1 /* $NetBSD: bpf.c,v 1.118 2006/06/27 10:45:09 tron Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.118 2006/06/27 10:45:09 tron Exp $"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/mbuf.h> 47 #include <sys/buf.h> 48 #include <sys/time.h> 49 #include <sys/proc.h> 50 #include <sys/user.h> 51 #include <sys/ioctl.h> 52 #include <sys/conf.h> 53 #include <sys/vnode.h> 54 #include <sys/queue.h> 55 56 #include <sys/file.h> 57 #include <sys/filedesc.h> 58 #include <sys/tty.h> 59 #include <sys/uio.h> 60 61 #include <sys/protosw.h> 62 #include <sys/socket.h> 63 #include <sys/errno.h> 64 #include <sys/kernel.h> 65 #include <sys/poll.h> 66 #include <sys/sysctl.h> 67 #include <sys/kauth.h> 68 69 #include <net/if.h> 70 #include <net/slip.h> 71 72 #include <net/bpf.h> 73 #include <net/bpfdesc.h> 74 75 #include <net/if_arc.h> 76 #include <net/if_ether.h> 77 78 #include <netinet/in.h> 79 #include <netinet/if_inarp.h> 80 81 #if defined(_KERNEL_OPT) 82 #include "opt_bpf.h" 83 #include "sl.h" 84 #include "strip.h" 85 #endif 86 87 #ifndef BPF_BUFSIZE 88 /* 89 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 90 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 91 */ 92 # define BPF_BUFSIZE 32768 93 #endif 94 95 #define PRINET 26 /* interruptible */ 96 97 /* 98 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 99 * XXX the default values should be computed dynamically based 100 * on available memory size and available mbuf clusters. 101 */ 102 int bpf_bufsize = BPF_BUFSIZE; 103 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 104 105 106 /* 107 * Global BPF statistics returned by net.bpf.stats sysctl. 108 */ 109 struct bpf_stat bpf_gstats; 110 111 /* 112 * Use a mutex to avoid a race condition between gathering the stats/peers 113 * and opening/closing the device. 114 */ 115 struct simplelock bpf_slock; 116 117 /* 118 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 119 * bpf_dtab holds the descriptors, indexed by minor device # 120 */ 121 struct bpf_if *bpf_iflist; 122 LIST_HEAD(, bpf_d) bpf_list; 123 124 static int bpf_allocbufs(struct bpf_d *); 125 static void bpf_deliver(struct bpf_if *, 126 void *(*cpfn)(void *, const void *, size_t), 127 void *, u_int, u_int, struct ifnet *); 128 static void bpf_freed(struct bpf_d *); 129 static void bpf_ifname(struct ifnet *, struct ifreq *); 130 static void *bpf_mcpy(void *, const void *, size_t); 131 static int bpf_movein(struct uio *, int, int, 132 struct mbuf **, struct sockaddr *); 133 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 134 static void bpf_detachd(struct bpf_d *); 135 static int bpf_setif(struct bpf_d *, struct ifreq *); 136 static void bpf_timed_out(void *); 137 static inline void 138 bpf_wakeup(struct bpf_d *); 139 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 140 void *(*)(void *, const void *, size_t)); 141 static void reset_d(struct bpf_d *); 142 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 143 static int bpf_setdlt(struct bpf_d *, u_int); 144 145 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 146 int); 147 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 148 int); 149 static int bpf_ioctl(struct file *, u_long, void *, struct lwp *); 150 static int bpf_poll(struct file *, int, struct lwp *); 151 static int bpf_close(struct file *, struct lwp *); 152 static int bpf_kqfilter(struct file *, struct knote *); 153 154 static const struct fileops bpf_fileops = { 155 bpf_read, 156 bpf_write, 157 bpf_ioctl, 158 fnullop_fcntl, 159 bpf_poll, 160 fbadop_stat, 161 bpf_close, 162 bpf_kqfilter, 163 }; 164 165 dev_type_open(bpfopen); 166 167 const struct cdevsw bpf_cdevsw = { 168 bpfopen, noclose, noread, nowrite, noioctl, 169 nostop, notty, nopoll, nommap, nokqfilter, 170 }; 171 172 static int 173 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 174 struct sockaddr *sockp) 175 { 176 struct mbuf *m; 177 int error; 178 int len; 179 int hlen; 180 int align; 181 182 /* 183 * Build a sockaddr based on the data link layer type. 184 * We do this at this level because the ethernet header 185 * is copied directly into the data field of the sockaddr. 186 * In the case of SLIP, there is no header and the packet 187 * is forwarded as is. 188 * Also, we are careful to leave room at the front of the mbuf 189 * for the link level header. 190 */ 191 switch (linktype) { 192 193 case DLT_SLIP: 194 sockp->sa_family = AF_INET; 195 hlen = 0; 196 align = 0; 197 break; 198 199 case DLT_PPP: 200 sockp->sa_family = AF_UNSPEC; 201 hlen = 0; 202 align = 0; 203 break; 204 205 case DLT_EN10MB: 206 sockp->sa_family = AF_UNSPEC; 207 /* XXX Would MAXLINKHDR be better? */ 208 /* 6(dst)+6(src)+2(type) */ 209 hlen = sizeof(struct ether_header); 210 align = 2; 211 break; 212 213 case DLT_ARCNET: 214 sockp->sa_family = AF_UNSPEC; 215 hlen = ARC_HDRLEN; 216 align = 5; 217 break; 218 219 case DLT_FDDI: 220 sockp->sa_family = AF_LINK; 221 /* XXX 4(FORMAC)+6(dst)+6(src) */ 222 hlen = 16; 223 align = 0; 224 break; 225 226 case DLT_ECONET: 227 sockp->sa_family = AF_UNSPEC; 228 hlen = 6; 229 align = 2; 230 break; 231 232 case DLT_NULL: 233 sockp->sa_family = AF_UNSPEC; 234 hlen = 0; 235 align = 0; 236 break; 237 238 default: 239 return (EIO); 240 } 241 242 len = uio->uio_resid; 243 /* 244 * If there aren't enough bytes for a link level header or the 245 * packet length exceeds the interface mtu, return an error. 246 */ 247 if (len < hlen || len - hlen > mtu) 248 return (EMSGSIZE); 249 250 /* 251 * XXX Avoid complicated buffer chaining --- 252 * bail if it won't fit in a single mbuf. 253 * (Take into account possible alignment bytes) 254 */ 255 if ((unsigned)len > MCLBYTES - align) 256 return (EIO); 257 258 m = m_gethdr(M_WAIT, MT_DATA); 259 m->m_pkthdr.rcvif = 0; 260 m->m_pkthdr.len = len - hlen; 261 if (len > MHLEN - align) { 262 m_clget(m, M_WAIT); 263 if ((m->m_flags & M_EXT) == 0) { 264 error = ENOBUFS; 265 goto bad; 266 } 267 } 268 269 /* Insure the data is properly aligned */ 270 if (align > 0) { 271 m->m_data += align; 272 m->m_len -= align; 273 } 274 275 error = uiomove(mtod(m, void *), len, uio); 276 if (error) 277 goto bad; 278 if (hlen != 0) { 279 memcpy(sockp->sa_data, mtod(m, void *), hlen); 280 m->m_data += hlen; /* XXX */ 281 len -= hlen; 282 } 283 m->m_len = len; 284 *mp = m; 285 return (0); 286 287 bad: 288 m_freem(m); 289 return (error); 290 } 291 292 /* 293 * Attach file to the bpf interface, i.e. make d listen on bp. 294 * Must be called at splnet. 295 */ 296 static void 297 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 298 { 299 /* 300 * Point d at bp, and add d to the interface's list of listeners. 301 * Finally, point the driver's bpf cookie at the interface so 302 * it will divert packets to bpf. 303 */ 304 d->bd_bif = bp; 305 d->bd_next = bp->bif_dlist; 306 bp->bif_dlist = d; 307 308 *bp->bif_driverp = bp; 309 } 310 311 /* 312 * Detach a file from its interface. 313 */ 314 static void 315 bpf_detachd(struct bpf_d *d) 316 { 317 struct bpf_d **p; 318 struct bpf_if *bp; 319 320 bp = d->bd_bif; 321 /* 322 * Check if this descriptor had requested promiscuous mode. 323 * If so, turn it off. 324 */ 325 if (d->bd_promisc) { 326 int error; 327 328 d->bd_promisc = 0; 329 /* 330 * Take device out of promiscuous mode. Since we were 331 * able to enter promiscuous mode, we should be able 332 * to turn it off. But we can get an error if 333 * the interface was configured down, so only panic 334 * if we don't get an unexpected error. 335 */ 336 error = ifpromisc(bp->bif_ifp, 0); 337 if (error && error != EINVAL) 338 panic("bpf: ifpromisc failed"); 339 } 340 /* Remove d from the interface's descriptor list. */ 341 p = &bp->bif_dlist; 342 while (*p != d) { 343 p = &(*p)->bd_next; 344 if (*p == 0) 345 panic("bpf_detachd: descriptor not in list"); 346 } 347 *p = (*p)->bd_next; 348 if (bp->bif_dlist == 0) 349 /* 350 * Let the driver know that there are no more listeners. 351 */ 352 *d->bd_bif->bif_driverp = 0; 353 d->bd_bif = 0; 354 } 355 356 357 /* 358 * Mark a descriptor free by making it point to itself. 359 * This is probably cheaper than marking with a constant since 360 * the address should be in a register anyway. 361 */ 362 363 /* 364 * bpfilterattach() is called at boot time. 365 */ 366 /* ARGSUSED */ 367 void 368 bpfilterattach(int n) 369 { 370 simple_lock_init(&bpf_slock); 371 372 simple_lock(&bpf_slock); 373 LIST_INIT(&bpf_list); 374 simple_unlock(&bpf_slock); 375 376 bpf_gstats.bs_recv = 0; 377 bpf_gstats.bs_drop = 0; 378 bpf_gstats.bs_capt = 0; 379 } 380 381 /* 382 * Open ethernet device. Clones. 383 */ 384 /* ARGSUSED */ 385 int 386 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 387 { 388 struct bpf_d *d; 389 struct file *fp; 390 int error, fd; 391 392 /* falloc() will use the descriptor for us. */ 393 if ((error = falloc(l->l_proc, &fp, &fd)) != 0) 394 return error; 395 396 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK); 397 (void)memset(d, 0, sizeof(*d)); 398 d->bd_bufsize = bpf_bufsize; 399 d->bd_seesent = 1; 400 d->bd_pid = l->l_proc->p_pid; 401 callout_init(&d->bd_callout); 402 403 simple_lock(&bpf_slock); 404 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 405 simple_unlock(&bpf_slock); 406 407 return fdclone(l, fp, fd, flag, &bpf_fileops, d); 408 } 409 410 /* 411 * Close the descriptor by detaching it from its interface, 412 * deallocating its buffers, and marking it free. 413 */ 414 /* ARGSUSED */ 415 static int 416 bpf_close(struct file *fp, struct lwp *l) 417 { 418 struct bpf_d *d = fp->f_data; 419 int s; 420 421 /* 422 * Refresh the PID associated with this bpf file. 423 */ 424 d->bd_pid = l->l_proc->p_pid; 425 426 s = splnet(); 427 if (d->bd_state == BPF_WAITING) 428 callout_stop(&d->bd_callout); 429 d->bd_state = BPF_IDLE; 430 if (d->bd_bif) 431 bpf_detachd(d); 432 splx(s); 433 bpf_freed(d); 434 simple_lock(&bpf_slock); 435 LIST_REMOVE(d, bd_list); 436 simple_unlock(&bpf_slock); 437 free(d, M_DEVBUF); 438 fp->f_data = NULL; 439 440 return (0); 441 } 442 443 /* 444 * Rotate the packet buffers in descriptor d. Move the store buffer 445 * into the hold slot, and the free buffer into the store slot. 446 * Zero the length of the new store buffer. 447 */ 448 #define ROTATE_BUFFERS(d) \ 449 (d)->bd_hbuf = (d)->bd_sbuf; \ 450 (d)->bd_hlen = (d)->bd_slen; \ 451 (d)->bd_sbuf = (d)->bd_fbuf; \ 452 (d)->bd_slen = 0; \ 453 (d)->bd_fbuf = 0; 454 /* 455 * bpfread - read next chunk of packets from buffers 456 */ 457 static int 458 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 459 kauth_cred_t cred, int flags) 460 { 461 struct bpf_d *d = fp->f_data; 462 int timed_out; 463 int error; 464 int s; 465 466 /* 467 * Restrict application to use a buffer the same size as 468 * as kernel buffers. 469 */ 470 if (uio->uio_resid != d->bd_bufsize) 471 return (EINVAL); 472 473 s = splnet(); 474 if (d->bd_state == BPF_WAITING) 475 callout_stop(&d->bd_callout); 476 timed_out = (d->bd_state == BPF_TIMED_OUT); 477 d->bd_state = BPF_IDLE; 478 /* 479 * If the hold buffer is empty, then do a timed sleep, which 480 * ends when the timeout expires or when enough packets 481 * have arrived to fill the store buffer. 482 */ 483 while (d->bd_hbuf == 0) { 484 if (fp->f_flag & FNONBLOCK) { 485 if (d->bd_slen == 0) { 486 splx(s); 487 return (EWOULDBLOCK); 488 } 489 ROTATE_BUFFERS(d); 490 break; 491 } 492 493 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 494 /* 495 * A packet(s) either arrived since the previous 496 * read or arrived while we were asleep. 497 * Rotate the buffers and return what's here. 498 */ 499 ROTATE_BUFFERS(d); 500 break; 501 } 502 error = tsleep(d, PRINET|PCATCH, "bpf", 503 d->bd_rtout); 504 if (error == EINTR || error == ERESTART) { 505 splx(s); 506 return (error); 507 } 508 if (error == EWOULDBLOCK) { 509 /* 510 * On a timeout, return what's in the buffer, 511 * which may be nothing. If there is something 512 * in the store buffer, we can rotate the buffers. 513 */ 514 if (d->bd_hbuf) 515 /* 516 * We filled up the buffer in between 517 * getting the timeout and arriving 518 * here, so we don't need to rotate. 519 */ 520 break; 521 522 if (d->bd_slen == 0) { 523 splx(s); 524 return (0); 525 } 526 ROTATE_BUFFERS(d); 527 break; 528 } 529 if (error != 0) 530 goto done; 531 } 532 /* 533 * At this point, we know we have something in the hold slot. 534 */ 535 splx(s); 536 537 /* 538 * Move data from hold buffer into user space. 539 * We know the entire buffer is transferred since 540 * we checked above that the read buffer is bpf_bufsize bytes. 541 */ 542 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 543 544 s = splnet(); 545 d->bd_fbuf = d->bd_hbuf; 546 d->bd_hbuf = 0; 547 d->bd_hlen = 0; 548 done: 549 splx(s); 550 return (error); 551 } 552 553 554 /* 555 * If there are processes sleeping on this descriptor, wake them up. 556 */ 557 static inline void 558 bpf_wakeup(struct bpf_d *d) 559 { 560 wakeup(d); 561 if (d->bd_async) 562 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 563 564 selnotify(&d->bd_sel, 0); 565 /* XXX */ 566 d->bd_sel.sel_pid = 0; 567 } 568 569 570 static void 571 bpf_timed_out(void *arg) 572 { 573 struct bpf_d *d = arg; 574 int s; 575 576 s = splnet(); 577 if (d->bd_state == BPF_WAITING) { 578 d->bd_state = BPF_TIMED_OUT; 579 if (d->bd_slen != 0) 580 bpf_wakeup(d); 581 } 582 splx(s); 583 } 584 585 586 static int 587 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 588 kauth_cred_t cred, int flags) 589 { 590 struct bpf_d *d = fp->f_data; 591 struct ifnet *ifp; 592 struct mbuf *m; 593 int error, s; 594 static struct sockaddr_storage dst; 595 596 m = NULL; /* XXX gcc */ 597 598 if (d->bd_bif == 0) 599 return (ENXIO); 600 601 ifp = d->bd_bif->bif_ifp; 602 603 if (uio->uio_resid == 0) 604 return (0); 605 606 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 607 (struct sockaddr *) &dst); 608 if (error) 609 return (error); 610 611 if (m->m_pkthdr.len > ifp->if_mtu) { 612 m_freem(m); 613 return (EMSGSIZE); 614 } 615 616 if (d->bd_hdrcmplt) 617 dst.ss_family = pseudo_AF_HDRCMPLT; 618 619 s = splsoftnet(); 620 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 621 splx(s); 622 /* 623 * The driver frees the mbuf. 624 */ 625 return (error); 626 } 627 628 /* 629 * Reset a descriptor by flushing its packet buffer and clearing the 630 * receive and drop counts. Should be called at splnet. 631 */ 632 static void 633 reset_d(struct bpf_d *d) 634 { 635 if (d->bd_hbuf) { 636 /* Free the hold buffer. */ 637 d->bd_fbuf = d->bd_hbuf; 638 d->bd_hbuf = 0; 639 } 640 d->bd_slen = 0; 641 d->bd_hlen = 0; 642 d->bd_rcount = 0; 643 d->bd_dcount = 0; 644 d->bd_ccount = 0; 645 } 646 647 /* 648 * FIONREAD Check for read packet available. 649 * BIOCGBLEN Get buffer len [for read()]. 650 * BIOCSETF Set ethernet read filter. 651 * BIOCFLUSH Flush read packet buffer. 652 * BIOCPROMISC Put interface into promiscuous mode. 653 * BIOCGDLT Get link layer type. 654 * BIOCGETIF Get interface name. 655 * BIOCSETIF Set interface. 656 * BIOCSRTIMEOUT Set read timeout. 657 * BIOCGRTIMEOUT Get read timeout. 658 * BIOCGSTATS Get packet stats. 659 * BIOCIMMEDIATE Set immediate mode. 660 * BIOCVERSION Get filter language version. 661 * BIOCGHDRCMPLT Get "header already complete" flag. 662 * BIOCSHDRCMPLT Set "header already complete" flag. 663 */ 664 /* ARGSUSED */ 665 static int 666 bpf_ioctl(struct file *fp, u_long cmd, void *addr, struct lwp *l) 667 { 668 struct bpf_d *d = fp->f_data; 669 int s, error = 0; 670 671 /* 672 * Refresh the PID associated with this bpf file. 673 */ 674 d->bd_pid = l->l_proc->p_pid; 675 676 s = splnet(); 677 if (d->bd_state == BPF_WAITING) 678 callout_stop(&d->bd_callout); 679 d->bd_state = BPF_IDLE; 680 splx(s); 681 682 switch (cmd) { 683 684 default: 685 error = EINVAL; 686 break; 687 688 /* 689 * Check for read packet available. 690 */ 691 case FIONREAD: 692 { 693 int n; 694 695 s = splnet(); 696 n = d->bd_slen; 697 if (d->bd_hbuf) 698 n += d->bd_hlen; 699 splx(s); 700 701 *(int *)addr = n; 702 break; 703 } 704 705 /* 706 * Get buffer len [for read()]. 707 */ 708 case BIOCGBLEN: 709 *(u_int *)addr = d->bd_bufsize; 710 break; 711 712 /* 713 * Set buffer length. 714 */ 715 case BIOCSBLEN: 716 if (d->bd_bif != 0) 717 error = EINVAL; 718 else { 719 u_int size = *(u_int *)addr; 720 721 if (size > bpf_maxbufsize) 722 *(u_int *)addr = size = bpf_maxbufsize; 723 else if (size < BPF_MINBUFSIZE) 724 *(u_int *)addr = size = BPF_MINBUFSIZE; 725 d->bd_bufsize = size; 726 } 727 break; 728 729 /* 730 * Set link layer read filter. 731 */ 732 case BIOCSETF: 733 error = bpf_setf(d, addr); 734 break; 735 736 /* 737 * Flush read packet buffer. 738 */ 739 case BIOCFLUSH: 740 s = splnet(); 741 reset_d(d); 742 splx(s); 743 break; 744 745 /* 746 * Put interface into promiscuous mode. 747 */ 748 case BIOCPROMISC: 749 if (d->bd_bif == 0) { 750 /* 751 * No interface attached yet. 752 */ 753 error = EINVAL; 754 break; 755 } 756 s = splnet(); 757 if (d->bd_promisc == 0) { 758 error = ifpromisc(d->bd_bif->bif_ifp, 1); 759 if (error == 0) 760 d->bd_promisc = 1; 761 } 762 splx(s); 763 break; 764 765 /* 766 * Get device parameters. 767 */ 768 case BIOCGDLT: 769 if (d->bd_bif == 0) 770 error = EINVAL; 771 else 772 *(u_int *)addr = d->bd_bif->bif_dlt; 773 break; 774 775 /* 776 * Get a list of supported device parameters. 777 */ 778 case BIOCGDLTLIST: 779 if (d->bd_bif == 0) 780 error = EINVAL; 781 else 782 error = bpf_getdltlist(d, addr); 783 break; 784 785 /* 786 * Set device parameters. 787 */ 788 case BIOCSDLT: 789 if (d->bd_bif == 0) 790 error = EINVAL; 791 else 792 error = bpf_setdlt(d, *(u_int *)addr); 793 break; 794 795 /* 796 * Set interface name. 797 */ 798 case BIOCGETIF: 799 if (d->bd_bif == 0) 800 error = EINVAL; 801 else 802 bpf_ifname(d->bd_bif->bif_ifp, addr); 803 break; 804 805 /* 806 * Set interface. 807 */ 808 case BIOCSETIF: 809 error = bpf_setif(d, addr); 810 break; 811 812 /* 813 * Set read timeout. 814 */ 815 case BIOCSRTIMEOUT: 816 { 817 struct timeval *tv = addr; 818 819 /* Compute number of ticks. */ 820 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 821 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 822 d->bd_rtout = 1; 823 break; 824 } 825 826 /* 827 * Get read timeout. 828 */ 829 case BIOCGRTIMEOUT: 830 { 831 struct timeval *tv = addr; 832 833 tv->tv_sec = d->bd_rtout / hz; 834 tv->tv_usec = (d->bd_rtout % hz) * tick; 835 break; 836 } 837 838 /* 839 * Get packet stats. 840 */ 841 case BIOCGSTATS: 842 { 843 struct bpf_stat *bs = addr; 844 845 bs->bs_recv = d->bd_rcount; 846 bs->bs_drop = d->bd_dcount; 847 bs->bs_capt = d->bd_ccount; 848 break; 849 } 850 851 case BIOCGSTATSOLD: 852 { 853 struct bpf_stat_old *bs = addr; 854 855 bs->bs_recv = d->bd_rcount; 856 bs->bs_drop = d->bd_dcount; 857 break; 858 } 859 860 /* 861 * Set immediate mode. 862 */ 863 case BIOCIMMEDIATE: 864 d->bd_immediate = *(u_int *)addr; 865 break; 866 867 case BIOCVERSION: 868 { 869 struct bpf_version *bv = addr; 870 871 bv->bv_major = BPF_MAJOR_VERSION; 872 bv->bv_minor = BPF_MINOR_VERSION; 873 break; 874 } 875 876 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 877 *(u_int *)addr = d->bd_hdrcmplt; 878 break; 879 880 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 881 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 882 break; 883 884 /* 885 * Get "see sent packets" flag 886 */ 887 case BIOCGSEESENT: 888 *(u_int *)addr = d->bd_seesent; 889 break; 890 891 /* 892 * Set "see sent" packets flag 893 */ 894 case BIOCSSEESENT: 895 d->bd_seesent = *(u_int *)addr; 896 break; 897 898 case FIONBIO: /* Non-blocking I/O */ 899 /* 900 * No need to do anything special as we use IO_NDELAY in 901 * bpfread() as an indication of whether or not to block 902 * the read. 903 */ 904 break; 905 906 case FIOASYNC: /* Send signal on receive packets */ 907 d->bd_async = *(int *)addr; 908 break; 909 910 case TIOCSPGRP: /* Process or group to send signals to */ 911 case FIOSETOWN: 912 error = fsetown(l->l_proc, &d->bd_pgid, cmd, addr); 913 break; 914 915 case TIOCGPGRP: 916 case FIOGETOWN: 917 error = fgetown(l->l_proc, d->bd_pgid, cmd, addr); 918 break; 919 } 920 return (error); 921 } 922 923 /* 924 * Set d's packet filter program to fp. If this file already has a filter, 925 * free it and replace it. Returns EINVAL for bogus requests. 926 */ 927 int 928 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 929 { 930 struct bpf_insn *fcode, *old; 931 u_int flen, size; 932 int s; 933 934 old = d->bd_filter; 935 if (fp->bf_insns == 0) { 936 if (fp->bf_len != 0) 937 return (EINVAL); 938 s = splnet(); 939 d->bd_filter = 0; 940 reset_d(d); 941 splx(s); 942 if (old != 0) 943 free(old, M_DEVBUF); 944 return (0); 945 } 946 flen = fp->bf_len; 947 if (flen > BPF_MAXINSNS) 948 return (EINVAL); 949 950 size = flen * sizeof(*fp->bf_insns); 951 fcode = malloc(size, M_DEVBUF, M_WAITOK); 952 if (copyin(fp->bf_insns, fcode, size) == 0 && 953 bpf_validate(fcode, (int)flen)) { 954 s = splnet(); 955 d->bd_filter = fcode; 956 reset_d(d); 957 splx(s); 958 if (old != 0) 959 free(old, M_DEVBUF); 960 961 return (0); 962 } 963 free(fcode, M_DEVBUF); 964 return (EINVAL); 965 } 966 967 /* 968 * Detach a file from its current interface (if attached at all) and attach 969 * to the interface indicated by the name stored in ifr. 970 * Return an errno or 0. 971 */ 972 static int 973 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 974 { 975 struct bpf_if *bp; 976 char *cp; 977 int unit_seen, i, s, error; 978 979 /* 980 * Make sure the provided name has a unit number, and default 981 * it to '0' if not specified. 982 * XXX This is ugly ... do this differently? 983 */ 984 unit_seen = 0; 985 cp = ifr->ifr_name; 986 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 987 while (*cp++) 988 if (*cp >= '0' && *cp <= '9') 989 unit_seen = 1; 990 if (!unit_seen) { 991 /* Make sure to leave room for the '\0'. */ 992 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 993 if ((ifr->ifr_name[i] >= 'a' && 994 ifr->ifr_name[i] <= 'z') || 995 (ifr->ifr_name[i] >= 'A' && 996 ifr->ifr_name[i] <= 'Z')) 997 continue; 998 ifr->ifr_name[i] = '0'; 999 } 1000 } 1001 1002 /* 1003 * Look through attached interfaces for the named one. 1004 */ 1005 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1006 struct ifnet *ifp = bp->bif_ifp; 1007 1008 if (ifp == 0 || 1009 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1010 continue; 1011 /* skip additional entry */ 1012 if ((caddr_t *)bp->bif_driverp != &ifp->if_bpf) 1013 continue; 1014 /* 1015 * We found the requested interface. 1016 * Allocate the packet buffers if we need to. 1017 * If we're already attached to requested interface, 1018 * just flush the buffer. 1019 */ 1020 if (d->bd_sbuf == 0) { 1021 error = bpf_allocbufs(d); 1022 if (error != 0) 1023 return (error); 1024 } 1025 s = splnet(); 1026 if (bp != d->bd_bif) { 1027 if (d->bd_bif) 1028 /* 1029 * Detach if attached to something else. 1030 */ 1031 bpf_detachd(d); 1032 1033 bpf_attachd(d, bp); 1034 } 1035 reset_d(d); 1036 splx(s); 1037 return (0); 1038 } 1039 /* Not found. */ 1040 return (ENXIO); 1041 } 1042 1043 /* 1044 * Copy the interface name to the ifreq. 1045 */ 1046 static void 1047 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1048 { 1049 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1050 } 1051 1052 /* 1053 * Support for poll() system call 1054 * 1055 * Return true iff the specific operation will not block indefinitely - with 1056 * the assumption that it is safe to positively acknowledge a request for the 1057 * ability to write to the BPF device. 1058 * Otherwise, return false but make a note that a selwakeup() must be done. 1059 */ 1060 static int 1061 bpf_poll(struct file *fp, int events, struct lwp *l) 1062 { 1063 struct bpf_d *d = fp->f_data; 1064 int s = splnet(); 1065 int revents; 1066 1067 /* 1068 * Refresh the PID associated with this bpf file. 1069 */ 1070 d->bd_pid = l->l_proc->p_pid; 1071 1072 revents = events & (POLLOUT | POLLWRNORM); 1073 if (events & (POLLIN | POLLRDNORM)) { 1074 /* 1075 * An imitation of the FIONREAD ioctl code. 1076 */ 1077 if ((d->bd_hlen != 0) || 1078 (d->bd_immediate && d->bd_slen != 0)) { 1079 revents |= events & (POLLIN | POLLRDNORM); 1080 } else if (d->bd_state == BPF_TIMED_OUT) { 1081 if (d->bd_slen != 0) 1082 revents |= events & (POLLIN | POLLRDNORM); 1083 else 1084 revents |= events & POLLIN; 1085 } else { 1086 selrecord(l, &d->bd_sel); 1087 /* Start the read timeout if necessary */ 1088 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1089 callout_reset(&d->bd_callout, d->bd_rtout, 1090 bpf_timed_out, d); 1091 d->bd_state = BPF_WAITING; 1092 } 1093 } 1094 } 1095 1096 splx(s); 1097 return (revents); 1098 } 1099 1100 static void 1101 filt_bpfrdetach(struct knote *kn) 1102 { 1103 struct bpf_d *d = kn->kn_hook; 1104 int s; 1105 1106 s = splnet(); 1107 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1108 splx(s); 1109 } 1110 1111 static int 1112 filt_bpfread(struct knote *kn, long hint) 1113 { 1114 struct bpf_d *d = kn->kn_hook; 1115 1116 kn->kn_data = d->bd_hlen; 1117 if (d->bd_immediate) 1118 kn->kn_data += d->bd_slen; 1119 return (kn->kn_data > 0); 1120 } 1121 1122 static const struct filterops bpfread_filtops = 1123 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1124 1125 static int 1126 bpf_kqfilter(struct file *fp, struct knote *kn) 1127 { 1128 struct bpf_d *d = fp->f_data; 1129 struct klist *klist; 1130 int s; 1131 1132 switch (kn->kn_filter) { 1133 case EVFILT_READ: 1134 klist = &d->bd_sel.sel_klist; 1135 kn->kn_fop = &bpfread_filtops; 1136 break; 1137 1138 default: 1139 return (1); 1140 } 1141 1142 kn->kn_hook = d; 1143 1144 s = splnet(); 1145 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1146 splx(s); 1147 1148 return (0); 1149 } 1150 1151 /* 1152 * Incoming linkage from device drivers. Process the packet pkt, of length 1153 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1154 * by each process' filter, and if accepted, stashed into the corresponding 1155 * buffer. 1156 */ 1157 void 1158 bpf_tap(void *arg, u_char *pkt, u_int pktlen) 1159 { 1160 struct bpf_if *bp; 1161 struct bpf_d *d; 1162 u_int slen; 1163 /* 1164 * Note that the ipl does not have to be raised at this point. 1165 * The only problem that could arise here is that if two different 1166 * interfaces shared any data. This is not the case. 1167 */ 1168 bp = arg; 1169 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1170 ++d->bd_rcount; 1171 ++bpf_gstats.bs_recv; 1172 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1173 if (slen != 0) 1174 catchpacket(d, pkt, pktlen, slen, memcpy); 1175 } 1176 } 1177 1178 /* 1179 * Copy data from an mbuf chain into a buffer. This code is derived 1180 * from m_copydata in sys/uipc_mbuf.c. 1181 */ 1182 static void * 1183 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1184 { 1185 const struct mbuf *m; 1186 u_int count; 1187 u_char *dst; 1188 1189 m = src_arg; 1190 dst = dst_arg; 1191 while (len > 0) { 1192 if (m == 0) 1193 panic("bpf_mcpy"); 1194 count = min(m->m_len, len); 1195 memcpy(dst, mtod(m, void *), count); 1196 m = m->m_next; 1197 dst += count; 1198 len -= count; 1199 } 1200 return (dst_arg); 1201 } 1202 1203 /* 1204 * Dispatch a packet to all the listeners on interface bp. 1205 * 1206 * marg pointer to the packet, either a data buffer or an mbuf chain 1207 * buflen buffer length, if marg is a data buffer 1208 * cpfn a function that can copy marg into the listener's buffer 1209 * pktlen length of the packet 1210 * rcvif either NULL or the interface the packet came in on. 1211 */ 1212 static inline void 1213 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1214 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1215 { 1216 u_int slen; 1217 struct bpf_d *d; 1218 1219 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1220 if (!d->bd_seesent && (rcvif == NULL)) 1221 continue; 1222 ++d->bd_rcount; 1223 ++bpf_gstats.bs_recv; 1224 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1225 if (slen != 0) 1226 catchpacket(d, marg, pktlen, slen, cpfn); 1227 } 1228 } 1229 1230 /* 1231 * Incoming linkage from device drivers, when the head of the packet is in 1232 * a buffer, and the tail is in an mbuf chain. 1233 */ 1234 void 1235 bpf_mtap2(void *arg, void *data, u_int dlen, struct mbuf *m) 1236 { 1237 struct bpf_if *bp = arg; 1238 u_int pktlen; 1239 struct mbuf mb; 1240 1241 pktlen = m_length(m) + dlen; 1242 1243 /* 1244 * Craft on-stack mbuf suitable for passing to bpf_filter. 1245 * Note that we cut corners here; we only setup what's 1246 * absolutely needed--this mbuf should never go anywhere else. 1247 */ 1248 (void)memset(&mb, 0, sizeof(mb)); 1249 mb.m_next = m; 1250 mb.m_data = data; 1251 mb.m_len = dlen; 1252 1253 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1254 } 1255 1256 /* 1257 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1258 */ 1259 void 1260 bpf_mtap(void *arg, struct mbuf *m) 1261 { 1262 void *(*cpfn)(void *, const void *, size_t); 1263 struct bpf_if *bp = arg; 1264 u_int pktlen, buflen; 1265 void *marg; 1266 1267 pktlen = m_length(m); 1268 1269 if (pktlen == m->m_len) { 1270 cpfn = memcpy; 1271 marg = mtod(m, void *); 1272 buflen = pktlen; 1273 } else { 1274 cpfn = bpf_mcpy; 1275 marg = m; 1276 buflen = 0; 1277 } 1278 1279 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1280 } 1281 1282 /* 1283 * We need to prepend the address family as 1284 * a four byte field. Cons up a dummy header 1285 * to pacify bpf. This is safe because bpf 1286 * will only read from the mbuf (i.e., it won't 1287 * try to free it or keep a pointer a to it). 1288 */ 1289 void 1290 bpf_mtap_af(void *arg, u_int32_t af, struct mbuf *m) 1291 { 1292 struct mbuf m0; 1293 1294 m0.m_flags = 0; 1295 m0.m_next = m; 1296 m0.m_len = 4; 1297 m0.m_data = (char *)⁡ 1298 1299 bpf_mtap(arg, &m0); 1300 } 1301 1302 void 1303 bpf_mtap_et(void *arg, u_int16_t et, struct mbuf *m) 1304 { 1305 struct mbuf m0; 1306 1307 m0.m_flags = 0; 1308 m0.m_next = m; 1309 m0.m_len = 14; 1310 m0.m_data = m0.m_dat; 1311 1312 ((u_int32_t *)m0.m_data)[0] = 0; 1313 ((u_int32_t *)m0.m_data)[1] = 0; 1314 ((u_int32_t *)m0.m_data)[2] = 0; 1315 ((u_int16_t *)m0.m_data)[6] = et; 1316 1317 bpf_mtap(arg, &m0); 1318 } 1319 1320 #if NSL > 0 || NSTRIP > 0 1321 /* 1322 * Put the SLIP pseudo-"link header" in place. 1323 * Note this M_PREPEND() should never fail, 1324 * swince we know we always have enough space 1325 * in the input buffer. 1326 */ 1327 void 1328 bpf_mtap_sl_in(void *arg, u_char *chdr, struct mbuf **m) 1329 { 1330 int s; 1331 u_char *hp; 1332 1333 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1334 if (*m == NULL) 1335 return; 1336 1337 hp = mtod(*m, u_char *); 1338 hp[SLX_DIR] = SLIPDIR_IN; 1339 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1340 1341 s = splnet(); 1342 bpf_mtap(arg, *m); 1343 splx(s); 1344 1345 m_adj(*m, SLIP_HDRLEN); 1346 } 1347 1348 /* 1349 * Put the SLIP pseudo-"link header" in 1350 * place. The compressed header is now 1351 * at the beginning of the mbuf. 1352 */ 1353 void 1354 bpf_mtap_sl_out(void *arg, u_char *chdr, struct mbuf *m) 1355 { 1356 struct mbuf m0; 1357 u_char *hp; 1358 int s; 1359 1360 m0.m_flags = 0; 1361 m0.m_next = m; 1362 m0.m_data = m0.m_dat; 1363 m0.m_len = SLIP_HDRLEN; 1364 1365 hp = mtod(&m0, u_char *); 1366 1367 hp[SLX_DIR] = SLIPDIR_OUT; 1368 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1369 1370 s = splnet(); 1371 bpf_mtap(arg, &m0); 1372 splx(s); 1373 m_freem(m); 1374 } 1375 #endif 1376 1377 /* 1378 * Move the packet data from interface memory (pkt) into the 1379 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1380 * otherwise 0. "copy" is the routine called to do the actual data 1381 * transfer. memcpy is passed in to copy contiguous chunks, while 1382 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1383 * pkt is really an mbuf. 1384 */ 1385 static void 1386 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1387 void *(*cpfn)(void *, const void *, size_t)) 1388 { 1389 struct bpf_hdr *hp; 1390 int totlen, curlen; 1391 int hdrlen = d->bd_bif->bif_hdrlen; 1392 1393 ++d->bd_ccount; 1394 ++bpf_gstats.bs_capt; 1395 /* 1396 * Figure out how many bytes to move. If the packet is 1397 * greater or equal to the snapshot length, transfer that 1398 * much. Otherwise, transfer the whole packet (unless 1399 * we hit the buffer size limit). 1400 */ 1401 totlen = hdrlen + min(snaplen, pktlen); 1402 if (totlen > d->bd_bufsize) 1403 totlen = d->bd_bufsize; 1404 1405 /* 1406 * Round up the end of the previous packet to the next longword. 1407 */ 1408 curlen = BPF_WORDALIGN(d->bd_slen); 1409 if (curlen + totlen > d->bd_bufsize) { 1410 /* 1411 * This packet will overflow the storage buffer. 1412 * Rotate the buffers if we can, then wakeup any 1413 * pending reads. 1414 */ 1415 if (d->bd_fbuf == 0) { 1416 /* 1417 * We haven't completed the previous read yet, 1418 * so drop the packet. 1419 */ 1420 ++d->bd_dcount; 1421 ++bpf_gstats.bs_drop; 1422 return; 1423 } 1424 ROTATE_BUFFERS(d); 1425 bpf_wakeup(d); 1426 curlen = 0; 1427 } 1428 1429 /* 1430 * Append the bpf header. 1431 */ 1432 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1433 microtime(&hp->bh_tstamp); 1434 hp->bh_datalen = pktlen; 1435 hp->bh_hdrlen = hdrlen; 1436 /* 1437 * Copy the packet data into the store buffer and update its length. 1438 */ 1439 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1440 d->bd_slen = curlen + totlen; 1441 1442 /* 1443 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1444 * will cause filt_bpfread() to be called with it adjusted. 1445 */ 1446 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1447 /* 1448 * Immediate mode is set, or the read timeout has 1449 * already expired during a select call. A packet 1450 * arrived, so the reader should be woken up. 1451 */ 1452 bpf_wakeup(d); 1453 } 1454 1455 /* 1456 * Initialize all nonzero fields of a descriptor. 1457 */ 1458 static int 1459 bpf_allocbufs(struct bpf_d *d) 1460 { 1461 1462 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1463 if (!d->bd_fbuf) 1464 return (ENOBUFS); 1465 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1466 if (!d->bd_sbuf) { 1467 free(d->bd_fbuf, M_DEVBUF); 1468 return (ENOBUFS); 1469 } 1470 d->bd_slen = 0; 1471 d->bd_hlen = 0; 1472 return (0); 1473 } 1474 1475 /* 1476 * Free buffers currently in use by a descriptor. 1477 * Called on close. 1478 */ 1479 static void 1480 bpf_freed(struct bpf_d *d) 1481 { 1482 /* 1483 * We don't need to lock out interrupts since this descriptor has 1484 * been detached from its interface and it yet hasn't been marked 1485 * free. 1486 */ 1487 if (d->bd_sbuf != 0) { 1488 free(d->bd_sbuf, M_DEVBUF); 1489 if (d->bd_hbuf != 0) 1490 free(d->bd_hbuf, M_DEVBUF); 1491 if (d->bd_fbuf != 0) 1492 free(d->bd_fbuf, M_DEVBUF); 1493 } 1494 if (d->bd_filter) 1495 free(d->bd_filter, M_DEVBUF); 1496 } 1497 1498 /* 1499 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1500 * fixed size of the link header (variable length headers not yet supported). 1501 */ 1502 void 1503 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1504 { 1505 1506 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1507 } 1508 1509 /* 1510 * Attach additional dlt for a interface to bpf. dlt is the link layer type; 1511 * hdrlen is the fixed size of the link header for the specified dlt 1512 * (variable length headers not yet supported). 1513 */ 1514 void 1515 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, void *driverp) 1516 { 1517 struct bpf_if *bp; 1518 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1519 if (bp == 0) 1520 panic("bpfattach"); 1521 1522 bp->bif_dlist = 0; 1523 bp->bif_driverp = driverp; 1524 bp->bif_ifp = ifp; 1525 bp->bif_dlt = dlt; 1526 1527 bp->bif_next = bpf_iflist; 1528 bpf_iflist = bp; 1529 1530 *bp->bif_driverp = 0; 1531 1532 /* 1533 * Compute the length of the bpf header. This is not necessarily 1534 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1535 * that the network layer header begins on a longword boundary (for 1536 * performance reasons and to alleviate alignment restrictions). 1537 */ 1538 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1539 1540 #if 0 1541 printf("bpf: %s attached\n", ifp->if_xname); 1542 #endif 1543 } 1544 1545 /* 1546 * Remove an interface from bpf. 1547 */ 1548 void 1549 bpfdetach(struct ifnet *ifp) 1550 { 1551 struct bpf_if *bp, **pbp; 1552 struct bpf_d *d; 1553 int s; 1554 1555 /* Nuke the vnodes for any open instances */ 1556 for (d = LIST_FIRST(&bpf_list); d != NULL; d = LIST_NEXT(d, bd_list)) { 1557 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1558 /* 1559 * Detach the descriptor from an interface now. 1560 * It will be free'ed later by close routine. 1561 */ 1562 s = splnet(); 1563 d->bd_promisc = 0; /* we can't touch device. */ 1564 bpf_detachd(d); 1565 splx(s); 1566 } 1567 } 1568 1569 again: 1570 for (bp = bpf_iflist, pbp = &bpf_iflist; 1571 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1572 if (bp->bif_ifp == ifp) { 1573 *pbp = bp->bif_next; 1574 free(bp, M_DEVBUF); 1575 goto again; 1576 } 1577 } 1578 } 1579 1580 /* 1581 * Change the data link type of a interface. 1582 */ 1583 void 1584 bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1585 { 1586 struct bpf_if *bp; 1587 1588 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1589 if ((caddr_t *)bp->bif_driverp == &ifp->if_bpf) 1590 break; 1591 } 1592 if (bp == NULL) 1593 panic("bpf_change_type"); 1594 1595 bp->bif_dlt = dlt; 1596 1597 /* 1598 * Compute the length of the bpf header. This is not necessarily 1599 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1600 * that the network layer header begins on a longword boundary (for 1601 * performance reasons and to alleviate alignment restrictions). 1602 */ 1603 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1604 } 1605 1606 /* 1607 * Get a list of available data link type of the interface. 1608 */ 1609 static int 1610 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1611 { 1612 int n, error; 1613 struct ifnet *ifp; 1614 struct bpf_if *bp; 1615 1616 ifp = d->bd_bif->bif_ifp; 1617 n = 0; 1618 error = 0; 1619 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1620 if (bp->bif_ifp != ifp) 1621 continue; 1622 if (bfl->bfl_list != NULL) { 1623 if (n >= bfl->bfl_len) 1624 return ENOMEM; 1625 error = copyout(&bp->bif_dlt, 1626 bfl->bfl_list + n, sizeof(u_int)); 1627 } 1628 n++; 1629 } 1630 bfl->bfl_len = n; 1631 return error; 1632 } 1633 1634 /* 1635 * Set the data link type of a BPF instance. 1636 */ 1637 static int 1638 bpf_setdlt(struct bpf_d *d, u_int dlt) 1639 { 1640 int s, error, opromisc; 1641 struct ifnet *ifp; 1642 struct bpf_if *bp; 1643 1644 if (d->bd_bif->bif_dlt == dlt) 1645 return 0; 1646 ifp = d->bd_bif->bif_ifp; 1647 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1648 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1649 break; 1650 } 1651 if (bp == NULL) 1652 return EINVAL; 1653 s = splnet(); 1654 opromisc = d->bd_promisc; 1655 bpf_detachd(d); 1656 bpf_attachd(d, bp); 1657 reset_d(d); 1658 if (opromisc) { 1659 error = ifpromisc(bp->bif_ifp, 1); 1660 if (error) 1661 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1662 bp->bif_ifp->if_xname, error); 1663 else 1664 d->bd_promisc = 1; 1665 } 1666 splx(s); 1667 return 0; 1668 } 1669 1670 static int 1671 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1672 { 1673 int newsize, error; 1674 struct sysctlnode node; 1675 1676 node = *rnode; 1677 node.sysctl_data = &newsize; 1678 newsize = bpf_maxbufsize; 1679 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1680 if (error || newp == NULL) 1681 return (error); 1682 1683 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1684 return (EINVAL); 1685 1686 bpf_maxbufsize = newsize; 1687 1688 return (0); 1689 } 1690 1691 static int 1692 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1693 { 1694 int error, elem_count; 1695 struct bpf_d *dp; 1696 struct bpf_d_ext dpe; 1697 size_t len, needed, elem_size, out_size; 1698 char *sp; 1699 1700 if (namelen == 1 && name[0] == CTL_QUERY) 1701 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1702 1703 if (namelen != 2) 1704 return (EINVAL); 1705 1706 if ((error = kauth_authorize_generic(l->l_proc->p_cred, 1707 KAUTH_GENERIC_ISSUSER, 1708 &l->l_proc->p_acflag))) 1709 return (error); 1710 1711 len = (oldp != NULL) ? *oldlenp : 0; 1712 sp = oldp; 1713 elem_size = name[0]; 1714 elem_count = name[1]; 1715 out_size = MIN(sizeof(dpe), elem_size); 1716 needed = 0; 1717 1718 if (elem_size < 1 || elem_count < 0) 1719 return (EINVAL); 1720 1721 simple_lock(&bpf_slock); 1722 LIST_FOREACH(dp, &bpf_list, bd_list) { 1723 if (len >= elem_size && elem_count > 0) { 1724 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1725 BPF_EXT(bufsize); 1726 BPF_EXT(promisc); 1727 BPF_EXT(promisc); 1728 BPF_EXT(state); 1729 BPF_EXT(immediate); 1730 BPF_EXT(hdrcmplt); 1731 BPF_EXT(seesent); 1732 BPF_EXT(pid); 1733 BPF_EXT(rcount); 1734 BPF_EXT(dcount); 1735 BPF_EXT(ccount); 1736 #undef BPF_EXT 1737 if (dp->bd_bif) 1738 (void)strlcpy(dpe.bde_ifname, 1739 dp->bd_bif->bif_ifp->if_xname, 1740 IFNAMSIZ - 1); 1741 else 1742 dpe.bde_ifname[0] = '\0'; 1743 1744 error = copyout(&dpe, sp, out_size); 1745 if (error) 1746 break; 1747 sp += elem_size; 1748 len -= elem_size; 1749 } 1750 if (elem_count > 0) { 1751 needed += elem_size; 1752 if (elem_count != INT_MAX) 1753 elem_count--; 1754 } 1755 } 1756 simple_unlock(&bpf_slock); 1757 1758 *oldlenp = needed; 1759 1760 return (error); 1761 } 1762 1763 SYSCTL_SETUP(sysctl_net_bpf_setup, "sysctl net.bpf subtree setup") 1764 { 1765 const struct sysctlnode *node; 1766 1767 sysctl_createv(clog, 0, NULL, NULL, 1768 CTLFLAG_PERMANENT, 1769 CTLTYPE_NODE, "net", NULL, 1770 NULL, 0, NULL, 0, 1771 CTL_NET, CTL_EOL); 1772 1773 node = NULL; 1774 sysctl_createv(clog, 0, NULL, &node, 1775 CTLFLAG_PERMANENT, 1776 CTLTYPE_NODE, "bpf", 1777 SYSCTL_DESCR("BPF options"), 1778 NULL, 0, NULL, 0, 1779 CTL_NET, CTL_CREATE, CTL_EOL); 1780 if (node != NULL) { 1781 sysctl_createv(clog, 0, NULL, NULL, 1782 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1783 CTLTYPE_INT, "maxbufsize", 1784 SYSCTL_DESCR("Maximum size for data capture buffer"), 1785 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1786 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1787 sysctl_createv(clog, 0, NULL, NULL, 1788 CTLFLAG_PERMANENT, 1789 CTLTYPE_STRUCT, "stats", 1790 SYSCTL_DESCR("BPF stats"), 1791 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1792 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1793 sysctl_createv(clog, 0, NULL, NULL, 1794 CTLFLAG_PERMANENT, 1795 CTLTYPE_STRUCT, "peers", 1796 SYSCTL_DESCR("BPF peers"), 1797 sysctl_net_bpf_peers, 0, NULL, 0, 1798 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1799 } 1800 1801 } 1802