bpf.c revision 12678
1/*
2 * Copyright (c) 1990, 1991, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8 * Berkeley Laboratory.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 *    must display the following acknowledgement:
20 *	This product includes software developed by the University of
21 *	California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 *    may be used to endorse or promote products derived from this software
24 *    without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 *      @(#)bpf.c	8.2 (Berkeley) 3/28/94
39 *
40 * $Id: bpf.c,v 1.19 1995/12/08 11:18:01 julian Exp $
41 */
42
43#include "bpfilter.h"
44
45#if NBPFILTER > 0
46
47#ifndef __GNUC__
48#define inline
49#else
50#define inline __inline
51#endif
52
53#include <sys/param.h>
54#include <sys/systm.h>
55#include <sys/conf.h>
56#include <machine/cpu.h>	/* for bootverbose */
57#include <sys/mbuf.h>
58#include <sys/buf.h>
59#include <sys/time.h>
60#include <sys/proc.h>
61#include <sys/signalvar.h>
62#include <sys/ioctl.h>
63
64#include <sys/file.h>
65#if defined(sparc) && BSD < 199103
66#include <sys/stream.h>
67#endif
68#include <sys/uio.h>
69
70#include <sys/socket.h>
71#include <sys/socketvar.h>
72#include <sys/protosw.h>
73#include <net/if.h>
74
75#include <net/bpf.h>
76#include <net/bpfdesc.h>
77
78#include <sys/errno.h>
79
80#include <netinet/in.h>
81#include <netinet/if_ether.h>
82#include <sys/kernel.h>
83#include <sys/conf.h>
84#ifdef DEVFS
85#include <sys/devfsext.h>
86#endif /*DEVFS*/
87
88
89/*
90 * Older BSDs don't have kernel malloc.
91 */
92#if BSD < 199103
93extern bcopy();
94static caddr_t bpf_alloc();
95#include <net/bpf_compat.h>
96#define BPF_BUFSIZE (MCLBYTES-8)
97#define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
98#else
99#define BPF_BUFSIZE 4096
100#define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
101#endif
102
103#define PRINET  26			/* interruptible */
104
105/*
106 * The default read buffer size is patchable.
107 */
108int bpf_bufsize = BPF_BUFSIZE;
109
110/*
111 *  bpf_iflist is the list of interfaces; each corresponds to an ifnet
112 *  bpf_dtab holds the descriptors, indexed by minor device #
113 */
114struct bpf_if	*bpf_iflist;
115struct bpf_d	bpf_dtab[NBPFILTER];
116
117#if BSD >= 199207
118/*
119 * bpfilterattach() is called at boot time in new systems.  We do
120 * nothing here since old systems will not call this.
121 */
122/* ARGSUSED */
123void
124bpfilterattach(n)
125	int n;
126{
127}
128#endif
129
130static int	bpf_allocbufs __P((struct bpf_d *));
131static void	bpf_attachd __P((struct bpf_d *d, struct bpf_if *bp));
132static void	bpf_detachd __P((struct bpf_d *d));
133static void	bpf_freed __P((struct bpf_d *));
134static void	bpf_ifname __P((struct ifnet *, struct ifreq *));
135static void	bpf_mcopy __P((const void *, void *, u_int));
136static int	bpf_movein __P((struct uio *, int,
137		    struct mbuf **, struct sockaddr *, int *));
138static int	bpf_setif __P((struct bpf_d *, struct ifreq *));
139static inline void
140		bpf_wakeup __P((struct bpf_d *));
141static void	catchpacket __P((struct bpf_d *, u_char *, u_int,
142		    u_int, void (*)(const void *, void *, u_int)));
143static void	reset_d __P((struct bpf_d *));
144
145static	d_open_t	bpfopen;
146static	d_close_t	bpfclose;
147static	d_read_t	bpfread;
148static	d_write_t	bpfwrite;
149static	d_ioctl_t	bpfioctl;
150static	d_select_t	bpfselect;
151
152#define CDEV_MAJOR 23
153static struct cdevsw bpf_cdevsw =
154 	{ bpfopen,	bpfclose,	bpfread,	bpfwrite,	/*23*/
155 	  bpfioctl,	nostop,		nullreset,	nodevtotty,/* bpf */
156 	  bpfselect,	nommap,		NULL,	"bpf",	NULL,	-1 };
157
158
159static int
160bpf_movein(uio, linktype, mp, sockp, datlen)
161	register struct uio *uio;
162	int linktype, *datlen;
163	register struct mbuf **mp;
164	register struct sockaddr *sockp;
165{
166	struct mbuf *m;
167	int error;
168	int len;
169	int hlen;
170
171	/*
172	 * Build a sockaddr based on the data link layer type.
173	 * We do this at this level because the ethernet header
174	 * is copied directly into the data field of the sockaddr.
175	 * In the case of SLIP, there is no header and the packet
176	 * is forwarded as is.
177	 * Also, we are careful to leave room at the front of the mbuf
178	 * for the link level header.
179	 */
180	switch (linktype) {
181
182	case DLT_SLIP:
183		sockp->sa_family = AF_INET;
184		hlen = 0;
185		break;
186
187	case DLT_EN10MB:
188		sockp->sa_family = AF_UNSPEC;
189		/* XXX Would MAXLINKHDR be better? */
190		hlen = sizeof(struct ether_header);
191		break;
192
193	case DLT_FDDI:
194#if defined(__FreeBSD__) || defined(__bsdi__)
195		sockp->sa_family = AF_IMPLINK;
196		hlen = 0;
197#else
198		sockp->sa_family = AF_UNSPEC;
199		/* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
200		hlen = 24;
201#endif
202		break;
203
204	case DLT_NULL:
205		sockp->sa_family = AF_UNSPEC;
206		hlen = 0;
207		break;
208
209	default:
210		return (EIO);
211	}
212
213	len = uio->uio_resid;
214	*datlen = len - hlen;
215	if ((unsigned)len > MCLBYTES)
216		return (EIO);
217
218	MGETHDR(m, M_WAIT, MT_DATA);
219	if (m == 0)
220		return (ENOBUFS);
221	if (len > MHLEN) {
222#if BSD >= 199103
223		MCLGET(m, M_WAIT);
224		if ((m->m_flags & M_EXT) == 0) {
225#else
226		MCLGET(m);
227		if (m->m_len != MCLBYTES) {
228#endif
229			error = ENOBUFS;
230			goto bad;
231		}
232	}
233	m->m_pkthdr.len = m->m_len = len;
234	m->m_pkthdr.rcvif = NULL;
235	*mp = m;
236	/*
237	 * Make room for link header.
238	 */
239	if (hlen != 0) {
240		m->m_len -= hlen;
241#if BSD >= 199103
242		m->m_data += hlen; /* XXX */
243#else
244		m->m_off += hlen;
245#endif
246		error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
247		if (error)
248			goto bad;
249	}
250	error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
251	if (!error)
252		return (0);
253 bad:
254	m_freem(m);
255	return (error);
256}
257
258/*
259 * Attach file to the bpf interface, i.e. make d listen on bp.
260 * Must be called at splimp.
261 */
262static void
263bpf_attachd(d, bp)
264	struct bpf_d *d;
265	struct bpf_if *bp;
266{
267	/*
268	 * Point d at bp, and add d to the interface's list of listeners.
269	 * Finally, point the driver's bpf cookie at the interface so
270	 * it will divert packets to bpf.
271	 */
272	d->bd_bif = bp;
273	d->bd_next = bp->bif_dlist;
274	bp->bif_dlist = d;
275
276	*bp->bif_driverp = bp;
277}
278
279/*
280 * Detach a file from its interface.
281 */
282static void
283bpf_detachd(d)
284	struct bpf_d *d;
285{
286	struct bpf_d **p;
287	struct bpf_if *bp;
288
289	bp = d->bd_bif;
290	/*
291	 * Check if this descriptor had requested promiscuous mode.
292	 * If so, turn it off.
293	 */
294	if (d->bd_promisc) {
295		d->bd_promisc = 0;
296		if (ifpromisc(bp->bif_ifp, 0))
297			/*
298			 * Something is really wrong if we were able to put
299			 * the driver into promiscuous mode, but can't
300			 * take it out.
301			 */
302			panic("bpf: ifpromisc failed");
303	}
304	/* Remove d from the interface's descriptor list. */
305	p = &bp->bif_dlist;
306	while (*p != d) {
307		p = &(*p)->bd_next;
308		if (*p == 0)
309			panic("bpf_detachd: descriptor not in list");
310	}
311	*p = (*p)->bd_next;
312	if (bp->bif_dlist == 0)
313		/*
314		 * Let the driver know that there are no more listeners.
315		 */
316		*d->bd_bif->bif_driverp = 0;
317	d->bd_bif = 0;
318}
319
320
321/*
322 * Mark a descriptor free by making it point to itself.
323 * This is probably cheaper than marking with a constant since
324 * the address should be in a register anyway.
325 */
326#define D_ISFREE(d) ((d) == (d)->bd_next)
327#define D_MARKFREE(d) ((d)->bd_next = (d))
328#define D_MARKUSED(d) ((d)->bd_next = 0)
329
330/*
331 * Open ethernet device.  Returns ENXIO for illegal minor device number,
332 * EBUSY if file is open by another process.
333 */
334/* ARGSUSED */
335static	int
336bpfopen(dev, flags, fmt, p)
337	dev_t dev;
338	int flags;
339	int fmt;
340	struct proc *p;
341{
342	register struct bpf_d *d;
343
344	if (minor(dev) >= NBPFILTER)
345		return (ENXIO);
346	/*
347	 * Each minor can be opened by only one process.  If the requested
348	 * minor is in use, return EBUSY.
349	 */
350	d = &bpf_dtab[minor(dev)];
351	if (!D_ISFREE(d))
352		return (EBUSY);
353
354	/* Mark "free" and do most initialization. */
355	bzero((char *)d, sizeof(*d));
356	d->bd_bufsize = bpf_bufsize;
357	d->bd_sig = SIGIO;
358
359	return (0);
360}
361
362/*
363 * Close the descriptor by detaching it from its interface,
364 * deallocating its buffers, and marking it free.
365 */
366/* ARGSUSED */
367static	int
368bpfclose(dev, flags, fmt, p)
369	dev_t dev;
370	int flags;
371	int fmt;
372	struct proc *p;
373{
374	register struct bpf_d *d = &bpf_dtab[minor(dev)];
375	register int s;
376
377	s = splimp();
378	if (d->bd_bif)
379		bpf_detachd(d);
380	splx(s);
381	bpf_freed(d);
382
383	return (0);
384}
385
386/*
387 * Support for SunOS, which does not have tsleep.
388 */
389#if BSD < 199103
390static
391bpf_timeout(arg)
392	caddr_t arg;
393{
394	struct bpf_d *d = (struct bpf_d *)arg;
395	d->bd_timedout = 1;
396	wakeup(arg);
397}
398
399#define BPF_SLEEP(chan, pri, s, t) bpf_sleep((struct bpf_d *)chan)
400
401int
402bpf_sleep(d)
403	register struct bpf_d *d;
404{
405	register int rto = d->bd_rtout;
406	register int st;
407
408	if (rto != 0) {
409		d->bd_timedout = 0;
410		timeout(bpf_timeout, (caddr_t)d, rto);
411	}
412	st = sleep((caddr_t)d, PRINET|PCATCH);
413	if (rto != 0) {
414		if (d->bd_timedout == 0)
415			untimeout(bpf_timeout, (caddr_t)d);
416		else if (st == 0)
417			return EWOULDBLOCK;
418	}
419	return (st != 0) ? EINTR : 0;
420}
421#else
422#define BPF_SLEEP tsleep
423#endif
424
425/*
426 * Rotate the packet buffers in descriptor d.  Move the store buffer
427 * into the hold slot, and the free buffer into the store slot.
428 * Zero the length of the new store buffer.
429 */
430#define ROTATE_BUFFERS(d) \
431	(d)->bd_hbuf = (d)->bd_sbuf; \
432	(d)->bd_hlen = (d)->bd_slen; \
433	(d)->bd_sbuf = (d)->bd_fbuf; \
434	(d)->bd_slen = 0; \
435	(d)->bd_fbuf = 0;
436/*
437 *  bpfread - read next chunk of packets from buffers
438 */
439static	int
440bpfread(dev, uio, ioflag)
441	dev_t dev;
442	register struct uio *uio;
443	int ioflag;
444{
445	register struct bpf_d *d = &bpf_dtab[minor(dev)];
446	int error;
447	int s;
448
449	/*
450	 * Restrict application to use a buffer the same size as
451	 * as kernel buffers.
452	 */
453	if (uio->uio_resid != d->bd_bufsize)
454		return (EINVAL);
455
456	s = splimp();
457	/*
458	 * If the hold buffer is empty, then do a timed sleep, which
459	 * ends when the timeout expires or when enough packets
460	 * have arrived to fill the store buffer.
461	 */
462	while (d->bd_hbuf == 0) {
463		if (d->bd_immediate && d->bd_slen != 0) {
464			/*
465			 * A packet(s) either arrived since the previous
466			 * read or arrived while we were asleep.
467			 * Rotate the buffers and return what's here.
468			 */
469			ROTATE_BUFFERS(d);
470			break;
471		}
472		if (d->bd_rtout != -1)
473			error = BPF_SLEEP((caddr_t)d, PRINET|PCATCH, "bpf",
474					  d->bd_rtout);
475		else
476			error = EWOULDBLOCK; /* User requested non-blocking I/O */
477		if (error == EINTR || error == ERESTART) {
478			splx(s);
479			return (error);
480		}
481		if (error == EWOULDBLOCK) {
482			/*
483			 * On a timeout, return what's in the buffer,
484			 * which may be nothing.  If there is something
485			 * in the store buffer, we can rotate the buffers.
486			 */
487			if (d->bd_hbuf)
488				/*
489				 * We filled up the buffer in between
490				 * getting the timeout and arriving
491				 * here, so we don't need to rotate.
492				 */
493				break;
494
495			if (d->bd_slen == 0) {
496				splx(s);
497				return (0);
498			}
499			ROTATE_BUFFERS(d);
500			break;
501		}
502	}
503	/*
504	 * At this point, we know we have something in the hold slot.
505	 */
506	splx(s);
507
508	/*
509	 * Move data from hold buffer into user space.
510	 * We know the entire buffer is transferred since
511	 * we checked above that the read buffer is bpf_bufsize bytes.
512	 */
513	error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
514
515	s = splimp();
516	d->bd_fbuf = d->bd_hbuf;
517	d->bd_hbuf = 0;
518	d->bd_hlen = 0;
519	splx(s);
520
521	return (error);
522}
523
524
525/*
526 * If there are processes sleeping on this descriptor, wake them up.
527 */
528static inline void
529bpf_wakeup(d)
530	register struct bpf_d *d;
531{
532	struct proc *p;
533
534	wakeup((caddr_t)d);
535	if (d->bd_async && d->bd_sig)
536		if (d->bd_pgid > 0)
537			gsignal (d->bd_pgid, d->bd_sig);
538		else if (p = pfind (-d->bd_pgid))
539			psignal (p, d->bd_sig);
540
541#if BSD >= 199103
542	selwakeup(&d->bd_sel);
543	/* XXX */
544	d->bd_sel.si_pid = 0;
545#else
546	if (d->bd_selproc) {
547		selwakeup(d->bd_selproc, (int)d->bd_selcoll);
548		d->bd_selcoll = 0;
549		d->bd_selproc = 0;
550	}
551#endif
552}
553
554static	int
555bpfwrite(dev, uio, ioflag)
556	dev_t dev;
557	struct uio *uio;
558	int ioflag;
559{
560	register struct bpf_d *d = &bpf_dtab[minor(dev)];
561	struct ifnet *ifp;
562	struct mbuf *m;
563	int error, s;
564	static struct sockaddr dst;
565	int datlen;
566
567	if (d->bd_bif == 0)
568		return (ENXIO);
569
570	ifp = d->bd_bif->bif_ifp;
571
572	if (uio->uio_resid == 0)
573		return (0);
574
575	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
576	if (error)
577		return (error);
578
579	if (datlen > ifp->if_mtu)
580		return (EMSGSIZE);
581
582	s = splnet();
583#if BSD >= 199103
584	error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0);
585#else
586	error = (*ifp->if_output)(ifp, m, &dst);
587#endif
588	splx(s);
589	/*
590	 * The driver frees the mbuf.
591	 */
592	return (error);
593}
594
595/*
596 * Reset a descriptor by flushing its packet buffer and clearing the
597 * receive and drop counts.  Should be called at splimp.
598 */
599static void
600reset_d(d)
601	struct bpf_d *d;
602{
603	if (d->bd_hbuf) {
604		/* Free the hold buffer. */
605		d->bd_fbuf = d->bd_hbuf;
606		d->bd_hbuf = 0;
607	}
608	d->bd_slen = 0;
609	d->bd_hlen = 0;
610	d->bd_rcount = 0;
611	d->bd_dcount = 0;
612}
613
614/*
615 *  FIONREAD		Check for read packet available.
616 *  SIOCGIFADDR		Get interface address - convenient hook to driver.
617 *  BIOCGBLEN		Get buffer len [for read()].
618 *  BIOCSETF		Set ethernet read filter.
619 *  BIOCFLUSH		Flush read packet buffer.
620 *  BIOCPROMISC		Put interface into promiscuous mode.
621 *  BIOCGDLT		Get link layer type.
622 *  BIOCGETIF		Get interface name.
623 *  BIOCSETIF		Set interface.
624 *  BIOCSRTIMEOUT	Set read timeout.
625 *  BIOCGRTIMEOUT	Get read timeout.
626 *  BIOCGSTATS		Get packet stats.
627 *  BIOCIMMEDIATE	Set immediate mode.
628 *  BIOCVERSION		Get filter language version.
629 */
630/* ARGSUSED */
631static	int
632bpfioctl(dev, cmd, addr, flags, p)
633	dev_t dev;
634	int cmd;
635	caddr_t addr;
636	int flags;
637	struct proc *p;
638{
639	register struct bpf_d *d = &bpf_dtab[minor(dev)];
640	int s, error = 0;
641
642	switch (cmd) {
643
644	default:
645		error = EINVAL;
646		break;
647
648	/*
649	 * Check for read packet available.
650	 */
651	case FIONREAD:
652		{
653			int n;
654
655			s = splimp();
656			n = d->bd_slen;
657			if (d->bd_hbuf)
658				n += d->bd_hlen;
659			splx(s);
660
661			*(int *)addr = n;
662			break;
663		}
664
665	case SIOCGIFADDR:
666		{
667			struct ifnet *ifp;
668
669			if (d->bd_bif == 0)
670				error = EINVAL;
671			else {
672				ifp = d->bd_bif->bif_ifp;
673				error = (*ifp->if_ioctl)(ifp, cmd, addr);
674			}
675			break;
676		}
677
678	/*
679	 * Get buffer len [for read()].
680	 */
681	case BIOCGBLEN:
682		*(u_int *)addr = d->bd_bufsize;
683		break;
684
685	/*
686	 * Set buffer length.
687	 */
688	case BIOCSBLEN:
689#if BSD < 199103
690		error = EINVAL;
691#else
692		if (d->bd_bif != 0)
693			error = EINVAL;
694		else {
695			register u_int size = *(u_int *)addr;
696
697			if (size > BPF_MAXBUFSIZE)
698				*(u_int *)addr = size = BPF_MAXBUFSIZE;
699			else if (size < BPF_MINBUFSIZE)
700				*(u_int *)addr = size = BPF_MINBUFSIZE;
701			d->bd_bufsize = size;
702		}
703#endif
704		break;
705
706	/*
707	 * Set link layer read filter.
708	 */
709	case BIOCSETF:
710		error = bpf_setf(d, (struct bpf_program *)addr);
711		break;
712
713	/*
714	 * Flush read packet buffer.
715	 */
716	case BIOCFLUSH:
717		s = splimp();
718		reset_d(d);
719		splx(s);
720		break;
721
722	/*
723	 * Put interface into promiscuous mode.
724	 */
725	case BIOCPROMISC:
726		if (d->bd_bif == 0) {
727			/*
728			 * No interface attached yet.
729			 */
730			error = EINVAL;
731			break;
732		}
733		s = splimp();
734		if (d->bd_promisc == 0) {
735			error = ifpromisc(d->bd_bif->bif_ifp, 1);
736			if (error == 0)
737				d->bd_promisc = 1;
738		}
739		splx(s);
740		break;
741
742	/*
743	 * Get device parameters.
744	 */
745	case BIOCGDLT:
746		if (d->bd_bif == 0)
747			error = EINVAL;
748		else
749			*(u_int *)addr = d->bd_bif->bif_dlt;
750		break;
751
752	/*
753	 * Set interface name.
754	 */
755	case BIOCGETIF:
756		if (d->bd_bif == 0)
757			error = EINVAL;
758		else
759			bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr);
760		break;
761
762	/*
763	 * Set interface.
764	 */
765	case BIOCSETIF:
766		error = bpf_setif(d, (struct ifreq *)addr);
767		break;
768
769	/*
770	 * Set read timeout.
771	 */
772	case BIOCSRTIMEOUT:
773		{
774			struct timeval *tv = (struct timeval *)addr;
775			u_long msec;
776
777			/* Compute number of milliseconds. */
778			msec = tv->tv_sec * 1000 + tv->tv_usec / 1000;
779			/* Scale milliseconds to ticks.  Assume hard
780			   clock has millisecond or greater resolution
781			   (i.e. tick >= 1000).  For 10ms hardclock,
782			   tick/1000 = 10, so rtout<-msec/10. */
783			d->bd_rtout = msec / (tick / 1000);
784			break;
785		}
786
787	/*
788	 * Get read timeout.
789	 */
790	case BIOCGRTIMEOUT:
791		{
792			struct timeval *tv = (struct timeval *)addr;
793			u_long msec = d->bd_rtout;
794
795			msec *= tick / 1000;
796			tv->tv_sec = msec / 1000;
797			tv->tv_usec = msec % 1000;
798			break;
799		}
800
801	/*
802	 * Get packet stats.
803	 */
804	case BIOCGSTATS:
805		{
806			struct bpf_stat *bs = (struct bpf_stat *)addr;
807
808			bs->bs_recv = d->bd_rcount;
809			bs->bs_drop = d->bd_dcount;
810			break;
811		}
812
813	/*
814	 * Set immediate mode.
815	 */
816	case BIOCIMMEDIATE:
817		d->bd_immediate = *(u_int *)addr;
818		break;
819
820	case BIOCVERSION:
821		{
822			struct bpf_version *bv = (struct bpf_version *)addr;
823
824			bv->bv_major = BPF_MAJOR_VERSION;
825			bv->bv_minor = BPF_MINOR_VERSION;
826			break;
827		}
828
829
830	case FIONBIO:		/* Non-blocking I/O */
831		if (*(int *)addr)
832			d->bd_rtout = -1;
833		else
834			d->bd_rtout = 0;
835		break;
836
837	case FIOASYNC:		/* Send signal on receive packets */
838		d->bd_async = *(int *)addr;
839		break;
840
841/* N.B.  ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing the
842   equivalent of a TIOCSPGRP and hence end up here.  *However* TIOCSPGRP's arg
843   is a process group if it's positive and a process id if it's negative.  This
844   is exactly the opposite of what the other two functions want!  Therefore
845   there is code in ioctl and fcntl to negate the arg before calling here. */
846
847	case TIOCSPGRP:		/* Process or group to send signals to */
848		d->bd_pgid = *(int *)addr;
849		break;
850
851	case TIOCGPGRP:
852		*(int *)addr = d->bd_pgid;
853		break;
854
855	case BIOCSRSIG:		/* Set receive signal */
856		{
857		 	u_int sig;
858
859			sig = *(u_int *)addr;
860
861			if (sig >= NSIG)
862				error = EINVAL;
863			else
864				d->bd_sig = sig;
865			break;
866		}
867	case BIOCGRSIG:
868		*(u_int *)addr = d->bd_sig;
869		break;
870	}
871	return (error);
872}
873
874/*
875 * Set d's packet filter program to fp.  If this file already has a filter,
876 * free it and replace it.  Returns EINVAL for bogus requests.
877 */
878int
879bpf_setf(d, fp)
880	struct bpf_d *d;
881	struct bpf_program *fp;
882{
883	struct bpf_insn *fcode, *old;
884	u_int flen, size;
885	int s;
886
887	old = d->bd_filter;
888	if (fp->bf_insns == 0) {
889		if (fp->bf_len != 0)
890			return (EINVAL);
891		s = splimp();
892		d->bd_filter = 0;
893		reset_d(d);
894		splx(s);
895		if (old != 0)
896			free((caddr_t)old, M_DEVBUF);
897		return (0);
898	}
899	flen = fp->bf_len;
900	if (flen > BPF_MAXINSNS)
901		return (EINVAL);
902
903	size = flen * sizeof(*fp->bf_insns);
904	fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK);
905	if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
906	    bpf_validate(fcode, (int)flen)) {
907		s = splimp();
908		d->bd_filter = fcode;
909		reset_d(d);
910		splx(s);
911		if (old != 0)
912			free((caddr_t)old, M_DEVBUF);
913
914		return (0);
915	}
916	free((caddr_t)fcode, M_DEVBUF);
917	return (EINVAL);
918}
919
920/*
921 * Detach a file from its current interface (if attached at all) and attach
922 * to the interface indicated by the name stored in ifr.
923 * Return an errno or 0.
924 */
925static int
926bpf_setif(d, ifr)
927	struct bpf_d *d;
928	struct ifreq *ifr;
929{
930	struct bpf_if *bp;
931	char *cp;
932	int unit, s, error;
933
934	/*
935	 * Separate string into name part and unit number.  Put a null
936	 * byte at the end of the name part, and compute the number.
937	 * If the a unit number is unspecified, the default is 0,
938	 * as initialized above.  XXX This should be common code.
939	 */
940	unit = 0;
941	cp = ifr->ifr_name;
942	cp[sizeof(ifr->ifr_name) - 1] = '\0';
943	while (*cp++) {
944		if (*cp >= '0' && *cp <= '9') {
945			unit = *cp - '0';
946			*cp++ = '\0';
947			while (*cp)
948				unit = 10 * unit + *cp++ - '0';
949			break;
950		}
951	}
952	/*
953	 * Look through attached interfaces for the named one.
954	 */
955	for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
956		struct ifnet *ifp = bp->bif_ifp;
957
958		if (ifp == 0 || unit != ifp->if_unit
959		    || strcmp(ifp->if_name, ifr->ifr_name) != 0)
960			continue;
961		/*
962		 * We found the requested interface.
963		 * If it's not up, return an error.
964		 * Allocate the packet buffers if we need to.
965		 * If we're already attached to requested interface,
966		 * just flush the buffer.
967		 */
968		if ((ifp->if_flags & IFF_UP) == 0)
969			return (ENETDOWN);
970
971		if (d->bd_sbuf == 0) {
972			error = bpf_allocbufs(d);
973			if (error != 0)
974				return (error);
975		}
976		s = splimp();
977		if (bp != d->bd_bif) {
978			if (d->bd_bif)
979				/*
980				 * Detach if attached to something else.
981				 */
982				bpf_detachd(d);
983
984			bpf_attachd(d, bp);
985		}
986		reset_d(d);
987		splx(s);
988		return (0);
989	}
990	/* Not found. */
991	return (ENXIO);
992}
993
994/*
995 * Convert an interface name plus unit number of an ifp to a single
996 * name which is returned in the ifr.
997 */
998static void
999bpf_ifname(ifp, ifr)
1000	struct ifnet *ifp;
1001	struct ifreq *ifr;
1002{
1003	char *s = ifp->if_name;
1004	char *d = ifr->ifr_name;
1005
1006	while (*d++ = *s++)
1007		continue;
1008	/* XXX Assume that unit number is less than 10. */
1009	*d++ = ifp->if_unit + '0';
1010	*d = '\0';
1011}
1012
1013/*
1014 * The new select interface passes down the proc pointer; the old select
1015 * stubs had to grab it out of the user struct.  This glue allows either case.
1016 */
1017#if BSD >= 199103
1018#define bpf_select bpfselect
1019#else
1020static	int
1021bpfselect(dev, rw)
1022	register dev_t dev;
1023	int rw;
1024{
1025	return (bpf_select(dev, rw, u.u_procp));
1026}
1027#endif
1028
1029/*
1030 * Support for select() system call
1031 *
1032 * Return true iff the specific operation will not block indefinitely.
1033 * Otherwise, return false but make a note that a selwakeup() must be done.
1034 */
1035int
1036bpf_select(dev, rw, p)
1037	register dev_t dev;
1038	int rw;
1039	struct proc *p;
1040{
1041	register struct bpf_d *d;
1042	register int s;
1043
1044	if (rw != FREAD)
1045		return (0);
1046	/*
1047	 * An imitation of the FIONREAD ioctl code.
1048	 */
1049	d = &bpf_dtab[minor(dev)];
1050
1051	s = splimp();
1052	if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) {
1053		/*
1054		 * There is data waiting.
1055		 */
1056		splx(s);
1057		return (1);
1058	}
1059#if BSD >= 199103
1060	selrecord(p, &d->bd_sel);
1061#else
1062	/*
1063	 * No data ready.  If there's already a select() waiting on this
1064	 * minor device then this is a collision.  This shouldn't happen
1065	 * because minors really should not be shared, but if a process
1066	 * forks while one of these is open, it is possible that both
1067	 * processes could select on the same descriptor.
1068	 */
1069	if (d->bd_selproc && d->bd_selproc->p_wchan == (caddr_t)&selwait)
1070		d->bd_selcoll = 1;
1071	else
1072		d->bd_selproc = p;
1073#endif
1074	splx(s);
1075	return (0);
1076}
1077
1078/*
1079 * Incoming linkage from device drivers.  Process the packet pkt, of length
1080 * pktlen, which is stored in a contiguous buffer.  The packet is parsed
1081 * by each process' filter, and if accepted, stashed into the corresponding
1082 * buffer.
1083 */
1084void
1085bpf_tap(arg, pkt, pktlen)
1086	caddr_t arg;
1087	register u_char *pkt;
1088	register u_int pktlen;
1089{
1090	struct bpf_if *bp;
1091	register struct bpf_d *d;
1092	register u_int slen;
1093	/*
1094	 * Note that the ipl does not have to be raised at this point.
1095	 * The only problem that could arise here is that if two different
1096	 * interfaces shared any data.  This is not the case.
1097	 */
1098	bp = (struct bpf_if *)arg;
1099	for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1100		++d->bd_rcount;
1101		slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
1102		if (slen != 0)
1103			catchpacket(d, pkt, pktlen, slen, bcopy);
1104	}
1105}
1106
1107/*
1108 * Copy data from an mbuf chain into a buffer.  This code is derived
1109 * from m_copydata in sys/uipc_mbuf.c.
1110 */
1111static void
1112bpf_mcopy(src_arg, dst_arg, len)
1113	const void *src_arg;
1114	void *dst_arg;
1115	register u_int len;
1116{
1117	register const struct mbuf *m;
1118	register u_int count;
1119	u_char *dst;
1120
1121	m = src_arg;
1122	dst = dst_arg;
1123	while (len > 0) {
1124		if (m == 0)
1125			panic("bpf_mcopy");
1126		count = min(m->m_len, len);
1127		(void)memcpy((caddr_t)dst, mtod(m, caddr_t), count);
1128		m = m->m_next;
1129		dst += count;
1130		len -= count;
1131	}
1132}
1133
1134/*
1135 * Incoming linkage from device drivers, when packet is in an mbuf chain.
1136 */
1137void
1138bpf_mtap(arg, m)
1139	caddr_t arg;
1140	struct mbuf *m;
1141{
1142	struct bpf_if *bp = (struct bpf_if *)arg;
1143	struct bpf_d *d;
1144	u_int pktlen, slen;
1145	struct mbuf *m0;
1146
1147	pktlen = 0;
1148	for (m0 = m; m0 != 0; m0 = m0->m_next)
1149		pktlen += m0->m_len;
1150
1151	for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1152		++d->bd_rcount;
1153		slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1154		if (slen != 0)
1155			catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1156	}
1157}
1158
1159/*
1160 * Move the packet data from interface memory (pkt) into the
1161 * store buffer.  Return 1 if it's time to wakeup a listener (buffer full),
1162 * otherwise 0.  "copy" is the routine called to do the actual data
1163 * transfer.  bcopy is passed in to copy contiguous chunks, while
1164 * bpf_mcopy is passed in to copy mbuf chains.  In the latter case,
1165 * pkt is really an mbuf.
1166 */
1167static void
1168catchpacket(d, pkt, pktlen, snaplen, cpfn)
1169	register struct bpf_d *d;
1170	register u_char *pkt;
1171	register u_int pktlen, snaplen;
1172	register void (*cpfn)(const void *, void *, u_int);
1173{
1174	register struct bpf_hdr *hp;
1175	register int totlen, curlen;
1176	register int hdrlen = d->bd_bif->bif_hdrlen;
1177	/*
1178	 * Figure out how many bytes to move.  If the packet is
1179	 * greater or equal to the snapshot length, transfer that
1180	 * much.  Otherwise, transfer the whole packet (unless
1181	 * we hit the buffer size limit).
1182	 */
1183	totlen = hdrlen + min(snaplen, pktlen);
1184	if (totlen > d->bd_bufsize)
1185		totlen = d->bd_bufsize;
1186
1187	/*
1188	 * Round up the end of the previous packet to the next longword.
1189	 */
1190	curlen = BPF_WORDALIGN(d->bd_slen);
1191	if (curlen + totlen > d->bd_bufsize) {
1192		/*
1193		 * This packet will overflow the storage buffer.
1194		 * Rotate the buffers if we can, then wakeup any
1195		 * pending reads.
1196		 */
1197		if (d->bd_fbuf == 0) {
1198			/*
1199			 * We haven't completed the previous read yet,
1200			 * so drop the packet.
1201			 */
1202			++d->bd_dcount;
1203			return;
1204		}
1205		ROTATE_BUFFERS(d);
1206		bpf_wakeup(d);
1207		curlen = 0;
1208	}
1209	else if (d->bd_immediate)
1210		/*
1211		 * Immediate mode is set.  A packet arrived so any
1212		 * reads should be woken up.
1213		 */
1214		bpf_wakeup(d);
1215
1216	/*
1217	 * Append the bpf header.
1218	 */
1219	hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1220#if BSD >= 199103
1221	microtime(&hp->bh_tstamp);
1222#elif defined(sun)
1223	uniqtime(&hp->bh_tstamp);
1224#else
1225	hp->bh_tstamp = time;
1226#endif
1227	hp->bh_datalen = pktlen;
1228	hp->bh_hdrlen = hdrlen;
1229	/*
1230	 * Copy the packet data into the store buffer and update its length.
1231	 */
1232	(*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1233	d->bd_slen = curlen + totlen;
1234}
1235
1236/*
1237 * Initialize all nonzero fields of a descriptor.
1238 */
1239static int
1240bpf_allocbufs(d)
1241	register struct bpf_d *d;
1242{
1243	d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK);
1244	if (d->bd_fbuf == 0)
1245		return (ENOBUFS);
1246
1247	d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK);
1248	if (d->bd_sbuf == 0) {
1249		free(d->bd_fbuf, M_DEVBUF);
1250		return (ENOBUFS);
1251	}
1252	d->bd_slen = 0;
1253	d->bd_hlen = 0;
1254	return (0);
1255}
1256
1257/*
1258 * Free buffers currently in use by a descriptor.
1259 * Called on close.
1260 */
1261static void
1262bpf_freed(d)
1263	register struct bpf_d *d;
1264{
1265	/*
1266	 * We don't need to lock out interrupts since this descriptor has
1267	 * been detached from its interface and it yet hasn't been marked
1268	 * free.
1269	 */
1270	if (d->bd_sbuf != 0) {
1271		free(d->bd_sbuf, M_DEVBUF);
1272		if (d->bd_hbuf != 0)
1273			free(d->bd_hbuf, M_DEVBUF);
1274		if (d->bd_fbuf != 0)
1275			free(d->bd_fbuf, M_DEVBUF);
1276	}
1277	if (d->bd_filter)
1278		free((caddr_t)d->bd_filter, M_DEVBUF);
1279
1280	D_MARKFREE(d);
1281}
1282
1283/*
1284 * Attach an interface to bpf.  driverp is a pointer to a (struct bpf_if *)
1285 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
1286 * size of the link header (variable length headers not yet supported).
1287 */
1288void
1289bpfattach(driverp, ifp, dlt, hdrlen)
1290	caddr_t *driverp;
1291	struct ifnet *ifp;
1292	u_int dlt, hdrlen;
1293{
1294	struct bpf_if *bp;
1295	int i;
1296#if BSD < 199103
1297	static struct bpf_if bpf_ifs[NBPFILTER];
1298	static int bpfifno;
1299
1300	bp = (bpfifno < NBPFILTER) ? &bpf_ifs[bpfifno++] : 0;
1301#else
1302	bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT);
1303#endif
1304	if (bp == 0)
1305		panic("bpfattach");
1306
1307	bp->bif_dlist = 0;
1308	bp->bif_driverp = (struct bpf_if **)driverp;
1309	bp->bif_ifp = ifp;
1310	bp->bif_dlt = dlt;
1311
1312	bp->bif_next = bpf_iflist;
1313	bpf_iflist = bp;
1314
1315	*bp->bif_driverp = 0;
1316
1317	/*
1318	 * Compute the length of the bpf header.  This is not necessarily
1319	 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1320	 * that the network layer header begins on a longword boundary (for
1321	 * performance reasons and to alleviate alignment restrictions).
1322	 */
1323	bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1324
1325	/*
1326	 * Mark all the descriptors free if this hasn't been done.
1327	 */
1328	if (!D_ISFREE(&bpf_dtab[0]))
1329		for (i = 0; i < NBPFILTER; ++i)
1330			D_MARKFREE(&bpf_dtab[i]);
1331
1332	if (bootverbose)
1333		printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
1334}
1335
1336static	void *bpf_devfs_token[NBPFILTER];
1337
1338static bpf_devsw_installed = 0;
1339
1340static void 	bpf_drvinit(void *unused)
1341{
1342	dev_t dev;
1343	int	i;
1344	char	name[32];
1345
1346	if( ! bpf_devsw_installed ) {
1347		dev = makedev(CDEV_MAJOR, 0);
1348		cdevsw_add(&dev,&bpf_cdevsw, NULL);
1349		bpf_devsw_installed = 1;
1350#ifdef DEVFS
1351		for ( i = 0 ; i < NBPFILTER ; i++ ) {
1352			sprintf(name,"bpf%d",i);
1353			bpf_devfs_token[i] =
1354				devfs_add_devsw( "/", name,
1355					&bpf_cdevsw, i, DV_CHR, 0, 0, 0600);
1356		}
1357#endif
1358    	}
1359}
1360
1361SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
1362
1363#endif
1364