1 /* $OpenBSD: bpf.c,v 1.28 2001/06/08 04:19:24 angelos Exp $ */ 2 /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ 3 4 /* 5 * Copyright (c) 1990, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * This code is derived from the Stanford/CMU enet packet filter, 9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 11 * Berkeley Laboratory. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by the University of 24 * California, Berkeley and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 42 */ 43 44 #include "bpfilter.h" 45 46 #include <sys/param.h> 47 #include <sys/mbuf.h> 48 #include <sys/proc.h> 49 #include <sys/signalvar.h> 50 #include <sys/ioctl.h> 51 #include <sys/conf.h> 52 #include <sys/vnode.h> 53 #include <sys/file.h> 54 #include <sys/socket.h> 55 #include <sys/kernel.h> 56 57 #include <net/if.h> 58 #include <net/bpf.h> 59 #include <net/bpfdesc.h> 60 61 #include <netinet/in.h> 62 #include <netinet/if_arc.h> 63 #include <netinet/if_ether.h> 64 65 #define BPF_BUFSIZE 8192 /* 4096 too small for FDDI frames */ 66 67 #define PRINET 6 /* interruptible */ 68 69 /* 70 * The default read buffer size is patchable. 71 */ 72 int bpf_bufsize = BPF_BUFSIZE; 73 74 /* 75 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 76 * bpf_dtab holds the descriptors, indexed by minor device # 77 */ 78 struct bpf_if *bpf_iflist; 79 struct bpf_d *bpf_dtab; 80 int nbpfilter; 81 82 int bpf_allocbufs __P((struct bpf_d *)); 83 void bpf_freed __P((struct bpf_d *)); 84 void bpf_ifname __P((struct ifnet *, struct ifreq *)); 85 void bpf_mcopy __P((const void *, void *, size_t)); 86 int bpf_movein __P((struct uio *, int, struct mbuf **, struct sockaddr *)); 87 void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 88 void bpf_detachd __P((struct bpf_d *)); 89 int bpf_setif __P((struct bpf_d *, struct ifreq *)); 90 int bpfselect __P((dev_t, int, struct proc *)); 91 static __inline void bpf_wakeup __P((struct bpf_d *)); 92 void bpf_catchpacket __P((struct bpf_d *, u_char *, size_t, size_t, 93 void (*)(const void *, void *, size_t))); 94 void bpf_reset_d __P((struct bpf_d *)); 95 96 int 97 bpf_movein(uio, linktype, mp, sockp) 98 register struct uio *uio; 99 int linktype; 100 register struct mbuf **mp; 101 register struct sockaddr *sockp; 102 { 103 struct mbuf *m; 104 int error; 105 int len; 106 int hlen; 107 108 /* 109 * Build a sockaddr based on the data link layer type. 110 * We do this at this level because the ethernet header 111 * is copied directly into the data field of the sockaddr. 112 * In the case of SLIP, there is no header and the packet 113 * is forwarded as is. 114 * Also, we are careful to leave room at the front of the mbuf 115 * for the link level header. 116 */ 117 switch (linktype) { 118 119 case DLT_SLIP: 120 sockp->sa_family = AF_INET; 121 hlen = 0; 122 break; 123 124 case DLT_PPP: 125 sockp->sa_family = AF_UNSPEC; 126 hlen = 0; 127 break; 128 129 case DLT_EN10MB: 130 sockp->sa_family = AF_UNSPEC; 131 /* XXX Would MAXLINKHDR be better? */ 132 hlen = sizeof(struct ether_header); 133 break; 134 135 case DLT_ARCNET: 136 sockp->sa_family = AF_UNSPEC; 137 hlen = ARC_HDRLEN; 138 break; 139 140 case DLT_FDDI: 141 sockp->sa_family = AF_UNSPEC; 142 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */ 143 hlen = 24; 144 break; 145 146 case DLT_RAW: 147 case DLT_NULL: 148 sockp->sa_family = AF_UNSPEC; 149 hlen = 0; 150 break; 151 152 default: 153 return (EIO); 154 } 155 156 len = uio->uio_resid; 157 if ((unsigned)len > MCLBYTES) 158 return (EIO); 159 160 MGETHDR(m, M_WAIT, MT_DATA); 161 m->m_pkthdr.rcvif = 0; 162 m->m_pkthdr.len = len - hlen; 163 164 if (len > MHLEN) { 165 MCLGET(m, M_WAIT); 166 if ((m->m_flags & M_EXT) == 0) { 167 error = ENOBUFS; 168 goto bad; 169 } 170 } 171 m->m_len = len; 172 *mp = m; 173 /* 174 * Make room for link header. 175 */ 176 if (hlen != 0) { 177 m->m_len -= hlen; 178 m->m_data += hlen; /* XXX */ 179 error = uiomove((caddr_t)sockp->sa_data, hlen, uio); 180 if (error) 181 goto bad; 182 } 183 error = uiomove(mtod(m, caddr_t), len - hlen, uio); 184 if (!error) 185 return (0); 186 bad: 187 m_freem(m); 188 return (error); 189 } 190 191 /* 192 * Attach file to the bpf interface, i.e. make d listen on bp. 193 * Must be called at splimp. 194 */ 195 void 196 bpf_attachd(d, bp) 197 struct bpf_d *d; 198 struct bpf_if *bp; 199 { 200 /* 201 * Point d at bp, and add d to the interface's list of listeners. 202 * Finally, point the driver's bpf cookie at the interface so 203 * it will divert packets to bpf. 204 */ 205 d->bd_bif = bp; 206 d->bd_next = bp->bif_dlist; 207 bp->bif_dlist = d; 208 209 *bp->bif_driverp = bp; 210 } 211 212 /* 213 * Detach a file from its interface. 214 */ 215 void 216 bpf_detachd(d) 217 struct bpf_d *d; 218 { 219 struct bpf_d **p; 220 struct bpf_if *bp; 221 222 bp = d->bd_bif; 223 /* 224 * Check if this descriptor had requested promiscuous mode. 225 * If so, turn it off. 226 */ 227 if (d->bd_promisc) { 228 int error; 229 230 d->bd_promisc = 0; 231 error = ifpromisc(bp->bif_ifp, 0); 232 if (error && !(error == EINVAL || error == ENODEV)) 233 /* 234 * Something is really wrong if we were able to put 235 * the driver into promiscuous mode, but can't 236 * take it out. 237 */ 238 panic("bpf: ifpromisc failed"); 239 } 240 /* Remove d from the interface's descriptor list. */ 241 p = &bp->bif_dlist; 242 while (*p != d) { 243 p = &(*p)->bd_next; 244 if (*p == 0) 245 panic("bpf_detachd: descriptor not in list"); 246 } 247 *p = (*p)->bd_next; 248 if (bp->bif_dlist == 0) 249 /* 250 * Let the driver know that there are no more listeners. 251 */ 252 *d->bd_bif->bif_driverp = 0; 253 d->bd_bif = 0; 254 } 255 256 257 /* 258 * Mark a descriptor free by making it point to itself. 259 * This is probably cheaper than marking with a constant since 260 * the address should be in a register anyway. 261 */ 262 #define D_ISFREE(d) ((d) == (d)->bd_next) 263 #define D_MARKFREE(d) ((d)->bd_next = (d)) 264 #define D_MARKUSED(d) ((d)->bd_next = 0) 265 266 /* 267 * bpfilterattach() is called at boot time in new systems. We do 268 * nothing here since old systems will not call this. 269 */ 270 /* ARGSUSED */ 271 void 272 bpfilterattach(n) 273 int n; 274 { 275 int i; 276 277 bpf_dtab = malloc(n * sizeof(*bpf_dtab), M_DEVBUF, M_NOWAIT); 278 if (!bpf_dtab) 279 return; 280 nbpfilter = n; 281 bzero(bpf_dtab, n * sizeof(*bpf_dtab)); 282 /* 283 * Mark all the descriptors free if this hasn't been done. 284 */ 285 if (!D_ISFREE(&bpf_dtab[0])) 286 for (i = 0; i < nbpfilter; ++i) 287 D_MARKFREE(&bpf_dtab[i]); 288 } 289 290 /* 291 * Open ethernet device. Returns ENXIO for illegal minor device number, 292 * EBUSY if file is open by another process. 293 */ 294 /* ARGSUSED */ 295 int 296 bpfopen(dev, flag, mode, p) 297 dev_t dev; 298 int flag; 299 int mode; 300 struct proc *p; 301 { 302 register struct bpf_d *d; 303 304 if (minor(dev) >= nbpfilter) 305 return (ENXIO); 306 /* 307 * Each minor can be opened by only one process. If the requested 308 * minor is in use, return EBUSY. 309 */ 310 d = &bpf_dtab[minor(dev)]; 311 if (!D_ISFREE(d)) 312 return (EBUSY); 313 314 /* Mark "free" and do most initialization. */ 315 bzero((char *)d, sizeof(*d)); 316 d->bd_bufsize = bpf_bufsize; 317 d->bd_sig = SIGIO; 318 319 return (0); 320 } 321 322 /* 323 * Close the descriptor by detaching it from its interface, 324 * deallocating its buffers, and marking it free. 325 */ 326 /* ARGSUSED */ 327 int 328 bpfclose(dev, flag, mode, p) 329 dev_t dev; 330 int flag; 331 int mode; 332 struct proc *p; 333 { 334 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 335 register int s; 336 337 s = splimp(); 338 if (d->bd_bif) 339 bpf_detachd(d); 340 splx(s); 341 bpf_freed(d); 342 343 return (0); 344 } 345 346 /* 347 * Rotate the packet buffers in descriptor d. Move the store buffer 348 * into the hold slot, and the free buffer into the store slot. 349 * Zero the length of the new store buffer. 350 */ 351 #define ROTATE_BUFFERS(d) \ 352 (d)->bd_hbuf = (d)->bd_sbuf; \ 353 (d)->bd_hlen = (d)->bd_slen; \ 354 (d)->bd_sbuf = (d)->bd_fbuf; \ 355 (d)->bd_slen = 0; \ 356 (d)->bd_fbuf = 0; 357 /* 358 * bpfread - read next chunk of packets from buffers 359 */ 360 int 361 bpfread(dev, uio, ioflag) 362 dev_t dev; 363 register struct uio *uio; 364 int ioflag; 365 { 366 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 367 int error; 368 int s; 369 370 if (d->bd_bif == 0) 371 return (ENXIO); 372 373 /* 374 * Restrict application to use a buffer the same size as 375 * as kernel buffers. 376 */ 377 if (uio->uio_resid != d->bd_bufsize) 378 return (EINVAL); 379 380 s = splimp(); 381 382 /* 383 * bd_rdStart is tagged when we start the read, iff there's a timeout. 384 * we can then figure out when we're done reading. 385 */ 386 if (d->bd_rtout != -1 && d->bd_rdStart == 0) 387 d->bd_rdStart = ticks; 388 else 389 d->bd_rdStart = 0; 390 391 /* 392 * If the hold buffer is empty, then do a timed sleep, which 393 * ends when the timeout expires or when enough packets 394 * have arrived to fill the store buffer. 395 */ 396 while (d->bd_hbuf == 0) { 397 if (d->bd_immediate && d->bd_slen != 0) { 398 /* 399 * A packet(s) either arrived since the previous 400 * read or arrived while we were asleep. 401 * Rotate the buffers and return what's here. 402 */ 403 ROTATE_BUFFERS(d); 404 break; 405 } 406 if ((d->bd_rtout != -1) || (d->bd_rdStart + d->bd_rtout) < ticks) { 407 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 408 d->bd_rtout); 409 } else { 410 if (d->bd_rtout == -1) { 411 /* User requested non-blocking I/O */ 412 error = EWOULDBLOCK; 413 } else 414 error = 0; 415 } 416 if (error == EINTR || error == ERESTART) { 417 splx(s); 418 return (error); 419 } 420 if (error == EWOULDBLOCK) { 421 /* 422 * On a timeout, return what's in the buffer, 423 * which may be nothing. If there is something 424 * in the store buffer, we can rotate the buffers. 425 */ 426 if (d->bd_hbuf) 427 /* 428 * We filled up the buffer in between 429 * getting the timeout and arriving 430 * here, so we don't need to rotate. 431 */ 432 break; 433 434 if (d->bd_slen == 0) { 435 splx(s); 436 return (0); 437 } 438 ROTATE_BUFFERS(d); 439 break; 440 } 441 } 442 /* 443 * At this point, we know we have something in the hold slot. 444 */ 445 splx(s); 446 447 /* 448 * Move data from hold buffer into user space. 449 * We know the entire buffer is transferred since 450 * we checked above that the read buffer is bpf_bufsize bytes. 451 */ 452 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 453 454 s = splimp(); 455 d->bd_fbuf = d->bd_hbuf; 456 d->bd_hbuf = 0; 457 d->bd_hlen = 0; 458 splx(s); 459 460 return (error); 461 } 462 463 464 /* 465 * If there are processes sleeping on this descriptor, wake them up. 466 */ 467 static __inline void 468 bpf_wakeup(d) 469 register struct bpf_d *d; 470 { 471 wakeup((caddr_t)d); 472 if (d->bd_async && d->bd_sig) 473 csignal(d->bd_pgid, d->bd_sig, 474 d->bd_siguid, d->bd_sigeuid); 475 476 selwakeup(&d->bd_sel); 477 /* XXX */ 478 d->bd_sel.si_selpid = 0; 479 } 480 481 int 482 bpfwrite(dev, uio, ioflag) 483 dev_t dev; 484 struct uio *uio; 485 int ioflag; 486 { 487 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 488 struct ifnet *ifp; 489 struct mbuf *m; 490 int error, s; 491 struct sockaddr dst; 492 493 if (d->bd_bif == 0) 494 return (ENXIO); 495 496 ifp = d->bd_bif->bif_ifp; 497 498 if (uio->uio_resid == 0) 499 return (0); 500 501 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst); 502 if (error) 503 return (error); 504 505 if (m->m_pkthdr.len > ifp->if_mtu) { 506 m_freem(m); 507 return (EMSGSIZE); 508 } 509 510 if (d->bd_hdrcmplt) 511 dst.sa_family = pseudo_AF_HDRCMPLT; 512 513 s = splsoftnet(); 514 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0); 515 splx(s); 516 /* 517 * The driver frees the mbuf. 518 */ 519 return (error); 520 } 521 522 /* 523 * Reset a descriptor by flushing its packet buffer and clearing the 524 * receive and drop counts. Should be called at splimp. 525 */ 526 void 527 bpf_reset_d(d) 528 struct bpf_d *d; 529 { 530 if (d->bd_hbuf) { 531 /* Free the hold buffer. */ 532 d->bd_fbuf = d->bd_hbuf; 533 d->bd_hbuf = 0; 534 } 535 d->bd_slen = 0; 536 d->bd_hlen = 0; 537 d->bd_rcount = 0; 538 d->bd_dcount = 0; 539 } 540 541 /* 542 * FIONREAD Check for read packet available. 543 * BIOCGBLEN Get buffer len [for read()]. 544 * BIOCSETF Set ethernet read filter. 545 * BIOCFLUSH Flush read packet buffer. 546 * BIOCPROMISC Put interface into promiscuous mode. 547 * BIOCGDLT Get link layer type. 548 * BIOCGETIF Get interface name. 549 * BIOCSETIF Set interface. 550 * BIOCSRTIMEOUT Set read timeout. 551 * BIOCGRTIMEOUT Get read timeout. 552 * BIOCGSTATS Get packet stats. 553 * BIOCIMMEDIATE Set immediate mode. 554 * BIOCVERSION Get filter language version. 555 * BIOCGHDRCMPLT Get "header already complete" flag 556 * BIOCSHDRCMPLT Set "header already complete" flag 557 */ 558 /* ARGSUSED */ 559 int 560 bpfioctl(dev, cmd, addr, flag, p) 561 dev_t dev; 562 u_long cmd; 563 caddr_t addr; 564 int flag; 565 struct proc *p; 566 { 567 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 568 int s, error = 0; 569 570 switch (cmd) { 571 572 default: 573 error = EINVAL; 574 break; 575 576 /* 577 * Check for read packet available. 578 */ 579 case FIONREAD: 580 { 581 int n; 582 583 s = splimp(); 584 n = d->bd_slen; 585 if (d->bd_hbuf) 586 n += d->bd_hlen; 587 splx(s); 588 589 *(int *)addr = n; 590 break; 591 } 592 593 /* 594 * Get buffer len [for read()]. 595 */ 596 case BIOCGBLEN: 597 *(u_int *)addr = d->bd_bufsize; 598 break; 599 600 /* 601 * Set buffer length. 602 */ 603 case BIOCSBLEN: 604 if (d->bd_bif != 0) 605 error = EINVAL; 606 else { 607 register u_int size = *(u_int *)addr; 608 609 if (size > BPF_MAXBUFSIZE) 610 *(u_int *)addr = size = BPF_MAXBUFSIZE; 611 else if (size < BPF_MINBUFSIZE) 612 *(u_int *)addr = size = BPF_MINBUFSIZE; 613 d->bd_bufsize = size; 614 } 615 break; 616 617 /* 618 * Set link layer read filter. 619 */ 620 case BIOCSETF: 621 error = bpf_setf(d, (struct bpf_program *)addr); 622 break; 623 624 /* 625 * Flush read packet buffer. 626 */ 627 case BIOCFLUSH: 628 s = splimp(); 629 bpf_reset_d(d); 630 splx(s); 631 break; 632 633 /* 634 * Put interface into promiscuous mode. 635 */ 636 case BIOCPROMISC: 637 if (d->bd_bif == 0) { 638 /* 639 * No interface attached yet. 640 */ 641 error = EINVAL; 642 break; 643 } 644 s = splimp(); 645 if (d->bd_promisc == 0) { 646 error = ifpromisc(d->bd_bif->bif_ifp, 1); 647 if (error == 0) 648 d->bd_promisc = 1; 649 } 650 splx(s); 651 break; 652 653 /* 654 * Get device parameters. 655 */ 656 case BIOCGDLT: 657 if (d->bd_bif == 0) 658 error = EINVAL; 659 else 660 *(u_int *)addr = d->bd_bif->bif_dlt; 661 break; 662 663 /* 664 * Set interface name. 665 */ 666 case BIOCGETIF: 667 if (d->bd_bif == 0) 668 error = EINVAL; 669 else 670 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 671 break; 672 673 /* 674 * Set interface. 675 */ 676 case BIOCSETIF: 677 error = bpf_setif(d, (struct ifreq *)addr); 678 break; 679 680 /* 681 * Set read timeout. 682 */ 683 case BIOCSRTIMEOUT: 684 { 685 struct timeval *tv = (struct timeval *)addr; 686 687 /* Compute number of ticks. */ 688 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 689 if (d->bd_rtout == 0 && tv->tv_usec != 0) 690 d->bd_rtout = 1; 691 break; 692 } 693 694 /* 695 * Get read timeout. 696 */ 697 case BIOCGRTIMEOUT: 698 { 699 struct timeval *tv = (struct timeval *)addr; 700 701 tv->tv_sec = d->bd_rtout / hz; 702 tv->tv_usec = (d->bd_rtout % hz) * tick; 703 break; 704 } 705 706 /* 707 * Get packet stats. 708 */ 709 case BIOCGSTATS: 710 { 711 struct bpf_stat *bs = (struct bpf_stat *)addr; 712 713 bs->bs_recv = d->bd_rcount; 714 bs->bs_drop = d->bd_dcount; 715 break; 716 } 717 718 /* 719 * Set immediate mode. 720 */ 721 case BIOCIMMEDIATE: 722 d->bd_immediate = *(u_int *)addr; 723 break; 724 725 case BIOCVERSION: 726 { 727 struct bpf_version *bv = (struct bpf_version *)addr; 728 729 bv->bv_major = BPF_MAJOR_VERSION; 730 bv->bv_minor = BPF_MINOR_VERSION; 731 break; 732 } 733 734 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 735 *(u_int *)addr = d->bd_hdrcmplt; 736 break; 737 738 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 739 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 740 break; 741 742 743 case FIONBIO: /* Non-blocking I/O */ 744 if (*(int *)addr) 745 d->bd_rtout = -1; 746 else 747 d->bd_rtout = 0; 748 break; 749 750 case FIOASYNC: /* Send signal on receive packets */ 751 d->bd_async = *(int *)addr; 752 break; 753 754 /* 755 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 756 * the equivalent of a TIOCSPGRP and hence end up here. *However* 757 * TIOCSPGRP's arg is a process group if it's positive and a process 758 * id if it's negative. This is exactly the opposite of what the 759 * other two functions want! Therefore there is code in ioctl and 760 * fcntl to negate the arg before calling here. 761 */ 762 case TIOCSPGRP: /* Process or group to send signals to */ 763 d->bd_pgid = *(int *)addr; 764 d->bd_siguid = p->p_cred->p_ruid; 765 d->bd_sigeuid = p->p_ucred->cr_uid; 766 break; 767 768 case TIOCGPGRP: 769 *(int *)addr = d->bd_pgid; 770 break; 771 772 case BIOCSRSIG: /* Set receive signal */ 773 { 774 u_int sig; 775 776 sig = *(u_int *)addr; 777 778 if (sig >= NSIG) 779 error = EINVAL; 780 else 781 d->bd_sig = sig; 782 break; 783 } 784 case BIOCGRSIG: 785 *(u_int *)addr = d->bd_sig; 786 break; 787 } 788 return (error); 789 } 790 791 /* 792 * Set d's packet filter program to fp. If this file already has a filter, 793 * free it and replace it. Returns EINVAL for bogus requests. 794 */ 795 int 796 bpf_setf(d, fp) 797 struct bpf_d *d; 798 struct bpf_program *fp; 799 { 800 struct bpf_insn *fcode, *old; 801 u_int flen, size; 802 int s; 803 804 old = d->bd_filter; 805 if (fp->bf_insns == 0) { 806 if (fp->bf_len != 0) 807 return (EINVAL); 808 s = splimp(); 809 d->bd_filter = 0; 810 bpf_reset_d(d); 811 splx(s); 812 if (old != 0) 813 free((caddr_t)old, M_DEVBUF); 814 return (0); 815 } 816 flen = fp->bf_len; 817 if (flen > BPF_MAXINSNS) 818 return (EINVAL); 819 820 size = flen * sizeof(*fp->bf_insns); 821 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 822 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 823 bpf_validate(fcode, (int)flen)) { 824 s = splimp(); 825 d->bd_filter = fcode; 826 bpf_reset_d(d); 827 splx(s); 828 if (old != 0) 829 free((caddr_t)old, M_DEVBUF); 830 831 return (0); 832 } 833 free((caddr_t)fcode, M_DEVBUF); 834 return (EINVAL); 835 } 836 837 /* 838 * Detach a file from its current interface (if attached at all) and attach 839 * to the interface indicated by the name stored in ifr. 840 * Return an errno or 0. 841 */ 842 int 843 bpf_setif(d, ifr) 844 struct bpf_d *d; 845 struct ifreq *ifr; 846 { 847 struct bpf_if *bp; 848 char *cp; 849 int unit_seen, i, s, error; 850 851 /* 852 * Make sure the provided name has a unit number, and default 853 * it to '0' if not specified. 854 * XXX This is ugly ... do this differently? 855 */ 856 unit_seen = 0; 857 cp = ifr->ifr_name; 858 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 859 while (*cp++) 860 if (*cp >= '0' && *cp <= '9') 861 unit_seen = 1; 862 if (!unit_seen) { 863 /* Make sure to leave room for the '\0'. */ 864 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 865 if ((ifr->ifr_name[i] >= 'a' && 866 ifr->ifr_name[i] <= 'z') || 867 (ifr->ifr_name[i] >= 'A' && 868 ifr->ifr_name[i] <= 'Z')) 869 continue; 870 ifr->ifr_name[i] = '0'; 871 } 872 } 873 874 /* 875 * Look through attached interfaces for the named one. 876 */ 877 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 878 struct ifnet *ifp = bp->bif_ifp; 879 880 if (ifp == 0 || 881 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 882 continue; 883 /* 884 * We found the requested interface. 885 * If it's not up, return an error. 886 * Allocate the packet buffers if we need to. 887 * If we're already attached to requested interface, 888 * just flush the buffer. 889 */ 890 if ((ifp->if_flags & IFF_UP) == 0) 891 return (ENETDOWN); 892 893 if (d->bd_sbuf == 0) { 894 error = bpf_allocbufs(d); 895 if (error != 0) 896 return (error); 897 } 898 s = splimp(); 899 if (bp != d->bd_bif) { 900 if (d->bd_bif) 901 /* 902 * Detach if attached to something else. 903 */ 904 bpf_detachd(d); 905 906 bpf_attachd(d, bp); 907 } 908 bpf_reset_d(d); 909 splx(s); 910 return (0); 911 } 912 /* Not found. */ 913 return (ENXIO); 914 } 915 916 /* 917 * Copy the interface name to the ifreq. 918 */ 919 void 920 bpf_ifname(ifp, ifr) 921 struct ifnet *ifp; 922 struct ifreq *ifr; 923 { 924 bcopy(ifp->if_xname, ifr->ifr_name, IFNAMSIZ); 925 } 926 927 /* 928 * Support for select() system call 929 * 930 * Return true iff the specific operation will not block indefinitely. 931 * Otherwise, return false but make a note that a selwakeup() must be done. 932 */ 933 int 934 bpfselect(dev, rw, p) 935 register dev_t dev; 936 int rw; 937 struct proc *p; 938 { 939 register struct bpf_d *d; 940 register int s; 941 942 if (rw != FREAD) 943 return (0); 944 /* 945 * An imitation of the FIONREAD ioctl code. 946 */ 947 d = &bpf_dtab[minor(dev)]; 948 949 s = splimp(); 950 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) { 951 /* 952 * There is data waiting. 953 */ 954 splx(s); 955 return (1); 956 } 957 958 /* 959 * if there isn't data waiting, and there's a timeout, 960 * mark the time we started waiting. 961 */ 962 if (d->bd_rtout != -1 && d->bd_rdStart == 0) 963 d->bd_rdStart = ticks; 964 965 selrecord(p, &d->bd_sel); 966 splx(s); 967 return (0); 968 } 969 970 /* 971 * Incoming linkage from device drivers. Process the packet pkt, of length 972 * pktlen, which is stored in a contiguous buffer. The packet is parsed 973 * by each process' filter, and if accepted, stashed into the corresponding 974 * buffer. 975 */ 976 void 977 bpf_tap(arg, pkt, pktlen) 978 caddr_t arg; 979 register u_char *pkt; 980 register u_int pktlen; 981 { 982 struct bpf_if *bp; 983 register struct bpf_d *d; 984 register size_t slen; 985 /* 986 * Note that the ipl does not have to be raised at this point. 987 * The only problem that could arise here is that if two different 988 * interfaces shared any data. This is not the case. 989 */ 990 bp = (struct bpf_if *)arg; 991 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 992 ++d->bd_rcount; 993 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 994 if (slen != 0) 995 bpf_catchpacket(d, pkt, pktlen, slen, bcopy); 996 } 997 } 998 999 /* 1000 * Copy data from an mbuf chain into a buffer. This code is derived 1001 * from m_copydata in sys/uipc_mbuf.c. 1002 */ 1003 void 1004 bpf_mcopy(src_arg, dst_arg, len) 1005 const void *src_arg; 1006 void *dst_arg; 1007 register size_t len; 1008 { 1009 register const struct mbuf *m; 1010 register u_int count; 1011 u_char *dst; 1012 1013 m = src_arg; 1014 dst = dst_arg; 1015 while (len > 0) { 1016 if (m == 0) 1017 panic("bpf_mcopy"); 1018 count = min(m->m_len, len); 1019 bcopy(mtod(m, caddr_t), (caddr_t)dst, count); 1020 m = m->m_next; 1021 dst += count; 1022 len -= count; 1023 } 1024 } 1025 1026 /* 1027 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1028 */ 1029 void 1030 bpf_mtap(arg, m) 1031 caddr_t arg; 1032 struct mbuf *m; 1033 { 1034 struct bpf_if *bp = (struct bpf_if *)arg; 1035 struct bpf_d *d; 1036 size_t pktlen, slen; 1037 struct mbuf *m0; 1038 1039 if (m == NULL) 1040 return; 1041 1042 pktlen = 0; 1043 for (m0 = m; m0 != 0; m0 = m0->m_next) 1044 pktlen += m0->m_len; 1045 1046 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1047 ++d->bd_rcount; 1048 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1049 if (slen != 0) 1050 bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); 1051 } 1052 } 1053 1054 /* 1055 * Move the packet data from interface memory (pkt) into the 1056 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1057 * otherwise 0. "copy" is the routine called to do the actual data 1058 * transfer. bcopy is passed in to copy contiguous chunks, while 1059 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1060 * pkt is really an mbuf. 1061 */ 1062 void 1063 bpf_catchpacket(d, pkt, pktlen, snaplen, cpfn) 1064 register struct bpf_d *d; 1065 register u_char *pkt; 1066 register size_t pktlen, snaplen; 1067 register void (*cpfn) __P((const void *, void *, size_t)); 1068 { 1069 register struct bpf_hdr *hp; 1070 register int totlen, curlen; 1071 register int hdrlen = d->bd_bif->bif_hdrlen; 1072 /* 1073 * Figure out how many bytes to move. If the packet is 1074 * greater or equal to the snapshot length, transfer that 1075 * much. Otherwise, transfer the whole packet (unless 1076 * we hit the buffer size limit). 1077 */ 1078 totlen = hdrlen + min(snaplen, pktlen); 1079 if (totlen > d->bd_bufsize) 1080 totlen = d->bd_bufsize; 1081 1082 /* 1083 * Round up the end of the previous packet to the next longword. 1084 */ 1085 curlen = BPF_WORDALIGN(d->bd_slen); 1086 if (curlen + totlen > d->bd_bufsize) { 1087 /* 1088 * This packet will overflow the storage buffer. 1089 * Rotate the buffers if we can, then wakeup any 1090 * pending reads. 1091 */ 1092 if (d->bd_fbuf == 0) { 1093 /* 1094 * We haven't completed the previous read yet, 1095 * so drop the packet. 1096 */ 1097 ++d->bd_dcount; 1098 return; 1099 } 1100 ROTATE_BUFFERS(d); 1101 bpf_wakeup(d); 1102 curlen = 0; 1103 } 1104 else if (d->bd_immediate) { 1105 /* 1106 * Immediate mode is set. A packet arrived so any 1107 * reads should be woken up. 1108 */ 1109 bpf_wakeup(d); 1110 } 1111 1112 /* 1113 * Append the bpf header. 1114 */ 1115 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1116 microtime(&hp->bh_tstamp); 1117 hp->bh_datalen = pktlen; 1118 hp->bh_hdrlen = hdrlen; 1119 /* 1120 * Copy the packet data into the store buffer and update its length. 1121 */ 1122 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1123 d->bd_slen = curlen + totlen; 1124 1125 if (d->bd_rdStart && (d->bd_rtout + d->bd_rdStart < ticks)) { 1126 /* 1127 * we could be selecting on the bpf, and we 1128 * may have timeouts set. We got here by getting 1129 * a packet, so wake up the reader. 1130 */ 1131 if (d->bd_fbuf) { 1132 d->bd_rdStart = 0; 1133 ROTATE_BUFFERS(d); 1134 bpf_wakeup(d); 1135 curlen = 0; 1136 } 1137 } 1138 } 1139 1140 /* 1141 * Initialize all nonzero fields of a descriptor. 1142 */ 1143 int 1144 bpf_allocbufs(d) 1145 register struct bpf_d *d; 1146 { 1147 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1148 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1149 d->bd_slen = 0; 1150 d->bd_hlen = 0; 1151 return (0); 1152 } 1153 1154 /* 1155 * Free buffers currently in use by a descriptor. 1156 * Called on close. 1157 */ 1158 void 1159 bpf_freed(d) 1160 register struct bpf_d *d; 1161 { 1162 /* 1163 * We don't need to lock out interrupts since this descriptor has 1164 * been detached from its interface and it yet hasn't been marked 1165 * free. 1166 */ 1167 if (d->bd_sbuf != 0) { 1168 free(d->bd_sbuf, M_DEVBUF); 1169 if (d->bd_hbuf != 0) 1170 free(d->bd_hbuf, M_DEVBUF); 1171 if (d->bd_fbuf != 0) 1172 free(d->bd_fbuf, M_DEVBUF); 1173 } 1174 if (d->bd_filter) 1175 free((caddr_t)d->bd_filter, M_DEVBUF); 1176 1177 D_MARKFREE(d); 1178 } 1179 1180 /* 1181 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *) 1182 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed 1183 * size of the link header (variable length headers not yet supported). 1184 */ 1185 void 1186 bpfattach(driverp, ifp, dlt, hdrlen) 1187 caddr_t *driverp; 1188 struct ifnet *ifp; 1189 u_int dlt, hdrlen; 1190 { 1191 struct bpf_if *bp; 1192 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1193 1194 if (bp == 0) 1195 panic("bpfattach"); 1196 1197 bp->bif_dlist = 0; 1198 bp->bif_driverp = (struct bpf_if **)driverp; 1199 bp->bif_ifp = ifp; 1200 bp->bif_dlt = dlt; 1201 1202 bp->bif_next = bpf_iflist; 1203 bpf_iflist = bp; 1204 1205 *bp->bif_driverp = 0; 1206 1207 /* 1208 * Compute the length of the bpf header. This is not necessarily 1209 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1210 * that the network layer header begins on a longword boundary (for 1211 * performance reasons and to alleviate alignment restrictions). 1212 */ 1213 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1214 } 1215 1216 /* Detach an interface from its attached bpf device. */ 1217 void 1218 bpfdetach(ifp) 1219 struct ifnet *ifp; 1220 { 1221 struct bpf_if *bp, *nbp, **pbp = &bpf_iflist; 1222 struct bpf_d *bd; 1223 int maj, mn; 1224 1225 for (bp = bpf_iflist; bp; bp = nbp) { 1226 nbp= bp->bif_next; 1227 if (bp->bif_ifp == ifp) { 1228 *pbp = nbp; 1229 1230 /* Locate the major number. */ 1231 for (maj = 0; maj < nchrdev; maj++) 1232 if (cdevsw[maj].d_open == bpfopen) 1233 break; 1234 1235 for (bd = bp->bif_dlist; bd; bd = bp->bif_dlist) 1236 /* 1237 * Locate the minor number and nuke the vnode 1238 * for any open instance. 1239 */ 1240 for (mn = 0; mn < nbpfilter; mn++) 1241 if (&bpf_dtab[mn] == bd) { 1242 vdevgone(maj, mn, mn, VCHR); 1243 break; 1244 } 1245 1246 free(bp, M_DEVBUF); 1247 } else 1248 pbp = &bp->bif_next; 1249 } 1250 ifp->if_bpf = NULL; 1251 } 1252