1 /* $OpenBSD: bpf.c,v 1.41 2003/10/24 04:26:16 canacar Exp $ */ 2 /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ 3 4 /* 5 * Copyright (c) 1990, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * This code is derived from the Stanford/CMU enet packet filter, 9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 11 * Berkeley Laboratory. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 38 */ 39 40 #include "bpfilter.h" 41 42 #include <sys/param.h> 43 #include <sys/mbuf.h> 44 #include <sys/proc.h> 45 #include <sys/signalvar.h> 46 #include <sys/ioctl.h> 47 #include <sys/conf.h> 48 #include <sys/vnode.h> 49 #include <sys/file.h> 50 #include <sys/socket.h> 51 #include <sys/poll.h> 52 #include <sys/kernel.h> 53 54 #include <net/if.h> 55 #include <net/bpf.h> 56 #include <net/bpfdesc.h> 57 58 #include <netinet/in.h> 59 #include <netinet/if_arc.h> 60 #include <netinet/if_ether.h> 61 62 #define BPF_BUFSIZE 9216 /* 8192 too small for ATM frames */ 63 64 #define PRINET 26 /* interruptible */ 65 66 /* 67 * The default read buffer size is patchable. 68 */ 69 int bpf_bufsize = BPF_BUFSIZE; 70 71 /* 72 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 73 * bpf_dtab holds the descriptors, indexed by minor device # 74 */ 75 struct bpf_if *bpf_iflist; 76 struct bpf_d *bpf_dtab; 77 int nbpfilter; 78 79 int bpf_allocbufs(struct bpf_d *); 80 void bpf_freed(struct bpf_d *); 81 void bpf_ifname(struct ifnet *, struct ifreq *); 82 void bpf_mcopy(const void *, void *, size_t); 83 int bpf_movein(struct uio *, int, struct mbuf **, 84 struct sockaddr *, struct bpf_insn *); 85 void bpf_attachd(struct bpf_d *, struct bpf_if *); 86 void bpf_detachd(struct bpf_d *); 87 int bpf_setif(struct bpf_d *, struct ifreq *); 88 int bpfpoll(dev_t, int, struct proc *); 89 int bpfkqfilter(dev_t, struct knote *); 90 static __inline void bpf_wakeup(struct bpf_d *); 91 void bpf_catchpacket(struct bpf_d *, u_char *, size_t, size_t, 92 void (*)(const void *, void *, size_t)); 93 void bpf_reset_d(struct bpf_d *); 94 95 void filt_bpfrdetach(struct knote *); 96 int filt_bpfread(struct knote *, long); 97 98 int 99 bpf_movein(uio, linktype, mp, sockp, filter) 100 register struct uio *uio; 101 int linktype; 102 register struct mbuf **mp; 103 register struct sockaddr *sockp; 104 struct bpf_insn *filter; 105 { 106 struct mbuf *m; 107 int error; 108 u_int hlen; 109 u_int len; 110 u_int slen; 111 112 /* 113 * Build a sockaddr based on the data link layer type. 114 * We do this at this level because the ethernet header 115 * is copied directly into the data field of the sockaddr. 116 * In the case of SLIP, there is no header and the packet 117 * is forwarded as is. 118 * Also, we are careful to leave room at the front of the mbuf 119 * for the link level header. 120 */ 121 switch (linktype) { 122 123 case DLT_SLIP: 124 sockp->sa_family = AF_INET; 125 hlen = 0; 126 break; 127 128 case DLT_PPP: 129 sockp->sa_family = AF_UNSPEC; 130 hlen = 0; 131 break; 132 133 case DLT_EN10MB: 134 sockp->sa_family = AF_UNSPEC; 135 /* XXX Would MAXLINKHDR be better? */ 136 hlen = sizeof(struct ether_header); 137 break; 138 139 case DLT_ARCNET: 140 sockp->sa_family = AF_UNSPEC; 141 hlen = ARC_HDRLEN; 142 break; 143 144 case DLT_FDDI: 145 sockp->sa_family = AF_UNSPEC; 146 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */ 147 hlen = 24; 148 break; 149 150 case DLT_RAW: 151 case DLT_NULL: 152 sockp->sa_family = AF_UNSPEC; 153 hlen = 0; 154 break; 155 156 case DLT_ATM_RFC1483: 157 /* 158 * en atm driver requires 4-byte atm pseudo header. 159 * though it isn't standard, vpi:vci needs to be 160 * specified anyway. 161 */ 162 sockp->sa_family = AF_UNSPEC; 163 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 164 break; 165 166 default: 167 return (EIO); 168 } 169 170 len = uio->uio_resid; 171 if (len > MCLBYTES) 172 return (EIO); 173 174 MGETHDR(m, M_WAIT, MT_DATA); 175 m->m_pkthdr.rcvif = 0; 176 m->m_pkthdr.len = len - hlen; 177 178 if (len > MHLEN) { 179 MCLGET(m, M_WAIT); 180 if ((m->m_flags & M_EXT) == 0) { 181 error = ENOBUFS; 182 goto bad; 183 } 184 } 185 m->m_len = len; 186 *mp = m; 187 188 error = uiomove(mtod(m, caddr_t), len, uio); 189 if (error) 190 goto bad; 191 192 slen = bpf_filter(filter, mtod(m, u_char *), len, len); 193 if (slen < len) { 194 error = EPERM; 195 goto bad; 196 } 197 198 if (m->m_len < hlen) { 199 error = EPERM; 200 goto bad; 201 } 202 /* 203 * Make room for link header, and copy it to sockaddr 204 */ 205 if (hlen != 0) { 206 bcopy(m->m_data, sockp->sa_data, hlen); 207 m->m_len -= hlen; 208 m->m_data += hlen; /* XXX */ 209 } 210 211 return (0); 212 bad: 213 m_freem(m); 214 return (error); 215 } 216 217 /* 218 * Attach file to the bpf interface, i.e. make d listen on bp. 219 * Must be called at splimp. 220 */ 221 void 222 bpf_attachd(d, bp) 223 struct bpf_d *d; 224 struct bpf_if *bp; 225 { 226 /* 227 * Point d at bp, and add d to the interface's list of listeners. 228 * Finally, point the driver's bpf cookie at the interface so 229 * it will divert packets to bpf. 230 */ 231 d->bd_bif = bp; 232 d->bd_next = bp->bif_dlist; 233 bp->bif_dlist = d; 234 235 *bp->bif_driverp = bp; 236 } 237 238 /* 239 * Detach a file from its interface. 240 */ 241 void 242 bpf_detachd(d) 243 struct bpf_d *d; 244 { 245 struct bpf_d **p; 246 struct bpf_if *bp; 247 248 bp = d->bd_bif; 249 /* 250 * Check if this descriptor had requested promiscuous mode. 251 * If so, turn it off. 252 */ 253 if (d->bd_promisc) { 254 int error; 255 256 d->bd_promisc = 0; 257 error = ifpromisc(bp->bif_ifp, 0); 258 if (error && !(error == EINVAL || error == ENODEV)) 259 /* 260 * Something is really wrong if we were able to put 261 * the driver into promiscuous mode, but can't 262 * take it out. 263 */ 264 panic("bpf: ifpromisc failed"); 265 } 266 /* Remove d from the interface's descriptor list. */ 267 p = &bp->bif_dlist; 268 while (*p != d) { 269 p = &(*p)->bd_next; 270 if (*p == 0) 271 panic("bpf_detachd: descriptor not in list"); 272 } 273 *p = (*p)->bd_next; 274 if (bp->bif_dlist == 0) 275 /* 276 * Let the driver know that there are no more listeners. 277 */ 278 *d->bd_bif->bif_driverp = 0; 279 d->bd_bif = 0; 280 } 281 282 283 /* 284 * Mark a descriptor free by making it point to itself. 285 * This is probably cheaper than marking with a constant since 286 * the address should be in a register anyway. 287 */ 288 #define D_ISFREE(d) ((d) == (d)->bd_next) 289 #define D_MARKFREE(d) ((d)->bd_next = (d)) 290 #define D_MARKUSED(d) ((d)->bd_next = 0) 291 292 /* 293 * bpfilterattach() is called at boot time in new systems. We do 294 * nothing here since old systems will not call this. 295 */ 296 /* ARGSUSED */ 297 void 298 bpfilterattach(n) 299 int n; 300 { 301 int i; 302 303 bpf_dtab = malloc(n * sizeof(*bpf_dtab), M_DEVBUF, M_NOWAIT); 304 if (!bpf_dtab) 305 return; 306 nbpfilter = n; 307 bzero(bpf_dtab, n * sizeof(*bpf_dtab)); 308 /* 309 * Mark all the descriptors free if this hasn't been done. 310 */ 311 if (!D_ISFREE(&bpf_dtab[0])) 312 for (i = 0; i < nbpfilter; ++i) 313 D_MARKFREE(&bpf_dtab[i]); 314 } 315 316 /* 317 * Open ethernet device. Returns ENXIO for illegal minor device number, 318 * EBUSY if file is open by another process. 319 */ 320 /* ARGSUSED */ 321 int 322 bpfopen(dev, flag, mode, p) 323 dev_t dev; 324 int flag; 325 int mode; 326 struct proc *p; 327 { 328 register struct bpf_d *d; 329 330 if (minor(dev) >= nbpfilter) 331 return (ENXIO); 332 /* 333 * Each minor can be opened by only one process. If the requested 334 * minor is in use, return EBUSY. 335 */ 336 d = &bpf_dtab[minor(dev)]; 337 if (!D_ISFREE(d)) 338 return (EBUSY); 339 340 /* Mark "free" and do most initialization. */ 341 bzero((char *)d, sizeof(*d)); 342 d->bd_bufsize = bpf_bufsize; 343 d->bd_sig = SIGIO; 344 345 return (0); 346 } 347 348 /* 349 * Close the descriptor by detaching it from its interface, 350 * deallocating its buffers, and marking it free. 351 */ 352 /* ARGSUSED */ 353 int 354 bpfclose(dev, flag, mode, p) 355 dev_t dev; 356 int flag; 357 int mode; 358 struct proc *p; 359 { 360 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 361 register int s; 362 363 s = splimp(); 364 if (d->bd_bif) 365 bpf_detachd(d); 366 splx(s); 367 bpf_freed(d); 368 369 return (0); 370 } 371 372 /* 373 * Rotate the packet buffers in descriptor d. Move the store buffer 374 * into the hold slot, and the free buffer into the store slot. 375 * Zero the length of the new store buffer. 376 */ 377 #define ROTATE_BUFFERS(d) \ 378 (d)->bd_hbuf = (d)->bd_sbuf; \ 379 (d)->bd_hlen = (d)->bd_slen; \ 380 (d)->bd_sbuf = (d)->bd_fbuf; \ 381 (d)->bd_slen = 0; \ 382 (d)->bd_fbuf = 0; 383 /* 384 * bpfread - read next chunk of packets from buffers 385 */ 386 int 387 bpfread(dev, uio, ioflag) 388 dev_t dev; 389 register struct uio *uio; 390 int ioflag; 391 { 392 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 393 int error; 394 int s; 395 396 if (d->bd_bif == 0) 397 return (ENXIO); 398 399 /* 400 * Restrict application to use a buffer the same size as 401 * as kernel buffers. 402 */ 403 if (uio->uio_resid != d->bd_bufsize) 404 return (EINVAL); 405 406 s = splimp(); 407 408 /* 409 * bd_rdStart is tagged when we start the read, iff there's a timeout. 410 * we can then figure out when we're done reading. 411 */ 412 if (d->bd_rtout != -1 && d->bd_rdStart == 0) 413 d->bd_rdStart = ticks; 414 else 415 d->bd_rdStart = 0; 416 417 /* 418 * If the hold buffer is empty, then do a timed sleep, which 419 * ends when the timeout expires or when enough packets 420 * have arrived to fill the store buffer. 421 */ 422 while (d->bd_hbuf == 0) { 423 if (d->bd_immediate && d->bd_slen != 0) { 424 /* 425 * A packet(s) either arrived since the previous 426 * read or arrived while we were asleep. 427 * Rotate the buffers and return what's here. 428 */ 429 ROTATE_BUFFERS(d); 430 break; 431 } 432 if ((d->bd_rtout != -1) || (d->bd_rdStart + d->bd_rtout) < ticks) { 433 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 434 d->bd_rtout); 435 } else { 436 if (d->bd_rtout == -1) { 437 /* User requested non-blocking I/O */ 438 error = EWOULDBLOCK; 439 } else 440 error = 0; 441 } 442 if (error == EINTR || error == ERESTART) { 443 splx(s); 444 return (error); 445 } 446 if (error == EWOULDBLOCK) { 447 /* 448 * On a timeout, return what's in the buffer, 449 * which may be nothing. If there is something 450 * in the store buffer, we can rotate the buffers. 451 */ 452 if (d->bd_hbuf) 453 /* 454 * We filled up the buffer in between 455 * getting the timeout and arriving 456 * here, so we don't need to rotate. 457 */ 458 break; 459 460 if (d->bd_slen == 0) { 461 splx(s); 462 return (0); 463 } 464 ROTATE_BUFFERS(d); 465 break; 466 } 467 } 468 /* 469 * At this point, we know we have something in the hold slot. 470 */ 471 splx(s); 472 473 /* 474 * Move data from hold buffer into user space. 475 * We know the entire buffer is transferred since 476 * we checked above that the read buffer is bpf_bufsize bytes. 477 */ 478 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 479 480 s = splimp(); 481 d->bd_fbuf = d->bd_hbuf; 482 d->bd_hbuf = 0; 483 d->bd_hlen = 0; 484 splx(s); 485 486 return (error); 487 } 488 489 490 /* 491 * If there are processes sleeping on this descriptor, wake them up. 492 */ 493 static __inline void 494 bpf_wakeup(d) 495 register struct bpf_d *d; 496 { 497 wakeup((caddr_t)d); 498 if (d->bd_async && d->bd_sig) 499 csignal(d->bd_pgid, d->bd_sig, 500 d->bd_siguid, d->bd_sigeuid); 501 502 selwakeup(&d->bd_sel); 503 /* XXX */ 504 d->bd_sel.si_selpid = 0; 505 KNOTE(&d->bd_sel.si_note, 0); 506 } 507 508 int 509 bpfwrite(dev, uio, ioflag) 510 dev_t dev; 511 struct uio *uio; 512 int ioflag; 513 { 514 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 515 struct ifnet *ifp; 516 struct mbuf *m; 517 int error, s; 518 struct sockaddr_storage dst; 519 520 if (d->bd_bif == 0) 521 return (ENXIO); 522 523 ifp = d->bd_bif->bif_ifp; 524 525 if (uio->uio_resid == 0) 526 return (0); 527 528 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, 529 (struct sockaddr *)&dst, d->bd_wfilter); 530 if (error) 531 return (error); 532 533 if (m->m_pkthdr.len > ifp->if_mtu) { 534 m_freem(m); 535 return (EMSGSIZE); 536 } 537 538 if (d->bd_hdrcmplt) 539 dst.ss_family = pseudo_AF_HDRCMPLT; 540 541 s = splsoftnet(); 542 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)&dst, 543 (struct rtentry *)0); 544 splx(s); 545 /* 546 * The driver frees the mbuf. 547 */ 548 return (error); 549 } 550 551 /* 552 * Reset a descriptor by flushing its packet buffer and clearing the 553 * receive and drop counts. Should be called at splimp. 554 */ 555 void 556 bpf_reset_d(d) 557 struct bpf_d *d; 558 { 559 if (d->bd_hbuf) { 560 /* Free the hold buffer. */ 561 d->bd_fbuf = d->bd_hbuf; 562 d->bd_hbuf = 0; 563 } 564 d->bd_slen = 0; 565 d->bd_hlen = 0; 566 d->bd_rcount = 0; 567 d->bd_dcount = 0; 568 } 569 570 /* 571 * FIONREAD Check for read packet available. 572 * BIOCGBLEN Get buffer len [for read()]. 573 * BIOCSETF Set ethernet read filter. 574 * BIOCFLUSH Flush read packet buffer. 575 * BIOCPROMISC Put interface into promiscuous mode. 576 * BIOCGDLT Get link layer type. 577 * BIOCGETIF Get interface name. 578 * BIOCSETIF Set interface. 579 * BIOCSRTIMEOUT Set read timeout. 580 * BIOCGRTIMEOUT Get read timeout. 581 * BIOCGSTATS Get packet stats. 582 * BIOCIMMEDIATE Set immediate mode. 583 * BIOCVERSION Get filter language version. 584 * BIOCGHDRCMPLT Get "header already complete" flag 585 * BIOCSHDRCMPLT Set "header already complete" flag 586 */ 587 /* ARGSUSED */ 588 int 589 bpfioctl(dev, cmd, addr, flag, p) 590 dev_t dev; 591 u_long cmd; 592 caddr_t addr; 593 int flag; 594 struct proc *p; 595 { 596 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 597 int s, error = 0; 598 599 if (d->bd_locked && suser(p, 0) != 0) { 600 /* list of allowed ioctls when locked and not root */ 601 switch (cmd) { 602 case BIOCGBLEN: 603 case BIOCFLUSH: 604 case BIOCGDLT: 605 case BIOCGETIF: 606 case BIOCGRTIMEOUT: 607 case BIOCGSTATS: 608 case BIOCVERSION: 609 case BIOCGRSIG: 610 case BIOCGHDRCMPLT: 611 case FIONREAD: 612 case BIOCLOCK: 613 case BIOCSRTIMEOUT: 614 case BIOCIMMEDIATE: 615 case TIOCGPGRP: 616 break; 617 default: 618 return (EPERM); 619 } 620 } 621 622 switch (cmd) { 623 624 default: 625 error = EINVAL; 626 break; 627 628 /* 629 * Check for read packet available. 630 */ 631 case FIONREAD: 632 { 633 int n; 634 635 s = splimp(); 636 n = d->bd_slen; 637 if (d->bd_hbuf) 638 n += d->bd_hlen; 639 splx(s); 640 641 *(int *)addr = n; 642 break; 643 } 644 645 /* 646 * Get buffer len [for read()]. 647 */ 648 case BIOCGBLEN: 649 *(u_int *)addr = d->bd_bufsize; 650 break; 651 652 /* 653 * Set buffer length. 654 */ 655 case BIOCSBLEN: 656 if (d->bd_bif != 0) 657 error = EINVAL; 658 else { 659 register u_int size = *(u_int *)addr; 660 661 if (size > BPF_MAXBUFSIZE) 662 *(u_int *)addr = size = BPF_MAXBUFSIZE; 663 else if (size < BPF_MINBUFSIZE) 664 *(u_int *)addr = size = BPF_MINBUFSIZE; 665 d->bd_bufsize = size; 666 } 667 break; 668 669 /* 670 * Set link layer read filter. 671 */ 672 case BIOCSETF: 673 error = bpf_setf(d, (struct bpf_program *)addr, 0); 674 break; 675 676 /* 677 * Set link layer write filter. 678 */ 679 case BIOCSETWF: 680 error = bpf_setf(d, (struct bpf_program *)addr, 1); 681 break; 682 683 /* 684 * Flush read packet buffer. 685 */ 686 case BIOCFLUSH: 687 s = splimp(); 688 bpf_reset_d(d); 689 splx(s); 690 break; 691 692 /* 693 * Put interface into promiscuous mode. 694 */ 695 case BIOCPROMISC: 696 if (d->bd_bif == 0) { 697 /* 698 * No interface attached yet. 699 */ 700 error = EINVAL; 701 break; 702 } 703 s = splimp(); 704 if (d->bd_promisc == 0) { 705 error = ifpromisc(d->bd_bif->bif_ifp, 1); 706 if (error == 0) 707 d->bd_promisc = 1; 708 } 709 splx(s); 710 break; 711 712 /* 713 * Get device parameters. 714 */ 715 case BIOCGDLT: 716 if (d->bd_bif == 0) 717 error = EINVAL; 718 else 719 *(u_int *)addr = d->bd_bif->bif_dlt; 720 break; 721 722 /* 723 * Set interface name. 724 */ 725 case BIOCGETIF: 726 if (d->bd_bif == 0) 727 error = EINVAL; 728 else 729 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 730 break; 731 732 /* 733 * Set interface. 734 */ 735 case BIOCSETIF: 736 error = bpf_setif(d, (struct ifreq *)addr); 737 break; 738 739 /* 740 * Set read timeout. 741 */ 742 case BIOCSRTIMEOUT: 743 { 744 struct timeval *tv = (struct timeval *)addr; 745 746 /* Compute number of ticks. */ 747 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 748 if (d->bd_rtout == 0 && tv->tv_usec != 0) 749 d->bd_rtout = 1; 750 break; 751 } 752 753 /* 754 * Get read timeout. 755 */ 756 case BIOCGRTIMEOUT: 757 { 758 struct timeval *tv = (struct timeval *)addr; 759 760 tv->tv_sec = d->bd_rtout / hz; 761 tv->tv_usec = (d->bd_rtout % hz) * tick; 762 break; 763 } 764 765 /* 766 * Get packet stats. 767 */ 768 case BIOCGSTATS: 769 { 770 struct bpf_stat *bs = (struct bpf_stat *)addr; 771 772 bs->bs_recv = d->bd_rcount; 773 bs->bs_drop = d->bd_dcount; 774 break; 775 } 776 777 /* 778 * Set immediate mode. 779 */ 780 case BIOCIMMEDIATE: 781 d->bd_immediate = *(u_int *)addr; 782 break; 783 784 case BIOCVERSION: 785 { 786 struct bpf_version *bv = (struct bpf_version *)addr; 787 788 bv->bv_major = BPF_MAJOR_VERSION; 789 bv->bv_minor = BPF_MINOR_VERSION; 790 break; 791 } 792 793 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 794 *(u_int *)addr = d->bd_hdrcmplt; 795 break; 796 797 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 798 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 799 break; 800 801 case BIOCLOCK: /* set "locked" flag (no reset) */ 802 d->bd_locked = 1; 803 break; 804 805 case FIONBIO: /* Non-blocking I/O */ 806 if (*(int *)addr) 807 d->bd_rtout = -1; 808 else 809 d->bd_rtout = 0; 810 break; 811 812 case FIOASYNC: /* Send signal on receive packets */ 813 d->bd_async = *(int *)addr; 814 break; 815 816 /* 817 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 818 * the equivalent of a TIOCSPGRP and hence end up here. *However* 819 * TIOCSPGRP's arg is a process group if it's positive and a process 820 * id if it's negative. This is exactly the opposite of what the 821 * other two functions want! Therefore there is code in ioctl and 822 * fcntl to negate the arg before calling here. 823 */ 824 case TIOCSPGRP: /* Process or group to send signals to */ 825 d->bd_pgid = *(int *)addr; 826 d->bd_siguid = p->p_cred->p_ruid; 827 d->bd_sigeuid = p->p_ucred->cr_uid; 828 break; 829 830 case TIOCGPGRP: 831 *(int *)addr = d->bd_pgid; 832 break; 833 834 case BIOCSRSIG: /* Set receive signal */ 835 { 836 u_int sig; 837 838 sig = *(u_int *)addr; 839 840 if (sig >= NSIG) 841 error = EINVAL; 842 else 843 d->bd_sig = sig; 844 break; 845 } 846 case BIOCGRSIG: 847 *(u_int *)addr = d->bd_sig; 848 break; 849 } 850 return (error); 851 } 852 853 /* 854 * Set d's packet filter program to fp. If this file already has a filter, 855 * free it and replace it. Returns EINVAL for bogus requests. 856 */ 857 int 858 bpf_setf(d, fp, wf) 859 struct bpf_d *d; 860 struct bpf_program *fp; 861 int wf; 862 { 863 struct bpf_insn *fcode, *old; 864 u_int flen, size; 865 int s; 866 867 old = wf ? d->bd_wfilter : d->bd_rfilter; 868 if (fp->bf_insns == 0) { 869 if (fp->bf_len != 0) 870 return (EINVAL); 871 s = splimp(); 872 if (wf) 873 d->bd_wfilter = 0; 874 else 875 d->bd_rfilter = 0; 876 bpf_reset_d(d); 877 splx(s); 878 if (old != 0) 879 free((caddr_t)old, M_DEVBUF); 880 return (0); 881 } 882 flen = fp->bf_len; 883 if (flen > BPF_MAXINSNS) 884 return (EINVAL); 885 886 size = flen * sizeof(*fp->bf_insns); 887 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 888 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 889 bpf_validate(fcode, (int)flen)) { 890 s = splimp(); 891 if (wf) 892 d->bd_wfilter = fcode; 893 else 894 d->bd_rfilter = fcode; 895 bpf_reset_d(d); 896 splx(s); 897 if (old != 0) 898 free((caddr_t)old, M_DEVBUF); 899 900 return (0); 901 } 902 free((caddr_t)fcode, M_DEVBUF); 903 return (EINVAL); 904 } 905 906 /* 907 * Detach a file from its current interface (if attached at all) and attach 908 * to the interface indicated by the name stored in ifr. 909 * Return an errno or 0. 910 */ 911 int 912 bpf_setif(d, ifr) 913 struct bpf_d *d; 914 struct ifreq *ifr; 915 { 916 struct bpf_if *bp; 917 char *cp; 918 int unit_seen, i, s, error; 919 920 /* 921 * Make sure the provided name has a unit number, and default 922 * it to '0' if not specified. 923 * XXX This is ugly ... do this differently? 924 */ 925 unit_seen = 0; 926 cp = ifr->ifr_name; 927 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 928 while (*cp++) 929 if (*cp >= '0' && *cp <= '9') 930 unit_seen = 1; 931 if (!unit_seen) { 932 /* Make sure to leave room for the '\0'. */ 933 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 934 if ((ifr->ifr_name[i] >= 'a' && 935 ifr->ifr_name[i] <= 'z') || 936 (ifr->ifr_name[i] >= 'A' && 937 ifr->ifr_name[i] <= 'Z')) 938 continue; 939 ifr->ifr_name[i] = '0'; 940 } 941 } 942 943 /* 944 * Look through attached interfaces for the named one. 945 */ 946 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 947 struct ifnet *ifp = bp->bif_ifp; 948 949 if (ifp == 0 || 950 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 951 continue; 952 /* 953 * We found the requested interface. 954 * If it's not up, return an error. 955 * Allocate the packet buffers if we need to. 956 * If we're already attached to requested interface, 957 * just flush the buffer. 958 */ 959 if ((ifp->if_flags & IFF_UP) == 0) 960 return (ENETDOWN); 961 962 if (d->bd_sbuf == 0) { 963 error = bpf_allocbufs(d); 964 if (error != 0) 965 return (error); 966 } 967 s = splimp(); 968 if (bp != d->bd_bif) { 969 if (d->bd_bif) 970 /* 971 * Detach if attached to something else. 972 */ 973 bpf_detachd(d); 974 975 bpf_attachd(d, bp); 976 } 977 bpf_reset_d(d); 978 splx(s); 979 return (0); 980 } 981 /* Not found. */ 982 return (ENXIO); 983 } 984 985 /* 986 * Copy the interface name to the ifreq. 987 */ 988 void 989 bpf_ifname(ifp, ifr) 990 struct ifnet *ifp; 991 struct ifreq *ifr; 992 { 993 bcopy(ifp->if_xname, ifr->ifr_name, IFNAMSIZ); 994 } 995 996 /* 997 * Support for poll() system call 998 */ 999 int 1000 bpfpoll(dev, events, p) 1001 register dev_t dev; 1002 int events; 1003 struct proc *p; 1004 { 1005 register struct bpf_d *d; 1006 register int s, revents; 1007 1008 revents = events & (POLLIN | POLLRDNORM); 1009 if (revents == 0) 1010 return (0); /* only support reading */ 1011 1012 /* 1013 * An imitation of the FIONREAD ioctl code. 1014 */ 1015 d = &bpf_dtab[minor(dev)]; 1016 s = splimp(); 1017 if (d->bd_hlen == 0 && (!d->bd_immediate || d->bd_slen == 0)) { 1018 revents = 0; /* no data waiting */ 1019 /* 1020 * if there's a timeout, mark the time we started waiting. 1021 */ 1022 if (d->bd_rtout != -1 && d->bd_rdStart == 0) 1023 d->bd_rdStart = ticks; 1024 selrecord(p, &d->bd_sel); 1025 } 1026 splx(s); 1027 return (revents); 1028 } 1029 1030 struct filterops bpfread_filtops = 1031 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1032 1033 int 1034 bpfkqfilter(dev_t dev,struct knote *kn) 1035 { 1036 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1037 struct klist *klist; 1038 int s; 1039 1040 switch (kn->kn_filter) { 1041 case EVFILT_READ: 1042 klist = &d->bd_sel.si_note; 1043 kn->kn_fop = &bpfread_filtops; 1044 break; 1045 case EVFILT_WRITE: 1046 default: 1047 return (1); 1048 } 1049 1050 kn->kn_hook = (caddr_t)((u_long)dev); 1051 1052 s = splimp(); 1053 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1054 splx(s); 1055 1056 return (0); 1057 } 1058 1059 void 1060 filt_bpfrdetach(struct knote *kn) 1061 { 1062 dev_t dev = (dev_t)((u_long)kn->kn_hook); 1063 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1064 int s = splimp(); 1065 1066 SLIST_REMOVE(&d->bd_sel.si_note, kn, knote, kn_selnext); 1067 splx(s); 1068 } 1069 1070 int 1071 filt_bpfread(struct knote *kn, long hint) 1072 { 1073 dev_t dev = (dev_t)((u_long)kn->kn_hook); 1074 struct bpf_d *d = &bpf_dtab[minor(dev)]; 1075 int res, s; 1076 1077 kn->kn_data = 0; 1078 1079 s = splimp(); 1080 res = d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0); 1081 splx(s); 1082 return (res); 1083 } 1084 1085 /* 1086 * Incoming linkage from device drivers. Process the packet pkt, of length 1087 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1088 * by each process' filter, and if accepted, stashed into the corresponding 1089 * buffer. 1090 */ 1091 void 1092 bpf_tap(arg, pkt, pktlen) 1093 caddr_t arg; 1094 register u_char *pkt; 1095 register u_int pktlen; 1096 { 1097 struct bpf_if *bp; 1098 register struct bpf_d *d; 1099 register size_t slen; 1100 /* 1101 * Note that the ipl does not have to be raised at this point. 1102 * The only problem that could arise here is that if two different 1103 * interfaces shared any data. This is not the case. 1104 */ 1105 bp = (struct bpf_if *)arg; 1106 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1107 ++d->bd_rcount; 1108 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1109 if (slen != 0) 1110 bpf_catchpacket(d, pkt, pktlen, slen, bcopy); 1111 } 1112 } 1113 1114 /* 1115 * Copy data from an mbuf chain into a buffer. This code is derived 1116 * from m_copydata in sys/uipc_mbuf.c. 1117 */ 1118 void 1119 bpf_mcopy(src_arg, dst_arg, len) 1120 const void *src_arg; 1121 void *dst_arg; 1122 register size_t len; 1123 { 1124 register const struct mbuf *m; 1125 register u_int count; 1126 u_char *dst; 1127 1128 m = src_arg; 1129 dst = dst_arg; 1130 while (len > 0) { 1131 if (m == 0) 1132 panic("bpf_mcopy"); 1133 count = min(m->m_len, len); 1134 bcopy(mtod(m, caddr_t), (caddr_t)dst, count); 1135 m = m->m_next; 1136 dst += count; 1137 len -= count; 1138 } 1139 } 1140 1141 /* 1142 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1143 */ 1144 void 1145 bpf_mtap(arg, m) 1146 caddr_t arg; 1147 struct mbuf *m; 1148 { 1149 struct bpf_if *bp = (struct bpf_if *)arg; 1150 struct bpf_d *d; 1151 size_t pktlen, slen; 1152 struct mbuf *m0; 1153 1154 if (m == NULL) 1155 return; 1156 1157 pktlen = 0; 1158 for (m0 = m; m0 != 0; m0 = m0->m_next) 1159 pktlen += m0->m_len; 1160 1161 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1162 ++d->bd_rcount; 1163 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1164 if (slen != 0) 1165 bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); 1166 } 1167 } 1168 1169 /* 1170 * Move the packet data from interface memory (pkt) into the 1171 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1172 * otherwise 0. "copy" is the routine called to do the actual data 1173 * transfer. bcopy is passed in to copy contiguous chunks, while 1174 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1175 * pkt is really an mbuf. 1176 */ 1177 void 1178 bpf_catchpacket(d, pkt, pktlen, snaplen, cpfn) 1179 register struct bpf_d *d; 1180 register u_char *pkt; 1181 register size_t pktlen, snaplen; 1182 register void (*cpfn)(const void *, void *, size_t); 1183 { 1184 register struct bpf_hdr *hp; 1185 register int totlen, curlen; 1186 register int hdrlen = d->bd_bif->bif_hdrlen; 1187 struct timeval tv; 1188 1189 /* 1190 * Figure out how many bytes to move. If the packet is 1191 * greater or equal to the snapshot length, transfer that 1192 * much. Otherwise, transfer the whole packet (unless 1193 * we hit the buffer size limit). 1194 */ 1195 totlen = hdrlen + min(snaplen, pktlen); 1196 if (totlen > d->bd_bufsize) 1197 totlen = d->bd_bufsize; 1198 1199 /* 1200 * Round up the end of the previous packet to the next longword. 1201 */ 1202 curlen = BPF_WORDALIGN(d->bd_slen); 1203 if (curlen + totlen > d->bd_bufsize) { 1204 /* 1205 * This packet will overflow the storage buffer. 1206 * Rotate the buffers if we can, then wakeup any 1207 * pending reads. 1208 */ 1209 if (d->bd_fbuf == 0) { 1210 /* 1211 * We haven't completed the previous read yet, 1212 * so drop the packet. 1213 */ 1214 ++d->bd_dcount; 1215 return; 1216 } 1217 ROTATE_BUFFERS(d); 1218 bpf_wakeup(d); 1219 curlen = 0; 1220 } 1221 1222 /* 1223 * Append the bpf header. 1224 */ 1225 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1226 microtime(&tv); 1227 hp->bh_tstamp.tv_sec = tv.tv_sec; 1228 hp->bh_tstamp.tv_usec = tv.tv_usec; 1229 hp->bh_datalen = pktlen; 1230 hp->bh_hdrlen = hdrlen; 1231 /* 1232 * Copy the packet data into the store buffer and update its length. 1233 */ 1234 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1235 d->bd_slen = curlen + totlen; 1236 1237 if (d->bd_immediate) { 1238 /* 1239 * Immediate mode is set. A packet arrived so any 1240 * reads should be woken up. 1241 */ 1242 bpf_wakeup(d); 1243 } 1244 1245 if (d->bd_rdStart && (d->bd_rtout + d->bd_rdStart < ticks)) { 1246 /* 1247 * we could be selecting on the bpf, and we 1248 * may have timeouts set. We got here by getting 1249 * a packet, so wake up the reader. 1250 */ 1251 if (d->bd_fbuf) { 1252 d->bd_rdStart = 0; 1253 ROTATE_BUFFERS(d); 1254 bpf_wakeup(d); 1255 curlen = 0; 1256 } 1257 } 1258 } 1259 1260 /* 1261 * Initialize all nonzero fields of a descriptor. 1262 */ 1263 int 1264 bpf_allocbufs(d) 1265 register struct bpf_d *d; 1266 { 1267 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1268 if (d->bd_fbuf == NULL) 1269 return (ENOBUFS); 1270 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT); 1271 if (d->bd_sbuf == NULL) { 1272 free(d->bd_fbuf, M_DEVBUF); 1273 return (ENOBUFS); 1274 } 1275 d->bd_slen = 0; 1276 d->bd_hlen = 0; 1277 return (0); 1278 } 1279 1280 /* 1281 * Free buffers currently in use by a descriptor. 1282 * Called on close. 1283 */ 1284 void 1285 bpf_freed(d) 1286 register struct bpf_d *d; 1287 { 1288 /* 1289 * We don't need to lock out interrupts since this descriptor has 1290 * been detached from its interface and it yet hasn't been marked 1291 * free. 1292 */ 1293 if (d->bd_sbuf != 0) { 1294 free(d->bd_sbuf, M_DEVBUF); 1295 if (d->bd_hbuf != 0) 1296 free(d->bd_hbuf, M_DEVBUF); 1297 if (d->bd_fbuf != 0) 1298 free(d->bd_fbuf, M_DEVBUF); 1299 } 1300 if (d->bd_rfilter) 1301 free((caddr_t)d->bd_rfilter, M_DEVBUF); 1302 if (d->bd_wfilter) 1303 free((caddr_t)d->bd_wfilter, M_DEVBUF); 1304 1305 D_MARKFREE(d); 1306 } 1307 1308 /* 1309 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *) 1310 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed 1311 * size of the link header (variable length headers not yet supported). 1312 */ 1313 void 1314 bpfattach(driverp, ifp, dlt, hdrlen) 1315 caddr_t *driverp; 1316 struct ifnet *ifp; 1317 u_int dlt, hdrlen; 1318 { 1319 struct bpf_if *bp; 1320 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1321 1322 if (bp == 0) 1323 panic("bpfattach"); 1324 1325 bp->bif_dlist = 0; 1326 bp->bif_driverp = (struct bpf_if **)driverp; 1327 bp->bif_ifp = ifp; 1328 bp->bif_dlt = dlt; 1329 1330 bp->bif_next = bpf_iflist; 1331 bpf_iflist = bp; 1332 1333 *bp->bif_driverp = 0; 1334 1335 /* 1336 * Compute the length of the bpf header. This is not necessarily 1337 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1338 * that the network layer header begins on a longword boundary (for 1339 * performance reasons and to alleviate alignment restrictions). 1340 */ 1341 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1342 } 1343 1344 /* Detach an interface from its attached bpf device. */ 1345 void 1346 bpfdetach(ifp) 1347 struct ifnet *ifp; 1348 { 1349 struct bpf_if *bp, *nbp, **pbp = &bpf_iflist; 1350 struct bpf_d *bd; 1351 int maj, mn; 1352 1353 for (bp = bpf_iflist; bp; bp = nbp) { 1354 nbp= bp->bif_next; 1355 if (bp->bif_ifp == ifp) { 1356 *pbp = nbp; 1357 1358 /* Locate the major number. */ 1359 for (maj = 0; maj < nchrdev; maj++) 1360 if (cdevsw[maj].d_open == bpfopen) 1361 break; 1362 1363 for (bd = bp->bif_dlist; bd; bd = bp->bif_dlist) 1364 /* 1365 * Locate the minor number and nuke the vnode 1366 * for any open instance. 1367 */ 1368 for (mn = 0; mn < nbpfilter; mn++) 1369 if (&bpf_dtab[mn] == bd) { 1370 vdevgone(maj, mn, mn, VCHR); 1371 break; 1372 } 1373 1374 free(bp, M_DEVBUF); 1375 } else 1376 pbp = &bp->bif_next; 1377 } 1378 ifp->if_bpf = NULL; 1379 } 1380