bpf.c revision 161124
1/*- 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 35 * 36 * $FreeBSD: head/sys/net/bpf.c 161124 2006-08-09 16:30:26Z rwatson $ 37 */ 38 39#include "opt_bpf.h" 40#include "opt_mac.h" 41#include "opt_netgraph.h" 42 43#include <sys/types.h> 44#include <sys/param.h> 45#include <sys/systm.h> 46#include <sys/conf.h> 47#include <sys/fcntl.h> 48#include <sys/mac.h> 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51#include <sys/time.h> 52#include <sys/proc.h> 53#include <sys/signalvar.h> 54#include <sys/filio.h> 55#include <sys/sockio.h> 56#include <sys/ttycom.h> 57#include <sys/uio.h> 58 59#include <sys/event.h> 60#include <sys/file.h> 61#include <sys/poll.h> 62#include <sys/proc.h> 63 64#include <sys/socket.h> 65 66#include <net/if.h> 67#include <net/bpf.h> 68#ifdef BPF_JITTER 69#include <net/bpf_jitter.h> 70#endif 71#include <net/bpfdesc.h> 72 73#include <netinet/in.h> 74#include <netinet/if_ether.h> 75#include <sys/kernel.h> 76#include <sys/sysctl.h> 77 78#include <net80211/ieee80211_freebsd.h> 79 80static MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 81 82#if defined(DEV_BPF) || defined(NETGRAPH_BPF) 83 84#define PRINET 26 /* interruptible */ 85 86/* 87 * bpf_iflist is a list of BPF interface structures, each corresponding to a 88 * specific DLT. The same network interface might have several BPF interface 89 * structures registered by different layers in the stack (i.e., 802.11 90 * frames, ethernet frames, etc). 91 */ 92static LIST_HEAD(, bpf_if) bpf_iflist; 93static struct mtx bpf_mtx; /* bpf global lock */ 94static int bpf_bpfd_cnt; 95 96static void bpf_allocbufs(struct bpf_d *); 97static void bpf_attachd(struct bpf_d *, struct bpf_if *); 98static void bpf_detachd(struct bpf_d *); 99static void bpf_freed(struct bpf_d *); 100static void bpf_mcopy(const void *, void *, size_t); 101static int bpf_movein(struct uio *, int, int, 102 struct mbuf **, struct sockaddr *, struct bpf_insn *); 103static int bpf_setif(struct bpf_d *, struct ifreq *); 104static void bpf_timed_out(void *); 105static __inline void 106 bpf_wakeup(struct bpf_d *); 107static void catchpacket(struct bpf_d *, u_char *, u_int, 108 u_int, void (*)(const void *, void *, size_t), 109 struct timeval *); 110static void reset_d(struct bpf_d *); 111static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 112static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 113static int bpf_setdlt(struct bpf_d *, u_int); 114static void filt_bpfdetach(struct knote *); 115static int filt_bpfread(struct knote *, long); 116static void bpf_drvinit(void *); 117static void bpf_clone(void *, struct ucred *, char *, int, struct cdev **); 118static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 119 120/* 121 * The default read buffer size is patchable. 122 */ 123SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); 124static int bpf_bufsize = 4096; 125SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW, 126 &bpf_bufsize, 0, ""); 127static int bpf_maxbufsize = BPF_MAXBUFSIZE; 128SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW, 129 &bpf_maxbufsize, 0, ""); 130static int bpf_maxinsns = BPF_MAXINSNS; 131SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 132 &bpf_maxinsns, 0, "Maximum bpf program instructions"); 133SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW, 134 bpf_stats_sysctl, "bpf statistics portal"); 135 136static d_open_t bpfopen; 137static d_close_t bpfclose; 138static d_read_t bpfread; 139static d_write_t bpfwrite; 140static d_ioctl_t bpfioctl; 141static d_poll_t bpfpoll; 142static d_kqfilter_t bpfkqfilter; 143 144static struct cdevsw bpf_cdevsw = { 145 .d_version = D_VERSION, 146 .d_flags = D_NEEDGIANT, 147 .d_open = bpfopen, 148 .d_close = bpfclose, 149 .d_read = bpfread, 150 .d_write = bpfwrite, 151 .d_ioctl = bpfioctl, 152 .d_poll = bpfpoll, 153 .d_name = "bpf", 154 .d_kqfilter = bpfkqfilter, 155}; 156 157static struct filterops bpfread_filtops = 158 { 1, NULL, filt_bpfdetach, filt_bpfread }; 159 160static int 161bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 162 struct sockaddr *sockp, struct bpf_insn *wfilter) 163{ 164 const struct ieee80211_bpf_params *p; 165 struct mbuf *m; 166 int error; 167 int len; 168 int hlen; 169 int slen; 170 171 /* 172 * Build a sockaddr based on the data link layer type. 173 * We do this at this level because the ethernet header 174 * is copied directly into the data field of the sockaddr. 175 * In the case of SLIP, there is no header and the packet 176 * is forwarded as is. 177 * Also, we are careful to leave room at the front of the mbuf 178 * for the link level header. 179 */ 180 switch (linktype) { 181 182 case DLT_SLIP: 183 sockp->sa_family = AF_INET; 184 hlen = 0; 185 break; 186 187 case DLT_EN10MB: 188 sockp->sa_family = AF_UNSPEC; 189 /* XXX Would MAXLINKHDR be better? */ 190 hlen = ETHER_HDR_LEN; 191 break; 192 193 case DLT_FDDI: 194 sockp->sa_family = AF_IMPLINK; 195 hlen = 0; 196 break; 197 198 case DLT_RAW: 199 sockp->sa_family = AF_UNSPEC; 200 hlen = 0; 201 break; 202 203 case DLT_NULL: 204 /* 205 * null interface types require a 4 byte pseudo header which 206 * corresponds to the address family of the packet. 207 */ 208 sockp->sa_family = AF_UNSPEC; 209 hlen = 4; 210 break; 211 212 case DLT_ATM_RFC1483: 213 /* 214 * en atm driver requires 4-byte atm pseudo header. 215 * though it isn't standard, vpi:vci needs to be 216 * specified anyway. 217 */ 218 sockp->sa_family = AF_UNSPEC; 219 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 220 break; 221 222 case DLT_PPP: 223 sockp->sa_family = AF_UNSPEC; 224 hlen = 4; /* This should match PPP_HDRLEN */ 225 break; 226 227 case DLT_IEEE802_11: /* IEEE 802.11 wireless */ 228 sockp->sa_family = AF_IEEE80211; 229 hlen = 0; 230 break; 231 232 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */ 233 sockp->sa_family = AF_IEEE80211; 234 sockp->sa_len = 12; /* XXX != 0 */ 235 hlen = sizeof(struct ieee80211_bpf_params); 236 break; 237 238 default: 239 return (EIO); 240 } 241 242 len = uio->uio_resid; 243 244 if (len - hlen > mtu) 245 return (EMSGSIZE); 246 247 if ((unsigned)len > MCLBYTES) 248 return (EIO); 249 250 if (len > MHLEN) { 251 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR); 252 } else { 253 MGETHDR(m, M_TRYWAIT, MT_DATA); 254 } 255 if (m == NULL) 256 return (ENOBUFS); 257 m->m_pkthdr.len = m->m_len = len; 258 m->m_pkthdr.rcvif = NULL; 259 *mp = m; 260 261 if (m->m_len < hlen) { 262 error = EPERM; 263 goto bad; 264 } 265 266 error = uiomove(mtod(m, u_char *), len, uio); 267 if (error) 268 goto bad; 269 270 slen = bpf_filter(wfilter, mtod(m, u_char *), len, len); 271 if (slen == 0) { 272 error = EPERM; 273 goto bad; 274 } 275 276 /* 277 * Make room for link header, and copy it to sockaddr 278 */ 279 if (hlen != 0) { 280 if (sockp->sa_family == AF_IEEE80211) { 281 /* 282 * Collect true length from the parameter header 283 * NB: sockp is known to be zero'd so if we do a 284 * short copy unspecified parameters will be 285 * zero. 286 * NB: packet may not be aligned after stripping 287 * bpf params 288 * XXX check ibp_vers 289 */ 290 p = mtod(m, const struct ieee80211_bpf_params *); 291 hlen = p->ibp_len; 292 if (hlen > sizeof(sockp->sa_data)) { 293 error = EINVAL; 294 goto bad; 295 } 296 } 297 bcopy(m->m_data, sockp->sa_data, hlen); 298 m->m_pkthdr.len -= hlen; 299 m->m_len -= hlen; 300#if BSD >= 199103 301 m->m_data += hlen; /* XXX */ 302#else 303 m->m_off += hlen; 304#endif 305 } 306 307 return (0); 308bad: 309 m_freem(m); 310 return (error); 311} 312 313/* 314 * Attach file to the bpf interface, i.e. make d listen on bp. 315 */ 316static void 317bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 318{ 319 /* 320 * Point d at bp, and add d to the interface's list of listeners. 321 * Finally, point the driver's bpf cookie at the interface so 322 * it will divert packets to bpf. 323 */ 324 BPFIF_LOCK(bp); 325 d->bd_bif = bp; 326 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 327 328 bpf_bpfd_cnt++; 329 BPFIF_UNLOCK(bp); 330} 331 332/* 333 * Detach a file from its interface. 334 */ 335static void 336bpf_detachd(struct bpf_d *d) 337{ 338 int error; 339 struct bpf_if *bp; 340 struct ifnet *ifp; 341 342 bp = d->bd_bif; 343 BPFIF_LOCK(bp); 344 BPFD_LOCK(d); 345 ifp = d->bd_bif->bif_ifp; 346 347 /* 348 * Remove d from the interface's descriptor list. 349 */ 350 LIST_REMOVE(d, bd_next); 351 352 bpf_bpfd_cnt--; 353 d->bd_bif = NULL; 354 BPFD_UNLOCK(d); 355 BPFIF_UNLOCK(bp); 356 357 /* 358 * Check if this descriptor had requested promiscuous mode. 359 * If so, turn it off. 360 */ 361 if (d->bd_promisc) { 362 d->bd_promisc = 0; 363 error = ifpromisc(ifp, 0); 364 if (error != 0 && error != ENXIO) { 365 /* 366 * ENXIO can happen if a pccard is unplugged 367 * Something is really wrong if we were able to put 368 * the driver into promiscuous mode, but can't 369 * take it out. 370 */ 371 if_printf(bp->bif_ifp, 372 "bpf_detach: ifpromisc failed (%d)\n", error); 373 } 374 } 375} 376 377/* 378 * Open ethernet device. Returns ENXIO for illegal minor device number, 379 * EBUSY if file is open by another process. 380 */ 381/* ARGSUSED */ 382static int 383bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td) 384{ 385 struct bpf_d *d; 386 387 mtx_lock(&bpf_mtx); 388 d = dev->si_drv1; 389 /* 390 * Each minor can be opened by only one process. If the requested 391 * minor is in use, return EBUSY. 392 */ 393 if (d != NULL) { 394 mtx_unlock(&bpf_mtx); 395 return (EBUSY); 396 } 397 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */ 398 mtx_unlock(&bpf_mtx); 399 400 if ((dev->si_flags & SI_NAMED) == 0) 401 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 402 "bpf%d", dev2unit(dev)); 403 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 404 dev->si_drv1 = d; 405 d->bd_bufsize = bpf_bufsize; 406 d->bd_sig = SIGIO; 407 d->bd_seesent = 1; 408 d->bd_pid = td->td_proc->p_pid; 409#ifdef MAC 410 mac_init_bpfdesc(d); 411 mac_create_bpfdesc(td->td_ucred, d); 412#endif 413 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 414 callout_init(&d->bd_callout, NET_CALLOUT_MPSAFE); 415 knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL); 416 417 return (0); 418} 419 420/* 421 * Close the descriptor by detaching it from its interface, 422 * deallocating its buffers, and marking it free. 423 */ 424/* ARGSUSED */ 425static int 426bpfclose(struct cdev *dev, int flags, int fmt, struct thread *td) 427{ 428 struct bpf_d *d = dev->si_drv1; 429 430 BPFD_LOCK(d); 431 if (d->bd_state == BPF_WAITING) 432 callout_stop(&d->bd_callout); 433 d->bd_state = BPF_IDLE; 434 BPFD_UNLOCK(d); 435 funsetown(&d->bd_sigio); 436 mtx_lock(&bpf_mtx); 437 if (d->bd_bif) 438 bpf_detachd(d); 439 mtx_unlock(&bpf_mtx); 440 selwakeuppri(&d->bd_sel, PRINET); 441#ifdef MAC 442 mac_destroy_bpfdesc(d); 443#endif /* MAC */ 444 knlist_destroy(&d->bd_sel.si_note); 445 bpf_freed(d); 446 dev->si_drv1 = NULL; 447 free(d, M_BPF); 448 449 return (0); 450} 451 452 453/* 454 * Rotate the packet buffers in descriptor d. Move the store buffer 455 * into the hold slot, and the free buffer into the store slot. 456 * Zero the length of the new store buffer. 457 */ 458#define ROTATE_BUFFERS(d) \ 459 (d)->bd_hbuf = (d)->bd_sbuf; \ 460 (d)->bd_hlen = (d)->bd_slen; \ 461 (d)->bd_sbuf = (d)->bd_fbuf; \ 462 (d)->bd_slen = 0; \ 463 (d)->bd_fbuf = NULL; 464/* 465 * bpfread - read next chunk of packets from buffers 466 */ 467static int 468bpfread(struct cdev *dev, struct uio *uio, int ioflag) 469{ 470 struct bpf_d *d = dev->si_drv1; 471 int timed_out; 472 int error; 473 474 /* 475 * Restrict application to use a buffer the same size as 476 * as kernel buffers. 477 */ 478 if (uio->uio_resid != d->bd_bufsize) 479 return (EINVAL); 480 481 BPFD_LOCK(d); 482 if (d->bd_state == BPF_WAITING) 483 callout_stop(&d->bd_callout); 484 timed_out = (d->bd_state == BPF_TIMED_OUT); 485 d->bd_state = BPF_IDLE; 486 /* 487 * If the hold buffer is empty, then do a timed sleep, which 488 * ends when the timeout expires or when enough packets 489 * have arrived to fill the store buffer. 490 */ 491 while (d->bd_hbuf == NULL) { 492 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 493 /* 494 * A packet(s) either arrived since the previous 495 * read or arrived while we were asleep. 496 * Rotate the buffers and return what's here. 497 */ 498 ROTATE_BUFFERS(d); 499 break; 500 } 501 502 /* 503 * No data is available, check to see if the bpf device 504 * is still pointed at a real interface. If not, return 505 * ENXIO so that the userland process knows to rebind 506 * it before using it again. 507 */ 508 if (d->bd_bif == NULL) { 509 BPFD_UNLOCK(d); 510 return (ENXIO); 511 } 512 513 if (ioflag & O_NONBLOCK) { 514 BPFD_UNLOCK(d); 515 return (EWOULDBLOCK); 516 } 517 error = msleep(d, &d->bd_mtx, PRINET|PCATCH, 518 "bpf", d->bd_rtout); 519 if (error == EINTR || error == ERESTART) { 520 BPFD_UNLOCK(d); 521 return (error); 522 } 523 if (error == EWOULDBLOCK) { 524 /* 525 * On a timeout, return what's in the buffer, 526 * which may be nothing. If there is something 527 * in the store buffer, we can rotate the buffers. 528 */ 529 if (d->bd_hbuf) 530 /* 531 * We filled up the buffer in between 532 * getting the timeout and arriving 533 * here, so we don't need to rotate. 534 */ 535 break; 536 537 if (d->bd_slen == 0) { 538 BPFD_UNLOCK(d); 539 return (0); 540 } 541 ROTATE_BUFFERS(d); 542 break; 543 } 544 } 545 /* 546 * At this point, we know we have something in the hold slot. 547 */ 548 BPFD_UNLOCK(d); 549 550 /* 551 * Move data from hold buffer into user space. 552 * We know the entire buffer is transferred since 553 * we checked above that the read buffer is bpf_bufsize bytes. 554 */ 555 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 556 557 BPFD_LOCK(d); 558 d->bd_fbuf = d->bd_hbuf; 559 d->bd_hbuf = NULL; 560 d->bd_hlen = 0; 561 BPFD_UNLOCK(d); 562 563 return (error); 564} 565 566 567/* 568 * If there are processes sleeping on this descriptor, wake them up. 569 */ 570static __inline void 571bpf_wakeup(struct bpf_d *d) 572{ 573 574 BPFD_LOCK_ASSERT(d); 575 if (d->bd_state == BPF_WAITING) { 576 callout_stop(&d->bd_callout); 577 d->bd_state = BPF_IDLE; 578 } 579 wakeup(d); 580 if (d->bd_async && d->bd_sig && d->bd_sigio) 581 pgsigio(&d->bd_sigio, d->bd_sig, 0); 582 583 selwakeuppri(&d->bd_sel, PRINET); 584 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 585} 586 587static void 588bpf_timed_out(void *arg) 589{ 590 struct bpf_d *d = (struct bpf_d *)arg; 591 592 BPFD_LOCK(d); 593 if (d->bd_state == BPF_WAITING) { 594 d->bd_state = BPF_TIMED_OUT; 595 if (d->bd_slen != 0) 596 bpf_wakeup(d); 597 } 598 BPFD_UNLOCK(d); 599} 600 601static int 602bpfwrite(struct cdev *dev, struct uio *uio, int ioflag) 603{ 604 struct bpf_d *d = dev->si_drv1; 605 struct ifnet *ifp; 606 struct mbuf *m; 607 int error; 608 struct sockaddr dst; 609 610 if (d->bd_bif == NULL) 611 return (ENXIO); 612 613 ifp = d->bd_bif->bif_ifp; 614 615 if ((ifp->if_flags & IFF_UP) == 0) 616 return (ENETDOWN); 617 618 if (uio->uio_resid == 0) 619 return (0); 620 621 bzero(&dst, sizeof(dst)); 622 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, 623 &m, &dst, d->bd_wfilter); 624 if (error) 625 return (error); 626 627 if (d->bd_hdrcmplt) 628 dst.sa_family = pseudo_AF_HDRCMPLT; 629 630#ifdef MAC 631 BPFD_LOCK(d); 632 mac_create_mbuf_from_bpfdesc(d, m); 633 BPFD_UNLOCK(d); 634#endif 635 NET_LOCK_GIANT(); 636 error = (*ifp->if_output)(ifp, m, &dst, NULL); 637 NET_UNLOCK_GIANT(); 638 /* 639 * The driver frees the mbuf. 640 */ 641 return (error); 642} 643 644/* 645 * Reset a descriptor by flushing its packet buffer and clearing the 646 * receive and drop counts. 647 */ 648static void 649reset_d(struct bpf_d *d) 650{ 651 652 mtx_assert(&d->bd_mtx, MA_OWNED); 653 if (d->bd_hbuf) { 654 /* Free the hold buffer. */ 655 d->bd_fbuf = d->bd_hbuf; 656 d->bd_hbuf = NULL; 657 } 658 d->bd_slen = 0; 659 d->bd_hlen = 0; 660 d->bd_rcount = 0; 661 d->bd_dcount = 0; 662 d->bd_fcount = 0; 663} 664 665/* 666 * FIONREAD Check for read packet available. 667 * SIOCGIFADDR Get interface address - convenient hook to driver. 668 * BIOCGBLEN Get buffer len [for read()]. 669 * BIOCSETF Set ethernet read filter. 670 * BIOCSETWF Set ethernet write filter. 671 * BIOCFLUSH Flush read packet buffer. 672 * BIOCPROMISC Put interface into promiscuous mode. 673 * BIOCGDLT Get link layer type. 674 * BIOCGETIF Get interface name. 675 * BIOCSETIF Set interface. 676 * BIOCSRTIMEOUT Set read timeout. 677 * BIOCGRTIMEOUT Get read timeout. 678 * BIOCGSTATS Get packet stats. 679 * BIOCIMMEDIATE Set immediate mode. 680 * BIOCVERSION Get filter language version. 681 * BIOCGHDRCMPLT Get "header already complete" flag 682 * BIOCSHDRCMPLT Set "header already complete" flag 683 * BIOCGSEESENT Get "see packets sent" flag 684 * BIOCSSEESENT Set "see packets sent" flag 685 * BIOCLOCK Set "locked" flag 686 */ 687/* ARGSUSED */ 688static int 689bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, 690 struct thread *td) 691{ 692 struct bpf_d *d = dev->si_drv1; 693 int error = 0; 694 695 /* 696 * Refresh PID associated with this descriptor. 697 */ 698 BPFD_LOCK(d); 699 d->bd_pid = td->td_proc->p_pid; 700 if (d->bd_state == BPF_WAITING) 701 callout_stop(&d->bd_callout); 702 d->bd_state = BPF_IDLE; 703 BPFD_UNLOCK(d); 704 705 if (d->bd_locked == 1) { 706 switch (cmd) { 707 case BIOCGBLEN: 708 case BIOCFLUSH: 709 case BIOCGDLT: 710 case BIOCGDLTLIST: 711 case BIOCGETIF: 712 case BIOCGRTIMEOUT: 713 case BIOCGSTATS: 714 case BIOCVERSION: 715 case BIOCGRSIG: 716 case BIOCGHDRCMPLT: 717 case FIONREAD: 718 case BIOCLOCK: 719 case BIOCSRTIMEOUT: 720 case BIOCIMMEDIATE: 721 case TIOCGPGRP: 722 break; 723 default: 724 return (EPERM); 725 } 726 } 727 switch (cmd) { 728 729 default: 730 error = EINVAL; 731 break; 732 733 /* 734 * Check for read packet available. 735 */ 736 case FIONREAD: 737 { 738 int n; 739 740 BPFD_LOCK(d); 741 n = d->bd_slen; 742 if (d->bd_hbuf) 743 n += d->bd_hlen; 744 BPFD_UNLOCK(d); 745 746 *(int *)addr = n; 747 break; 748 } 749 750 case SIOCGIFADDR: 751 { 752 struct ifnet *ifp; 753 754 if (d->bd_bif == NULL) 755 error = EINVAL; 756 else { 757 ifp = d->bd_bif->bif_ifp; 758 error = (*ifp->if_ioctl)(ifp, cmd, addr); 759 } 760 break; 761 } 762 763 /* 764 * Get buffer len [for read()]. 765 */ 766 case BIOCGBLEN: 767 *(u_int *)addr = d->bd_bufsize; 768 break; 769 770 /* 771 * Set buffer length. 772 */ 773 case BIOCSBLEN: 774 if (d->bd_bif != NULL) 775 error = EINVAL; 776 else { 777 u_int size = *(u_int *)addr; 778 779 if (size > bpf_maxbufsize) 780 *(u_int *)addr = size = bpf_maxbufsize; 781 else if (size < BPF_MINBUFSIZE) 782 *(u_int *)addr = size = BPF_MINBUFSIZE; 783 d->bd_bufsize = size; 784 } 785 break; 786 787 /* 788 * Set link layer read filter. 789 */ 790 case BIOCSETF: 791 case BIOCSETWF: 792 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 793 break; 794 795 /* 796 * Flush read packet buffer. 797 */ 798 case BIOCFLUSH: 799 BPFD_LOCK(d); 800 reset_d(d); 801 BPFD_UNLOCK(d); 802 break; 803 804 /* 805 * Put interface into promiscuous mode. 806 */ 807 case BIOCPROMISC: 808 if (d->bd_bif == NULL) { 809 /* 810 * No interface attached yet. 811 */ 812 error = EINVAL; 813 break; 814 } 815 if (d->bd_promisc == 0) { 816 mtx_lock(&Giant); 817 error = ifpromisc(d->bd_bif->bif_ifp, 1); 818 mtx_unlock(&Giant); 819 if (error == 0) 820 d->bd_promisc = 1; 821 } 822 break; 823 824 /* 825 * Get current data link type. 826 */ 827 case BIOCGDLT: 828 if (d->bd_bif == NULL) 829 error = EINVAL; 830 else 831 *(u_int *)addr = d->bd_bif->bif_dlt; 832 break; 833 834 /* 835 * Get a list of supported data link types. 836 */ 837 case BIOCGDLTLIST: 838 if (d->bd_bif == NULL) 839 error = EINVAL; 840 else 841 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 842 break; 843 844 /* 845 * Set data link type. 846 */ 847 case BIOCSDLT: 848 if (d->bd_bif == NULL) 849 error = EINVAL; 850 else 851 error = bpf_setdlt(d, *(u_int *)addr); 852 break; 853 854 /* 855 * Get interface name. 856 */ 857 case BIOCGETIF: 858 if (d->bd_bif == NULL) 859 error = EINVAL; 860 else { 861 struct ifnet *const ifp = d->bd_bif->bif_ifp; 862 struct ifreq *const ifr = (struct ifreq *)addr; 863 864 strlcpy(ifr->ifr_name, ifp->if_xname, 865 sizeof(ifr->ifr_name)); 866 } 867 break; 868 869 /* 870 * Set interface. 871 */ 872 case BIOCSETIF: 873 error = bpf_setif(d, (struct ifreq *)addr); 874 break; 875 876 /* 877 * Set read timeout. 878 */ 879 case BIOCSRTIMEOUT: 880 { 881 struct timeval *tv = (struct timeval *)addr; 882 883 /* 884 * Subtract 1 tick from tvtohz() since this isn't 885 * a one-shot timer. 886 */ 887 if ((error = itimerfix(tv)) == 0) 888 d->bd_rtout = tvtohz(tv) - 1; 889 break; 890 } 891 892 /* 893 * Get read timeout. 894 */ 895 case BIOCGRTIMEOUT: 896 { 897 struct timeval *tv = (struct timeval *)addr; 898 899 tv->tv_sec = d->bd_rtout / hz; 900 tv->tv_usec = (d->bd_rtout % hz) * tick; 901 break; 902 } 903 904 /* 905 * Get packet stats. 906 */ 907 case BIOCGSTATS: 908 { 909 struct bpf_stat *bs = (struct bpf_stat *)addr; 910 911 bs->bs_recv = d->bd_rcount; 912 bs->bs_drop = d->bd_dcount; 913 break; 914 } 915 916 /* 917 * Set immediate mode. 918 */ 919 case BIOCIMMEDIATE: 920 d->bd_immediate = *(u_int *)addr; 921 break; 922 923 case BIOCVERSION: 924 { 925 struct bpf_version *bv = (struct bpf_version *)addr; 926 927 bv->bv_major = BPF_MAJOR_VERSION; 928 bv->bv_minor = BPF_MINOR_VERSION; 929 break; 930 } 931 932 /* 933 * Get "header already complete" flag 934 */ 935 case BIOCGHDRCMPLT: 936 *(u_int *)addr = d->bd_hdrcmplt; 937 break; 938 939 case BIOCLOCK: 940 d->bd_locked = 1; 941 break; 942 /* 943 * Set "header already complete" flag 944 */ 945 case BIOCSHDRCMPLT: 946 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 947 break; 948 949 /* 950 * Get "see sent packets" flag 951 */ 952 case BIOCGSEESENT: 953 *(u_int *)addr = d->bd_seesent; 954 break; 955 956 /* 957 * Set "see sent packets" flag 958 */ 959 case BIOCSSEESENT: 960 d->bd_seesent = *(u_int *)addr; 961 break; 962 963 case FIONBIO: /* Non-blocking I/O */ 964 break; 965 966 case FIOASYNC: /* Send signal on receive packets */ 967 d->bd_async = *(int *)addr; 968 break; 969 970 case FIOSETOWN: 971 error = fsetown(*(int *)addr, &d->bd_sigio); 972 break; 973 974 case FIOGETOWN: 975 *(int *)addr = fgetown(&d->bd_sigio); 976 break; 977 978 /* This is deprecated, FIOSETOWN should be used instead. */ 979 case TIOCSPGRP: 980 error = fsetown(-(*(int *)addr), &d->bd_sigio); 981 break; 982 983 /* This is deprecated, FIOGETOWN should be used instead. */ 984 case TIOCGPGRP: 985 *(int *)addr = -fgetown(&d->bd_sigio); 986 break; 987 988 case BIOCSRSIG: /* Set receive signal */ 989 { 990 u_int sig; 991 992 sig = *(u_int *)addr; 993 994 if (sig >= NSIG) 995 error = EINVAL; 996 else 997 d->bd_sig = sig; 998 break; 999 } 1000 case BIOCGRSIG: 1001 *(u_int *)addr = d->bd_sig; 1002 break; 1003 } 1004 return (error); 1005} 1006 1007/* 1008 * Set d's packet filter program to fp. If this file already has a filter, 1009 * free it and replace it. Returns EINVAL for bogus requests. 1010 */ 1011static int 1012bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd) 1013{ 1014 struct bpf_insn *fcode, *old; 1015 u_int wfilter, flen, size; 1016#ifdef BPF_JITTER 1017 bpf_jit_filter *ofunc; 1018#endif 1019 1020 if (cmd == BIOCSETWF) { 1021 old = d->bd_wfilter; 1022 wfilter = 1; 1023#ifdef BPF_JITTER 1024 ofunc = NULL; 1025#endif 1026 } else { 1027 wfilter = 0; 1028 old = d->bd_rfilter; 1029#ifdef BPF_JITTER 1030 ofunc = d->bd_bfilter; 1031#endif 1032 } 1033 if (fp->bf_insns == NULL) { 1034 if (fp->bf_len != 0) 1035 return (EINVAL); 1036 BPFD_LOCK(d); 1037 if (wfilter) 1038 d->bd_wfilter = NULL; 1039 else { 1040 d->bd_rfilter = NULL; 1041#ifdef BPF_JITTER 1042 d->bd_bfilter = NULL; 1043#endif 1044 } 1045 reset_d(d); 1046 BPFD_UNLOCK(d); 1047 if (old != NULL) 1048 free((caddr_t)old, M_BPF); 1049#ifdef BPF_JITTER 1050 if (ofunc != NULL) 1051 bpf_destroy_jit_filter(ofunc); 1052#endif 1053 return (0); 1054 } 1055 flen = fp->bf_len; 1056 if (flen > bpf_maxinsns) 1057 return (EINVAL); 1058 1059 size = flen * sizeof(*fp->bf_insns); 1060 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 1061 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 1062 bpf_validate(fcode, (int)flen)) { 1063 BPFD_LOCK(d); 1064 if (wfilter) 1065 d->bd_wfilter = fcode; 1066 else { 1067 d->bd_rfilter = fcode; 1068#ifdef BPF_JITTER 1069 d->bd_bfilter = bpf_jitter(fcode, flen); 1070#endif 1071 } 1072 reset_d(d); 1073 BPFD_UNLOCK(d); 1074 if (old != NULL) 1075 free((caddr_t)old, M_BPF); 1076#ifdef BPF_JITTER 1077 if (ofunc != NULL) 1078 bpf_destroy_jit_filter(ofunc); 1079#endif 1080 1081 return (0); 1082 } 1083 free((caddr_t)fcode, M_BPF); 1084 return (EINVAL); 1085} 1086 1087/* 1088 * Detach a file from its current interface (if attached at all) and attach 1089 * to the interface indicated by the name stored in ifr. 1090 * Return an errno or 0. 1091 */ 1092static int 1093bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1094{ 1095 struct bpf_if *bp; 1096 struct ifnet *theywant; 1097 1098 theywant = ifunit(ifr->ifr_name); 1099 if (theywant == NULL || theywant->if_bpf == NULL) 1100 return (ENXIO); 1101 1102 bp = theywant->if_bpf; 1103 /* 1104 * Allocate the packet buffers if we need to. 1105 * If we're already attached to requested interface, 1106 * just flush the buffer. 1107 */ 1108 if (d->bd_sbuf == NULL) 1109 bpf_allocbufs(d); 1110 if (bp != d->bd_bif) { 1111 if (d->bd_bif) 1112 /* 1113 * Detach if attached to something else. 1114 */ 1115 bpf_detachd(d); 1116 1117 bpf_attachd(d, bp); 1118 } 1119 BPFD_LOCK(d); 1120 reset_d(d); 1121 BPFD_UNLOCK(d); 1122 return (0); 1123} 1124 1125/* 1126 * Support for select() and poll() system calls 1127 * 1128 * Return true iff the specific operation will not block indefinitely. 1129 * Otherwise, return false but make a note that a selwakeup() must be done. 1130 */ 1131static int 1132bpfpoll(struct cdev *dev, int events, struct thread *td) 1133{ 1134 struct bpf_d *d; 1135 int revents; 1136 1137 d = dev->si_drv1; 1138 if (d->bd_bif == NULL) 1139 return (ENXIO); 1140 1141 /* 1142 * Refresh PID associated with this descriptor. 1143 */ 1144 revents = events & (POLLOUT | POLLWRNORM); 1145 BPFD_LOCK(d); 1146 d->bd_pid = td->td_proc->p_pid; 1147 if (events & (POLLIN | POLLRDNORM)) { 1148 if (bpf_ready(d)) 1149 revents |= events & (POLLIN | POLLRDNORM); 1150 else { 1151 selrecord(td, &d->bd_sel); 1152 /* Start the read timeout if necessary. */ 1153 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1154 callout_reset(&d->bd_callout, d->bd_rtout, 1155 bpf_timed_out, d); 1156 d->bd_state = BPF_WAITING; 1157 } 1158 } 1159 } 1160 BPFD_UNLOCK(d); 1161 return (revents); 1162} 1163 1164/* 1165 * Support for kevent() system call. Register EVFILT_READ filters and 1166 * reject all others. 1167 */ 1168int 1169bpfkqfilter(struct cdev *dev, struct knote *kn) 1170{ 1171 struct bpf_d *d = (struct bpf_d *)dev->si_drv1; 1172 1173 if (kn->kn_filter != EVFILT_READ) 1174 return (1); 1175 1176 /* 1177 * Refresh PID associated with this descriptor. 1178 */ 1179 BPFD_LOCK(d); 1180 d->bd_pid = curthread->td_proc->p_pid; 1181 kn->kn_fop = &bpfread_filtops; 1182 kn->kn_hook = d; 1183 knlist_add(&d->bd_sel.si_note, kn, 1); 1184 BPFD_UNLOCK(d); 1185 1186 return (0); 1187} 1188 1189static void 1190filt_bpfdetach(struct knote *kn) 1191{ 1192 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1193 1194 knlist_remove(&d->bd_sel.si_note, kn, 0); 1195} 1196 1197static int 1198filt_bpfread(struct knote *kn, long hint) 1199{ 1200 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1201 int ready; 1202 1203 BPFD_LOCK_ASSERT(d); 1204 ready = bpf_ready(d); 1205 if (ready) { 1206 kn->kn_data = d->bd_slen; 1207 if (d->bd_hbuf) 1208 kn->kn_data += d->bd_hlen; 1209 } 1210 else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1211 callout_reset(&d->bd_callout, d->bd_rtout, 1212 bpf_timed_out, d); 1213 d->bd_state = BPF_WAITING; 1214 } 1215 1216 return (ready); 1217} 1218 1219/* 1220 * Incoming linkage from device drivers. Process the packet pkt, of length 1221 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1222 * by each process' filter, and if accepted, stashed into the corresponding 1223 * buffer. 1224 */ 1225void 1226bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1227{ 1228 struct bpf_d *d; 1229 u_int slen; 1230 int gottime; 1231 struct timeval tv; 1232 1233 gottime = 0; 1234 BPFIF_LOCK(bp); 1235 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1236 BPFD_LOCK(d); 1237 ++d->bd_rcount; 1238#ifdef BPF_JITTER 1239 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL) 1240 slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen); 1241 else 1242#endif 1243 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1244 if (slen != 0) { 1245 d->bd_fcount++; 1246 if (!gottime) { 1247 microtime(&tv); 1248 gottime = 1; 1249 } 1250#ifdef MAC 1251 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1252#endif 1253 catchpacket(d, pkt, pktlen, slen, bcopy, &tv); 1254 } 1255 BPFD_UNLOCK(d); 1256 } 1257 BPFIF_UNLOCK(bp); 1258} 1259 1260/* 1261 * Copy data from an mbuf chain into a buffer. This code is derived 1262 * from m_copydata in sys/uipc_mbuf.c. 1263 */ 1264static void 1265bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1266{ 1267 const struct mbuf *m; 1268 u_int count; 1269 u_char *dst; 1270 1271 m = src_arg; 1272 dst = dst_arg; 1273 while (len > 0) { 1274 if (m == NULL) 1275 panic("bpf_mcopy"); 1276 count = min(m->m_len, len); 1277 bcopy(mtod(m, void *), dst, count); 1278 m = m->m_next; 1279 dst += count; 1280 len -= count; 1281 } 1282} 1283 1284/* 1285 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1286 */ 1287void 1288bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1289{ 1290 struct bpf_d *d; 1291 u_int pktlen, slen; 1292 int gottime; 1293 struct timeval tv; 1294 1295 gottime = 0; 1296 1297 pktlen = m_length(m, NULL); 1298 1299 BPFIF_LOCK(bp); 1300 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1301 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1302 continue; 1303 BPFD_LOCK(d); 1304 ++d->bd_rcount; 1305#ifdef BPF_JITTER 1306 /* XXX We cannot handle multiple mbufs. */ 1307 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL && 1308 m->m_next == NULL) 1309 slen = (*(d->bd_bfilter->func))(mtod(m, u_char *), 1310 pktlen, pktlen); 1311 else 1312#endif 1313 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1314 if (slen != 0) { 1315 d->bd_fcount++; 1316 if (!gottime) { 1317 microtime(&tv); 1318 gottime = 1; 1319 } 1320#ifdef MAC 1321 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1322#endif 1323 catchpacket(d, (u_char *)m, pktlen, slen, 1324 bpf_mcopy, &tv); 1325 } 1326 BPFD_UNLOCK(d); 1327 } 1328 BPFIF_UNLOCK(bp); 1329} 1330 1331/* 1332 * Incoming linkage from device drivers, when packet is in 1333 * an mbuf chain and to be prepended by a contiguous header. 1334 */ 1335void 1336bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 1337{ 1338 struct mbuf mb; 1339 struct bpf_d *d; 1340 u_int pktlen, slen; 1341 int gottime; 1342 struct timeval tv; 1343 1344 gottime = 0; 1345 1346 pktlen = m_length(m, NULL); 1347 /* 1348 * Craft on-stack mbuf suitable for passing to bpf_filter. 1349 * Note that we cut corners here; we only setup what's 1350 * absolutely needed--this mbuf should never go anywhere else. 1351 */ 1352 mb.m_next = m; 1353 mb.m_data = data; 1354 mb.m_len = dlen; 1355 pktlen += dlen; 1356 1357 BPFIF_LOCK(bp); 1358 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1359 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1360 continue; 1361 BPFD_LOCK(d); 1362 ++d->bd_rcount; 1363 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 1364 if (slen != 0) { 1365 d->bd_fcount++; 1366 if (!gottime) { 1367 microtime(&tv); 1368 gottime = 1; 1369 } 1370#ifdef MAC 1371 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1372#endif 1373 catchpacket(d, (u_char *)&mb, pktlen, slen, 1374 bpf_mcopy, &tv); 1375 } 1376 BPFD_UNLOCK(d); 1377 } 1378 BPFIF_UNLOCK(bp); 1379} 1380 1381/* 1382 * Move the packet data from interface memory (pkt) into the 1383 * store buffer. "cpfn" is the routine called to do the actual data 1384 * transfer. bcopy is passed in to copy contiguous chunks, while 1385 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1386 * pkt is really an mbuf. 1387 */ 1388static void 1389catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1390 void (*cpfn)(const void *, void *, size_t), struct timeval *tv) 1391{ 1392 struct bpf_hdr *hp; 1393 int totlen, curlen; 1394 int hdrlen = d->bd_bif->bif_hdrlen; 1395 int do_wakeup = 0; 1396 1397 BPFD_LOCK_ASSERT(d); 1398 /* 1399 * Figure out how many bytes to move. If the packet is 1400 * greater or equal to the snapshot length, transfer that 1401 * much. Otherwise, transfer the whole packet (unless 1402 * we hit the buffer size limit). 1403 */ 1404 totlen = hdrlen + min(snaplen, pktlen); 1405 if (totlen > d->bd_bufsize) 1406 totlen = d->bd_bufsize; 1407 1408 /* 1409 * Round up the end of the previous packet to the next longword. 1410 */ 1411 curlen = BPF_WORDALIGN(d->bd_slen); 1412 if (curlen + totlen > d->bd_bufsize) { 1413 /* 1414 * This packet will overflow the storage buffer. 1415 * Rotate the buffers if we can, then wakeup any 1416 * pending reads. 1417 */ 1418 if (d->bd_fbuf == NULL) { 1419 /* 1420 * We haven't completed the previous read yet, 1421 * so drop the packet. 1422 */ 1423 ++d->bd_dcount; 1424 return; 1425 } 1426 ROTATE_BUFFERS(d); 1427 do_wakeup = 1; 1428 curlen = 0; 1429 } 1430 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1431 /* 1432 * Immediate mode is set, or the read timeout has 1433 * already expired during a select call. A packet 1434 * arrived, so the reader should be woken up. 1435 */ 1436 do_wakeup = 1; 1437 1438 /* 1439 * Append the bpf header. 1440 */ 1441 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1442 hp->bh_tstamp = *tv; 1443 hp->bh_datalen = pktlen; 1444 hp->bh_hdrlen = hdrlen; 1445 /* 1446 * Copy the packet data into the store buffer and update its length. 1447 */ 1448 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1449 d->bd_slen = curlen + totlen; 1450 1451 if (do_wakeup) 1452 bpf_wakeup(d); 1453} 1454 1455/* 1456 * Initialize all nonzero fields of a descriptor. 1457 */ 1458static void 1459bpf_allocbufs(struct bpf_d *d) 1460{ 1461 1462 KASSERT(d->bd_fbuf == NULL, ("bpf_allocbufs: bd_fbuf != NULL")); 1463 KASSERT(d->bd_sbuf == NULL, ("bpf_allocbufs: bd_sbuf != NULL")); 1464 KASSERT(d->bd_hbuf == NULL, ("bpf_allocbufs: bd_hbuf != NULL")); 1465 1466 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1467 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1468 d->bd_slen = 0; 1469 d->bd_hlen = 0; 1470} 1471 1472/* 1473 * Free buffers currently in use by a descriptor. 1474 * Called on close. 1475 */ 1476static void 1477bpf_freed(struct bpf_d *d) 1478{ 1479 /* 1480 * We don't need to lock out interrupts since this descriptor has 1481 * been detached from its interface and it yet hasn't been marked 1482 * free. 1483 */ 1484 if (d->bd_sbuf != NULL) { 1485 free(d->bd_sbuf, M_BPF); 1486 if (d->bd_hbuf != NULL) 1487 free(d->bd_hbuf, M_BPF); 1488 if (d->bd_fbuf != NULL) 1489 free(d->bd_fbuf, M_BPF); 1490 } 1491 if (d->bd_rfilter) { 1492 free((caddr_t)d->bd_rfilter, M_BPF); 1493#ifdef BPF_JITTER 1494 bpf_destroy_jit_filter(d->bd_bfilter); 1495#endif 1496 } 1497 if (d->bd_wfilter) 1498 free((caddr_t)d->bd_wfilter, M_BPF); 1499 mtx_destroy(&d->bd_mtx); 1500} 1501 1502/* 1503 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1504 * fixed size of the link header (variable length headers not yet supported). 1505 */ 1506void 1507bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1508{ 1509 1510 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1511} 1512 1513/* 1514 * Attach an interface to bpf. ifp is a pointer to the structure 1515 * defining the interface to be attached, dlt is the link layer type, 1516 * and hdrlen is the fixed size of the link header (variable length 1517 * headers are not yet supporrted). 1518 */ 1519void 1520bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1521{ 1522 struct bpf_if *bp; 1523 1524 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 1525 if (bp == NULL) 1526 panic("bpfattach"); 1527 1528 LIST_INIT(&bp->bif_dlist); 1529 bp->bif_ifp = ifp; 1530 bp->bif_dlt = dlt; 1531 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 1532 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized")); 1533 *driverp = bp; 1534 1535 mtx_lock(&bpf_mtx); 1536 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 1537 mtx_unlock(&bpf_mtx); 1538 1539 /* 1540 * Compute the length of the bpf header. This is not necessarily 1541 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1542 * that the network layer header begins on a longword boundary (for 1543 * performance reasons and to alleviate alignment restrictions). 1544 */ 1545 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1546 1547 if (bootverbose) 1548 if_printf(ifp, "bpf attached\n"); 1549} 1550 1551/* 1552 * Detach bpf from an interface. This involves detaching each descriptor 1553 * associated with the interface, and leaving bd_bif NULL. Notify each 1554 * descriptor as it's detached so that any sleepers wake up and get 1555 * ENXIO. 1556 */ 1557void 1558bpfdetach(struct ifnet *ifp) 1559{ 1560 struct bpf_if *bp; 1561 struct bpf_d *d; 1562 1563 /* Locate BPF interface information */ 1564 mtx_lock(&bpf_mtx); 1565 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1566 if (ifp == bp->bif_ifp) 1567 break; 1568 } 1569 1570 /* Interface wasn't attached */ 1571 if ((bp == NULL) || (bp->bif_ifp == NULL)) { 1572 mtx_unlock(&bpf_mtx); 1573 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1574 return; 1575 } 1576 1577 LIST_REMOVE(bp, bif_next); 1578 mtx_unlock(&bpf_mtx); 1579 1580 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { 1581 bpf_detachd(d); 1582 BPFD_LOCK(d); 1583 bpf_wakeup(d); 1584 BPFD_UNLOCK(d); 1585 } 1586 1587 mtx_destroy(&bp->bif_mtx); 1588 free(bp, M_BPF); 1589} 1590 1591/* 1592 * Get a list of available data link type of the interface. 1593 */ 1594static int 1595bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1596{ 1597 int n, error; 1598 struct ifnet *ifp; 1599 struct bpf_if *bp; 1600 1601 ifp = d->bd_bif->bif_ifp; 1602 n = 0; 1603 error = 0; 1604 mtx_lock(&bpf_mtx); 1605 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1606 if (bp->bif_ifp != ifp) 1607 continue; 1608 if (bfl->bfl_list != NULL) { 1609 if (n >= bfl->bfl_len) { 1610 mtx_unlock(&bpf_mtx); 1611 return (ENOMEM); 1612 } 1613 error = copyout(&bp->bif_dlt, 1614 bfl->bfl_list + n, sizeof(u_int)); 1615 } 1616 n++; 1617 } 1618 mtx_unlock(&bpf_mtx); 1619 bfl->bfl_len = n; 1620 return (error); 1621} 1622 1623/* 1624 * Set the data link type of a BPF instance. 1625 */ 1626static int 1627bpf_setdlt(struct bpf_d *d, u_int dlt) 1628{ 1629 int error, opromisc; 1630 struct ifnet *ifp; 1631 struct bpf_if *bp; 1632 1633 if (d->bd_bif->bif_dlt == dlt) 1634 return (0); 1635 ifp = d->bd_bif->bif_ifp; 1636 mtx_lock(&bpf_mtx); 1637 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1638 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1639 break; 1640 } 1641 mtx_unlock(&bpf_mtx); 1642 if (bp != NULL) { 1643 opromisc = d->bd_promisc; 1644 bpf_detachd(d); 1645 bpf_attachd(d, bp); 1646 BPFD_LOCK(d); 1647 reset_d(d); 1648 BPFD_UNLOCK(d); 1649 if (opromisc) { 1650 error = ifpromisc(bp->bif_ifp, 1); 1651 if (error) 1652 if_printf(bp->bif_ifp, 1653 "bpf_setdlt: ifpromisc failed (%d)\n", 1654 error); 1655 else 1656 d->bd_promisc = 1; 1657 } 1658 } 1659 return (bp == NULL ? EINVAL : 0); 1660} 1661 1662static void 1663bpf_clone(void *arg, struct ucred *cred, char *name, int namelen, 1664 struct cdev **dev) 1665{ 1666 int u; 1667 1668 if (*dev != NULL) 1669 return; 1670 if (dev_stdclone(name, NULL, "bpf", &u) != 1) 1671 return; 1672 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600, 1673 "bpf%d", u); 1674 dev_ref(*dev); 1675 (*dev)->si_flags |= SI_CHEAPCLONE; 1676 return; 1677} 1678 1679static void 1680bpf_drvinit(void *unused) 1681{ 1682 1683 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 1684 LIST_INIT(&bpf_iflist); 1685 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000); 1686} 1687 1688static void 1689bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 1690{ 1691 1692 bzero(d, sizeof(*d)); 1693 BPFD_LOCK_ASSERT(bd); 1694 d->bd_immediate = bd->bd_immediate; 1695 d->bd_promisc = bd->bd_promisc; 1696 d->bd_hdrcmplt = bd->bd_hdrcmplt; 1697 d->bd_seesent = bd->bd_seesent; 1698 d->bd_async = bd->bd_async; 1699 d->bd_rcount = bd->bd_rcount; 1700 d->bd_dcount = bd->bd_dcount; 1701 d->bd_fcount = bd->bd_fcount; 1702 d->bd_sig = bd->bd_sig; 1703 d->bd_slen = bd->bd_slen; 1704 d->bd_hlen = bd->bd_hlen; 1705 d->bd_bufsize = bd->bd_bufsize; 1706 d->bd_pid = bd->bd_pid; 1707 strlcpy(d->bd_ifname, 1708 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 1709 d->bd_locked = bd->bd_locked; 1710} 1711 1712static int 1713bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 1714{ 1715 struct xbpf_d *xbdbuf, *xbd; 1716 int index, error; 1717 struct bpf_if *bp; 1718 struct bpf_d *bd; 1719 1720 /* 1721 * XXX This is not technically correct. It is possible for non 1722 * privileged users to open bpf devices. It would make sense 1723 * if the users who opened the devices were able to retrieve 1724 * the statistics for them, too. 1725 */ 1726 error = suser(req->td); 1727 if (error) 1728 return (error); 1729 if (req->oldptr == NULL) 1730 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 1731 if (bpf_bpfd_cnt == 0) 1732 return (SYSCTL_OUT(req, 0, 0)); 1733 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 1734 mtx_lock(&bpf_mtx); 1735 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 1736 mtx_unlock(&bpf_mtx); 1737 free(xbdbuf, M_BPF); 1738 return (ENOMEM); 1739 } 1740 index = 0; 1741 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1742 BPFIF_LOCK(bp); 1743 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 1744 xbd = &xbdbuf[index++]; 1745 BPFD_LOCK(bd); 1746 bpfstats_fill_xbpf(xbd, bd); 1747 BPFD_UNLOCK(bd); 1748 } 1749 BPFIF_UNLOCK(bp); 1750 } 1751 mtx_unlock(&bpf_mtx); 1752 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 1753 free(xbdbuf, M_BPF); 1754 return (error); 1755} 1756 1757SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL) 1758 1759#else /* !DEV_BPF && !NETGRAPH_BPF */ 1760/* 1761 * NOP stubs to allow bpf-using drivers to load and function. 1762 * 1763 * A 'better' implementation would allow the core bpf functionality 1764 * to be loaded at runtime. 1765 */ 1766static struct bpf_if bp_null; 1767 1768void 1769bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1770{ 1771} 1772 1773void 1774bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1775{ 1776} 1777 1778void 1779bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m) 1780{ 1781} 1782 1783void 1784bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1785{ 1786 1787 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1788} 1789 1790void 1791bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1792{ 1793 1794 *driverp = &bp_null; 1795} 1796 1797void 1798bpfdetach(struct ifnet *ifp) 1799{ 1800} 1801 1802u_int 1803bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1804{ 1805 return -1; /* "no filter" behaviour */ 1806} 1807 1808int 1809bpf_validate(const struct bpf_insn *f, int len) 1810{ 1811 return 0; /* false */ 1812} 1813 1814#endif /* !DEV_BPF && !NETGRAPH_BPF */ 1815