1 /* $NetBSD: bpf.c,v 1.138 2008/04/20 15:27:10 scw Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.138 2008/04/20 15:27:10 scw Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/user.h> 57 #include <sys/ioctl.h> 58 #include <sys/conf.h> 59 #include <sys/vnode.h> 60 #include <sys/queue.h> 61 62 #include <sys/file.h> 63 #include <sys/filedesc.h> 64 #include <sys/tty.h> 65 #include <sys/uio.h> 66 67 #include <sys/protosw.h> 68 #include <sys/socket.h> 69 #include <sys/errno.h> 70 #include <sys/kernel.h> 71 #include <sys/poll.h> 72 #include <sys/sysctl.h> 73 #include <sys/kauth.h> 74 75 #include <net/if.h> 76 #include <net/slip.h> 77 78 #include <net/bpf.h> 79 #include <net/bpfdesc.h> 80 81 #include <net/if_arc.h> 82 #include <net/if_ether.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_inarp.h> 86 87 88 #include <compat/sys/sockio.h> 89 90 #ifndef BPF_BUFSIZE 91 /* 92 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 93 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 94 */ 95 # define BPF_BUFSIZE 32768 96 #endif 97 98 #define PRINET 26 /* interruptible */ 99 100 /* 101 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 102 * XXX the default values should be computed dynamically based 103 * on available memory size and available mbuf clusters. 104 */ 105 int bpf_bufsize = BPF_BUFSIZE; 106 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 107 108 109 /* 110 * Global BPF statistics returned by net.bpf.stats sysctl. 111 */ 112 struct bpf_stat bpf_gstats; 113 114 /* 115 * Use a mutex to avoid a race condition between gathering the stats/peers 116 * and opening/closing the device. 117 */ 118 static kmutex_t bpf_mtx; 119 120 /* 121 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 122 * bpf_dtab holds the descriptors, indexed by minor device # 123 */ 124 struct bpf_if *bpf_iflist; 125 LIST_HEAD(, bpf_d) bpf_list; 126 127 static int bpf_allocbufs(struct bpf_d *); 128 static void bpf_deliver(struct bpf_if *, 129 void *(*cpfn)(void *, const void *, size_t), 130 void *, u_int, u_int, struct ifnet *); 131 static void bpf_freed(struct bpf_d *); 132 static void bpf_ifname(struct ifnet *, struct ifreq *); 133 static void *bpf_mcpy(void *, const void *, size_t); 134 static int bpf_movein(struct uio *, int, int, 135 struct mbuf **, struct sockaddr *); 136 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 137 static void bpf_detachd(struct bpf_d *); 138 static int bpf_setif(struct bpf_d *, struct ifreq *); 139 static void bpf_timed_out(void *); 140 static inline void 141 bpf_wakeup(struct bpf_d *); 142 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 143 void *(*)(void *, const void *, size_t), struct timeval *); 144 static void reset_d(struct bpf_d *); 145 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 146 static int bpf_setdlt(struct bpf_d *, u_int); 147 148 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 149 int); 150 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 151 int); 152 static int bpf_ioctl(struct file *, u_long, void *); 153 static int bpf_poll(struct file *, int); 154 static int bpf_close(struct file *); 155 static int bpf_kqfilter(struct file *, struct knote *); 156 157 static const struct fileops bpf_fileops = { 158 bpf_read, 159 bpf_write, 160 bpf_ioctl, 161 fnullop_fcntl, 162 bpf_poll, 163 fbadop_stat, 164 bpf_close, 165 bpf_kqfilter, 166 }; 167 168 dev_type_open(bpfopen); 169 170 const struct cdevsw bpf_cdevsw = { 171 bpfopen, noclose, noread, nowrite, noioctl, 172 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 173 }; 174 175 static int 176 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 177 struct sockaddr *sockp) 178 { 179 struct mbuf *m; 180 int error; 181 int len; 182 int hlen; 183 int align; 184 185 /* 186 * Build a sockaddr based on the data link layer type. 187 * We do this at this level because the ethernet header 188 * is copied directly into the data field of the sockaddr. 189 * In the case of SLIP, there is no header and the packet 190 * is forwarded as is. 191 * Also, we are careful to leave room at the front of the mbuf 192 * for the link level header. 193 */ 194 switch (linktype) { 195 196 case DLT_SLIP: 197 sockp->sa_family = AF_INET; 198 hlen = 0; 199 align = 0; 200 break; 201 202 case DLT_PPP: 203 sockp->sa_family = AF_UNSPEC; 204 hlen = 0; 205 align = 0; 206 break; 207 208 case DLT_EN10MB: 209 sockp->sa_family = AF_UNSPEC; 210 /* XXX Would MAXLINKHDR be better? */ 211 /* 6(dst)+6(src)+2(type) */ 212 hlen = sizeof(struct ether_header); 213 align = 2; 214 break; 215 216 case DLT_ARCNET: 217 sockp->sa_family = AF_UNSPEC; 218 hlen = ARC_HDRLEN; 219 align = 5; 220 break; 221 222 case DLT_FDDI: 223 sockp->sa_family = AF_LINK; 224 /* XXX 4(FORMAC)+6(dst)+6(src) */ 225 hlen = 16; 226 align = 0; 227 break; 228 229 case DLT_ECONET: 230 sockp->sa_family = AF_UNSPEC; 231 hlen = 6; 232 align = 2; 233 break; 234 235 case DLT_NULL: 236 sockp->sa_family = AF_UNSPEC; 237 hlen = 0; 238 align = 0; 239 break; 240 241 default: 242 return (EIO); 243 } 244 245 len = uio->uio_resid; 246 /* 247 * If there aren't enough bytes for a link level header or the 248 * packet length exceeds the interface mtu, return an error. 249 */ 250 if (len < hlen || len - hlen > mtu) 251 return (EMSGSIZE); 252 253 /* 254 * XXX Avoid complicated buffer chaining --- 255 * bail if it won't fit in a single mbuf. 256 * (Take into account possible alignment bytes) 257 */ 258 if ((unsigned)len > MCLBYTES - align) 259 return (EIO); 260 261 m = m_gethdr(M_WAIT, MT_DATA); 262 m->m_pkthdr.rcvif = 0; 263 m->m_pkthdr.len = len - hlen; 264 if (len > MHLEN - align) { 265 m_clget(m, M_WAIT); 266 if ((m->m_flags & M_EXT) == 0) { 267 error = ENOBUFS; 268 goto bad; 269 } 270 } 271 272 /* Insure the data is properly aligned */ 273 if (align > 0) { 274 m->m_data += align; 275 m->m_len -= align; 276 } 277 278 error = uiomove(mtod(m, void *), len, uio); 279 if (error) 280 goto bad; 281 if (hlen != 0) { 282 memcpy(sockp->sa_data, mtod(m, void *), hlen); 283 m->m_data += hlen; /* XXX */ 284 len -= hlen; 285 } 286 m->m_len = len; 287 *mp = m; 288 return (0); 289 290 bad: 291 m_freem(m); 292 return (error); 293 } 294 295 /* 296 * Attach file to the bpf interface, i.e. make d listen on bp. 297 * Must be called at splnet. 298 */ 299 static void 300 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 301 { 302 /* 303 * Point d at bp, and add d to the interface's list of listeners. 304 * Finally, point the driver's bpf cookie at the interface so 305 * it will divert packets to bpf. 306 */ 307 d->bd_bif = bp; 308 d->bd_next = bp->bif_dlist; 309 bp->bif_dlist = d; 310 311 *bp->bif_driverp = bp; 312 } 313 314 /* 315 * Detach a file from its interface. 316 */ 317 static void 318 bpf_detachd(struct bpf_d *d) 319 { 320 struct bpf_d **p; 321 struct bpf_if *bp; 322 323 bp = d->bd_bif; 324 /* 325 * Check if this descriptor had requested promiscuous mode. 326 * If so, turn it off. 327 */ 328 if (d->bd_promisc) { 329 int error; 330 331 d->bd_promisc = 0; 332 /* 333 * Take device out of promiscuous mode. Since we were 334 * able to enter promiscuous mode, we should be able 335 * to turn it off. But we can get an error if 336 * the interface was configured down, so only panic 337 * if we don't get an unexpected error. 338 */ 339 error = ifpromisc(bp->bif_ifp, 0); 340 if (error && error != EINVAL) 341 panic("bpf: ifpromisc failed"); 342 } 343 /* Remove d from the interface's descriptor list. */ 344 p = &bp->bif_dlist; 345 while (*p != d) { 346 p = &(*p)->bd_next; 347 if (*p == 0) 348 panic("bpf_detachd: descriptor not in list"); 349 } 350 *p = (*p)->bd_next; 351 if (bp->bif_dlist == 0) 352 /* 353 * Let the driver know that there are no more listeners. 354 */ 355 *d->bd_bif->bif_driverp = 0; 356 d->bd_bif = 0; 357 } 358 359 360 /* 361 * Mark a descriptor free by making it point to itself. 362 * This is probably cheaper than marking with a constant since 363 * the address should be in a register anyway. 364 */ 365 366 /* 367 * bpfilterattach() is called at boot time. 368 */ 369 /* ARGSUSED */ 370 void 371 bpfilterattach(int n) 372 { 373 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 374 375 mutex_enter(&bpf_mtx); 376 LIST_INIT(&bpf_list); 377 mutex_exit(&bpf_mtx); 378 379 bpf_gstats.bs_recv = 0; 380 bpf_gstats.bs_drop = 0; 381 bpf_gstats.bs_capt = 0; 382 } 383 384 /* 385 * Open ethernet device. Clones. 386 */ 387 /* ARGSUSED */ 388 int 389 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 390 { 391 struct bpf_d *d; 392 struct file *fp; 393 int error, fd; 394 395 /* falloc() will use the descriptor for us. */ 396 if ((error = fd_allocfile(&fp, &fd)) != 0) 397 return error; 398 399 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 400 (void)memset(d, 0, sizeof(*d)); 401 d->bd_bufsize = bpf_bufsize; 402 d->bd_seesent = 1; 403 d->bd_pid = l->l_proc->p_pid; 404 callout_init(&d->bd_callout, 0); 405 selinit(&d->bd_sel); 406 407 mutex_enter(&bpf_mtx); 408 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 409 mutex_exit(&bpf_mtx); 410 411 return fd_clone(fp, fd, flag, &bpf_fileops, d); 412 } 413 414 /* 415 * Close the descriptor by detaching it from its interface, 416 * deallocating its buffers, and marking it free. 417 */ 418 /* ARGSUSED */ 419 static int 420 bpf_close(struct file *fp) 421 { 422 struct bpf_d *d = fp->f_data; 423 int s; 424 425 /* 426 * Refresh the PID associated with this bpf file. 427 */ 428 d->bd_pid = curproc->p_pid; 429 430 s = splnet(); 431 if (d->bd_state == BPF_WAITING) 432 callout_stop(&d->bd_callout); 433 d->bd_state = BPF_IDLE; 434 if (d->bd_bif) 435 bpf_detachd(d); 436 splx(s); 437 bpf_freed(d); 438 mutex_enter(&bpf_mtx); 439 LIST_REMOVE(d, bd_list); 440 mutex_exit(&bpf_mtx); 441 callout_destroy(&d->bd_callout); 442 seldestroy(&d->bd_sel); 443 free(d, M_DEVBUF); 444 fp->f_data = NULL; 445 446 return (0); 447 } 448 449 /* 450 * Rotate the packet buffers in descriptor d. Move the store buffer 451 * into the hold slot, and the free buffer into the store slot. 452 * Zero the length of the new store buffer. 453 */ 454 #define ROTATE_BUFFERS(d) \ 455 (d)->bd_hbuf = (d)->bd_sbuf; \ 456 (d)->bd_hlen = (d)->bd_slen; \ 457 (d)->bd_sbuf = (d)->bd_fbuf; \ 458 (d)->bd_slen = 0; \ 459 (d)->bd_fbuf = 0; 460 /* 461 * bpfread - read next chunk of packets from buffers 462 */ 463 static int 464 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 465 kauth_cred_t cred, int flags) 466 { 467 struct bpf_d *d = fp->f_data; 468 int timed_out; 469 int error; 470 int s; 471 472 /* 473 * Restrict application to use a buffer the same size as 474 * the kernel buffers. 475 */ 476 if (uio->uio_resid != d->bd_bufsize) 477 return (EINVAL); 478 479 s = splnet(); 480 if (d->bd_state == BPF_WAITING) 481 callout_stop(&d->bd_callout); 482 timed_out = (d->bd_state == BPF_TIMED_OUT); 483 d->bd_state = BPF_IDLE; 484 /* 485 * If the hold buffer is empty, then do a timed sleep, which 486 * ends when the timeout expires or when enough packets 487 * have arrived to fill the store buffer. 488 */ 489 while (d->bd_hbuf == 0) { 490 if (fp->f_flag & FNONBLOCK) { 491 if (d->bd_slen == 0) { 492 splx(s); 493 return (EWOULDBLOCK); 494 } 495 ROTATE_BUFFERS(d); 496 break; 497 } 498 499 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 500 /* 501 * A packet(s) either arrived since the previous 502 * read or arrived while we were asleep. 503 * Rotate the buffers and return what's here. 504 */ 505 ROTATE_BUFFERS(d); 506 break; 507 } 508 error = tsleep(d, PRINET|PCATCH, "bpf", 509 d->bd_rtout); 510 if (error == EINTR || error == ERESTART) { 511 splx(s); 512 return (error); 513 } 514 if (error == EWOULDBLOCK) { 515 /* 516 * On a timeout, return what's in the buffer, 517 * which may be nothing. If there is something 518 * in the store buffer, we can rotate the buffers. 519 */ 520 if (d->bd_hbuf) 521 /* 522 * We filled up the buffer in between 523 * getting the timeout and arriving 524 * here, so we don't need to rotate. 525 */ 526 break; 527 528 if (d->bd_slen == 0) { 529 splx(s); 530 return (0); 531 } 532 ROTATE_BUFFERS(d); 533 break; 534 } 535 if (error != 0) 536 goto done; 537 } 538 /* 539 * At this point, we know we have something in the hold slot. 540 */ 541 splx(s); 542 543 /* 544 * Move data from hold buffer into user space. 545 * We know the entire buffer is transferred since 546 * we checked above that the read buffer is bpf_bufsize bytes. 547 */ 548 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 549 550 s = splnet(); 551 d->bd_fbuf = d->bd_hbuf; 552 d->bd_hbuf = 0; 553 d->bd_hlen = 0; 554 done: 555 splx(s); 556 return (error); 557 } 558 559 560 /* 561 * If there are processes sleeping on this descriptor, wake them up. 562 */ 563 static inline void 564 bpf_wakeup(struct bpf_d *d) 565 { 566 wakeup(d); 567 if (d->bd_async) 568 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 569 570 selnotify(&d->bd_sel, 0, 0); 571 } 572 573 574 static void 575 bpf_timed_out(void *arg) 576 { 577 struct bpf_d *d = arg; 578 int s; 579 580 s = splnet(); 581 if (d->bd_state == BPF_WAITING) { 582 d->bd_state = BPF_TIMED_OUT; 583 if (d->bd_slen != 0) 584 bpf_wakeup(d); 585 } 586 splx(s); 587 } 588 589 590 static int 591 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 592 kauth_cred_t cred, int flags) 593 { 594 struct bpf_d *d = fp->f_data; 595 struct ifnet *ifp; 596 struct mbuf *m; 597 int error, s; 598 static struct sockaddr_storage dst; 599 600 m = NULL; /* XXX gcc */ 601 602 if (d->bd_bif == 0) 603 return (ENXIO); 604 605 ifp = d->bd_bif->bif_ifp; 606 607 if (uio->uio_resid == 0) 608 return (0); 609 610 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 611 (struct sockaddr *) &dst); 612 if (error) 613 return (error); 614 615 if (m->m_pkthdr.len > ifp->if_mtu) { 616 m_freem(m); 617 return (EMSGSIZE); 618 } 619 620 if (d->bd_hdrcmplt) 621 dst.ss_family = pseudo_AF_HDRCMPLT; 622 623 s = splsoftnet(); 624 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 625 splx(s); 626 /* 627 * The driver frees the mbuf. 628 */ 629 return (error); 630 } 631 632 /* 633 * Reset a descriptor by flushing its packet buffer and clearing the 634 * receive and drop counts. Should be called at splnet. 635 */ 636 static void 637 reset_d(struct bpf_d *d) 638 { 639 if (d->bd_hbuf) { 640 /* Free the hold buffer. */ 641 d->bd_fbuf = d->bd_hbuf; 642 d->bd_hbuf = 0; 643 } 644 d->bd_slen = 0; 645 d->bd_hlen = 0; 646 d->bd_rcount = 0; 647 d->bd_dcount = 0; 648 d->bd_ccount = 0; 649 } 650 651 /* 652 * FIONREAD Check for read packet available. 653 * BIOCGBLEN Get buffer len [for read()]. 654 * BIOCSETF Set ethernet read filter. 655 * BIOCFLUSH Flush read packet buffer. 656 * BIOCPROMISC Put interface into promiscuous mode. 657 * BIOCGDLT Get link layer type. 658 * BIOCGETIF Get interface name. 659 * BIOCSETIF Set interface. 660 * BIOCSRTIMEOUT Set read timeout. 661 * BIOCGRTIMEOUT Get read timeout. 662 * BIOCGSTATS Get packet stats. 663 * BIOCIMMEDIATE Set immediate mode. 664 * BIOCVERSION Get filter language version. 665 * BIOCGHDRCMPLT Get "header already complete" flag. 666 * BIOCSHDRCMPLT Set "header already complete" flag. 667 */ 668 /* ARGSUSED */ 669 static int 670 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 671 { 672 struct bpf_d *d = fp->f_data; 673 int s, error = 0; 674 675 /* 676 * Refresh the PID associated with this bpf file. 677 */ 678 d->bd_pid = curproc->p_pid; 679 680 s = splnet(); 681 if (d->bd_state == BPF_WAITING) 682 callout_stop(&d->bd_callout); 683 d->bd_state = BPF_IDLE; 684 splx(s); 685 686 switch (cmd) { 687 688 default: 689 error = EINVAL; 690 break; 691 692 /* 693 * Check for read packet available. 694 */ 695 case FIONREAD: 696 { 697 int n; 698 699 s = splnet(); 700 n = d->bd_slen; 701 if (d->bd_hbuf) 702 n += d->bd_hlen; 703 splx(s); 704 705 *(int *)addr = n; 706 break; 707 } 708 709 /* 710 * Get buffer len [for read()]. 711 */ 712 case BIOCGBLEN: 713 *(u_int *)addr = d->bd_bufsize; 714 break; 715 716 /* 717 * Set buffer length. 718 */ 719 case BIOCSBLEN: 720 if (d->bd_bif != 0) 721 error = EINVAL; 722 else { 723 u_int size = *(u_int *)addr; 724 725 if (size > bpf_maxbufsize) 726 *(u_int *)addr = size = bpf_maxbufsize; 727 else if (size < BPF_MINBUFSIZE) 728 *(u_int *)addr = size = BPF_MINBUFSIZE; 729 d->bd_bufsize = size; 730 } 731 break; 732 733 /* 734 * Set link layer read filter. 735 */ 736 case BIOCSETF: 737 error = bpf_setf(d, addr); 738 break; 739 740 /* 741 * Flush read packet buffer. 742 */ 743 case BIOCFLUSH: 744 s = splnet(); 745 reset_d(d); 746 splx(s); 747 break; 748 749 /* 750 * Put interface into promiscuous mode. 751 */ 752 case BIOCPROMISC: 753 if (d->bd_bif == 0) { 754 /* 755 * No interface attached yet. 756 */ 757 error = EINVAL; 758 break; 759 } 760 s = splnet(); 761 if (d->bd_promisc == 0) { 762 error = ifpromisc(d->bd_bif->bif_ifp, 1); 763 if (error == 0) 764 d->bd_promisc = 1; 765 } 766 splx(s); 767 break; 768 769 /* 770 * Get device parameters. 771 */ 772 case BIOCGDLT: 773 if (d->bd_bif == 0) 774 error = EINVAL; 775 else 776 *(u_int *)addr = d->bd_bif->bif_dlt; 777 break; 778 779 /* 780 * Get a list of supported device parameters. 781 */ 782 case BIOCGDLTLIST: 783 if (d->bd_bif == 0) 784 error = EINVAL; 785 else 786 error = bpf_getdltlist(d, addr); 787 break; 788 789 /* 790 * Set device parameters. 791 */ 792 case BIOCSDLT: 793 if (d->bd_bif == 0) 794 error = EINVAL; 795 else 796 error = bpf_setdlt(d, *(u_int *)addr); 797 break; 798 799 /* 800 * Set interface name. 801 */ 802 #ifdef OBIOCGETIF 803 case OBIOCGETIF: 804 #endif 805 case BIOCGETIF: 806 if (d->bd_bif == 0) 807 error = EINVAL; 808 else 809 bpf_ifname(d->bd_bif->bif_ifp, addr); 810 break; 811 812 /* 813 * Set interface. 814 */ 815 #ifdef OBIOCSETIF 816 case OBIOCSETIF: 817 #endif 818 case BIOCSETIF: 819 error = bpf_setif(d, addr); 820 break; 821 822 /* 823 * Set read timeout. 824 */ 825 case BIOCSRTIMEOUT: 826 { 827 struct timeval *tv = addr; 828 829 /* Compute number of ticks. */ 830 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 831 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 832 d->bd_rtout = 1; 833 break; 834 } 835 836 /* 837 * Get read timeout. 838 */ 839 case BIOCGRTIMEOUT: 840 { 841 struct timeval *tv = addr; 842 843 tv->tv_sec = d->bd_rtout / hz; 844 tv->tv_usec = (d->bd_rtout % hz) * tick; 845 break; 846 } 847 848 /* 849 * Get packet stats. 850 */ 851 case BIOCGSTATS: 852 { 853 struct bpf_stat *bs = addr; 854 855 bs->bs_recv = d->bd_rcount; 856 bs->bs_drop = d->bd_dcount; 857 bs->bs_capt = d->bd_ccount; 858 break; 859 } 860 861 case BIOCGSTATSOLD: 862 { 863 struct bpf_stat_old *bs = addr; 864 865 bs->bs_recv = d->bd_rcount; 866 bs->bs_drop = d->bd_dcount; 867 break; 868 } 869 870 /* 871 * Set immediate mode. 872 */ 873 case BIOCIMMEDIATE: 874 d->bd_immediate = *(u_int *)addr; 875 break; 876 877 case BIOCVERSION: 878 { 879 struct bpf_version *bv = addr; 880 881 bv->bv_major = BPF_MAJOR_VERSION; 882 bv->bv_minor = BPF_MINOR_VERSION; 883 break; 884 } 885 886 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 887 *(u_int *)addr = d->bd_hdrcmplt; 888 break; 889 890 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 891 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 892 break; 893 894 /* 895 * Get "see sent packets" flag 896 */ 897 case BIOCGSEESENT: 898 *(u_int *)addr = d->bd_seesent; 899 break; 900 901 /* 902 * Set "see sent" packets flag 903 */ 904 case BIOCSSEESENT: 905 d->bd_seesent = *(u_int *)addr; 906 break; 907 908 case FIONBIO: /* Non-blocking I/O */ 909 /* 910 * No need to do anything special as we use IO_NDELAY in 911 * bpfread() as an indication of whether or not to block 912 * the read. 913 */ 914 break; 915 916 case FIOASYNC: /* Send signal on receive packets */ 917 d->bd_async = *(int *)addr; 918 break; 919 920 case TIOCSPGRP: /* Process or group to send signals to */ 921 case FIOSETOWN: 922 error = fsetown(&d->bd_pgid, cmd, addr); 923 break; 924 925 case TIOCGPGRP: 926 case FIOGETOWN: 927 error = fgetown(d->bd_pgid, cmd, addr); 928 break; 929 } 930 return (error); 931 } 932 933 /* 934 * Set d's packet filter program to fp. If this file already has a filter, 935 * free it and replace it. Returns EINVAL for bogus requests. 936 */ 937 int 938 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 939 { 940 struct bpf_insn *fcode, *old; 941 u_int flen, size; 942 int s; 943 944 old = d->bd_filter; 945 if (fp->bf_insns == 0) { 946 if (fp->bf_len != 0) 947 return (EINVAL); 948 s = splnet(); 949 d->bd_filter = 0; 950 reset_d(d); 951 splx(s); 952 if (old != 0) 953 free(old, M_DEVBUF); 954 return (0); 955 } 956 flen = fp->bf_len; 957 if (flen > BPF_MAXINSNS) 958 return (EINVAL); 959 960 size = flen * sizeof(*fp->bf_insns); 961 fcode = malloc(size, M_DEVBUF, M_WAITOK); 962 if (copyin(fp->bf_insns, fcode, size) == 0 && 963 bpf_validate(fcode, (int)flen)) { 964 s = splnet(); 965 d->bd_filter = fcode; 966 reset_d(d); 967 splx(s); 968 if (old != 0) 969 free(old, M_DEVBUF); 970 971 return (0); 972 } 973 free(fcode, M_DEVBUF); 974 return (EINVAL); 975 } 976 977 /* 978 * Detach a file from its current interface (if attached at all) and attach 979 * to the interface indicated by the name stored in ifr. 980 * Return an errno or 0. 981 */ 982 static int 983 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 984 { 985 struct bpf_if *bp; 986 char *cp; 987 int unit_seen, i, s, error; 988 989 /* 990 * Make sure the provided name has a unit number, and default 991 * it to '0' if not specified. 992 * XXX This is ugly ... do this differently? 993 */ 994 unit_seen = 0; 995 cp = ifr->ifr_name; 996 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 997 while (*cp++) 998 if (*cp >= '0' && *cp <= '9') 999 unit_seen = 1; 1000 if (!unit_seen) { 1001 /* Make sure to leave room for the '\0'. */ 1002 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1003 if ((ifr->ifr_name[i] >= 'a' && 1004 ifr->ifr_name[i] <= 'z') || 1005 (ifr->ifr_name[i] >= 'A' && 1006 ifr->ifr_name[i] <= 'Z')) 1007 continue; 1008 ifr->ifr_name[i] = '0'; 1009 } 1010 } 1011 1012 /* 1013 * Look through attached interfaces for the named one. 1014 */ 1015 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1016 struct ifnet *ifp = bp->bif_ifp; 1017 1018 if (ifp == 0 || 1019 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1020 continue; 1021 /* skip additional entry */ 1022 if ((void **)bp->bif_driverp != &ifp->if_bpf) 1023 continue; 1024 /* 1025 * We found the requested interface. 1026 * Allocate the packet buffers if we need to. 1027 * If we're already attached to requested interface, 1028 * just flush the buffer. 1029 */ 1030 if (d->bd_sbuf == 0) { 1031 error = bpf_allocbufs(d); 1032 if (error != 0) 1033 return (error); 1034 } 1035 s = splnet(); 1036 if (bp != d->bd_bif) { 1037 if (d->bd_bif) 1038 /* 1039 * Detach if attached to something else. 1040 */ 1041 bpf_detachd(d); 1042 1043 bpf_attachd(d, bp); 1044 } 1045 reset_d(d); 1046 splx(s); 1047 return (0); 1048 } 1049 /* Not found. */ 1050 return (ENXIO); 1051 } 1052 1053 /* 1054 * Copy the interface name to the ifreq. 1055 */ 1056 static void 1057 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1058 { 1059 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1060 } 1061 1062 /* 1063 * Support for poll() system call 1064 * 1065 * Return true iff the specific operation will not block indefinitely - with 1066 * the assumption that it is safe to positively acknowledge a request for the 1067 * ability to write to the BPF device. 1068 * Otherwise, return false but make a note that a selnotify() must be done. 1069 */ 1070 static int 1071 bpf_poll(struct file *fp, int events) 1072 { 1073 struct bpf_d *d = fp->f_data; 1074 int s = splnet(); 1075 int revents; 1076 1077 /* 1078 * Refresh the PID associated with this bpf file. 1079 */ 1080 d->bd_pid = curproc->p_pid; 1081 1082 revents = events & (POLLOUT | POLLWRNORM); 1083 if (events & (POLLIN | POLLRDNORM)) { 1084 /* 1085 * An imitation of the FIONREAD ioctl code. 1086 */ 1087 if (d->bd_hlen != 0 || 1088 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1089 d->bd_slen != 0)) { 1090 revents |= events & (POLLIN | POLLRDNORM); 1091 } else { 1092 selrecord(curlwp, &d->bd_sel); 1093 /* Start the read timeout if necessary */ 1094 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1095 callout_reset(&d->bd_callout, d->bd_rtout, 1096 bpf_timed_out, d); 1097 d->bd_state = BPF_WAITING; 1098 } 1099 } 1100 } 1101 1102 splx(s); 1103 return (revents); 1104 } 1105 1106 static void 1107 filt_bpfrdetach(struct knote *kn) 1108 { 1109 struct bpf_d *d = kn->kn_hook; 1110 int s; 1111 1112 s = splnet(); 1113 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1114 splx(s); 1115 } 1116 1117 static int 1118 filt_bpfread(struct knote *kn, long hint) 1119 { 1120 struct bpf_d *d = kn->kn_hook; 1121 1122 kn->kn_data = d->bd_hlen; 1123 if (d->bd_immediate) 1124 kn->kn_data += d->bd_slen; 1125 return (kn->kn_data > 0); 1126 } 1127 1128 static const struct filterops bpfread_filtops = 1129 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1130 1131 static int 1132 bpf_kqfilter(struct file *fp, struct knote *kn) 1133 { 1134 struct bpf_d *d = fp->f_data; 1135 struct klist *klist; 1136 int s; 1137 1138 switch (kn->kn_filter) { 1139 case EVFILT_READ: 1140 klist = &d->bd_sel.sel_klist; 1141 kn->kn_fop = &bpfread_filtops; 1142 break; 1143 1144 default: 1145 return (EINVAL); 1146 } 1147 1148 kn->kn_hook = d; 1149 1150 s = splnet(); 1151 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1152 splx(s); 1153 1154 return (0); 1155 } 1156 1157 /* 1158 * Incoming linkage from device drivers. Process the packet pkt, of length 1159 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1160 * by each process' filter, and if accepted, stashed into the corresponding 1161 * buffer. 1162 */ 1163 void 1164 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1165 { 1166 struct bpf_if *bp; 1167 struct bpf_d *d; 1168 u_int slen; 1169 struct timeval tv; 1170 int gottime=0; 1171 1172 /* 1173 * Note that the ipl does not have to be raised at this point. 1174 * The only problem that could arise here is that if two different 1175 * interfaces shared any data. This is not the case. 1176 */ 1177 bp = arg; 1178 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1179 ++d->bd_rcount; 1180 ++bpf_gstats.bs_recv; 1181 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1182 if (slen != 0) { 1183 if (!gottime) { 1184 microtime(&tv); 1185 gottime = 1; 1186 } 1187 catchpacket(d, pkt, pktlen, slen, (void *)memcpy, &tv); 1188 } 1189 } 1190 } 1191 1192 /* 1193 * Copy data from an mbuf chain into a buffer. This code is derived 1194 * from m_copydata in sys/uipc_mbuf.c. 1195 */ 1196 static void * 1197 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1198 { 1199 const struct mbuf *m; 1200 u_int count; 1201 u_char *dst; 1202 1203 m = src_arg; 1204 dst = dst_arg; 1205 while (len > 0) { 1206 if (m == NULL) 1207 panic("bpf_mcpy"); 1208 count = min(m->m_len, len); 1209 memcpy(dst, mtod(m, const void *), count); 1210 m = m->m_next; 1211 dst += count; 1212 len -= count; 1213 } 1214 return dst_arg; 1215 } 1216 1217 /* 1218 * Dispatch a packet to all the listeners on interface bp. 1219 * 1220 * marg pointer to the packet, either a data buffer or an mbuf chain 1221 * buflen buffer length, if marg is a data buffer 1222 * cpfn a function that can copy marg into the listener's buffer 1223 * pktlen length of the packet 1224 * rcvif either NULL or the interface the packet came in on. 1225 */ 1226 static inline void 1227 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1228 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1229 { 1230 u_int slen; 1231 struct bpf_d *d; 1232 struct timeval tv; 1233 int gottime = 0; 1234 1235 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1236 if (!d->bd_seesent && (rcvif == NULL)) 1237 continue; 1238 ++d->bd_rcount; 1239 ++bpf_gstats.bs_recv; 1240 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1241 if (slen != 0) { 1242 if(!gottime) { 1243 microtime(&tv); 1244 gottime = 1; 1245 } 1246 catchpacket(d, marg, pktlen, slen, cpfn, &tv); 1247 } 1248 } 1249 } 1250 1251 /* 1252 * Incoming linkage from device drivers, when the head of the packet is in 1253 * a buffer, and the tail is in an mbuf chain. 1254 */ 1255 void 1256 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1257 { 1258 struct bpf_if *bp = arg; 1259 u_int pktlen; 1260 struct mbuf mb; 1261 1262 pktlen = m_length(m) + dlen; 1263 1264 /* 1265 * Craft on-stack mbuf suitable for passing to bpf_filter. 1266 * Note that we cut corners here; we only setup what's 1267 * absolutely needed--this mbuf should never go anywhere else. 1268 */ 1269 (void)memset(&mb, 0, sizeof(mb)); 1270 mb.m_next = m; 1271 mb.m_data = data; 1272 mb.m_len = dlen; 1273 1274 /*###1278 [cc] warning: passing argument 2 of 'bpf_deliver' from incompatible pointer type%%%*/ 1275 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1276 } 1277 1278 /* 1279 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1280 */ 1281 void 1282 bpf_mtap(void *arg, struct mbuf *m) 1283 { 1284 void *(*cpfn)(void *, const void *, size_t); 1285 struct bpf_if *bp = arg; 1286 u_int pktlen, buflen; 1287 void *marg; 1288 1289 pktlen = m_length(m); 1290 1291 if (pktlen == m->m_len) { 1292 cpfn = (void *)memcpy; 1293 marg = mtod(m, void *); 1294 buflen = pktlen; 1295 } else { 1296 /*###1299 [cc] warning: assignment from incompatible pointer type%%%*/ 1297 cpfn = bpf_mcpy; 1298 marg = m; 1299 buflen = 0; 1300 } 1301 1302 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1303 } 1304 1305 /* 1306 * We need to prepend the address family as 1307 * a four byte field. Cons up a dummy header 1308 * to pacify bpf. This is safe because bpf 1309 * will only read from the mbuf (i.e., it won't 1310 * try to free it or keep a pointer a to it). 1311 */ 1312 void 1313 bpf_mtap_af(void *arg, uint32_t af, struct mbuf *m) 1314 { 1315 struct mbuf m0; 1316 1317 m0.m_flags = 0; 1318 m0.m_next = m; 1319 m0.m_len = 4; 1320 m0.m_data = (char *)⁡ 1321 1322 bpf_mtap(arg, &m0); 1323 } 1324 1325 void 1326 bpf_mtap_et(void *arg, uint16_t et, struct mbuf *m) 1327 { 1328 struct mbuf m0; 1329 1330 m0.m_flags = 0; 1331 m0.m_next = m; 1332 m0.m_len = 14; 1333 m0.m_data = m0.m_dat; 1334 1335 ((uint32_t *)m0.m_data)[0] = 0; 1336 ((uint32_t *)m0.m_data)[1] = 0; 1337 ((uint32_t *)m0.m_data)[2] = 0; 1338 ((uint16_t *)m0.m_data)[6] = et; 1339 1340 bpf_mtap(arg, &m0); 1341 } 1342 1343 #if NSL > 0 || NSTRIP > 0 1344 /* 1345 * Put the SLIP pseudo-"link header" in place. 1346 * Note this M_PREPEND() should never fail, 1347 * swince we know we always have enough space 1348 * in the input buffer. 1349 */ 1350 void 1351 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1352 { 1353 int s; 1354 u_char *hp; 1355 1356 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1357 if (*m == NULL) 1358 return; 1359 1360 hp = mtod(*m, u_char *); 1361 hp[SLX_DIR] = SLIPDIR_IN; 1362 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1363 1364 s = splnet(); 1365 bpf_mtap(arg, *m); 1366 splx(s); 1367 1368 m_adj(*m, SLIP_HDRLEN); 1369 } 1370 1371 /* 1372 * Put the SLIP pseudo-"link header" in 1373 * place. The compressed header is now 1374 * at the beginning of the mbuf. 1375 */ 1376 void 1377 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1378 { 1379 struct mbuf m0; 1380 u_char *hp; 1381 int s; 1382 1383 m0.m_flags = 0; 1384 m0.m_next = m; 1385 m0.m_data = m0.m_dat; 1386 m0.m_len = SLIP_HDRLEN; 1387 1388 hp = mtod(&m0, u_char *); 1389 1390 hp[SLX_DIR] = SLIPDIR_OUT; 1391 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1392 1393 s = splnet(); 1394 bpf_mtap(arg, &m0); 1395 splx(s); 1396 m_freem(m); 1397 } 1398 #endif 1399 1400 /* 1401 * Move the packet data from interface memory (pkt) into the 1402 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1403 * otherwise 0. "copy" is the routine called to do the actual data 1404 * transfer. memcpy is passed in to copy contiguous chunks, while 1405 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1406 * pkt is really an mbuf. 1407 */ 1408 static void 1409 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1410 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv) 1411 { 1412 struct bpf_hdr *hp; 1413 int totlen, curlen; 1414 int hdrlen = d->bd_bif->bif_hdrlen; 1415 int do_wakeup = 0; 1416 1417 ++d->bd_ccount; 1418 ++bpf_gstats.bs_capt; 1419 /* 1420 * Figure out how many bytes to move. If the packet is 1421 * greater or equal to the snapshot length, transfer that 1422 * much. Otherwise, transfer the whole packet (unless 1423 * we hit the buffer size limit). 1424 */ 1425 totlen = hdrlen + min(snaplen, pktlen); 1426 if (totlen > d->bd_bufsize) 1427 totlen = d->bd_bufsize; 1428 1429 /* 1430 * Round up the end of the previous packet to the next longword. 1431 */ 1432 curlen = BPF_WORDALIGN(d->bd_slen); 1433 if (curlen + totlen > d->bd_bufsize) { 1434 /* 1435 * This packet will overflow the storage buffer. 1436 * Rotate the buffers if we can, then wakeup any 1437 * pending reads. 1438 */ 1439 if (d->bd_fbuf == 0) { 1440 /* 1441 * We haven't completed the previous read yet, 1442 * so drop the packet. 1443 */ 1444 ++d->bd_dcount; 1445 ++bpf_gstats.bs_drop; 1446 return; 1447 } 1448 ROTATE_BUFFERS(d); 1449 do_wakeup = 1; 1450 curlen = 0; 1451 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1452 /* 1453 * Immediate mode is set, or the read timeout has 1454 * already expired during a select call. A packet 1455 * arrived, so the reader should be woken up. 1456 */ 1457 do_wakeup = 1; 1458 } 1459 1460 /* 1461 * Append the bpf header. 1462 */ 1463 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1464 hp->bh_tstamp = *tv; 1465 hp->bh_datalen = pktlen; 1466 hp->bh_hdrlen = hdrlen; 1467 /* 1468 * Copy the packet data into the store buffer and update its length. 1469 */ 1470 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1471 d->bd_slen = curlen + totlen; 1472 1473 /* 1474 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1475 * will cause filt_bpfread() to be called with it adjusted. 1476 */ 1477 if (do_wakeup) 1478 bpf_wakeup(d); 1479 } 1480 1481 /* 1482 * Initialize all nonzero fields of a descriptor. 1483 */ 1484 static int 1485 bpf_allocbufs(struct bpf_d *d) 1486 { 1487 1488 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1489 if (!d->bd_fbuf) 1490 return (ENOBUFS); 1491 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1492 if (!d->bd_sbuf) { 1493 free(d->bd_fbuf, M_DEVBUF); 1494 return (ENOBUFS); 1495 } 1496 d->bd_slen = 0; 1497 d->bd_hlen = 0; 1498 return (0); 1499 } 1500 1501 /* 1502 * Free buffers currently in use by a descriptor. 1503 * Called on close. 1504 */ 1505 static void 1506 bpf_freed(struct bpf_d *d) 1507 { 1508 /* 1509 * We don't need to lock out interrupts since this descriptor has 1510 * been detached from its interface and it yet hasn't been marked 1511 * free. 1512 */ 1513 if (d->bd_sbuf != 0) { 1514 free(d->bd_sbuf, M_DEVBUF); 1515 if (d->bd_hbuf != 0) 1516 free(d->bd_hbuf, M_DEVBUF); 1517 if (d->bd_fbuf != 0) 1518 free(d->bd_fbuf, M_DEVBUF); 1519 } 1520 if (d->bd_filter) 1521 free(d->bd_filter, M_DEVBUF); 1522 } 1523 1524 /* 1525 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1526 * fixed size of the link header (variable length headers not yet supported). 1527 */ 1528 void 1529 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1530 { 1531 1532 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1533 } 1534 1535 /* 1536 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1537 * hdrlen is the fixed size of the link header for the specified dlt 1538 * (variable length headers not yet supported). 1539 */ 1540 void 1541 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1542 { 1543 struct bpf_if *bp; 1544 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1545 if (bp == 0) 1546 panic("bpfattach"); 1547 1548 bp->bif_dlist = 0; 1549 bp->bif_driverp = driverp; 1550 bp->bif_ifp = ifp; 1551 bp->bif_dlt = dlt; 1552 1553 bp->bif_next = bpf_iflist; 1554 bpf_iflist = bp; 1555 1556 *bp->bif_driverp = 0; 1557 1558 /* 1559 * Compute the length of the bpf header. This is not necessarily 1560 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1561 * that the network layer header begins on a longword boundary (for 1562 * performance reasons and to alleviate alignment restrictions). 1563 */ 1564 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1565 1566 #if 0 1567 printf("bpf: %s attached\n", ifp->if_xname); 1568 #endif 1569 } 1570 1571 /* 1572 * Remove an interface from bpf. 1573 */ 1574 void 1575 bpfdetach(struct ifnet *ifp) 1576 { 1577 struct bpf_if *bp, **pbp; 1578 struct bpf_d *d; 1579 int s; 1580 1581 /* Nuke the vnodes for any open instances */ 1582 LIST_FOREACH(d, &bpf_list, bd_list) { 1583 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1584 /* 1585 * Detach the descriptor from an interface now. 1586 * It will be free'ed later by close routine. 1587 */ 1588 s = splnet(); 1589 d->bd_promisc = 0; /* we can't touch device. */ 1590 bpf_detachd(d); 1591 splx(s); 1592 } 1593 } 1594 1595 again: 1596 for (bp = bpf_iflist, pbp = &bpf_iflist; 1597 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1598 if (bp->bif_ifp == ifp) { 1599 *pbp = bp->bif_next; 1600 free(bp, M_DEVBUF); 1601 goto again; 1602 } 1603 } 1604 } 1605 1606 /* 1607 * Change the data link type of a interface. 1608 */ 1609 void 1610 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1611 { 1612 struct bpf_if *bp; 1613 1614 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1615 if ((void **)bp->bif_driverp == &ifp->if_bpf) 1616 break; 1617 } 1618 if (bp == NULL) 1619 panic("bpf_change_type"); 1620 1621 bp->bif_dlt = dlt; 1622 1623 /* 1624 * Compute the length of the bpf header. This is not necessarily 1625 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1626 * that the network layer header begins on a longword boundary (for 1627 * performance reasons and to alleviate alignment restrictions). 1628 */ 1629 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1630 } 1631 1632 /* 1633 * Get a list of available data link type of the interface. 1634 */ 1635 static int 1636 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1637 { 1638 int n, error; 1639 struct ifnet *ifp; 1640 struct bpf_if *bp; 1641 1642 ifp = d->bd_bif->bif_ifp; 1643 n = 0; 1644 error = 0; 1645 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1646 if (bp->bif_ifp != ifp) 1647 continue; 1648 if (bfl->bfl_list != NULL) { 1649 if (n >= bfl->bfl_len) 1650 return ENOMEM; 1651 error = copyout(&bp->bif_dlt, 1652 bfl->bfl_list + n, sizeof(u_int)); 1653 } 1654 n++; 1655 } 1656 bfl->bfl_len = n; 1657 return error; 1658 } 1659 1660 /* 1661 * Set the data link type of a BPF instance. 1662 */ 1663 static int 1664 bpf_setdlt(struct bpf_d *d, u_int dlt) 1665 { 1666 int s, error, opromisc; 1667 struct ifnet *ifp; 1668 struct bpf_if *bp; 1669 1670 if (d->bd_bif->bif_dlt == dlt) 1671 return 0; 1672 ifp = d->bd_bif->bif_ifp; 1673 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1674 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1675 break; 1676 } 1677 if (bp == NULL) 1678 return EINVAL; 1679 s = splnet(); 1680 opromisc = d->bd_promisc; 1681 bpf_detachd(d); 1682 bpf_attachd(d, bp); 1683 reset_d(d); 1684 if (opromisc) { 1685 error = ifpromisc(bp->bif_ifp, 1); 1686 if (error) 1687 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1688 bp->bif_ifp->if_xname, error); 1689 else 1690 d->bd_promisc = 1; 1691 } 1692 splx(s); 1693 return 0; 1694 } 1695 1696 static int 1697 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1698 { 1699 int newsize, error; 1700 struct sysctlnode node; 1701 1702 node = *rnode; 1703 node.sysctl_data = &newsize; 1704 newsize = bpf_maxbufsize; 1705 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1706 if (error || newp == NULL) 1707 return (error); 1708 1709 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1710 return (EINVAL); 1711 1712 bpf_maxbufsize = newsize; 1713 1714 return (0); 1715 } 1716 1717 static int 1718 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1719 { 1720 int error, elem_count; 1721 struct bpf_d *dp; 1722 struct bpf_d_ext dpe; 1723 size_t len, needed, elem_size, out_size; 1724 char *sp; 1725 1726 if (namelen == 1 && name[0] == CTL_QUERY) 1727 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1728 1729 if (namelen != 2) 1730 return (EINVAL); 1731 1732 /* BPF peers is privileged information. */ 1733 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1734 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1735 if (error) 1736 return (EPERM); 1737 1738 len = (oldp != NULL) ? *oldlenp : 0; 1739 sp = oldp; 1740 elem_size = name[0]; 1741 elem_count = name[1]; 1742 out_size = MIN(sizeof(dpe), elem_size); 1743 needed = 0; 1744 1745 if (elem_size < 1 || elem_count < 0) 1746 return (EINVAL); 1747 1748 mutex_enter(&bpf_mtx); 1749 LIST_FOREACH(dp, &bpf_list, bd_list) { 1750 if (len >= elem_size && elem_count > 0) { 1751 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1752 BPF_EXT(bufsize); 1753 BPF_EXT(promisc); 1754 BPF_EXT(promisc); 1755 BPF_EXT(state); 1756 BPF_EXT(immediate); 1757 BPF_EXT(hdrcmplt); 1758 BPF_EXT(seesent); 1759 BPF_EXT(pid); 1760 BPF_EXT(rcount); 1761 BPF_EXT(dcount); 1762 BPF_EXT(ccount); 1763 #undef BPF_EXT 1764 if (dp->bd_bif) 1765 (void)strlcpy(dpe.bde_ifname, 1766 dp->bd_bif->bif_ifp->if_xname, 1767 IFNAMSIZ - 1); 1768 else 1769 dpe.bde_ifname[0] = '\0'; 1770 1771 error = copyout(&dpe, sp, out_size); 1772 if (error) 1773 break; 1774 sp += elem_size; 1775 len -= elem_size; 1776 } 1777 if (elem_count > 0) { 1778 needed += elem_size; 1779 if (elem_count != INT_MAX) 1780 elem_count--; 1781 } 1782 } 1783 mutex_exit(&bpf_mtx); 1784 1785 *oldlenp = needed; 1786 1787 return (error); 1788 } 1789 1790 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1791 { 1792 const struct sysctlnode *node; 1793 1794 sysctl_createv(clog, 0, NULL, NULL, 1795 CTLFLAG_PERMANENT, 1796 CTLTYPE_NODE, "net", NULL, 1797 NULL, 0, NULL, 0, 1798 CTL_NET, CTL_EOL); 1799 1800 node = NULL; 1801 sysctl_createv(clog, 0, NULL, &node, 1802 CTLFLAG_PERMANENT, 1803 CTLTYPE_NODE, "bpf", 1804 SYSCTL_DESCR("BPF options"), 1805 NULL, 0, NULL, 0, 1806 CTL_NET, CTL_CREATE, CTL_EOL); 1807 if (node != NULL) { 1808 sysctl_createv(clog, 0, NULL, NULL, 1809 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1810 CTLTYPE_INT, "maxbufsize", 1811 SYSCTL_DESCR("Maximum size for data capture buffer"), 1812 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1813 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1814 sysctl_createv(clog, 0, NULL, NULL, 1815 CTLFLAG_PERMANENT, 1816 CTLTYPE_STRUCT, "stats", 1817 SYSCTL_DESCR("BPF stats"), 1818 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1819 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1820 sysctl_createv(clog, 0, NULL, NULL, 1821 CTLFLAG_PERMANENT, 1822 CTLTYPE_STRUCT, "peers", 1823 SYSCTL_DESCR("BPF peers"), 1824 sysctl_net_bpf_peers, 0, NULL, 0, 1825 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1826 } 1827 1828 } 1829