1 /* $NetBSD: bpf.h,v 1.75 2020/06/11 13:36:20 roy Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.h 8.2 (Berkeley) 1/9/95 37 * @(#) Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp (LBL) 38 */ 39 40 #ifndef _NET_BPF_H_ 41 #define _NET_BPF_H_ 42 43 #include <sys/ioccom.h> 44 #include <sys/time.h> 45 46 /* BSD style release date */ 47 #define BPF_RELEASE 199606 48 49 /* Date when COP instructions and external memory have been released. */ 50 #define BPF_COP_EXTMEM_RELEASE 20140624 51 52 __BEGIN_DECLS 53 54 typedef int bpf_int32; 55 typedef u_int bpf_u_int32; 56 57 /* 58 * Alignment macros. BPF_WORDALIGN rounds up to the next 59 * even multiple of BPF_ALIGNMENT. 60 */ 61 #define BPF_ALIGNMENT sizeof(long) 62 #define BPF_ALIGNMENT32 sizeof(int) 63 64 #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 65 #define BPF_WORDALIGN32(x) (((x)+(BPF_ALIGNMENT32-1))&~(BPF_ALIGNMENT32-1)) 66 67 #define BPF_MAXINSNS 512 68 #define BPF_DFLTBUFSIZE (1024*1024) /* default static upper limit */ 69 #define BPF_MAXBUFSIZE (1024*1024*16) /* hard limit on sysctl'able value */ 70 #define BPF_MINBUFSIZE 32 71 72 /* 73 * Structure for BIOCSETF. 74 */ 75 struct bpf_program { 76 u_int bf_len; 77 struct bpf_insn *bf_insns; 78 }; 79 80 /* 81 * Struct returned by BIOCGSTATS and net.bpf.stats sysctl. 82 */ 83 struct bpf_stat { 84 uint64_t bs_recv; /* number of packets received */ 85 uint64_t bs_drop; /* number of packets dropped */ 86 uint64_t bs_capt; /* number of packets captured */ 87 uint64_t bs_padding[13]; 88 }; 89 90 /* 91 * Struct returned by BIOCGSTATSOLD. 92 */ 93 struct bpf_stat_old { 94 u_int bs_recv; /* number of packets received */ 95 u_int bs_drop; /* number of packets dropped */ 96 }; 97 98 /* 99 * Struct return by BIOCVERSION. This represents the version number of 100 * the filter language described by the instruction encodings below. 101 * bpf understands a program iff kernel_major == filter_major && 102 * kernel_minor >= filter_minor, that is, if the value returned by the 103 * running kernel has the same major number and a minor number equal 104 * equal to or less than the filter being downloaded. Otherwise, the 105 * results are undefined, meaning an error may be returned or packets 106 * may be accepted haphazardly. 107 * It has nothing to do with the source code version. 108 */ 109 struct bpf_version { 110 u_short bv_major; 111 u_short bv_minor; 112 }; 113 /* Current version number of filter architecture. */ 114 #define BPF_MAJOR_VERSION 1 115 #define BPF_MINOR_VERSION 1 116 117 /* 118 * BPF ioctls 119 * 120 * The first set is for compatibility with Sun's pcc style 121 * header files. If your using gcc, we assume that you 122 * have run fixincludes so the latter set should work. 123 */ 124 #define BIOCGBLEN _IOR('B', 102, u_int) 125 #define BIOCSBLEN _IOWR('B', 102, u_int) 126 #define BIOCSETF _IOW('B', 103, struct bpf_program) 127 #define BIOCFLUSH _IO('B', 104) 128 #define BIOCPROMISC _IO('B', 105) 129 #define BIOCGDLT _IOR('B', 106, u_int) 130 #define BIOCGETIF _IOR('B', 107, struct ifreq) 131 #define BIOCSETIF _IOW('B', 108, struct ifreq) 132 #ifdef COMPAT_50 133 #include <compat/sys/time.h> 134 #define BIOCSORTIMEOUT _IOW('B', 109, struct timeval50) 135 #define BIOCGORTIMEOUT _IOR('B', 110, struct timeval50) 136 #endif 137 #define BIOCGSTATS _IOR('B', 111, struct bpf_stat) 138 #define BIOCGSTATSOLD _IOR('B', 111, struct bpf_stat_old) 139 #define BIOCIMMEDIATE _IOW('B', 112, u_int) 140 #define BIOCVERSION _IOR('B', 113, struct bpf_version) 141 #define BIOCSTCPF _IOW('B', 114, struct bpf_program) 142 #define BIOCSUDPF _IOW('B', 115, struct bpf_program) 143 #define BIOCGHDRCMPLT _IOR('B', 116, u_int) 144 #define BIOCSHDRCMPLT _IOW('B', 117, u_int) 145 #define BIOCSDLT _IOW('B', 118, u_int) 146 #define BIOCGDLTLIST _IOWR('B', 119, struct bpf_dltlist) 147 #define BIOCGDIRECTION _IOR('B', 120, u_int) 148 #define BIOCSDIRECTION _IOW('B', 121, u_int) 149 #define BIOCSRTIMEOUT _IOW('B', 122, struct timeval) 150 #define BIOCGRTIMEOUT _IOR('B', 123, struct timeval) 151 #define BIOCGFEEDBACK _IOR('B', 124, u_int) 152 #define BIOCSFEEDBACK _IOW('B', 125, u_int) 153 #define BIOCFEEDBACK BIOCSFEEDBACK /* FreeBSD name */ 154 #define BIOCLOCK _IO('B', 126) 155 #define BIOCSETWF _IOW('B', 127, struct bpf_program) 156 157 /* Obsolete */ 158 #define BIOCGSEESENT BIOCGDIRECTION 159 #define BIOCSSEESENT BIOCSDIRECTION 160 161 /* 162 * Packet directions. 163 * BPF_D_IN = 0, BPF_D_INOUT =1 for backward compatibility of BIOC[GS]SEESENT. 164 */ 165 #define BPF_D_IN 0 /* See incoming packets */ 166 #define BPF_D_INOUT 1 /* See incoming and outgoing packets */ 167 #define BPF_D_OUT 2 /* See outgoing packets */ 168 169 /* 170 * Structure prepended to each packet. This is "wire" format, so we 171 * cannot change it unfortunately to 64 bit times on 32 bit systems [yet]. 172 */ 173 struct bpf_timeval { 174 long tv_sec; 175 long tv_usec; 176 }; 177 178 struct bpf_timeval32 { 179 int32_t tv_sec; 180 int32_t tv_usec; 181 }; 182 183 struct bpf_hdr { 184 struct bpf_timeval bh_tstamp; /* time stamp */ 185 uint32_t bh_caplen; /* length of captured portion */ 186 uint32_t bh_datalen; /* original length of packet */ 187 uint16_t bh_hdrlen; /* length of bpf header (this struct 188 plus alignment padding) */ 189 }; 190 191 struct bpf_hdr32 { 192 struct bpf_timeval32 bh_tstamp; /* time stamp */ 193 uint32_t bh_caplen; /* length of captured portion */ 194 uint32_t bh_datalen; /* original length of packet */ 195 uint16_t bh_hdrlen; /* length of bpf header (this struct 196 plus alignment padding) */ 197 }; 198 /* 199 * Because the structure above is not a multiple of 4 bytes, some compilers 200 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. 201 * Only the kernel needs to know about it; applications use bh_hdrlen. 202 * XXX To save a few bytes on 32-bit machines, we avoid end-of-struct 203 * XXX padding by using the size of the header data elements. This is 204 * XXX fail-safe: on new machines, we just use the 'safe' sizeof. 205 */ 206 #ifdef _KERNEL 207 #if defined(__arm32__) || defined(__i386__) || defined(__m68k__) || \ 208 defined(__mips__) || defined(__ns32k__) || defined(__vax__) || \ 209 defined(__sh__) || (defined(__sparc__) && !defined(__sparc64__)) 210 #define SIZEOF_BPF_HDR 18 211 #define SIZEOF_BPF_HDR32 18 212 #else 213 #define SIZEOF_BPF_HDR sizeof(struct bpf_hdr) 214 #define SIZEOF_BPF_HDR32 sizeof(struct bpf_hdr32) 215 #endif 216 #endif 217 218 /* Pull in data-link level type codes. */ 219 #include <net/dlt.h> 220 221 /* 222 * The instruction encodings. 223 */ 224 /* instruction classes */ 225 #define BPF_CLASS(code) ((code) & 0x07) 226 #define BPF_LD 0x00 227 #define BPF_LDX 0x01 228 #define BPF_ST 0x02 229 #define BPF_STX 0x03 230 #define BPF_ALU 0x04 231 #define BPF_JMP 0x05 232 #define BPF_RET 0x06 233 #define BPF_MISC 0x07 234 235 /* ld/ldx fields */ 236 #define BPF_SIZE(code) ((code) & 0x18) 237 #define BPF_W 0x00 238 #define BPF_H 0x08 239 #define BPF_B 0x10 240 /* 0x18 reserved; used by BSD/OS */ 241 #define BPF_MODE(code) ((code) & 0xe0) 242 #define BPF_IMM 0x00 243 #define BPF_ABS 0x20 244 #define BPF_IND 0x40 245 #define BPF_MEM 0x60 246 #define BPF_LEN 0x80 247 #define BPF_MSH 0xa0 248 /* 0xc0 reserved; used by BSD/OS */ 249 /* 0xe0 reserved; used by BSD/OS */ 250 251 /* alu/jmp fields */ 252 #define BPF_OP(code) ((code) & 0xf0) 253 #define BPF_ADD 0x00 254 #define BPF_SUB 0x10 255 #define BPF_MUL 0x20 256 #define BPF_DIV 0x30 257 #define BPF_OR 0x40 258 #define BPF_AND 0x50 259 #define BPF_LSH 0x60 260 #define BPF_RSH 0x70 261 #define BPF_NEG 0x80 262 #define BPF_MOD 0x90 263 #define BPF_XOR 0xa0 264 /* 0xb0 reserved */ 265 /* 0xc0 reserved */ 266 /* 0xd0 reserved */ 267 /* 0xe0 reserved */ 268 /* 0xf0 reserved */ 269 #define BPF_JA 0x00 270 #define BPF_JEQ 0x10 271 #define BPF_JGT 0x20 272 #define BPF_JGE 0x30 273 #define BPF_JSET 0x40 274 /* 0x50 reserved; used by BSD/OS */ 275 /* 0x60 reserved */ 276 /* 0x70 reserved */ 277 /* 0x80 reserved */ 278 /* 0x90 reserved */ 279 /* 0xa0 reserved */ 280 /* 0xb0 reserved */ 281 /* 0xc0 reserved */ 282 /* 0xd0 reserved */ 283 /* 0xe0 reserved */ 284 /* 0xf0 reserved */ 285 #define BPF_SRC(code) ((code) & 0x08) 286 #define BPF_K 0x00 287 #define BPF_X 0x08 288 289 /* ret - BPF_K and BPF_X also apply */ 290 #define BPF_RVAL(code) ((code) & 0x18) 291 #define BPF_A 0x10 292 /* 0x18 reserved */ 293 294 /* misc */ 295 #define BPF_MISCOP(code) ((code) & 0xf8) 296 #define BPF_TAX 0x00 297 /* 0x10 reserved */ 298 /* 0x18 reserved */ 299 #define BPF_COP 0x20 300 /* 0x28 reserved */ 301 /* 0x30 reserved */ 302 /* 0x38 reserved */ 303 #define BPF_COPX 0x40 /* XXX: also used by BSD/OS */ 304 /* 0x48 reserved */ 305 /* 0x50 reserved */ 306 /* 0x58 reserved */ 307 /* 0x60 reserved */ 308 /* 0x68 reserved */ 309 /* 0x70 reserved */ 310 /* 0x78 reserved */ 311 #define BPF_TXA 0x80 312 /* 0x88 reserved */ 313 /* 0x90 reserved */ 314 /* 0x98 reserved */ 315 /* 0xa0 reserved */ 316 /* 0xa8 reserved */ 317 /* 0xb0 reserved */ 318 /* 0xb8 reserved */ 319 /* 0xc0 reserved; used by BSD/OS */ 320 /* 0xc8 reserved */ 321 /* 0xd0 reserved */ 322 /* 0xd8 reserved */ 323 /* 0xe0 reserved */ 324 /* 0xe8 reserved */ 325 /* 0xf0 reserved */ 326 /* 0xf8 reserved */ 327 328 /* 329 * The instruction data structure. 330 */ 331 struct bpf_insn { 332 uint16_t code; 333 u_char jt; 334 u_char jf; 335 uint32_t k; 336 }; 337 338 /* 339 * Auxiliary data, for use when interpreting a filter intended for the 340 * Linux kernel when the kernel rejects the filter (requiring us to 341 * run it in userland). It contains VLAN tag information. 342 */ 343 struct bpf_aux_data { 344 u_short vlan_tag_present; 345 u_short vlan_tag; 346 }; 347 348 /* 349 * Macros for insn array initializers. 350 */ 351 #define BPF_STMT(code, k) { (uint16_t)(code), 0, 0, k } 352 #define BPF_JUMP(code, k, jt, jf) { (uint16_t)(code), jt, jf, k } 353 354 /* 355 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 356 */ 357 #define BPF_MEMWORDS 16 358 359 /* 360 * bpf_memword_init_t: bits indicate which words in the external memory 361 * store will be initialised by the caller before BPF program execution. 362 */ 363 typedef uint32_t bpf_memword_init_t; 364 #define BPF_MEMWORD_INIT(k) (UINT32_C(1) << (k)) 365 366 /* Note: two most significant bits are reserved by bpfjit. */ 367 __CTASSERT(BPF_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY); 368 369 #ifdef _KERNEL 370 /* 371 * Max number of external memory words (for BPF_LD|BPF_MEM and BPF_ST). 372 */ 373 #define BPF_MAX_MEMWORDS 30 374 375 __CTASSERT(BPF_MAX_MEMWORDS >= BPF_MEMWORDS); 376 __CTASSERT(BPF_MAX_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY); 377 #endif 378 379 /* 380 * Structure to retrieve available DLTs for the interface. 381 */ 382 struct bpf_dltlist { 383 u_int bfl_len; /* number of bfd_list array */ 384 u_int *bfl_list; /* array of DLTs */ 385 }; 386 387 struct bpf_ctx; 388 typedef struct bpf_ctx bpf_ctx_t; 389 390 typedef struct bpf_args { 391 const uint8_t * pkt; 392 size_t wirelen; 393 size_t buflen; 394 /* 395 * The following arguments are used only by some kernel 396 * subsystems. 397 * They aren't required for classical bpf filter programs. 398 * For such programs, bpfjit generated code doesn't read 399 * those arguments at all. Note however that bpf interpreter 400 * always needs a pointer to memstore. 401 */ 402 uint32_t * mem; /* pointer to external memory store */ 403 void * arg; /* auxiliary argument for a copfunc */ 404 } bpf_args_t; 405 406 #if defined(_KERNEL) || defined(__BPF_PRIVATE) 407 408 typedef uint32_t (*bpf_copfunc_t)(const bpf_ctx_t *, bpf_args_t *, uint32_t); 409 410 struct bpf_ctx { 411 /* 412 * BPF coprocessor functions and the number of them. 413 */ 414 const bpf_copfunc_t * copfuncs; 415 size_t nfuncs; 416 417 /* 418 * The number of memory words in the external memory store. 419 * There may be up to BPF_MAX_MEMWORDS words; if zero is set, 420 * then the internal memory store is used which has a fixed 421 * number of words (BPF_MEMWORDS). 422 */ 423 size_t extwords; 424 425 /* 426 * The bitmask indicating which words in the external memstore 427 * will be initialised by the caller. 428 */ 429 bpf_memword_init_t preinited; 430 }; 431 #endif 432 433 #ifdef _KERNEL 434 #include <net/bpfjit.h> 435 #include <net/if.h> 436 437 struct bpf_if; 438 439 struct bpf_ops { 440 void (*bpf_attach)(struct ifnet *, u_int, u_int, struct bpf_if **); 441 void (*bpf_detach)(struct ifnet *); 442 void (*bpf_change_type)(struct ifnet *, u_int, u_int); 443 444 void (*bpf_mtap)(struct bpf_if *, struct mbuf *, u_int); 445 void (*bpf_mtap2)(struct bpf_if *, void *, u_int, struct mbuf *, 446 u_int); 447 void (*bpf_mtap_af)(struct bpf_if *, uint32_t, struct mbuf *, u_int); 448 void (*bpf_mtap_sl_in)(struct bpf_if *, u_char *, struct mbuf **); 449 void (*bpf_mtap_sl_out)(struct bpf_if *, u_char *, struct mbuf *); 450 451 void (*bpf_mtap_softint_init)(struct ifnet *); 452 void (*bpf_mtap_softint)(struct ifnet *, struct mbuf *); 453 }; 454 455 extern struct bpf_ops *bpf_ops; 456 457 static __inline void 458 bpf_attach(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 459 { 460 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, &_ifp->if_bpf); 461 } 462 463 static __inline void 464 bpf_attach2(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen, struct bpf_if **_dp) 465 { 466 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, _dp); 467 } 468 469 static __inline void 470 bpf_mtap(struct ifnet *_ifp, struct mbuf *_m, u_int _direction) 471 { 472 if (_ifp->if_bpf) 473 bpf_ops->bpf_mtap(_ifp->if_bpf, _m, _direction); 474 } 475 476 static __inline void 477 bpf_mtap2(struct bpf_if *_bpf, void *_data, u_int _dlen, struct mbuf *_m, 478 u_int _direction) 479 { 480 bpf_ops->bpf_mtap2(_bpf, _data, _dlen, _m, _direction); 481 } 482 483 static __inline void 484 bpf_mtap3(struct bpf_if *_bpf, struct mbuf *_m, u_int _direction) 485 { 486 if (_bpf) 487 bpf_ops->bpf_mtap(_bpf, _m, _direction); 488 } 489 490 static __inline void 491 bpf_mtap_af(struct ifnet *_ifp, uint32_t _af, struct mbuf *_m, 492 u_int _direction) 493 { 494 if (_ifp->if_bpf) 495 bpf_ops->bpf_mtap_af(_ifp->if_bpf, _af, _m, _direction); 496 } 497 498 static __inline void 499 bpf_change_type(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 500 { 501 bpf_ops->bpf_change_type(_ifp, _dlt, _hdrlen); 502 } 503 504 static __inline void 505 bpf_detach(struct ifnet *_ifp) 506 { 507 bpf_ops->bpf_detach(_ifp); 508 } 509 510 static __inline void 511 bpf_mtap_sl_in(struct ifnet *_ifp, u_char *_hdr, struct mbuf **_m) 512 { 513 bpf_ops->bpf_mtap_sl_in(_ifp->if_bpf, _hdr, _m); 514 } 515 516 static __inline void 517 bpf_mtap_sl_out(struct ifnet *_ifp, u_char *_hdr, struct mbuf *_m) 518 { 519 if (_ifp->if_bpf) 520 bpf_ops->bpf_mtap_sl_out(_ifp->if_bpf, _hdr, _m); 521 } 522 523 static __inline void 524 bpf_mtap_softint_init(struct ifnet *_ifp) 525 { 526 527 bpf_ops->bpf_mtap_softint_init(_ifp); 528 } 529 530 static __inline void 531 bpf_mtap_softint(struct ifnet *_ifp, struct mbuf *_m) 532 { 533 534 if (_ifp->if_bpf) 535 bpf_ops->bpf_mtap_softint(_ifp, _m); 536 } 537 538 void bpf_setops(void); 539 540 void bpf_ops_handover_enter(struct bpf_ops *); 541 void bpf_ops_handover_exit(void); 542 543 void bpfilterattach(int); 544 545 bpf_ctx_t *bpf_create(void); 546 void bpf_destroy(bpf_ctx_t *); 547 548 int bpf_set_cop(bpf_ctx_t *, const bpf_copfunc_t *, size_t); 549 int bpf_set_extmem(bpf_ctx_t *, size_t, bpf_memword_init_t); 550 u_int bpf_filter_ext(const bpf_ctx_t *, const struct bpf_insn *, bpf_args_t *); 551 int bpf_validate_ext(const bpf_ctx_t *, const struct bpf_insn *, int); 552 553 bpfjit_func_t bpf_jit_generate(bpf_ctx_t *, void *, size_t); 554 void bpf_jit_freecode(bpfjit_func_t); 555 556 #endif 557 558 int bpf_validate(const struct bpf_insn *, int); 559 u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 560 561 u_int bpf_filter_with_aux_data(const struct bpf_insn *, const u_char *, u_int, u_int, const struct bpf_aux_data *); 562 563 564 __END_DECLS 565 566 #endif /* !_NET_BPF_H_ */ 567