bpf.c revision 159078
1/*- 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 35 * 36 * $FreeBSD: head/sys/net/bpf.c 159078 2006-05-30 19:24:01Z ru $ 37 */ 38 39#include "opt_bpf.h" 40#include "opt_mac.h" 41#include "opt_netgraph.h" 42 43#include <sys/types.h> 44#include <sys/param.h> 45#include <sys/systm.h> 46#include <sys/conf.h> 47#include <sys/fcntl.h> 48#include <sys/mac.h> 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51#include <sys/time.h> 52#include <sys/proc.h> 53#include <sys/signalvar.h> 54#include <sys/filio.h> 55#include <sys/sockio.h> 56#include <sys/ttycom.h> 57#include <sys/uio.h> 58 59#include <sys/event.h> 60#include <sys/file.h> 61#include <sys/poll.h> 62#include <sys/proc.h> 63 64#include <sys/socket.h> 65 66#include <net/if.h> 67#include <net/bpf.h> 68#ifdef BPF_JITTER 69#include <net/bpf_jitter.h> 70#endif 71#include <net/bpfdesc.h> 72 73#include <netinet/in.h> 74#include <netinet/if_ether.h> 75#include <sys/kernel.h> 76#include <sys/sysctl.h> 77 78static MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 79 80#if defined(DEV_BPF) || defined(NETGRAPH_BPF) 81 82#define PRINET 26 /* interruptible */ 83 84/* 85 * bpf_iflist is a list of BPF interface structures, each corresponding to a 86 * specific DLT. The same network interface might have several BPF interface 87 * structures registered by different layers in the stack (i.e., 802.11 88 * frames, ethernet frames, etc). 89 */ 90static LIST_HEAD(, bpf_if) bpf_iflist; 91static struct mtx bpf_mtx; /* bpf global lock */ 92static int bpf_bpfd_cnt; 93 94static int bpf_allocbufs(struct bpf_d *); 95static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp); 96static void bpf_detachd(struct bpf_d *d); 97static void bpf_freed(struct bpf_d *); 98static void bpf_mcopy(const void *, void *, size_t); 99static int bpf_movein(struct uio *, int, int, 100 struct mbuf **, struct sockaddr *, struct bpf_insn *); 101static int bpf_setif(struct bpf_d *, struct ifreq *); 102static void bpf_timed_out(void *); 103static __inline void 104 bpf_wakeup(struct bpf_d *); 105static void catchpacket(struct bpf_d *, u_char *, u_int, 106 u_int, void (*)(const void *, void *, size_t)); 107static void reset_d(struct bpf_d *); 108static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 109static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 110static int bpf_setdlt(struct bpf_d *, u_int); 111static void filt_bpfdetach(struct knote *); 112static int filt_bpfread(struct knote *, long); 113static void bpf_drvinit(void *); 114static void bpf_clone(void *, struct ucred *, char *, int, struct cdev **); 115static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 116 117/* 118 * The default read buffer size is patchable. 119 */ 120SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); 121static int bpf_bufsize = 4096; 122SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW, 123 &bpf_bufsize, 0, ""); 124static int bpf_maxbufsize = BPF_MAXBUFSIZE; 125SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW, 126 &bpf_maxbufsize, 0, ""); 127static int bpf_maxinsns = BPF_MAXINSNS; 128SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 129 &bpf_maxinsns, 0, "Maximum bpf program instructions"); 130SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW, 131 bpf_stats_sysctl, "bpf statistics portal"); 132 133static d_open_t bpfopen; 134static d_close_t bpfclose; 135static d_read_t bpfread; 136static d_write_t bpfwrite; 137static d_ioctl_t bpfioctl; 138static d_poll_t bpfpoll; 139static d_kqfilter_t bpfkqfilter; 140 141static struct cdevsw bpf_cdevsw = { 142 .d_version = D_VERSION, 143 .d_flags = D_NEEDGIANT, 144 .d_open = bpfopen, 145 .d_close = bpfclose, 146 .d_read = bpfread, 147 .d_write = bpfwrite, 148 .d_ioctl = bpfioctl, 149 .d_poll = bpfpoll, 150 .d_name = "bpf", 151 .d_kqfilter = bpfkqfilter, 152}; 153 154static struct filterops bpfread_filtops = 155 { 1, NULL, filt_bpfdetach, filt_bpfread }; 156 157static int 158bpf_movein(uio, linktype, mtu, mp, sockp, wfilter) 159 struct uio *uio; 160 int linktype; 161 int mtu; 162 struct mbuf **mp; 163 struct sockaddr *sockp; 164 struct bpf_insn *wfilter; 165{ 166 struct mbuf *m; 167 int error; 168 int len; 169 int hlen; 170 int slen; 171 172 /* 173 * Build a sockaddr based on the data link layer type. 174 * We do this at this level because the ethernet header 175 * is copied directly into the data field of the sockaddr. 176 * In the case of SLIP, there is no header and the packet 177 * is forwarded as is. 178 * Also, we are careful to leave room at the front of the mbuf 179 * for the link level header. 180 */ 181 switch (linktype) { 182 183 case DLT_SLIP: 184 sockp->sa_family = AF_INET; 185 hlen = 0; 186 break; 187 188 case DLT_EN10MB: 189 sockp->sa_family = AF_UNSPEC; 190 /* XXX Would MAXLINKHDR be better? */ 191 hlen = ETHER_HDR_LEN; 192 break; 193 194 case DLT_FDDI: 195 sockp->sa_family = AF_IMPLINK; 196 hlen = 0; 197 break; 198 199 case DLT_RAW: 200 sockp->sa_family = AF_UNSPEC; 201 hlen = 0; 202 break; 203 204 case DLT_NULL: 205 /* 206 * null interface types require a 4 byte pseudo header which 207 * corresponds to the address family of the packet. 208 */ 209 sockp->sa_family = AF_UNSPEC; 210 hlen = 4; 211 break; 212 213 case DLT_ATM_RFC1483: 214 /* 215 * en atm driver requires 4-byte atm pseudo header. 216 * though it isn't standard, vpi:vci needs to be 217 * specified anyway. 218 */ 219 sockp->sa_family = AF_UNSPEC; 220 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 221 break; 222 223 case DLT_PPP: 224 sockp->sa_family = AF_UNSPEC; 225 hlen = 4; /* This should match PPP_HDRLEN */ 226 break; 227 228 default: 229 return (EIO); 230 } 231 232 len = uio->uio_resid; 233 234 if (len - hlen > mtu) 235 return (EMSGSIZE); 236 237 if ((unsigned)len > MCLBYTES) 238 return (EIO); 239 240 if (len > MHLEN) { 241 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR); 242 } else { 243 MGETHDR(m, M_TRYWAIT, MT_DATA); 244 } 245 if (m == NULL) 246 return (ENOBUFS); 247 m->m_pkthdr.len = m->m_len = len; 248 m->m_pkthdr.rcvif = NULL; 249 *mp = m; 250 251 if (m->m_len < hlen) { 252 error = EPERM; 253 goto bad; 254 } 255 256 error = uiomove(mtod(m, u_char *), len, uio); 257 if (error) 258 goto bad; 259 260 slen = bpf_filter(wfilter, mtod(m, u_char *), len, len); 261 if (slen == 0) { 262 error = EPERM; 263 goto bad; 264 } 265 266 /* 267 * Make room for link header, and copy it to sockaddr 268 */ 269 if (hlen != 0) { 270 bcopy(m->m_data, sockp->sa_data, hlen); 271 m->m_pkthdr.len -= hlen; 272 m->m_len -= hlen; 273#if BSD >= 199103 274 m->m_data += hlen; /* XXX */ 275#else 276 m->m_off += hlen; 277#endif 278 } 279 280 return (0); 281bad: 282 m_freem(m); 283 return (error); 284} 285 286/* 287 * Attach file to the bpf interface, i.e. make d listen on bp. 288 */ 289static void 290bpf_attachd(d, bp) 291 struct bpf_d *d; 292 struct bpf_if *bp; 293{ 294 /* 295 * Point d at bp, and add d to the interface's list of listeners. 296 * Finally, point the driver's bpf cookie at the interface so 297 * it will divert packets to bpf. 298 */ 299 BPFIF_LOCK(bp); 300 d->bd_bif = bp; 301 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 302 303 bpf_bpfd_cnt++; 304 *bp->bif_driverp = bp; 305 BPFIF_UNLOCK(bp); 306} 307 308/* 309 * Detach a file from its interface. 310 */ 311static void 312bpf_detachd(d) 313 struct bpf_d *d; 314{ 315 int error; 316 struct bpf_if *bp; 317 struct ifnet *ifp; 318 319 bp = d->bd_bif; 320 BPFIF_LOCK(bp); 321 BPFD_LOCK(d); 322 ifp = d->bd_bif->bif_ifp; 323 324 /* 325 * Remove d from the interface's descriptor list. 326 */ 327 LIST_REMOVE(d, bd_next); 328 329 bpf_bpfd_cnt--; 330 /* 331 * Let the driver know that there are no more listeners. 332 */ 333 if (LIST_EMPTY(&bp->bif_dlist)) 334 *bp->bif_driverp = NULL; 335 336 d->bd_bif = NULL; 337 BPFD_UNLOCK(d); 338 BPFIF_UNLOCK(bp); 339 340 /* 341 * Check if this descriptor had requested promiscuous mode. 342 * If so, turn it off. 343 */ 344 if (d->bd_promisc) { 345 d->bd_promisc = 0; 346 error = ifpromisc(ifp, 0); 347 if (error != 0 && error != ENXIO) { 348 /* 349 * ENXIO can happen if a pccard is unplugged 350 * Something is really wrong if we were able to put 351 * the driver into promiscuous mode, but can't 352 * take it out. 353 */ 354 if_printf(bp->bif_ifp, 355 "bpf_detach: ifpromisc failed (%d)\n", error); 356 } 357 } 358} 359 360/* 361 * Open ethernet device. Returns ENXIO for illegal minor device number, 362 * EBUSY if file is open by another process. 363 */ 364/* ARGSUSED */ 365static int 366bpfopen(dev, flags, fmt, td) 367 struct cdev *dev; 368 int flags; 369 int fmt; 370 struct thread *td; 371{ 372 struct bpf_d *d; 373 374 mtx_lock(&bpf_mtx); 375 d = dev->si_drv1; 376 /* 377 * Each minor can be opened by only one process. If the requested 378 * minor is in use, return EBUSY. 379 */ 380 if (d != NULL) { 381 mtx_unlock(&bpf_mtx); 382 return (EBUSY); 383 } 384 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */ 385 mtx_unlock(&bpf_mtx); 386 387 if ((dev->si_flags & SI_NAMED) == 0) 388 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 389 "bpf%d", dev2unit(dev)); 390 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 391 dev->si_drv1 = d; 392 d->bd_bufsize = bpf_bufsize; 393 d->bd_sig = SIGIO; 394 d->bd_seesent = 1; 395 d->bd_pid = td->td_proc->p_pid; 396#ifdef MAC 397 mac_init_bpfdesc(d); 398 mac_create_bpfdesc(td->td_ucred, d); 399#endif 400 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 401 callout_init(&d->bd_callout, NET_CALLOUT_MPSAFE); 402 knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL); 403 404 return (0); 405} 406 407/* 408 * Close the descriptor by detaching it from its interface, 409 * deallocating its buffers, and marking it free. 410 */ 411/* ARGSUSED */ 412static int 413bpfclose(dev, flags, fmt, td) 414 struct cdev *dev; 415 int flags; 416 int fmt; 417 struct thread *td; 418{ 419 struct bpf_d *d = dev->si_drv1; 420 421 BPFD_LOCK(d); 422 if (d->bd_state == BPF_WAITING) 423 callout_stop(&d->bd_callout); 424 d->bd_state = BPF_IDLE; 425 BPFD_UNLOCK(d); 426 funsetown(&d->bd_sigio); 427 mtx_lock(&bpf_mtx); 428 if (d->bd_bif) 429 bpf_detachd(d); 430 mtx_unlock(&bpf_mtx); 431 selwakeuppri(&d->bd_sel, PRINET); 432#ifdef MAC 433 mac_destroy_bpfdesc(d); 434#endif /* MAC */ 435 knlist_destroy(&d->bd_sel.si_note); 436 bpf_freed(d); 437 dev->si_drv1 = NULL; 438 free(d, M_BPF); 439 440 return (0); 441} 442 443 444/* 445 * Rotate the packet buffers in descriptor d. Move the store buffer 446 * into the hold slot, and the free buffer into the store slot. 447 * Zero the length of the new store buffer. 448 */ 449#define ROTATE_BUFFERS(d) \ 450 (d)->bd_hbuf = (d)->bd_sbuf; \ 451 (d)->bd_hlen = (d)->bd_slen; \ 452 (d)->bd_sbuf = (d)->bd_fbuf; \ 453 (d)->bd_slen = 0; \ 454 (d)->bd_fbuf = NULL; 455/* 456 * bpfread - read next chunk of packets from buffers 457 */ 458static int 459bpfread(dev, uio, ioflag) 460 struct cdev *dev; 461 struct uio *uio; 462 int ioflag; 463{ 464 struct bpf_d *d = dev->si_drv1; 465 int timed_out; 466 int error; 467 468 /* 469 * Restrict application to use a buffer the same size as 470 * as kernel buffers. 471 */ 472 if (uio->uio_resid != d->bd_bufsize) 473 return (EINVAL); 474 475 BPFD_LOCK(d); 476 if (d->bd_state == BPF_WAITING) 477 callout_stop(&d->bd_callout); 478 timed_out = (d->bd_state == BPF_TIMED_OUT); 479 d->bd_state = BPF_IDLE; 480 /* 481 * If the hold buffer is empty, then do a timed sleep, which 482 * ends when the timeout expires or when enough packets 483 * have arrived to fill the store buffer. 484 */ 485 while (d->bd_hbuf == NULL) { 486 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 487 /* 488 * A packet(s) either arrived since the previous 489 * read or arrived while we were asleep. 490 * Rotate the buffers and return what's here. 491 */ 492 ROTATE_BUFFERS(d); 493 break; 494 } 495 496 /* 497 * No data is available, check to see if the bpf device 498 * is still pointed at a real interface. If not, return 499 * ENXIO so that the userland process knows to rebind 500 * it before using it again. 501 */ 502 if (d->bd_bif == NULL) { 503 BPFD_UNLOCK(d); 504 return (ENXIO); 505 } 506 507 if (ioflag & O_NONBLOCK) { 508 BPFD_UNLOCK(d); 509 return (EWOULDBLOCK); 510 } 511 error = msleep(d, &d->bd_mtx, PRINET|PCATCH, 512 "bpf", d->bd_rtout); 513 if (error == EINTR || error == ERESTART) { 514 BPFD_UNLOCK(d); 515 return (error); 516 } 517 if (error == EWOULDBLOCK) { 518 /* 519 * On a timeout, return what's in the buffer, 520 * which may be nothing. If there is something 521 * in the store buffer, we can rotate the buffers. 522 */ 523 if (d->bd_hbuf) 524 /* 525 * We filled up the buffer in between 526 * getting the timeout and arriving 527 * here, so we don't need to rotate. 528 */ 529 break; 530 531 if (d->bd_slen == 0) { 532 BPFD_UNLOCK(d); 533 return (0); 534 } 535 ROTATE_BUFFERS(d); 536 break; 537 } 538 } 539 /* 540 * At this point, we know we have something in the hold slot. 541 */ 542 BPFD_UNLOCK(d); 543 544 /* 545 * Move data from hold buffer into user space. 546 * We know the entire buffer is transferred since 547 * we checked above that the read buffer is bpf_bufsize bytes. 548 */ 549 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 550 551 BPFD_LOCK(d); 552 d->bd_fbuf = d->bd_hbuf; 553 d->bd_hbuf = NULL; 554 d->bd_hlen = 0; 555 BPFD_UNLOCK(d); 556 557 return (error); 558} 559 560 561/* 562 * If there are processes sleeping on this descriptor, wake them up. 563 */ 564static __inline void 565bpf_wakeup(d) 566 struct bpf_d *d; 567{ 568 569 BPFD_LOCK_ASSERT(d); 570 if (d->bd_state == BPF_WAITING) { 571 callout_stop(&d->bd_callout); 572 d->bd_state = BPF_IDLE; 573 } 574 wakeup(d); 575 if (d->bd_async && d->bd_sig && d->bd_sigio) 576 pgsigio(&d->bd_sigio, d->bd_sig, 0); 577 578 selwakeuppri(&d->bd_sel, PRINET); 579 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 580} 581 582static void 583bpf_timed_out(arg) 584 void *arg; 585{ 586 struct bpf_d *d = (struct bpf_d *)arg; 587 588 BPFD_LOCK(d); 589 if (d->bd_state == BPF_WAITING) { 590 d->bd_state = BPF_TIMED_OUT; 591 if (d->bd_slen != 0) 592 bpf_wakeup(d); 593 } 594 BPFD_UNLOCK(d); 595} 596 597static int 598bpfwrite(dev, uio, ioflag) 599 struct cdev *dev; 600 struct uio *uio; 601 int ioflag; 602{ 603 struct bpf_d *d = dev->si_drv1; 604 struct ifnet *ifp; 605 struct mbuf *m; 606 int error; 607 struct sockaddr dst; 608 609 if (d->bd_bif == NULL) 610 return (ENXIO); 611 612 ifp = d->bd_bif->bif_ifp; 613 614 if ((ifp->if_flags & IFF_UP) == 0) 615 return (ENETDOWN); 616 617 if (uio->uio_resid == 0) 618 return (0); 619 620 bzero(&dst, sizeof(dst)); 621 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, 622 &m, &dst, d->bd_wfilter); 623 if (error) 624 return (error); 625 626 if (d->bd_hdrcmplt) 627 dst.sa_family = pseudo_AF_HDRCMPLT; 628 629#ifdef MAC 630 BPFD_LOCK(d); 631 mac_create_mbuf_from_bpfdesc(d, m); 632 BPFD_UNLOCK(d); 633#endif 634 NET_LOCK_GIANT(); 635 error = (*ifp->if_output)(ifp, m, &dst, NULL); 636 NET_UNLOCK_GIANT(); 637 /* 638 * The driver frees the mbuf. 639 */ 640 return (error); 641} 642 643/* 644 * Reset a descriptor by flushing its packet buffer and clearing the 645 * receive and drop counts. 646 */ 647static void 648reset_d(d) 649 struct bpf_d *d; 650{ 651 652 mtx_assert(&d->bd_mtx, MA_OWNED); 653 if (d->bd_hbuf) { 654 /* Free the hold buffer. */ 655 d->bd_fbuf = d->bd_hbuf; 656 d->bd_hbuf = NULL; 657 } 658 d->bd_slen = 0; 659 d->bd_hlen = 0; 660 d->bd_rcount = 0; 661 d->bd_dcount = 0; 662 d->bd_fcount = 0; 663} 664 665/* 666 * FIONREAD Check for read packet available. 667 * SIOCGIFADDR Get interface address - convenient hook to driver. 668 * BIOCGBLEN Get buffer len [for read()]. 669 * BIOCSETF Set ethernet read filter. 670 * BIOCSETWF Set ethernet write filter. 671 * BIOCFLUSH Flush read packet buffer. 672 * BIOCPROMISC Put interface into promiscuous mode. 673 * BIOCGDLT Get link layer type. 674 * BIOCGETIF Get interface name. 675 * BIOCSETIF Set interface. 676 * BIOCSRTIMEOUT Set read timeout. 677 * BIOCGRTIMEOUT Get read timeout. 678 * BIOCGSTATS Get packet stats. 679 * BIOCIMMEDIATE Set immediate mode. 680 * BIOCVERSION Get filter language version. 681 * BIOCGHDRCMPLT Get "header already complete" flag 682 * BIOCSHDRCMPLT Set "header already complete" flag 683 * BIOCGSEESENT Get "see packets sent" flag 684 * BIOCSSEESENT Set "see packets sent" flag 685 * BIOCLOCK Set "locked" flag 686 */ 687/* ARGSUSED */ 688static int 689bpfioctl(dev, cmd, addr, flags, td) 690 struct cdev *dev; 691 u_long cmd; 692 caddr_t addr; 693 int flags; 694 struct thread *td; 695{ 696 struct bpf_d *d = dev->si_drv1; 697 int error = 0; 698 699 /* 700 * Refresh PID associated with this descriptor. 701 */ 702 BPFD_LOCK(d); 703 d->bd_pid = td->td_proc->p_pid; 704 if (d->bd_state == BPF_WAITING) 705 callout_stop(&d->bd_callout); 706 d->bd_state = BPF_IDLE; 707 BPFD_UNLOCK(d); 708 709 if (d->bd_locked == 1) { 710 switch (cmd) { 711 case BIOCGBLEN: 712 case BIOCFLUSH: 713 case BIOCGDLT: 714 case BIOCGDLTLIST: 715 case BIOCGETIF: 716 case BIOCGRTIMEOUT: 717 case BIOCGSTATS: 718 case BIOCVERSION: 719 case BIOCGRSIG: 720 case BIOCGHDRCMPLT: 721 case FIONREAD: 722 case BIOCLOCK: 723 case BIOCSRTIMEOUT: 724 case BIOCIMMEDIATE: 725 case TIOCGPGRP: 726 break; 727 default: 728 return (EPERM); 729 } 730 } 731 switch (cmd) { 732 733 default: 734 error = EINVAL; 735 break; 736 737 /* 738 * Check for read packet available. 739 */ 740 case FIONREAD: 741 { 742 int n; 743 744 BPFD_LOCK(d); 745 n = d->bd_slen; 746 if (d->bd_hbuf) 747 n += d->bd_hlen; 748 BPFD_UNLOCK(d); 749 750 *(int *)addr = n; 751 break; 752 } 753 754 case SIOCGIFADDR: 755 { 756 struct ifnet *ifp; 757 758 if (d->bd_bif == NULL) 759 error = EINVAL; 760 else { 761 ifp = d->bd_bif->bif_ifp; 762 error = (*ifp->if_ioctl)(ifp, cmd, addr); 763 } 764 break; 765 } 766 767 /* 768 * Get buffer len [for read()]. 769 */ 770 case BIOCGBLEN: 771 *(u_int *)addr = d->bd_bufsize; 772 break; 773 774 /* 775 * Set buffer length. 776 */ 777 case BIOCSBLEN: 778 if (d->bd_bif != NULL) 779 error = EINVAL; 780 else { 781 u_int size = *(u_int *)addr; 782 783 if (size > bpf_maxbufsize) 784 *(u_int *)addr = size = bpf_maxbufsize; 785 else if (size < BPF_MINBUFSIZE) 786 *(u_int *)addr = size = BPF_MINBUFSIZE; 787 d->bd_bufsize = size; 788 } 789 break; 790 791 /* 792 * Set link layer read filter. 793 */ 794 case BIOCSETF: 795 case BIOCSETWF: 796 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 797 break; 798 799 /* 800 * Flush read packet buffer. 801 */ 802 case BIOCFLUSH: 803 BPFD_LOCK(d); 804 reset_d(d); 805 BPFD_UNLOCK(d); 806 break; 807 808 /* 809 * Put interface into promiscuous mode. 810 */ 811 case BIOCPROMISC: 812 if (d->bd_bif == NULL) { 813 /* 814 * No interface attached yet. 815 */ 816 error = EINVAL; 817 break; 818 } 819 if (d->bd_promisc == 0) { 820 mtx_lock(&Giant); 821 error = ifpromisc(d->bd_bif->bif_ifp, 1); 822 mtx_unlock(&Giant); 823 if (error == 0) 824 d->bd_promisc = 1; 825 } 826 break; 827 828 /* 829 * Get current data link type. 830 */ 831 case BIOCGDLT: 832 if (d->bd_bif == NULL) 833 error = EINVAL; 834 else 835 *(u_int *)addr = d->bd_bif->bif_dlt; 836 break; 837 838 /* 839 * Get a list of supported data link types. 840 */ 841 case BIOCGDLTLIST: 842 if (d->bd_bif == NULL) 843 error = EINVAL; 844 else 845 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 846 break; 847 848 /* 849 * Set data link type. 850 */ 851 case BIOCSDLT: 852 if (d->bd_bif == NULL) 853 error = EINVAL; 854 else 855 error = bpf_setdlt(d, *(u_int *)addr); 856 break; 857 858 /* 859 * Get interface name. 860 */ 861 case BIOCGETIF: 862 if (d->bd_bif == NULL) 863 error = EINVAL; 864 else { 865 struct ifnet *const ifp = d->bd_bif->bif_ifp; 866 struct ifreq *const ifr = (struct ifreq *)addr; 867 868 strlcpy(ifr->ifr_name, ifp->if_xname, 869 sizeof(ifr->ifr_name)); 870 } 871 break; 872 873 /* 874 * Set interface. 875 */ 876 case BIOCSETIF: 877 error = bpf_setif(d, (struct ifreq *)addr); 878 break; 879 880 /* 881 * Set read timeout. 882 */ 883 case BIOCSRTIMEOUT: 884 { 885 struct timeval *tv = (struct timeval *)addr; 886 887 /* 888 * Subtract 1 tick from tvtohz() since this isn't 889 * a one-shot timer. 890 */ 891 if ((error = itimerfix(tv)) == 0) 892 d->bd_rtout = tvtohz(tv) - 1; 893 break; 894 } 895 896 /* 897 * Get read timeout. 898 */ 899 case BIOCGRTIMEOUT: 900 { 901 struct timeval *tv = (struct timeval *)addr; 902 903 tv->tv_sec = d->bd_rtout / hz; 904 tv->tv_usec = (d->bd_rtout % hz) * tick; 905 break; 906 } 907 908 /* 909 * Get packet stats. 910 */ 911 case BIOCGSTATS: 912 { 913 struct bpf_stat *bs = (struct bpf_stat *)addr; 914 915 bs->bs_recv = d->bd_rcount; 916 bs->bs_drop = d->bd_dcount; 917 break; 918 } 919 920 /* 921 * Set immediate mode. 922 */ 923 case BIOCIMMEDIATE: 924 d->bd_immediate = *(u_int *)addr; 925 break; 926 927 case BIOCVERSION: 928 { 929 struct bpf_version *bv = (struct bpf_version *)addr; 930 931 bv->bv_major = BPF_MAJOR_VERSION; 932 bv->bv_minor = BPF_MINOR_VERSION; 933 break; 934 } 935 936 /* 937 * Get "header already complete" flag 938 */ 939 case BIOCGHDRCMPLT: 940 *(u_int *)addr = d->bd_hdrcmplt; 941 break; 942 943 case BIOCLOCK: 944 d->bd_locked = 1; 945 break; 946 /* 947 * Set "header already complete" flag 948 */ 949 case BIOCSHDRCMPLT: 950 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 951 break; 952 953 /* 954 * Get "see sent packets" flag 955 */ 956 case BIOCGSEESENT: 957 *(u_int *)addr = d->bd_seesent; 958 break; 959 960 /* 961 * Set "see sent packets" flag 962 */ 963 case BIOCSSEESENT: 964 d->bd_seesent = *(u_int *)addr; 965 break; 966 967 case FIONBIO: /* Non-blocking I/O */ 968 break; 969 970 case FIOASYNC: /* Send signal on receive packets */ 971 d->bd_async = *(int *)addr; 972 break; 973 974 case FIOSETOWN: 975 error = fsetown(*(int *)addr, &d->bd_sigio); 976 break; 977 978 case FIOGETOWN: 979 *(int *)addr = fgetown(&d->bd_sigio); 980 break; 981 982 /* This is deprecated, FIOSETOWN should be used instead. */ 983 case TIOCSPGRP: 984 error = fsetown(-(*(int *)addr), &d->bd_sigio); 985 break; 986 987 /* This is deprecated, FIOGETOWN should be used instead. */ 988 case TIOCGPGRP: 989 *(int *)addr = -fgetown(&d->bd_sigio); 990 break; 991 992 case BIOCSRSIG: /* Set receive signal */ 993 { 994 u_int sig; 995 996 sig = *(u_int *)addr; 997 998 if (sig >= NSIG) 999 error = EINVAL; 1000 else 1001 d->bd_sig = sig; 1002 break; 1003 } 1004 case BIOCGRSIG: 1005 *(u_int *)addr = d->bd_sig; 1006 break; 1007 } 1008 return (error); 1009} 1010 1011/* 1012 * Set d's packet filter program to fp. If this file already has a filter, 1013 * free it and replace it. Returns EINVAL for bogus requests. 1014 */ 1015static int 1016bpf_setf(d, fp, cmd) 1017 struct bpf_d *d; 1018 struct bpf_program *fp; 1019 u_long cmd; 1020{ 1021 struct bpf_insn *fcode, *old; 1022 u_int wfilter, flen, size; 1023#ifdef BPF_JITTER 1024 bpf_jit_filter *ofunc; 1025#endif 1026 1027 if (cmd == BIOCSETWF) { 1028 old = d->bd_wfilter; 1029 wfilter = 1; 1030#ifdef BPF_JITTER 1031 ofunc = NULL; 1032#endif 1033 } else { 1034 wfilter = 0; 1035 old = d->bd_rfilter; 1036#ifdef BPF_JITTER 1037 ofunc = d->bd_bfilter; 1038#endif 1039 } 1040 if (fp->bf_insns == NULL) { 1041 if (fp->bf_len != 0) 1042 return (EINVAL); 1043 BPFD_LOCK(d); 1044 if (wfilter) 1045 d->bd_wfilter = NULL; 1046 else { 1047 d->bd_rfilter = NULL; 1048#ifdef BPF_JITTER 1049 d->bd_bfilter = NULL; 1050#endif 1051 } 1052 reset_d(d); 1053 BPFD_UNLOCK(d); 1054 if (old != NULL) 1055 free((caddr_t)old, M_BPF); 1056#ifdef BPF_JITTER 1057 if (ofunc != NULL) 1058 bpf_destroy_jit_filter(ofunc); 1059#endif 1060 return (0); 1061 } 1062 flen = fp->bf_len; 1063 if (flen > bpf_maxinsns) 1064 return (EINVAL); 1065 1066 size = flen * sizeof(*fp->bf_insns); 1067 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 1068 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 1069 bpf_validate(fcode, (int)flen)) { 1070 BPFD_LOCK(d); 1071 if (wfilter) 1072 d->bd_wfilter = fcode; 1073 else { 1074 d->bd_rfilter = fcode; 1075#ifdef BPF_JITTER 1076 d->bd_bfilter = bpf_jitter(fcode, flen); 1077#endif 1078 } 1079 reset_d(d); 1080 BPFD_UNLOCK(d); 1081 if (old != NULL) 1082 free((caddr_t)old, M_BPF); 1083#ifdef BPF_JITTER 1084 if (ofunc != NULL) 1085 bpf_destroy_jit_filter(ofunc); 1086#endif 1087 1088 return (0); 1089 } 1090 free((caddr_t)fcode, M_BPF); 1091 return (EINVAL); 1092} 1093 1094/* 1095 * Detach a file from its current interface (if attached at all) and attach 1096 * to the interface indicated by the name stored in ifr. 1097 * Return an errno or 0. 1098 */ 1099static int 1100bpf_setif(d, ifr) 1101 struct bpf_d *d; 1102 struct ifreq *ifr; 1103{ 1104 struct bpf_if *bp; 1105 int error; 1106 struct ifnet *theywant; 1107 1108 theywant = ifunit(ifr->ifr_name); 1109 if (theywant == NULL) 1110 return ENXIO; 1111 1112 /* 1113 * Look through attached interfaces for the named one. 1114 */ 1115 mtx_lock(&bpf_mtx); 1116 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1117 struct ifnet *ifp = bp->bif_ifp; 1118 1119 if (ifp == NULL || ifp != theywant) 1120 continue; 1121 /* skip additional entry */ 1122 if (bp->bif_driverp != &ifp->if_bpf) 1123 continue; 1124 1125 mtx_unlock(&bpf_mtx); 1126 /* 1127 * We found the requested interface. 1128 * Allocate the packet buffers if we need to. 1129 * If we're already attached to requested interface, 1130 * just flush the buffer. 1131 */ 1132 if (d->bd_sbuf == NULL) { 1133 error = bpf_allocbufs(d); 1134 if (error != 0) 1135 return (error); 1136 } 1137 if (bp != d->bd_bif) { 1138 if (d->bd_bif) 1139 /* 1140 * Detach if attached to something else. 1141 */ 1142 bpf_detachd(d); 1143 1144 bpf_attachd(d, bp); 1145 } 1146 BPFD_LOCK(d); 1147 reset_d(d); 1148 BPFD_UNLOCK(d); 1149 return (0); 1150 } 1151 mtx_unlock(&bpf_mtx); 1152 /* Not found. */ 1153 return (ENXIO); 1154} 1155 1156/* 1157 * Support for select() and poll() system calls 1158 * 1159 * Return true iff the specific operation will not block indefinitely. 1160 * Otherwise, return false but make a note that a selwakeup() must be done. 1161 */ 1162static int 1163bpfpoll(dev, events, td) 1164 struct cdev *dev; 1165 int events; 1166 struct thread *td; 1167{ 1168 struct bpf_d *d; 1169 int revents; 1170 1171 d = dev->si_drv1; 1172 if (d->bd_bif == NULL) 1173 return (ENXIO); 1174 1175 /* 1176 * Refresh PID associated with this descriptor. 1177 */ 1178 revents = events & (POLLOUT | POLLWRNORM); 1179 BPFD_LOCK(d); 1180 d->bd_pid = td->td_proc->p_pid; 1181 if (events & (POLLIN | POLLRDNORM)) { 1182 if (bpf_ready(d)) 1183 revents |= events & (POLLIN | POLLRDNORM); 1184 else { 1185 selrecord(td, &d->bd_sel); 1186 /* Start the read timeout if necessary. */ 1187 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1188 callout_reset(&d->bd_callout, d->bd_rtout, 1189 bpf_timed_out, d); 1190 d->bd_state = BPF_WAITING; 1191 } 1192 } 1193 } 1194 BPFD_UNLOCK(d); 1195 return (revents); 1196} 1197 1198/* 1199 * Support for kevent() system call. Register EVFILT_READ filters and 1200 * reject all others. 1201 */ 1202int 1203bpfkqfilter(dev, kn) 1204 struct cdev *dev; 1205 struct knote *kn; 1206{ 1207 struct bpf_d *d = (struct bpf_d *)dev->si_drv1; 1208 1209 if (kn->kn_filter != EVFILT_READ) 1210 return (1); 1211 1212 /* 1213 * Refresh PID associated with this descriptor. 1214 */ 1215 BPFD_LOCK(d); 1216 d->bd_pid = curthread->td_proc->p_pid; 1217 kn->kn_fop = &bpfread_filtops; 1218 kn->kn_hook = d; 1219 knlist_add(&d->bd_sel.si_note, kn, 0); 1220 BPFD_UNLOCK(d); 1221 1222 return (0); 1223} 1224 1225static void 1226filt_bpfdetach(kn) 1227 struct knote *kn; 1228{ 1229 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1230 1231 BPFD_LOCK(d); 1232 knlist_remove(&d->bd_sel.si_note, kn, 0); 1233 BPFD_UNLOCK(d); 1234} 1235 1236static int 1237filt_bpfread(kn, hint) 1238 struct knote *kn; 1239 long hint; 1240{ 1241 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1242 int ready; 1243 1244 BPFD_LOCK_ASSERT(d); 1245 ready = bpf_ready(d); 1246 if (ready) { 1247 kn->kn_data = d->bd_slen; 1248 if (d->bd_hbuf) 1249 kn->kn_data += d->bd_hlen; 1250 } 1251 else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1252 callout_reset(&d->bd_callout, d->bd_rtout, 1253 bpf_timed_out, d); 1254 d->bd_state = BPF_WAITING; 1255 } 1256 1257 return (ready); 1258} 1259 1260/* 1261 * Incoming linkage from device drivers. Process the packet pkt, of length 1262 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1263 * by each process' filter, and if accepted, stashed into the corresponding 1264 * buffer. 1265 */ 1266void 1267bpf_tap(bp, pkt, pktlen) 1268 struct bpf_if *bp; 1269 u_char *pkt; 1270 u_int pktlen; 1271{ 1272 struct bpf_d *d; 1273 u_int slen; 1274 1275 /* 1276 * Lockless read to avoid cost of locking the interface if there are 1277 * no descriptors attached. 1278 */ 1279 if (LIST_EMPTY(&bp->bif_dlist)) 1280 return; 1281 1282 BPFIF_LOCK(bp); 1283 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1284 BPFD_LOCK(d); 1285 ++d->bd_rcount; 1286#ifdef BPF_JITTER 1287 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL) 1288 slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen); 1289 else 1290#endif 1291 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1292 if (slen != 0) { 1293 d->bd_fcount++; 1294#ifdef MAC 1295 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1296#endif 1297 catchpacket(d, pkt, pktlen, slen, bcopy); 1298 } 1299 BPFD_UNLOCK(d); 1300 } 1301 BPFIF_UNLOCK(bp); 1302} 1303 1304/* 1305 * Copy data from an mbuf chain into a buffer. This code is derived 1306 * from m_copydata in sys/uipc_mbuf.c. 1307 */ 1308static void 1309bpf_mcopy(src_arg, dst_arg, len) 1310 const void *src_arg; 1311 void *dst_arg; 1312 size_t len; 1313{ 1314 const struct mbuf *m; 1315 u_int count; 1316 u_char *dst; 1317 1318 m = src_arg; 1319 dst = dst_arg; 1320 while (len > 0) { 1321 if (m == NULL) 1322 panic("bpf_mcopy"); 1323 count = min(m->m_len, len); 1324 bcopy(mtod(m, void *), dst, count); 1325 m = m->m_next; 1326 dst += count; 1327 len -= count; 1328 } 1329} 1330 1331/* 1332 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1333 */ 1334void 1335bpf_mtap(bp, m) 1336 struct bpf_if *bp; 1337 struct mbuf *m; 1338{ 1339 struct bpf_d *d; 1340 u_int pktlen, slen; 1341 1342 /* 1343 * Lockless read to avoid cost of locking the interface if there are 1344 * no descriptors attached. 1345 */ 1346 if (LIST_EMPTY(&bp->bif_dlist)) 1347 return; 1348 1349 pktlen = m_length(m, NULL); 1350 1351 BPFIF_LOCK(bp); 1352 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1353 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1354 continue; 1355 BPFD_LOCK(d); 1356 ++d->bd_rcount; 1357#ifdef BPF_JITTER 1358 /* XXX We cannot handle multiple mbufs. */ 1359 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL && 1360 m->m_next == NULL) 1361 slen = (*(d->bd_bfilter->func))(mtod(m, u_char *), 1362 pktlen, pktlen); 1363 else 1364#endif 1365 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1366 if (slen != 0) { 1367 d->bd_fcount++; 1368#ifdef MAC 1369 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1370#endif 1371 catchpacket(d, (u_char *)m, pktlen, slen, 1372 bpf_mcopy); 1373 } 1374 BPFD_UNLOCK(d); 1375 } 1376 BPFIF_UNLOCK(bp); 1377} 1378 1379/* 1380 * Incoming linkage from device drivers, when packet is in 1381 * an mbuf chain and to be prepended by a contiguous header. 1382 */ 1383void 1384bpf_mtap2(bp, data, dlen, m) 1385 struct bpf_if *bp; 1386 void *data; 1387 u_int dlen; 1388 struct mbuf *m; 1389{ 1390 struct mbuf mb; 1391 struct bpf_d *d; 1392 u_int pktlen, slen; 1393 1394 /* 1395 * Lockless read to avoid cost of locking the interface if there are 1396 * no descriptors attached. 1397 */ 1398 if (LIST_EMPTY(&bp->bif_dlist)) 1399 return; 1400 1401 pktlen = m_length(m, NULL); 1402 /* 1403 * Craft on-stack mbuf suitable for passing to bpf_filter. 1404 * Note that we cut corners here; we only setup what's 1405 * absolutely needed--this mbuf should never go anywhere else. 1406 */ 1407 mb.m_next = m; 1408 mb.m_data = data; 1409 mb.m_len = dlen; 1410 pktlen += dlen; 1411 1412 BPFIF_LOCK(bp); 1413 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1414 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1415 continue; 1416 BPFD_LOCK(d); 1417 ++d->bd_rcount; 1418 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 1419 if (slen != 0) { 1420 d->bd_fcount++; 1421#ifdef MAC 1422 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1423#endif 1424 catchpacket(d, (u_char *)&mb, pktlen, slen, 1425 bpf_mcopy); 1426 } 1427 BPFD_UNLOCK(d); 1428 } 1429 BPFIF_UNLOCK(bp); 1430} 1431 1432/* 1433 * Move the packet data from interface memory (pkt) into the 1434 * store buffer. "cpfn" is the routine called to do the actual data 1435 * transfer. bcopy is passed in to copy contiguous chunks, while 1436 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1437 * pkt is really an mbuf. 1438 */ 1439static void 1440catchpacket(d, pkt, pktlen, snaplen, cpfn) 1441 struct bpf_d *d; 1442 u_char *pkt; 1443 u_int pktlen, snaplen; 1444 void (*cpfn)(const void *, void *, size_t); 1445{ 1446 struct bpf_hdr *hp; 1447 int totlen, curlen; 1448 int hdrlen = d->bd_bif->bif_hdrlen; 1449 int do_wakeup = 0; 1450 1451 BPFD_LOCK_ASSERT(d); 1452 /* 1453 * Figure out how many bytes to move. If the packet is 1454 * greater or equal to the snapshot length, transfer that 1455 * much. Otherwise, transfer the whole packet (unless 1456 * we hit the buffer size limit). 1457 */ 1458 totlen = hdrlen + min(snaplen, pktlen); 1459 if (totlen > d->bd_bufsize) 1460 totlen = d->bd_bufsize; 1461 1462 /* 1463 * Round up the end of the previous packet to the next longword. 1464 */ 1465 curlen = BPF_WORDALIGN(d->bd_slen); 1466 if (curlen + totlen > d->bd_bufsize) { 1467 /* 1468 * This packet will overflow the storage buffer. 1469 * Rotate the buffers if we can, then wakeup any 1470 * pending reads. 1471 */ 1472 if (d->bd_fbuf == NULL) { 1473 /* 1474 * We haven't completed the previous read yet, 1475 * so drop the packet. 1476 */ 1477 ++d->bd_dcount; 1478 return; 1479 } 1480 ROTATE_BUFFERS(d); 1481 do_wakeup = 1; 1482 curlen = 0; 1483 } 1484 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1485 /* 1486 * Immediate mode is set, or the read timeout has 1487 * already expired during a select call. A packet 1488 * arrived, so the reader should be woken up. 1489 */ 1490 do_wakeup = 1; 1491 1492 /* 1493 * Append the bpf header. 1494 */ 1495 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1496 microtime(&hp->bh_tstamp); 1497 hp->bh_datalen = pktlen; 1498 hp->bh_hdrlen = hdrlen; 1499 /* 1500 * Copy the packet data into the store buffer and update its length. 1501 */ 1502 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1503 d->bd_slen = curlen + totlen; 1504 1505 if (do_wakeup) 1506 bpf_wakeup(d); 1507} 1508 1509/* 1510 * Initialize all nonzero fields of a descriptor. 1511 */ 1512static int 1513bpf_allocbufs(d) 1514 struct bpf_d *d; 1515{ 1516 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1517 if (d->bd_fbuf == NULL) 1518 return (ENOBUFS); 1519 1520 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1521 if (d->bd_sbuf == NULL) { 1522 free(d->bd_fbuf, M_BPF); 1523 return (ENOBUFS); 1524 } 1525 d->bd_slen = 0; 1526 d->bd_hlen = 0; 1527 return (0); 1528} 1529 1530/* 1531 * Free buffers currently in use by a descriptor. 1532 * Called on close. 1533 */ 1534static void 1535bpf_freed(d) 1536 struct bpf_d *d; 1537{ 1538 /* 1539 * We don't need to lock out interrupts since this descriptor has 1540 * been detached from its interface and it yet hasn't been marked 1541 * free. 1542 */ 1543 if (d->bd_sbuf != NULL) { 1544 free(d->bd_sbuf, M_BPF); 1545 if (d->bd_hbuf != NULL) 1546 free(d->bd_hbuf, M_BPF); 1547 if (d->bd_fbuf != NULL) 1548 free(d->bd_fbuf, M_BPF); 1549 } 1550 if (d->bd_rfilter) { 1551 free((caddr_t)d->bd_rfilter, M_BPF); 1552#ifdef BPF_JITTER 1553 bpf_destroy_jit_filter(d->bd_bfilter); 1554#endif 1555 } 1556 if (d->bd_wfilter) 1557 free((caddr_t)d->bd_wfilter, M_BPF); 1558 mtx_destroy(&d->bd_mtx); 1559} 1560 1561/* 1562 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1563 * fixed size of the link header (variable length headers not yet supported). 1564 */ 1565void 1566bpfattach(ifp, dlt, hdrlen) 1567 struct ifnet *ifp; 1568 u_int dlt, hdrlen; 1569{ 1570 1571 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1572} 1573 1574/* 1575 * Attach an interface to bpf. ifp is a pointer to the structure 1576 * defining the interface to be attached, dlt is the link layer type, 1577 * and hdrlen is the fixed size of the link header (variable length 1578 * headers are not yet supporrted). 1579 */ 1580void 1581bpfattach2(ifp, dlt, hdrlen, driverp) 1582 struct ifnet *ifp; 1583 u_int dlt, hdrlen; 1584 struct bpf_if **driverp; 1585{ 1586 struct bpf_if *bp; 1587 bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 1588 if (bp == NULL) 1589 panic("bpfattach"); 1590 1591 LIST_INIT(&bp->bif_dlist); 1592 bp->bif_driverp = driverp; 1593 bp->bif_ifp = ifp; 1594 bp->bif_dlt = dlt; 1595 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 1596 1597 mtx_lock(&bpf_mtx); 1598 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 1599 mtx_unlock(&bpf_mtx); 1600 1601 *bp->bif_driverp = NULL; 1602 1603 /* 1604 * Compute the length of the bpf header. This is not necessarily 1605 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1606 * that the network layer header begins on a longword boundary (for 1607 * performance reasons and to alleviate alignment restrictions). 1608 */ 1609 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1610 1611 if (bootverbose) 1612 if_printf(ifp, "bpf attached\n"); 1613} 1614 1615/* 1616 * Detach bpf from an interface. This involves detaching each descriptor 1617 * associated with the interface, and leaving bd_bif NULL. Notify each 1618 * descriptor as it's detached so that any sleepers wake up and get 1619 * ENXIO. 1620 */ 1621void 1622bpfdetach(ifp) 1623 struct ifnet *ifp; 1624{ 1625 struct bpf_if *bp; 1626 struct bpf_d *d; 1627 1628 /* Locate BPF interface information */ 1629 mtx_lock(&bpf_mtx); 1630 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1631 if (ifp == bp->bif_ifp) 1632 break; 1633 } 1634 1635 /* Interface wasn't attached */ 1636 if ((bp == NULL) || (bp->bif_ifp == NULL)) { 1637 mtx_unlock(&bpf_mtx); 1638 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1639 return; 1640 } 1641 1642 LIST_REMOVE(bp, bif_next); 1643 mtx_unlock(&bpf_mtx); 1644 1645 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { 1646 bpf_detachd(d); 1647 BPFD_LOCK(d); 1648 bpf_wakeup(d); 1649 BPFD_UNLOCK(d); 1650 } 1651 1652 mtx_destroy(&bp->bif_mtx); 1653 free(bp, M_BPF); 1654} 1655 1656/* 1657 * Get a list of available data link type of the interface. 1658 */ 1659static int 1660bpf_getdltlist(d, bfl) 1661 struct bpf_d *d; 1662 struct bpf_dltlist *bfl; 1663{ 1664 int n, error; 1665 struct ifnet *ifp; 1666 struct bpf_if *bp; 1667 1668 ifp = d->bd_bif->bif_ifp; 1669 n = 0; 1670 error = 0; 1671 mtx_lock(&bpf_mtx); 1672 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1673 if (bp->bif_ifp != ifp) 1674 continue; 1675 if (bfl->bfl_list != NULL) { 1676 if (n >= bfl->bfl_len) { 1677 mtx_unlock(&bpf_mtx); 1678 return (ENOMEM); 1679 } 1680 error = copyout(&bp->bif_dlt, 1681 bfl->bfl_list + n, sizeof(u_int)); 1682 } 1683 n++; 1684 } 1685 mtx_unlock(&bpf_mtx); 1686 bfl->bfl_len = n; 1687 return (error); 1688} 1689 1690/* 1691 * Set the data link type of a BPF instance. 1692 */ 1693static int 1694bpf_setdlt(d, dlt) 1695 struct bpf_d *d; 1696 u_int dlt; 1697{ 1698 int error, opromisc; 1699 struct ifnet *ifp; 1700 struct bpf_if *bp; 1701 1702 if (d->bd_bif->bif_dlt == dlt) 1703 return (0); 1704 ifp = d->bd_bif->bif_ifp; 1705 mtx_lock(&bpf_mtx); 1706 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1707 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1708 break; 1709 } 1710 mtx_unlock(&bpf_mtx); 1711 if (bp != NULL) { 1712 opromisc = d->bd_promisc; 1713 bpf_detachd(d); 1714 bpf_attachd(d, bp); 1715 BPFD_LOCK(d); 1716 reset_d(d); 1717 BPFD_UNLOCK(d); 1718 if (opromisc) { 1719 error = ifpromisc(bp->bif_ifp, 1); 1720 if (error) 1721 if_printf(bp->bif_ifp, 1722 "bpf_setdlt: ifpromisc failed (%d)\n", 1723 error); 1724 else 1725 d->bd_promisc = 1; 1726 } 1727 } 1728 return (bp == NULL ? EINVAL : 0); 1729} 1730 1731static void 1732bpf_clone(arg, cred, name, namelen, dev) 1733 void *arg; 1734 struct ucred *cred; 1735 char *name; 1736 int namelen; 1737 struct cdev **dev; 1738{ 1739 int u; 1740 1741 if (*dev != NULL) 1742 return; 1743 if (dev_stdclone(name, NULL, "bpf", &u) != 1) 1744 return; 1745 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600, 1746 "bpf%d", u); 1747 dev_ref(*dev); 1748 (*dev)->si_flags |= SI_CHEAPCLONE; 1749 return; 1750} 1751 1752static void 1753bpf_drvinit(unused) 1754 void *unused; 1755{ 1756 1757 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 1758 LIST_INIT(&bpf_iflist); 1759 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000); 1760} 1761 1762static void 1763bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 1764{ 1765 1766 bzero(d, sizeof(*d)); 1767 BPFD_LOCK_ASSERT(bd); 1768 d->bd_immediate = bd->bd_immediate; 1769 d->bd_promisc = bd->bd_promisc; 1770 d->bd_hdrcmplt = bd->bd_hdrcmplt; 1771 d->bd_seesent = bd->bd_seesent; 1772 d->bd_async = bd->bd_async; 1773 d->bd_rcount = bd->bd_rcount; 1774 d->bd_dcount = bd->bd_dcount; 1775 d->bd_fcount = bd->bd_fcount; 1776 d->bd_sig = bd->bd_sig; 1777 d->bd_slen = bd->bd_slen; 1778 d->bd_hlen = bd->bd_hlen; 1779 d->bd_bufsize = bd->bd_bufsize; 1780 d->bd_pid = bd->bd_pid; 1781 strlcpy(d->bd_ifname, 1782 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 1783 d->bd_locked = bd->bd_locked; 1784} 1785 1786static int 1787bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 1788{ 1789 struct xbpf_d *xbdbuf, *xbd; 1790 int index, error; 1791 struct bpf_if *bp; 1792 struct bpf_d *bd; 1793 1794 /* 1795 * XXX This is not technically correct. It is possible for non 1796 * privileged users to open bpf devices. It would make sense 1797 * if the users who opened the devices were able to retrieve 1798 * the statistics for them, too. 1799 */ 1800 error = suser(req->td); 1801 if (error) 1802 return (error); 1803 if (req->oldptr == NULL) 1804 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 1805 if (bpf_bpfd_cnt == 0) 1806 return (SYSCTL_OUT(req, 0, 0)); 1807 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 1808 mtx_lock(&bpf_mtx); 1809 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 1810 mtx_unlock(&bpf_mtx); 1811 free(xbdbuf, M_BPF); 1812 return (ENOMEM); 1813 } 1814 index = 0; 1815 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1816 BPFIF_LOCK(bp); 1817 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 1818 xbd = &xbdbuf[index++]; 1819 BPFD_LOCK(bd); 1820 bpfstats_fill_xbpf(xbd, bd); 1821 BPFD_UNLOCK(bd); 1822 } 1823 BPFIF_UNLOCK(bp); 1824 } 1825 mtx_unlock(&bpf_mtx); 1826 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 1827 free(xbdbuf, M_BPF); 1828 return (error); 1829} 1830 1831SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL) 1832 1833#else /* !DEV_BPF && !NETGRAPH_BPF */ 1834/* 1835 * NOP stubs to allow bpf-using drivers to load and function. 1836 * 1837 * A 'better' implementation would allow the core bpf functionality 1838 * to be loaded at runtime. 1839 */ 1840 1841void 1842bpf_tap(bp, pkt, pktlen) 1843 struct bpf_if *bp; 1844 u_char *pkt; 1845 u_int pktlen; 1846{ 1847} 1848 1849void 1850bpf_mtap(bp, m) 1851 struct bpf_if *bp; 1852 struct mbuf *m; 1853{ 1854} 1855 1856void 1857bpf_mtap2(bp, d, l, m) 1858 struct bpf_if *bp; 1859 void *d; 1860 u_int l; 1861 struct mbuf *m; 1862{ 1863} 1864 1865void 1866bpfattach(ifp, dlt, hdrlen) 1867 struct ifnet *ifp; 1868 u_int dlt, hdrlen; 1869{ 1870} 1871 1872void 1873bpfattach2(ifp, dlt, hdrlen, driverp) 1874 struct ifnet *ifp; 1875 u_int dlt, hdrlen; 1876 struct bpf_if **driverp; 1877{ 1878} 1879 1880void 1881bpfdetach(ifp) 1882 struct ifnet *ifp; 1883{ 1884} 1885 1886u_int 1887bpf_filter(pc, p, wirelen, buflen) 1888 const struct bpf_insn *pc; 1889 u_char *p; 1890 u_int wirelen; 1891 u_int buflen; 1892{ 1893 return -1; /* "no filter" behaviour */ 1894} 1895 1896int 1897bpf_validate(f, len) 1898 const struct bpf_insn *f; 1899 int len; 1900{ 1901 return 0; /* false */ 1902} 1903 1904#endif /* !DEV_BPF && !NETGRAPH_BPF */ 1905