xref: /netbsd-src/sys/net/npf/npf_bpf.c (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*	$NetBSD: npf_bpf.c,v 1.6 2013/12/06 01:33:37 rmind Exp $	*/
2 
3 /*-
4  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This material is based upon work partially supported by The
8  * NetBSD Foundation under a contract with Mindaugas Rasiukevicius.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 /*
33  * NPF byte-code processing.
34  */
35 
36 #include <sys/cdefs.h>
37 __KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.6 2013/12/06 01:33:37 rmind Exp $");
38 
39 #include <sys/types.h>
40 #include <sys/param.h>
41 
42 #include <sys/mbuf.h>
43 #include <net/bpf.h>
44 
45 #define NPF_BPFCOP
46 #include "npf_impl.h"
47 
48 /*
49  * BPF context and the coprocessor.
50  */
51 
52 static bpf_ctx_t *npf_bpfctx __read_mostly;
53 
54 static uint32_t	npf_cop_l3(bpf_ctx_t *, bpf_args_t *, uint32_t);
55 static uint32_t	npf_cop_table(bpf_ctx_t *, bpf_args_t *, uint32_t);
56 
57 static const bpf_copfunc_t npf_bpfcop[] = {
58 	[NPF_COP_L3]	= npf_cop_l3,
59 	[NPF_COP_TABLE]	= npf_cop_table,
60 };
61 
62 void
63 npf_bpf_sysinit(void)
64 {
65 	npf_bpfctx = bpf_create();
66 	KASSERT(npf_bpfctx != NULL);
67 	bpf_set_cop(npf_bpfctx, npf_bpfcop, __arraycount(npf_bpfcop));
68 }
69 
70 void
71 npf_bpf_sysfini(void)
72 {
73 	bpf_destroy(npf_bpfctx);
74 }
75 
76 int
77 npf_bpf_filter(bpf_args_t *args, const void *code, bpfjit_func_t jcode)
78 {
79 #if 0
80 	/* Execute JIT-compiled code. */
81 	if (__predict_true(jcode)) {
82 		return jcode(npf_bpfctx, args);
83 	}
84 #endif
85 	/* Execute BPF byte-code. */
86 	return bpf_filter_ext(npf_bpfctx, code, args);
87 }
88 
89 void *
90 npf_bpf_compile(void *code, size_t size)
91 {
92 #if 0
93 	return bpf_jit_generate(npf_bpfctx, code, size);
94 #else
95 	return NULL;
96 #endif
97 }
98 
99 bool
100 npf_bpf_validate(const void *code, size_t len)
101 {
102 	const size_t icount = len / sizeof(struct bpf_insn);
103 	return bpf_validate_ext(npf_bpfctx, code, icount) != 0;
104 }
105 
106 /*
107  * NPF_COP_L3: fetches layer 3 information.
108  *
109  * Output words in the memory store:
110  *	BPF_MW_IPVER	IP version (4 or 6).
111  *	BPF_MW_L4OFF	L4 header offset.
112  *	BPF_MW_L4PROTO	L4 protocol.
113  */
114 static uint32_t
115 npf_cop_l3(bpf_ctx_t *bc, bpf_args_t *args, uint32_t A)
116 {
117 	const npf_cache_t * const npc = (const npf_cache_t *)args->arg;
118 	uint32_t * const M = args->mem;
119 
120 	/*
121 	 * Convert address length to IP version.  Just mask out
122 	 * number 4 or set 6 if higher bits set, such that:
123 	 *
124 	 *	0	=>	0
125 	 *	4	=>	4 (IPVERSION)
126 	 *	16	=>	6 (IPV6_VERSION >> 4)
127 	 */
128 	const u_int alen = npc->npc_alen;
129 	const uint32_t ver = (alen & 4) | ((alen >> 4) * 6);
130 
131 	M[BPF_MW_IPVER] = ver;
132 	M[BPF_MW_L4OFF] = npc->npc_hlen;
133 	M[BPF_MW_L4PROTO] = npc->npc_proto;
134 
135 	/* A <- IP version */
136 	return ver;
137 }
138 
139 #define	SRC_FLAG_BIT	(1U << 31)
140 
141 /*
142  * NPF_COP_TABLE: perform NPF table lookup.
143  *
144  *	A <- non-zero (true) if found and zero (false) otherwise
145  */
146 static uint32_t
147 npf_cop_table(bpf_ctx_t *bc, bpf_args_t *args, uint32_t A)
148 {
149 	const npf_cache_t * const npc = (const npf_cache_t *)args->arg;
150 	npf_tableset_t *tblset = npf_config_tableset();
151 	const uint32_t tid = A & (SRC_FLAG_BIT - 1);
152 	const npf_addr_t *addr;
153 	npf_table_t *t;
154 
155 	KASSERT(npf_iscached(npc, NPC_IP46));
156 
157 	if ((t = npf_tableset_getbyid(tblset, tid)) == NULL) {
158 		return 0;
159 	}
160 	addr = npc->npc_ips[(A & SRC_FLAG_BIT) ? NPF_SRC : NPF_DST];
161 	return npf_table_lookup(t, npc->npc_alen, addr) == 0;
162 }
163