1 /* $NetBSD: bpf.h,v 1.74 2019/02/26 10:30:28 msaitoh Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.h 8.2 (Berkeley) 1/9/95 37 * @(#) Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp (LBL) 38 */ 39 40 #ifndef _NET_BPF_H_ 41 #define _NET_BPF_H_ 42 43 #include <sys/ioccom.h> 44 #include <sys/time.h> 45 46 /* BSD style release date */ 47 #define BPF_RELEASE 199606 48 49 /* Date when COP instructions and external memory have been released. */ 50 #define BPF_COP_EXTMEM_RELEASE 20140624 51 52 __BEGIN_DECLS 53 54 typedef int bpf_int32; 55 typedef u_int bpf_u_int32; 56 57 /* 58 * Alignment macros. BPF_WORDALIGN rounds up to the next 59 * even multiple of BPF_ALIGNMENT. 60 */ 61 #define BPF_ALIGNMENT sizeof(long) 62 #define BPF_ALIGNMENT32 sizeof(int) 63 64 #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 65 #define BPF_WORDALIGN32(x) (((x)+(BPF_ALIGNMENT32-1))&~(BPF_ALIGNMENT32-1)) 66 67 #define BPF_MAXINSNS 512 68 #define BPF_DFLTBUFSIZE (1024*1024) /* default static upper limit */ 69 #define BPF_MAXBUFSIZE (1024*1024*16) /* hard limit on sysctl'able value */ 70 #define BPF_MINBUFSIZE 32 71 72 /* 73 * Structure for BIOCSETF. 74 */ 75 struct bpf_program { 76 u_int bf_len; 77 struct bpf_insn *bf_insns; 78 }; 79 80 /* 81 * Struct returned by BIOCGSTATS and net.bpf.stats sysctl. 82 */ 83 struct bpf_stat { 84 uint64_t bs_recv; /* number of packets received */ 85 uint64_t bs_drop; /* number of packets dropped */ 86 uint64_t bs_capt; /* number of packets captured */ 87 uint64_t bs_padding[13]; 88 }; 89 90 /* 91 * Struct returned by BIOCGSTATSOLD. 92 */ 93 struct bpf_stat_old { 94 u_int bs_recv; /* number of packets received */ 95 u_int bs_drop; /* number of packets dropped */ 96 }; 97 98 /* 99 * Struct return by BIOCVERSION. This represents the version number of 100 * the filter language described by the instruction encodings below. 101 * bpf understands a program iff kernel_major == filter_major && 102 * kernel_minor >= filter_minor, that is, if the value returned by the 103 * running kernel has the same major number and a minor number equal 104 * equal to or less than the filter being downloaded. Otherwise, the 105 * results are undefined, meaning an error may be returned or packets 106 * may be accepted haphazardly. 107 * It has nothing to do with the source code version. 108 */ 109 struct bpf_version { 110 u_short bv_major; 111 u_short bv_minor; 112 }; 113 /* Current version number of filter architecture. */ 114 #define BPF_MAJOR_VERSION 1 115 #define BPF_MINOR_VERSION 1 116 117 /* 118 * BPF ioctls 119 * 120 * The first set is for compatibility with Sun's pcc style 121 * header files. If your using gcc, we assume that you 122 * have run fixincludes so the latter set should work. 123 */ 124 #define BIOCGBLEN _IOR('B', 102, u_int) 125 #define BIOCSBLEN _IOWR('B', 102, u_int) 126 #define BIOCSETF _IOW('B', 103, struct bpf_program) 127 #define BIOCFLUSH _IO('B', 104) 128 #define BIOCPROMISC _IO('B', 105) 129 #define BIOCGDLT _IOR('B', 106, u_int) 130 #define BIOCGETIF _IOR('B', 107, struct ifreq) 131 #define BIOCSETIF _IOW('B', 108, struct ifreq) 132 #ifdef COMPAT_50 133 #include <compat/sys/time.h> 134 #define BIOCSORTIMEOUT _IOW('B', 109, struct timeval50) 135 #define BIOCGORTIMEOUT _IOR('B', 110, struct timeval50) 136 #endif 137 #define BIOCGSTATS _IOR('B', 111, struct bpf_stat) 138 #define BIOCGSTATSOLD _IOR('B', 111, struct bpf_stat_old) 139 #define BIOCIMMEDIATE _IOW('B', 112, u_int) 140 #define BIOCVERSION _IOR('B', 113, struct bpf_version) 141 #define BIOCSTCPF _IOW('B', 114, struct bpf_program) 142 #define BIOCSUDPF _IOW('B', 115, struct bpf_program) 143 #define BIOCGHDRCMPLT _IOR('B', 116, u_int) 144 #define BIOCSHDRCMPLT _IOW('B', 117, u_int) 145 #define BIOCSDLT _IOW('B', 118, u_int) 146 #define BIOCGDLTLIST _IOWR('B', 119, struct bpf_dltlist) 147 #define BIOCGDIRECTION _IOR('B', 120, u_int) 148 #define BIOCSDIRECTION _IOW('B', 121, u_int) 149 #define BIOCSRTIMEOUT _IOW('B', 122, struct timeval) 150 #define BIOCGRTIMEOUT _IOR('B', 123, struct timeval) 151 #define BIOCGFEEDBACK _IOR('B', 124, u_int) 152 #define BIOCSFEEDBACK _IOW('B', 125, u_int) 153 #define BIOCFEEDBACK BIOCSFEEDBACK /* FreeBSD name */ 154 155 /* Obsolete */ 156 #define BIOCGSEESENT BIOCGDIRECTION 157 #define BIOCSSEESENT BIOCSDIRECTION 158 159 /* 160 * Packet directions. 161 * BPF_D_IN = 0, BPF_D_INOUT =1 for backward compatibility of BIOC[GS]SEESENT. 162 */ 163 #define BPF_D_IN 0 /* See incoming packets */ 164 #define BPF_D_INOUT 1 /* See incoming and outgoing packets */ 165 #define BPF_D_OUT 2 /* See outgoing packets */ 166 167 /* 168 * Structure prepended to each packet. This is "wire" format, so we 169 * cannot change it unfortunately to 64 bit times on 32 bit systems [yet]. 170 */ 171 struct bpf_timeval { 172 long tv_sec; 173 long tv_usec; 174 }; 175 176 struct bpf_timeval32 { 177 int32_t tv_sec; 178 int32_t tv_usec; 179 }; 180 181 struct bpf_hdr { 182 struct bpf_timeval bh_tstamp; /* time stamp */ 183 uint32_t bh_caplen; /* length of captured portion */ 184 uint32_t bh_datalen; /* original length of packet */ 185 uint16_t bh_hdrlen; /* length of bpf header (this struct 186 plus alignment padding) */ 187 }; 188 189 struct bpf_hdr32 { 190 struct bpf_timeval32 bh_tstamp; /* time stamp */ 191 uint32_t bh_caplen; /* length of captured portion */ 192 uint32_t bh_datalen; /* original length of packet */ 193 uint16_t bh_hdrlen; /* length of bpf header (this struct 194 plus alignment padding) */ 195 }; 196 /* 197 * Because the structure above is not a multiple of 4 bytes, some compilers 198 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. 199 * Only the kernel needs to know about it; applications use bh_hdrlen. 200 * XXX To save a few bytes on 32-bit machines, we avoid end-of-struct 201 * XXX padding by using the size of the header data elements. This is 202 * XXX fail-safe: on new machines, we just use the 'safe' sizeof. 203 */ 204 #ifdef _KERNEL 205 #if defined(__arm32__) || defined(__i386__) || defined(__m68k__) || \ 206 defined(__mips__) || defined(__ns32k__) || defined(__vax__) || \ 207 defined(__sh__) || (defined(__sparc__) && !defined(__sparc64__)) 208 #define SIZEOF_BPF_HDR 18 209 #define SIZEOF_BPF_HDR32 18 210 #else 211 #define SIZEOF_BPF_HDR sizeof(struct bpf_hdr) 212 #define SIZEOF_BPF_HDR32 sizeof(struct bpf_hdr32) 213 #endif 214 #endif 215 216 /* Pull in data-link level type codes. */ 217 #include <net/dlt.h> 218 219 /* 220 * The instruction encodings. 221 */ 222 /* instruction classes */ 223 #define BPF_CLASS(code) ((code) & 0x07) 224 #define BPF_LD 0x00 225 #define BPF_LDX 0x01 226 #define BPF_ST 0x02 227 #define BPF_STX 0x03 228 #define BPF_ALU 0x04 229 #define BPF_JMP 0x05 230 #define BPF_RET 0x06 231 #define BPF_MISC 0x07 232 233 /* ld/ldx fields */ 234 #define BPF_SIZE(code) ((code) & 0x18) 235 #define BPF_W 0x00 236 #define BPF_H 0x08 237 #define BPF_B 0x10 238 /* 0x18 reserved; used by BSD/OS */ 239 #define BPF_MODE(code) ((code) & 0xe0) 240 #define BPF_IMM 0x00 241 #define BPF_ABS 0x20 242 #define BPF_IND 0x40 243 #define BPF_MEM 0x60 244 #define BPF_LEN 0x80 245 #define BPF_MSH 0xa0 246 /* 0xc0 reserved; used by BSD/OS */ 247 /* 0xe0 reserved; used by BSD/OS */ 248 249 /* alu/jmp fields */ 250 #define BPF_OP(code) ((code) & 0xf0) 251 #define BPF_ADD 0x00 252 #define BPF_SUB 0x10 253 #define BPF_MUL 0x20 254 #define BPF_DIV 0x30 255 #define BPF_OR 0x40 256 #define BPF_AND 0x50 257 #define BPF_LSH 0x60 258 #define BPF_RSH 0x70 259 #define BPF_NEG 0x80 260 #define BPF_MOD 0x90 261 #define BPF_XOR 0xa0 262 /* 0xb0 reserved */ 263 /* 0xc0 reserved */ 264 /* 0xd0 reserved */ 265 /* 0xe0 reserved */ 266 /* 0xf0 reserved */ 267 #define BPF_JA 0x00 268 #define BPF_JEQ 0x10 269 #define BPF_JGT 0x20 270 #define BPF_JGE 0x30 271 #define BPF_JSET 0x40 272 /* 0x50 reserved; used by BSD/OS */ 273 /* 0x60 reserved */ 274 /* 0x70 reserved */ 275 /* 0x80 reserved */ 276 /* 0x90 reserved */ 277 /* 0xa0 reserved */ 278 /* 0xb0 reserved */ 279 /* 0xc0 reserved */ 280 /* 0xd0 reserved */ 281 /* 0xe0 reserved */ 282 /* 0xf0 reserved */ 283 #define BPF_SRC(code) ((code) & 0x08) 284 #define BPF_K 0x00 285 #define BPF_X 0x08 286 287 /* ret - BPF_K and BPF_X also apply */ 288 #define BPF_RVAL(code) ((code) & 0x18) 289 #define BPF_A 0x10 290 /* 0x18 reserved */ 291 292 /* misc */ 293 #define BPF_MISCOP(code) ((code) & 0xf8) 294 #define BPF_TAX 0x00 295 /* 0x10 reserved */ 296 /* 0x18 reserved */ 297 #define BPF_COP 0x20 298 /* 0x28 reserved */ 299 /* 0x30 reserved */ 300 /* 0x38 reserved */ 301 #define BPF_COPX 0x40 /* XXX: also used by BSD/OS */ 302 /* 0x48 reserved */ 303 /* 0x50 reserved */ 304 /* 0x58 reserved */ 305 /* 0x60 reserved */ 306 /* 0x68 reserved */ 307 /* 0x70 reserved */ 308 /* 0x78 reserved */ 309 #define BPF_TXA 0x80 310 /* 0x88 reserved */ 311 /* 0x90 reserved */ 312 /* 0x98 reserved */ 313 /* 0xa0 reserved */ 314 /* 0xa8 reserved */ 315 /* 0xb0 reserved */ 316 /* 0xb8 reserved */ 317 /* 0xc0 reserved; used by BSD/OS */ 318 /* 0xc8 reserved */ 319 /* 0xd0 reserved */ 320 /* 0xd8 reserved */ 321 /* 0xe0 reserved */ 322 /* 0xe8 reserved */ 323 /* 0xf0 reserved */ 324 /* 0xf8 reserved */ 325 326 /* 327 * The instruction data structure. 328 */ 329 struct bpf_insn { 330 uint16_t code; 331 u_char jt; 332 u_char jf; 333 uint32_t k; 334 }; 335 336 /* 337 * Auxiliary data, for use when interpreting a filter intended for the 338 * Linux kernel when the kernel rejects the filter (requiring us to 339 * run it in userland). It contains VLAN tag information. 340 */ 341 struct bpf_aux_data { 342 u_short vlan_tag_present; 343 u_short vlan_tag; 344 }; 345 346 /* 347 * Macros for insn array initializers. 348 */ 349 #define BPF_STMT(code, k) { (uint16_t)(code), 0, 0, k } 350 #define BPF_JUMP(code, k, jt, jf) { (uint16_t)(code), jt, jf, k } 351 352 /* 353 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 354 */ 355 #define BPF_MEMWORDS 16 356 357 /* 358 * bpf_memword_init_t: bits indicate which words in the external memory 359 * store will be initialised by the caller before BPF program execution. 360 */ 361 typedef uint32_t bpf_memword_init_t; 362 #define BPF_MEMWORD_INIT(k) (UINT32_C(1) << (k)) 363 364 /* Note: two most significant bits are reserved by bpfjit. */ 365 __CTASSERT(BPF_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY); 366 367 #ifdef _KERNEL 368 /* 369 * Max number of external memory words (for BPF_LD|BPF_MEM and BPF_ST). 370 */ 371 #define BPF_MAX_MEMWORDS 30 372 373 __CTASSERT(BPF_MAX_MEMWORDS >= BPF_MEMWORDS); 374 __CTASSERT(BPF_MAX_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY); 375 #endif 376 377 /* 378 * Structure to retrieve available DLTs for the interface. 379 */ 380 struct bpf_dltlist { 381 u_int bfl_len; /* number of bfd_list array */ 382 u_int *bfl_list; /* array of DLTs */ 383 }; 384 385 struct bpf_ctx; 386 typedef struct bpf_ctx bpf_ctx_t; 387 388 typedef struct bpf_args { 389 const uint8_t * pkt; 390 size_t wirelen; 391 size_t buflen; 392 /* 393 * The following arguments are used only by some kernel 394 * subsystems. 395 * They aren't required for classical bpf filter programs. 396 * For such programs, bpfjit generated code doesn't read 397 * those arguments at all. Note however that bpf interpreter 398 * always needs a pointer to memstore. 399 */ 400 uint32_t * mem; /* pointer to external memory store */ 401 void * arg; /* auxiliary argument for a copfunc */ 402 } bpf_args_t; 403 404 #if defined(_KERNEL) || defined(__BPF_PRIVATE) 405 406 typedef uint32_t (*bpf_copfunc_t)(const bpf_ctx_t *, bpf_args_t *, uint32_t); 407 408 struct bpf_ctx { 409 /* 410 * BPF coprocessor functions and the number of them. 411 */ 412 const bpf_copfunc_t * copfuncs; 413 size_t nfuncs; 414 415 /* 416 * The number of memory words in the external memory store. 417 * There may be up to BPF_MAX_MEMWORDS words; if zero is set, 418 * then the internal memory store is used which has a fixed 419 * number of words (BPF_MEMWORDS). 420 */ 421 size_t extwords; 422 423 /* 424 * The bitmask indicating which words in the external memstore 425 * will be initialised by the caller. 426 */ 427 bpf_memword_init_t preinited; 428 }; 429 #endif 430 431 #ifdef _KERNEL 432 #include <net/bpfjit.h> 433 #include <net/if.h> 434 435 struct bpf_if; 436 437 struct bpf_ops { 438 void (*bpf_attach)(struct ifnet *, u_int, u_int, struct bpf_if **); 439 void (*bpf_detach)(struct ifnet *); 440 void (*bpf_change_type)(struct ifnet *, u_int, u_int); 441 442 void (*bpf_mtap)(struct bpf_if *, struct mbuf *, u_int); 443 void (*bpf_mtap2)(struct bpf_if *, void *, u_int, struct mbuf *, 444 u_int); 445 void (*bpf_mtap_af)(struct bpf_if *, uint32_t, struct mbuf *, u_int); 446 void (*bpf_mtap_sl_in)(struct bpf_if *, u_char *, struct mbuf **); 447 void (*bpf_mtap_sl_out)(struct bpf_if *, u_char *, struct mbuf *); 448 449 void (*bpf_mtap_softint_init)(struct ifnet *); 450 void (*bpf_mtap_softint)(struct ifnet *, struct mbuf *); 451 }; 452 453 extern struct bpf_ops *bpf_ops; 454 455 static __inline void 456 bpf_attach(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 457 { 458 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, &_ifp->if_bpf); 459 } 460 461 static __inline void 462 bpf_attach2(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen, struct bpf_if **_dp) 463 { 464 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, _dp); 465 } 466 467 static __inline void 468 bpf_mtap(struct ifnet *_ifp, struct mbuf *_m, u_int _direction) 469 { 470 if (_ifp->if_bpf) 471 bpf_ops->bpf_mtap(_ifp->if_bpf, _m, _direction); 472 } 473 474 static __inline void 475 bpf_mtap2(struct bpf_if *_bpf, void *_data, u_int _dlen, struct mbuf *_m, 476 u_int _direction) 477 { 478 bpf_ops->bpf_mtap2(_bpf, _data, _dlen, _m, _direction); 479 } 480 481 static __inline void 482 bpf_mtap3(struct bpf_if *_bpf, struct mbuf *_m, u_int _direction) 483 { 484 if (_bpf) 485 bpf_ops->bpf_mtap(_bpf, _m, _direction); 486 } 487 488 static __inline void 489 bpf_mtap_af(struct ifnet *_ifp, uint32_t _af, struct mbuf *_m, 490 u_int _direction) 491 { 492 if (_ifp->if_bpf) 493 bpf_ops->bpf_mtap_af(_ifp->if_bpf, _af, _m, _direction); 494 } 495 496 static __inline void 497 bpf_change_type(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 498 { 499 bpf_ops->bpf_change_type(_ifp, _dlt, _hdrlen); 500 } 501 502 static __inline void 503 bpf_detach(struct ifnet *_ifp) 504 { 505 bpf_ops->bpf_detach(_ifp); 506 } 507 508 static __inline void 509 bpf_mtap_sl_in(struct ifnet *_ifp, u_char *_hdr, struct mbuf **_m) 510 { 511 bpf_ops->bpf_mtap_sl_in(_ifp->if_bpf, _hdr, _m); 512 } 513 514 static __inline void 515 bpf_mtap_sl_out(struct ifnet *_ifp, u_char *_hdr, struct mbuf *_m) 516 { 517 if (_ifp->if_bpf) 518 bpf_ops->bpf_mtap_sl_out(_ifp->if_bpf, _hdr, _m); 519 } 520 521 static __inline void 522 bpf_mtap_softint_init(struct ifnet *_ifp) 523 { 524 525 bpf_ops->bpf_mtap_softint_init(_ifp); 526 } 527 528 static __inline void 529 bpf_mtap_softint(struct ifnet *_ifp, struct mbuf *_m) 530 { 531 532 if (_ifp->if_bpf) 533 bpf_ops->bpf_mtap_softint(_ifp, _m); 534 } 535 536 void bpf_setops(void); 537 538 void bpf_ops_handover_enter(struct bpf_ops *); 539 void bpf_ops_handover_exit(void); 540 541 void bpfilterattach(int); 542 543 bpf_ctx_t *bpf_create(void); 544 void bpf_destroy(bpf_ctx_t *); 545 546 int bpf_set_cop(bpf_ctx_t *, const bpf_copfunc_t *, size_t); 547 int bpf_set_extmem(bpf_ctx_t *, size_t, bpf_memword_init_t); 548 u_int bpf_filter_ext(const bpf_ctx_t *, const struct bpf_insn *, bpf_args_t *); 549 int bpf_validate_ext(const bpf_ctx_t *, const struct bpf_insn *, int); 550 551 bpfjit_func_t bpf_jit_generate(bpf_ctx_t *, void *, size_t); 552 void bpf_jit_freecode(bpfjit_func_t); 553 554 #endif 555 556 int bpf_validate(const struct bpf_insn *, int); 557 u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 558 559 u_int bpf_filter_with_aux_data(const struct bpf_insn *, const u_char *, u_int, u_int, const struct bpf_aux_data *); 560 561 562 __END_DECLS 563 564 #endif /* !_NET_BPF_H_ */ 565