 KERNEL_UNLOCK_ONE(NULL); 662 /* 663 * The driver frees the mbuf. 664 */ 665 return (error); 666 } 667 668 /* 669 * Reset a descriptor by flushing its packet buffer and clearing the 670 * receive and drop counts. Should be called at splnet. 671 */ 672 static void 673 reset_d(struct bpf_d *d) 674 { 675 if (d->bd_hbuf) { 676 /* Free the hold buffer. */ 677 d->bd_fbuf = d->bd_hbuf; 678 d->bd_hbuf = 0; 679 } 680 d->bd_slen = 0; 681 d->bd_hlen = 0; 682 d->bd_rcount = 0; 683 d->bd_dcount = 0; 684 d->bd_ccount = 0; 685 } 686 687 /* 688 * FIONREAD Check for read packet available. 689 * BIOCGBLEN Get buffer len [for read()]. 690 * BIOCSETF Set ethernet read filter. 691 * BIOCFLUSH Flush read packet buffer. 692 * BIOCPROMISC Put interface into promiscuous mode. 693 * BIOCGDLT Get link layer type. 694 * BIOCGETIF Get interface name. 695 * BIOCSETIF Set interface. 696 * BIOCSRTIMEOUT Set read timeout. 697 * BIOCGRTIMEOUT Get read timeout. 698 * BIOCGSTATS Get packet stats. 699 * BIOCIMMEDIATE Set immediate mode. 700 * BIOCVERSION Get filter language version. 701 * BIOCGHDRCMPLT Get "header already complete" flag. 702 * BIOCSHDRCMPLT Set "header already complete" flag. 703 */ 704 /* ARGSUSED */ 705 static int 706 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 707 { 708 struct bpf_d *d = fp->f_data; 709 int s, error = 0; 710 711 /* 712 * Refresh the PID associated with this bpf file. 713 */ 714 KERNEL_LOCK(1, NULL); 715 d->bd_pid = curproc->p_pid; 716 717 s = splnet(); 718 if (d->bd_state == BPF_WAITING) 719 callout_stop(&d->bd_callout); 720 d->bd_state = BPF_IDLE; 721 splx(s); 722 723 switch (cmd) { 724 725 default: 726 error = EINVAL; 727 break; 728 729 /* 730 * Check for read packet available. 731 */ 732 case FIONREAD: 733 { 734 int n; 735 736 s = splnet(); 737 n = d->bd_slen; 738 if (d->bd_hbuf) 739 n += d->bd_hlen; 740 splx(s); 741 742 *(int *)addr = n; 743 break; 744 } 745 746 /* 747 * Get buffer len [for read()]. 748 */ 749 case BIOCGBLEN: 750 *(u_int *)addr = d->bd_bufsize; 751 break; 752 753 /* 754 * Set buffer length. 755 */ 756 case BIOCSBLEN: 757 if (d->bd_bif != 0) 758 error = EINVAL; 759 else { 760 u_int size = *(u_int *)addr; 761 762 if (size > bpf_maxbufsize) 763 *(u_int *)addr = size = bpf_maxbufsize; 764 else if (size < BPF_MINBUFSIZE) 765 *(u_int *)addr = size = BPF_MINBUFSIZE; 766 d->bd_bufsize = size; 767 } 768 break; 769 770 /* 771 * Set link layer read filter. 772 */ 773 case BIOCSETF: 774 error = bpf_setf(d, addr); 775 break; 776 777 /* 778 * Flush read packet buffer. 779 */ 780 case BIOCFLUSH: 781 s = splnet(); 782 reset_d(d); 783 splx(s); 784 break; 785 786 /* 787 * Put interface into promiscuous mode. 788 */ 789 case BIOCPROMISC: 790 if (d->bd_bif == 0) { 791 /* 792 * No interface attached yet. 793 */ 794 error = EINVAL; 795 break; 796 } 797 s = splnet(); 798 if (d->bd_promisc == 0) { 799 error = ifpromisc(d->bd_bif->bif_ifp, 1); 800 if (error == 0) 801 d->bd_promisc = 1; 802 } 803 splx(s); 804 break; 805 806 /* 807 * Get device parameters. 808 */ 809 case BIOCGDLT: 810 if (d->bd_bif == 0) 811 error = EINVAL; 812 else 813 *(u_int *)addr = d->bd_bif->bif_dlt; 814 break; 815 816 /* 817 * Get a list of supported device parameters. 818 */ 819 case BIOCGDLTLIST: 820 if (d->bd_bif == 0) 821 error = EINVAL; 822 else 823 error = bpf_getdltlist(d, addr); 824 break; 825 826 /* 827 * Set device parameters. 828 */ 829 case BIOCSDLT: 830 if (d->bd_bif == 0) 831 error = EINVAL; 832 else 833 error = bpf_setdlt(d, *(u_int *)addr); 834 break; 835 836 /* 837 * Set interface name. 838 */ 839 #ifdef OBIOCGETIF 840 case OBIOCGETIF: 841 #endif 842 case BIOCGETIF: 843 if (d->bd_bif == 0) 844 error = EINVAL; 845 else 846 bpf_ifname(d->bd_bif->bif_ifp, addr); 847 break; 848 849 /* 850 * Set interface. 851 */ 852 #ifdef OBIOCSETIF 853 case OBIOCSETIF: 854 #endif 855 case BIOCSETIF: 856 error = bpf_setif(d, addr); 857 break; 858 859 /* 860 * Set read timeout. 861 */ 862 case BIOCSRTIMEOUT: 863 { 864 struct timeval *tv = addr; 865 866 /* Compute number of ticks. */ 867 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 868 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 869 d->bd_rtout = 1; 870 break; 871 } 872 873 #ifdef BIOCGORTIMEOUT 874 /* 875 * Get read timeout. 876 */ 877 case BIOCGORTIMEOUT: 878 { 879 struct timeval50 *tv = addr; 880 881 tv->tv_sec = d->bd_rtout / hz; 882 tv->tv_usec = (d->bd_rtout % hz) * tick; 883 break; 884 } 885 #endif 886 887 #ifdef BIOCSORTIMEOUT 888 /* 889 * Set read timeout. 890 */ 891 case BIOCSORTIMEOUT: 892 { 893 struct timeval50 *tv = addr; 894 895 /* Compute number of ticks. */ 896 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 897 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 898 d->bd_rtout = 1; 899 break; 900 } 901 #endif 902 903 /* 904 * Get read timeout. 905 */ 906 case BIOCGRTIMEOUT: 907 { 908 struct timeval *tv = addr; 909 910 tv->tv_sec = d->bd_rtout / hz; 911 tv->tv_usec = (d->bd_rtout % hz) * tick; 912 break; 913 } 914 /* 915 * Get packet stats. 916 */ 917 case BIOCGSTATS: 918 { 919 struct bpf_stat *bs = addr; 920 921 bs->bs_recv = d->bd_rcount; 922 bs->bs_drop = d->bd_dcount; 923 bs->bs_capt = d->bd_ccount; 924 break; 925 } 926 927 case BIOCGSTATSOLD: 928 { 929 struct bpf_stat_old *bs = addr; 930 931 bs->bs_recv = d->bd_rcount; 932 bs->bs_drop = d->bd_dcount; 933 break; 934 } 935 936 /* 937 * Set immediate mode. 938 */ 939 case BIOCIMMEDIATE: 940 d->bd_immediate = *(u_int *)addr; 941 break; 942 943 case BIOCVERSION: 944 { 945 struct bpf_version *bv = addr; 946 947 bv->bv_major = BPF_MAJOR_VERSION; 948 bv->bv_minor = BPF_MINOR_VERSION; 949 break; 950 } 951 952 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 953 *(u_int *)addr = d->bd_hdrcmplt; 954 break; 955 956 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 957 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 958 break; 959 960 /* 961 * Get "see sent packets" flag 962 */ 963 case BIOCGSEESENT: 964 *(u_int *)addr = d->bd_seesent; 965 break; 966 967 /* 968 * Set "see sent" packets flag 969 */ 970 case BIOCSSEESENT: 971 d->bd_seesent = *(u_int *)addr; 972 break; 973 974 case FIONBIO: /* Non-blocking I/O */ 975 /* 976 * No need to do anything special as we use IO_NDELAY in 977 * bpfread() as an indication of whether or not to block 978 * the read. 979 */ 980 break; 981 982 case FIOASYNC: /* Send signal on receive packets */ 983 d->bd_async = *(int *)addr; 984 break; 985 986 case TIOCSPGRP: /* Process or group to send signals to */ 987 case FIOSETOWN: 988 error = fsetown(&d->bd_pgid, cmd, addr); 989 break; 990 991 case TIOCGPGRP: 992 case FIOGETOWN: 993 error = fgetown(d->bd_pgid, cmd, addr); 994 break; 995 } 996 KERNEL_UNLOCK_ONE(NULL); 997 return (error); 998 } 999 1000 /* 1001 * Set d's packet filter program to fp. If this file already has a filter, 1002 * free it and replace it. Returns EINVAL for bogus requests. 1003 */ 1004 int 1005 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 1006 { 1007 struct bpf_insn *fcode, *old; 1008 u_int flen, size; 1009 int s; 1010 1011 old = d->bd_filter; 1012 if (fp->bf_insns == 0) { 1013 if (fp->bf_len != 0) 1014 return (EINVAL); 1015 s = splnet(); 1016 d->bd_filter = 0; 1017 reset_d(d); 1018 splx(s); 1019 if (old != 0) 1020 free(old, M_DEVBUF); 1021 return (0); 1022 } 1023 flen = fp->bf_len; 1024 if (flen > BPF_MAXINSNS) 1025 return (EINVAL); 1026 1027 size = flen * sizeof(*fp->bf_insns); 1028 fcode = malloc(size, M_DEVBUF, M_WAITOK); 1029 if (copyin(fp->bf_insns, fcode, size) == 0 && 1030 bpf_validate(fcode, (int)flen)) { 1031 s = splnet(); 1032 d->bd_filter = fcode; 1033 reset_d(d); 1034 splx(s); 1035 if (old != 0) 1036 free(old, M_DEVBUF); 1037 1038 return (0); 1039 } 1040 free(fcode, M_DEVBUF); 1041 return (EINVAL); 1042 } 1043 1044 /* 1045 * Detach a file from its current interface (if attached at all) and attach 1046 * to the interface indicated by the name stored in ifr. 1047 * Return an errno or 0. 1048 */ 1049 static int 1050 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1051 { 1052 struct bpf_if *bp; 1053 char *cp; 1054 int unit_seen, i, s, error; 1055 1056 /* 1057 * Make sure the provided name has a unit number, and default 1058 * it to '0' if not specified. 1059 * XXX This is ugly ... do this differently? 1060 */ 1061 unit_seen = 0; 1062 cp = ifr->ifr_name; 1063 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1064 while (*cp++) 1065 if (*cp >= '0' && *cp <= '9') 1066 unit_seen = 1; 1067 if (!unit_seen) { 1068 /* Make sure to leave room for the '\0'. */ 1069 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1070 if ((ifr->ifr_name[i] >= 'a' && 1071 ifr->ifr_name[i] <= 'z') || 1072 (ifr->ifr_name[i] >= 'A' && 1073 ifr->ifr_name[i] <= 'Z')) 1074 continue; 1075 ifr->ifr_name[i] = '0'; 1076 } 1077 } 1078 1079 /* 1080 * Look through attached interfaces for the named one. 1081 */ 1082 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1083 struct ifnet *ifp = bp->bif_ifp; 1084 1085 if (ifp == 0 || 1086 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1087 continue; 1088 /* skip additional entry */ 1089 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1090 continue; 1091 /* 1092 * We found the requested interface. 1093 * Allocate the packet buffers if we need to. 1094 * If we're already attached to requested interface, 1095 * just flush the buffer. 1096 */ 1097 if (d->bd_sbuf == 0) { 1098 error = bpf_allocbufs(d); 1099 if (error != 0) 1100 return (error); 1101 } 1102 s = splnet(); 1103 if (bp != d->bd_bif) { 1104 if (d->bd_bif) 1105 /* 1106 * Detach if attached to something else. 1107 */ 1108 bpf_detachd(d); 1109 1110 bpf_attachd(d, bp); 1111 } 1112 reset_d(d); 1113 splx(s); 1114 return (0); 1115 } 1116 /* Not found. */ 1117 return (ENXIO); 1118 } 1119 1120 /* 1121 * Copy the interface name to the ifreq. 1122 */ 1123 static void 1124 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1125 { 1126 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1127 } 1128 1129 static int 1130 bpf_stat(struct file *fp, struct stat *st) 1131 { 1132 struct bpf_d *d = fp->f_data; 1133 1134 (void)memset(st, 0, sizeof(*st)); 1135 KERNEL_LOCK(1, NULL); 1136 st->st_dev = makedev(cdevsw_lookup_major(&bpf_cdevsw), d->bd_pid); 1137 st->st_atimespec = d->bd_atime; 1138 st->st_mtimespec = d->bd_mtime; 1139 st->st_ctimespec = st->st_birthtimespec = d->bd_btime; 1140 st->st_uid = kauth_cred_geteuid(fp->f_cred); 1141 st->st_gid = kauth_cred_getegid(fp->f_cred); 1142 KERNEL_UNLOCK_ONE(NULL); 1143 return 0; 1144 } 1145 1146 /* 1147 * Support for poll() system call 1148 * 1149 * Return true iff the specific operation will not block indefinitely - with 1150 * the assumption that it is safe to positively acknowledge a request for the 1151 * ability to write to the BPF device. 1152 * Otherwise, return false but make a note that a selnotify() must be done. 1153 */ 1154 static int 1155 bpf_poll(struct file *fp, int events) 1156 { 1157 struct bpf_d *d = fp->f_data; 1158 int s = splnet(); 1159 int revents; 1160 1161 /* 1162 * Refresh the PID associated with this bpf file. 1163 */ 1164 KERNEL_LOCK(1, NULL); 1165 d->bd_pid = curproc->p_pid; 1166 1167 revents = events & (POLLOUT | POLLWRNORM); 1168 if (events & (POLLIN | POLLRDNORM)) { 1169 /* 1170 * An imitation of the FIONREAD ioctl code. 1171 */ 1172 if (d->bd_hlen != 0 || 1173 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1174 d->bd_slen != 0)) { 1175 revents |= events & (POLLIN | POLLRDNORM); 1176 } else { 1177 selrecord(curlwp, &d->bd_sel); 1178 /* Start the read timeout if necessary */ 1179 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1180 callout_reset(&d->bd_callout, d->bd_rtout, 1181 bpf_timed_out, d); 1182 d->bd_state = BPF_WAITING; 1183 } 1184 } 1185 } 1186 1187 KERNEL_UNLOCK_ONE(NULL); 1188 splx(s); 1189 return (revents); 1190 } 1191 1192 static void 1193 filt_bpfrdetach(struct knote *kn) 1194 { 1195 struct bpf_d *d = kn->kn_hook; 1196 int s; 1197 1198 KERNEL_LOCK(1, NULL); 1199 s = splnet(); 1200 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1201 splx(s); 1202 KERNEL_UNLOCK_ONE(NULL); 1203 } 1204 1205 static int 1206 filt_bpfread(struct knote *kn, long hint) 1207 { 1208 struct bpf_d *d = kn->kn_hook; 1209 int rv; 1210 1211 KERNEL_LOCK(1, NULL); 1212 kn->kn_data = d->bd_hlen; 1213 if (d->bd_immediate) 1214 kn->kn_data += d->bd_slen; 1215 rv = (kn->kn_data > 0); 1216 KERNEL_UNLOCK_ONE(NULL); 1217 return rv; 1218 } 1219 1220 static const struct filterops bpfread_filtops = 1221 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1222 1223 static int 1224 bpf_kqfilter(struct file *fp, struct knote *kn) 1225 { 1226 struct bpf_d *d = fp->f_data; 1227 struct klist *klist; 1228 int s; 1229 1230 KERNEL_LOCK(1, NULL); 1231 1232 switch (kn->kn_filter) { 1233 case EVFILT_READ: 1234 klist = &d->bd_sel.sel_klist; 1235 kn->kn_fop = &bpfread_filtops; 1236 break; 1237 1238 default: 1239 KERNEL_UNLOCK_ONE(NULL); 1240 return (EINVAL); 1241 } 1242 1243 kn->kn_hook = d; 1244 1245 s = splnet(); 1246 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1247 splx(s); 1248 KERNEL_UNLOCK_ONE(NULL); 1249 1250 return (0); 1251 } 1252 1253 /* 1254 * Incoming linkage from device drivers. Process the packet pkt, of length 1255 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1256 * by each process' filter, and if accepted, stashed into the corresponding 1257 * buffer. 1258 */ 1259 void 1260 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1261 { 1262 struct bpf_if *bp; 1263 struct bpf_d *d; 1264 u_int slen; 1265 struct timespec ts; 1266 int gottime=0; 1267 1268 /* 1269 * Note that the ipl does not have to be raised at this point. 1270 * The only problem that could arise here is that if two different 1271 * interfaces shared any data. This is not the case. 1272 */ 1273 bp = arg; 1274 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1275 ++d->bd_rcount; 1276 ++bpf_gstats.bs_recv; 1277 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1278 if (slen != 0) { 1279 if (!gottime) { 1280 nanotime(&ts); 1281 gottime = 1; 1282 } 1283 catchpacket(d, pkt, pktlen, slen, memcpy, &ts); 1284 } 1285 } 1286 } 1287 1288 /* 1289 * Copy data from an mbuf chain into a buffer. This code is derived 1290 * from m_copydata in sys/uipc_mbuf.c. 1291 */ 1292 static void * 1293 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1294 { 1295 const struct mbuf *m; 1296 u_int count; 1297 u_char *dst; 1298 1299 m = src_arg; 1300 dst = dst_arg; 1301 while (len > 0) { 1302 if (m == NULL) 1303 panic("bpf_mcpy"); 1304 count = min(m->m_len, len); 1305 memcpy(dst, mtod(m, const void *), count); 1306 m = m->m_next; 1307 dst += count; 1308 len -= count; 1309 } 1310 return dst_arg; 1311 } 1312 1313 /* 1314 * Dispatch a packet to all the listeners on interface bp. 1315 * 1316 * marg pointer to the packet, either a data buffer or an mbuf chain 1317 * buflen buffer length, if marg is a data buffer 1318 * cpfn a function that can copy marg into the listener's buffer 1319 * pktlen length of the packet 1320 * rcvif either NULL or the interface the packet came in on. 1321 */ 1322 static inline void 1323 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1324 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1325 { 1326 u_int slen; 1327 struct bpf_d *d; 1328 struct timespec ts; 1329 int gottime = 0; 1330 1331 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1332 if (!d->bd_seesent && (rcvif == NULL)) 1333 continue; 1334 ++d->bd_rcount; 1335 ++bpf_gstats.bs_recv; 1336 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1337 if (slen != 0) { 1338 if(!gottime) { 1339 nanotime(&ts); 1340 gottime = 1; 1341 } 1342 catchpacket(d, marg, pktlen, slen, cpfn, &ts); 1343 } 1344 } 1345 } 1346 1347 /* 1348 * Incoming linkage from device drivers, when the head of the packet is in 1349 * a buffer, and the tail is in an mbuf chain. 1350 */ 1351 void 1352 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1353 { 1354 struct bpf_if *bp = arg; 1355 u_int pktlen; 1356 struct mbuf mb; 1357 1358 pktlen = m_length(m) + dlen; 1359 1360 /* 1361 * Craft on-stack mbuf suitable for passing to bpf_filter. 1362 * Note that we cut corners here; we only setup what's 1363 * absolutely needed--this mbuf should never go anywhere else. 1364 */ 1365 (void)memset(&mb, 0, sizeof(mb)); 1366 mb.m_next = m; 1367 mb.m_data = data; 1368 mb.m_len = dlen; 1369 1370 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1371 } 1372 1373 /* 1374 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1375 */ 1376 void 1377 bpf_mtap(void *arg, struct mbuf *m) 1378 { 1379 void *(*cpfn)(void *, const void *, size_t); 1380 struct bpf_if *bp = arg; 1381 u_int pktlen, buflen; 1382 void *marg; 1383 1384 pktlen = m_length(m); 1385 1386 if (pktlen == m->m_len) { 1387 cpfn = (void *)memcpy; 1388 marg = mtod(m, void *); 1389 buflen = pktlen; 1390 } else { 1391 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1392 cpfn = bpf_mcpy; 1393 marg = m; 1394 buflen = 0; 1395 } 1396 1397 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1398 } 1399 1400 /* 1401 * We need to prepend the address family as 1402 * a four byte field. Cons up a dummy header 1403 * to pacify bpf. This is safe because bpf 1404 * will only read from the mbuf (i.e., it won't 1405 * try to free it or keep a pointer a to it). 1406 */ 1407 void 1408 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1409 { 1410 struct mbuf m0; 1411 1412 m0.m_flags = 0; 1413 m0.m_next = m; 1414 m0.m_len = 4; 1415 m0.m_data = (char *)⁡ 1416 1417 bpf_mtap(arg, &m0); 1418 } 1419 1420 void 1421 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1422 { 1423 struct mbuf m0; 1424 1425 m0.m_flags = 0; 1426 m0.m_next = m; 1427 m0.m_len = 14; 1428 m0.m_data = m0.m_dat; 1429 1430 ((uint32_t *)m0.m_data)[0] = 0; 1431 ((uint32_t *)m0.m_data)[1] = 0; 1432 ((uint32_t *)m0.m_data)[2] = 0; 1433 ((uint16_t *)m0.m_data)[6] = et; 1434 1435 bpf_mtap(arg, &m0); 1436 } 1437 1438 #if NSL > 0 || NSTRIP > 0 1439 /* 1440 * Put the SLIP pseudo-"link header" in place. 1441 * Note this M_PREPEND() should never fail, 1442 * swince we know we always have enough space 1443 * in the input buffer. 1444 */ 1445 void 1446 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1447 { 1448 int s; 1449 u_char *hp; 1450 1451 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1452 if (*m == NULL) 1453 return; 1454 1455 hp = mtod(*m, u_char *); 1456 hp[SLX_DIR] = SLIPDIR_IN; 1457 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1458 1459 s = splnet(); 1460 bpf_mtap(arg, *m); 1461 splx(s); 1462 1463 m_adj(*m, SLIP_HDRLEN); 1464 } 1465 1466 /* 1467 * Put the SLIP pseudo-"link header" in 1468 * place. The compressed header is now 1469 * at the beginning of the mbuf. 1470 */ 1471 void 1472 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1473 { 1474 struct mbuf m0; 1475 u_char *hp; 1476 int s; 1477 1478 m0.m_flags = 0; 1479 m0.m_next = m; 1480 m0.m_data = m0.m_dat; 1481 m0.m_len = SLIP_HDRLEN; 1482 1483 hp = mtod(&m0, u_char *); 1484 1485 hp[SLX_DIR] = SLIPDIR_OUT; 1486 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1487 1488 s = splnet(); 1489 bpf_mtap(arg, &m0); 1490 splx(s); 1491 m_freem(m); 1492 } 1493 #endif 1494 1495 /* 1496 * Move the packet data from interface memory (pkt) into the 1497 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1498 * otherwise 0. "copy" is the routine called to do the actual data 1499 * transfer. memcpy is passed in to copy contiguous chunks, while 1500 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1501 * pkt is really an mbuf. 1502 */ 1503 static void 1504 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1505 void *(*cpfn)(void *, const void *, size_t), struct timespec *ts) 1506 { 1507 struct bpf_hdr *hp; 1508 int totlen, curlen; 1509 int hdrlen = d->bd_bif->bif_hdrlen; 1510 int do_wakeup = 0; 1511 1512 ++d->bd_ccount; 1513 ++bpf_gstats.bs_capt; 1514 /* 1515 * Figure out how many bytes to move. If the packet is 1516 * greater or equal to the snapshot length, transfer that 1517 * much. Otherwise, transfer the whole packet (unless 1518 * we hit the buffer size limit). 1519 */ 1520 totlen = hdrlen + min(snaplen, pktlen); 1521 if (totlen > d->bd_bufsize) 1522 totlen = d->bd_bufsize; 1523 1524 /* 1525 * Round up the end of the previous packet to the next longword. 1526 */ 1527 curlen = BPF_WORDALIGN(d->bd_slen); 1528 if (curlen + totlen > d->bd_bufsize) { 1529 /* 1530 * This packet will overflow the storage buffer. 1531 * Rotate the buffers if we can, then wakeup any 1532 * pending reads. 1533 */ 1534 if (d->bd_fbuf == 0) { 1535 /* 1536 * We haven't completed the previous read yet, 1537 * so drop the packet. 1538 */ 1539 ++d->bd_dcount; 1540 ++bpf_gstats.bs_drop; 1541 return; 1542 } 1543 ROTATE_BUFFERS(d); 1544 do_wakeup = 1; 1545 curlen = 0; 1546 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1547 /* 1548 * Immediate mode is set, or the read timeout has 1549 * already expired during a select call. A packet 1550 * arrived, so the reader should be woken up. 1551 */ 1552 do_wakeup = 1; 1553 } 1554 1555 /* 1556 * Append the bpf header. 1557 */ 1558 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1559 hp->bh_tstamp.tv_sec = ts->tv_sec; 1560 hp->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1561 hp->bh_datalen = pktlen; 1562 hp->bh_hdrlen = hdrlen; 1563 /* 1564 * Copy the packet data into the store buffer and update its length. 1565 */ 1566 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1567 d->bd_slen = curlen + totlen; 1568 1569 /* 1570 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1571 * will cause filt_bpfread() to be called with it adjusted. 1572 */ 1573 if (do_wakeup) 1574 bpf_wakeup(d); 1575 } 1576 1577 /* 1578 * Initialize all nonzero fields of a descriptor. 1579 */ 1580 static int 1581 bpf_allocbufs(struct bpf_d *d) 1582 { 1583 1584 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1585 if (!d->bd_fbuf) 1586 return (ENOBUFS); 1587 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1588 if (!d->bd_sbuf) { 1589 free(d->bd_fbuf, M_DEVBUF); 1590 return (ENOBUFS); 1591 } 1592 d->bd_slen = 0; 1593 d->bd_hlen = 0; 1594 return (0); 1595 } 1596 1597 /* 1598 * Free buffers currently in use by a descriptor. 1599 * Called on close. 1600 */ 1601 static void 1602 bpf_freed(struct bpf_d *d) 1603 { 1604 /* 1605 * We don't need to lock out interrupts since this descriptor has 1606 * been detached from its interface and it yet hasn't been marked 1607 * free. 1608 */ 1609 if (d->bd_sbuf != 0) { 1610 free(d->bd_sbuf, M_DEVBUF); 1611 if (d->bd_hbuf != 0) 1612 free(d->bd_hbuf, M_DEVBUF); 1613 if (d->bd_fbuf != 0) 1614 free(d->bd_fbuf, M_DEVBUF); 1615 } 1616 if (d->bd_filter) 1617 free(d->bd_filter, M_DEVBUF); 1618 } 1619 1620 /* 1621 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1622 * fixed size of the link header (variable length headers not yet supported). 1623 */ 1624 void 1625 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1626 { 1627 1628 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1629 } 1630 1631 /* 1632 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1633 * hdrlen is the fixed size of the link header for the specified dlt 1634 * (variable length headers not yet supported). 1635 */ 1636 void 1637 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1638 { 1639 struct bpf_if *bp; 1640 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1641 if (bp == 0) 1642 panic("bpfattach"); 1643 1644 bp->bif_dlist = 0; 1645 bp->bif_driverp = driverp; 1646 bp->bif_ifp = ifp; 1647 bp->bif_dlt = dlt; 1648 1649 bp->bif_next = bpf_iflist; 1650 bpf_iflist = bp; 1651 1652 *bp->bif_driverp = 0; 1653 1654 /* 1655 * Compute the length of the bpf header. This is not necessarily 1656 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1657 * that the network layer header begins on a longword boundary (for 1658 * performance reasons and to alleviate alignment restrictions). 1659 */ 1660 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1661 1662 #if 0 1663 printf("bpf: %s attached\n", ifp->if_xname); 1664 #endif 1665 } 1666 1667 /* 1668 * Remove an interface from bpf. 1669 */ 1670 void 1671 bpfdetach(struct ifnet *ifp) 1672 { 1673 struct bpf_if *bp, **pbp; 1674 struct bpf_d *d; 1675 int s; 1676 1677 /* Nuke the vnodes for any open instances */ 1678 LIST_FOREACH(d, &bpf_list, bd_list) { 1679 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1680 /* 1681 * Detach the descriptor from an interface now. 1682 * It will be free'ed later by close routine. 1683 */ 1684 s = splnet(); 1685 d->bd_promisc = 0; /* we can't touch device. */ 1686 bpf_detachd(d); 1687 splx(s); 1688 } 1689 } 1690 1691 again: 1692 for (bp = bpf_iflist, pbp = &bpf_iflist; 1693 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1694 if (bp->bif_ifp == ifp) { 1695 *pbp = bp->bif_next; 1696 free(bp, M_DEVBUF); 1697 goto again; 1698 } 1699 } 1700 } 1701 1702 /* 1703 * Change the data link type of a interface. 1704 */ 1705 void 1706 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1707 { 1708 struct bpf_if *bp; 1709 1710 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1711 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1712 break; 1713 } 1714 if (bp == NULL) 1715 panic("bpf_change_type"); 1716 1717 bp->bif_dlt = dlt; 1718 1719 /* 1720 * Compute the length of the bpf header. This is not necessarily 1721 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1722 * that the network layer header begins on a longword boundary (for 1723 * performance reasons and to alleviate alignment restrictions). 1724 */ 1725 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1726 } 1727 1728 /* 1729 * Get a list of available data link type of the interface. 1730 */ 1731 static int 1732 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1733 { 1734 int n, error; 1735 struct ifnet *ifp; 1736 struct bpf_if *bp; 1737 1738 ifp = d->bd_bif->bif_ifp; 1739 n = 0; 1740 error = 0; 1741 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1742 if (bp->bif_ifp != ifp) 1743 continue; 1744 if (bfl->bfl_list != NULL) { 1745 if (n >= bfl->bfl_len) 1746 return ENOMEM; 1747 error = copyout(&bp->bif_dlt, 1748 bfl->bfl_list + n, sizeof(u_int)); 1749 } 1750 n++; 1751 } 1752 bfl->bfl_len = n; 1753 return error; 1754 } 1755 1756 /* 1757 * Set the data link type of a BPF instance. 1758 */ 1759 static int 1760 bpf_setdlt(struct bpf_d *d, u_int dlt) 1761 { 1762 int s, error, opromisc; 1763 struct ifnet *ifp; 1764 struct bpf_if *bp; 1765 1766 if (d->bd_bif->bif_dlt == dlt) 1767 return 0; 1768 ifp = d->bd_bif->bif_ifp; 1769 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1770 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1771 break; 1772 } 1773 if (bp == NULL) 1774 return EINVAL; 1775 s = splnet(); 1776 opromisc = d->bd_promisc; 1777 bpf_detachd(d); 1778 bpf_attachd(d, bp); 1779 reset_d(d); 1780 if (opromisc) { 1781 error = ifpromisc(bp->bif_ifp, 1); 1782 if (error) 1783 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1784 bp->bif_ifp->if_xname, error); 1785 else 1786 d->bd_promisc = 1; 1787 } 1788 splx(s); 1789 return 0; 1790 } 1791 1792 static int 1793 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1794 { 1795 int newsize, error; 1796 struct sysctlnode node; 1797 1798 node = *rnode; 1799 node.sysctl_data = &newsize; 1800 newsize = bpf_maxbufsize; 1801 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1802 if (error || newp == NULL) 1803 return (error); 1804 1805 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1806 return (EINVAL); 1807 1808 bpf_maxbufsize = newsize; 1809 1810 return (0); 1811 } 1812 1813 static int 1814 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1815 { 1816 int error, elem_count; 1817 struct bpf_d *dp; 1818 struct bpf_d_ext dpe; 1819 size_t len, needed, elem_size, out_size; 1820 char *sp; 1821 1822 if (namelen == 1 && name[0] == CTL_QUERY) 1823 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1824 1825 if (namelen != 2) 1826 return (EINVAL); 1827 1828 /* BPF peers is privileged information. */ 1829 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1830 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1831 if (error) 1832 return (EPERM); 1833 1834 len = (oldp != NULL) ? *oldlenp : 0; 1835 sp = oldp; 1836 elem_size = name[0]; 1837 elem_count = name[1]; 1838 out_size = MIN(sizeof(dpe), elem_size); 1839 needed = 0; 1840 1841 if (elem_size < 1 || elem_count < 0) 1842 return (EINVAL); 1843 1844 mutex_enter(&bpf_mtx); 1845 LIST_FOREACH(dp, &bpf_list, bd_list) { 1846 if (len >= elem_size && elem_count > 0) { 1847 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1848 BPF_EXT(bufsize); 1849 BPF_EXT(promisc); 1850 BPF_EXT(promisc); 1851 BPF_EXT(state); 1852 BPF_EXT(immediate); 1853 BPF_EXT(hdrcmplt); 1854 BPF_EXT(seesent); 1855 BPF_EXT(pid); 1856 BPF_EXT(rcount); 1857 BPF_EXT(dcount); 1858 BPF_EXT(ccount); 1859 #undef BPF_EXT 1860 if (dp->bd_bif) 1861 (void)strlcpy(dpe.bde_ifname, 1862 dp->bd_bif->bif_ifp->if_xname, 1863 IFNAMSIZ - 1); 1864 else 1865 dpe.bde_ifname[0] = '\0'; 1866 1867 error = copyout(&dpe, sp, out_size); 1868 if (error) 1869 break; 1870 sp += elem_size; 1871 len -= elem_size; 1872 } 1873 needed += elem_size; 1874 if (elem_count > 0 && elem_count != INT_MAX) 1875 elem_count--; 1876 } 1877 mutex_exit(&bpf_mtx); 1878 1879 *oldlenp = needed; 1880 1881 return (error); 1882 } 1883 1884 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1885 { 1886 const struct sysctlnode *node; 1887 1888 sysctl_createv(clog, 0, NULL, NULL, 1889 CTLFLAG_PERMANENT, 1890 CTLTYPE_NODE, "net", NULL, 1891 NULL, 0, NULL, 0, 1892 CTL_NET, CTL_EOL); 1893 1894 node = NULL; 1895 sysctl_createv(clog, 0, NULL, &node, 1896 CTLFLAG_PERMANENT, 1897 CTLTYPE_NODE, "bpf", 1898 SYSCTL_DESCR("BPF options"), 1899 NULL, 0, NULL, 0, 1900 CTL_NET, CTL_CREATE, CTL_EOL); 1901 if (node != NULL) { 1902 sysctl_createv(clog, 0, NULL, NULL, 1903 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1904 CTLTYPE_INT, "maxbufsize", 1905 SYSCTL_DESCR("Maximum size for data capture buffer"), 1906 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1907 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1908 sysctl_createv(clog, 0, NULL, NULL, 1909 CTLFLAG_PERMANENT, 1910 CTLTYPE_STRUCT, "stats", 1911 SYSCTL_DESCR("BPF stats"), 1912 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1913 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1914 sysctl_createv(clog, 0, NULL, NULL, 1915 CTLFLAG_PERMANENT, 1916 CTLTYPE_STRUCT, "peers", 1917 SYSCTL_DESCR("BPF peers"), 1918 sysctl_net_bpf_peers, 0, NULL, 0, 1919 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1920 } 1921 1922 } 1923