bpf.c revision 161124
1/*-
2 * Copyright (c) 1990, 1991, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8 * Berkeley Laboratory.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 *      @(#)bpf.c	8.4 (Berkeley) 1/9/95
35 *
36 * $FreeBSD: head/sys/net/bpf.c 161124 2006-08-09 16:30:26Z rwatson $
37 */
38
39#include "opt_bpf.h"
40#include "opt_mac.h"
41#include "opt_netgraph.h"
42
43#include <sys/types.h>
44#include <sys/param.h>
45#include <sys/systm.h>
46#include <sys/conf.h>
47#include <sys/fcntl.h>
48#include <sys/mac.h>
49#include <sys/malloc.h>
50#include <sys/mbuf.h>
51#include <sys/time.h>
52#include <sys/proc.h>
53#include <sys/signalvar.h>
54#include <sys/filio.h>
55#include <sys/sockio.h>
56#include <sys/ttycom.h>
57#include <sys/uio.h>
58
59#include <sys/event.h>
60#include <sys/file.h>
61#include <sys/poll.h>
62#include <sys/proc.h>
63
64#include <sys/socket.h>
65
66#include <net/if.h>
67#include <net/bpf.h>
68#ifdef BPF_JITTER
69#include <net/bpf_jitter.h>
70#endif
71#include <net/bpfdesc.h>
72
73#include <netinet/in.h>
74#include <netinet/if_ether.h>
75#include <sys/kernel.h>
76#include <sys/sysctl.h>
77
78#include <net80211/ieee80211_freebsd.h>
79
80static MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
81
82#if defined(DEV_BPF) || defined(NETGRAPH_BPF)
83
84#define PRINET  26			/* interruptible */
85
86/*
87 * bpf_iflist is a list of BPF interface structures, each corresponding to a
88 * specific DLT.  The same network interface might have several BPF interface
89 * structures registered by different layers in the stack (i.e., 802.11
90 * frames, ethernet frames, etc).
91 */
92static LIST_HEAD(, bpf_if)	bpf_iflist;
93static struct mtx	bpf_mtx;		/* bpf global lock */
94static int		bpf_bpfd_cnt;
95
96static void	bpf_allocbufs(struct bpf_d *);
97static void	bpf_attachd(struct bpf_d *, struct bpf_if *);
98static void	bpf_detachd(struct bpf_d *);
99static void	bpf_freed(struct bpf_d *);
100static void	bpf_mcopy(const void *, void *, size_t);
101static int	bpf_movein(struct uio *, int, int,
102		    struct mbuf **, struct sockaddr *, struct bpf_insn *);
103static int	bpf_setif(struct bpf_d *, struct ifreq *);
104static void	bpf_timed_out(void *);
105static __inline void
106		bpf_wakeup(struct bpf_d *);
107static void	catchpacket(struct bpf_d *, u_char *, u_int,
108		    u_int, void (*)(const void *, void *, size_t),
109		    struct timeval *);
110static void	reset_d(struct bpf_d *);
111static int	 bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
112static int	bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
113static int	bpf_setdlt(struct bpf_d *, u_int);
114static void	filt_bpfdetach(struct knote *);
115static int	filt_bpfread(struct knote *, long);
116static void	bpf_drvinit(void *);
117static void	bpf_clone(void *, struct ucred *, char *, int, struct cdev **);
118static int	bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
119
120/*
121 * The default read buffer size is patchable.
122 */
123SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
124static int bpf_bufsize = 4096;
125SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW,
126    &bpf_bufsize, 0, "");
127static int bpf_maxbufsize = BPF_MAXBUFSIZE;
128SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW,
129    &bpf_maxbufsize, 0, "");
130static int bpf_maxinsns = BPF_MAXINSNS;
131SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
132    &bpf_maxinsns, 0, "Maximum bpf program instructions");
133SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW,
134    bpf_stats_sysctl, "bpf statistics portal");
135
136static	d_open_t	bpfopen;
137static	d_close_t	bpfclose;
138static	d_read_t	bpfread;
139static	d_write_t	bpfwrite;
140static	d_ioctl_t	bpfioctl;
141static	d_poll_t	bpfpoll;
142static	d_kqfilter_t	bpfkqfilter;
143
144static struct cdevsw bpf_cdevsw = {
145	.d_version =	D_VERSION,
146	.d_flags =	D_NEEDGIANT,
147	.d_open =	bpfopen,
148	.d_close =	bpfclose,
149	.d_read =	bpfread,
150	.d_write =	bpfwrite,
151	.d_ioctl =	bpfioctl,
152	.d_poll =	bpfpoll,
153	.d_name =	"bpf",
154	.d_kqfilter =	bpfkqfilter,
155};
156
157static struct filterops bpfread_filtops =
158	{ 1, NULL, filt_bpfdetach, filt_bpfread };
159
160static int
161bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp,
162    struct sockaddr *sockp, struct bpf_insn *wfilter)
163{
164	const struct ieee80211_bpf_params *p;
165	struct mbuf *m;
166	int error;
167	int len;
168	int hlen;
169	int slen;
170
171	/*
172	 * Build a sockaddr based on the data link layer type.
173	 * We do this at this level because the ethernet header
174	 * is copied directly into the data field of the sockaddr.
175	 * In the case of SLIP, there is no header and the packet
176	 * is forwarded as is.
177	 * Also, we are careful to leave room at the front of the mbuf
178	 * for the link level header.
179	 */
180	switch (linktype) {
181
182	case DLT_SLIP:
183		sockp->sa_family = AF_INET;
184		hlen = 0;
185		break;
186
187	case DLT_EN10MB:
188		sockp->sa_family = AF_UNSPEC;
189		/* XXX Would MAXLINKHDR be better? */
190		hlen = ETHER_HDR_LEN;
191		break;
192
193	case DLT_FDDI:
194		sockp->sa_family = AF_IMPLINK;
195		hlen = 0;
196		break;
197
198	case DLT_RAW:
199		sockp->sa_family = AF_UNSPEC;
200		hlen = 0;
201		break;
202
203	case DLT_NULL:
204		/*
205		 * null interface types require a 4 byte pseudo header which
206		 * corresponds to the address family of the packet.
207		 */
208		sockp->sa_family = AF_UNSPEC;
209		hlen = 4;
210		break;
211
212	case DLT_ATM_RFC1483:
213		/*
214		 * en atm driver requires 4-byte atm pseudo header.
215		 * though it isn't standard, vpi:vci needs to be
216		 * specified anyway.
217		 */
218		sockp->sa_family = AF_UNSPEC;
219		hlen = 12;	/* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
220		break;
221
222	case DLT_PPP:
223		sockp->sa_family = AF_UNSPEC;
224		hlen = 4;	/* This should match PPP_HDRLEN */
225		break;
226
227	case DLT_IEEE802_11:		/* IEEE 802.11 wireless */
228		sockp->sa_family = AF_IEEE80211;
229		hlen = 0;
230		break;
231
232	case DLT_IEEE802_11_RADIO:	/* IEEE 802.11 wireless w/ phy params */
233		sockp->sa_family = AF_IEEE80211;
234		sockp->sa_len = 12;	/* XXX != 0 */
235		hlen = sizeof(struct ieee80211_bpf_params);
236		break;
237
238	default:
239		return (EIO);
240	}
241
242	len = uio->uio_resid;
243
244	if (len - hlen > mtu)
245		return (EMSGSIZE);
246
247	if ((unsigned)len > MCLBYTES)
248		return (EIO);
249
250	if (len > MHLEN) {
251		m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
252	} else {
253		MGETHDR(m, M_TRYWAIT, MT_DATA);
254	}
255	if (m == NULL)
256		return (ENOBUFS);
257	m->m_pkthdr.len = m->m_len = len;
258	m->m_pkthdr.rcvif = NULL;
259	*mp = m;
260
261	if (m->m_len < hlen) {
262		error = EPERM;
263		goto bad;
264	}
265
266	error = uiomove(mtod(m, u_char *), len, uio);
267	if (error)
268		goto bad;
269
270	slen = bpf_filter(wfilter, mtod(m, u_char *), len, len);
271	if (slen == 0) {
272		error = EPERM;
273		goto bad;
274	}
275
276	/*
277	 * Make room for link header, and copy it to sockaddr
278	 */
279	if (hlen != 0) {
280		if (sockp->sa_family == AF_IEEE80211) {
281			/*
282			 * Collect true length from the parameter header
283			 * NB: sockp is known to be zero'd so if we do a
284			 *     short copy unspecified parameters will be
285			 *     zero.
286			 * NB: packet may not be aligned after stripping
287			 *     bpf params
288			 * XXX check ibp_vers
289			 */
290			p = mtod(m, const struct ieee80211_bpf_params *);
291			hlen = p->ibp_len;
292			if (hlen > sizeof(sockp->sa_data)) {
293				error = EINVAL;
294				goto bad;
295			}
296		}
297		bcopy(m->m_data, sockp->sa_data, hlen);
298		m->m_pkthdr.len -= hlen;
299		m->m_len -= hlen;
300#if BSD >= 199103
301		m->m_data += hlen; /* XXX */
302#else
303		m->m_off += hlen;
304#endif
305	}
306
307	return (0);
308bad:
309	m_freem(m);
310	return (error);
311}
312
313/*
314 * Attach file to the bpf interface, i.e. make d listen on bp.
315 */
316static void
317bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
318{
319	/*
320	 * Point d at bp, and add d to the interface's list of listeners.
321	 * Finally, point the driver's bpf cookie at the interface so
322	 * it will divert packets to bpf.
323	 */
324	BPFIF_LOCK(bp);
325	d->bd_bif = bp;
326	LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
327
328	bpf_bpfd_cnt++;
329	BPFIF_UNLOCK(bp);
330}
331
332/*
333 * Detach a file from its interface.
334 */
335static void
336bpf_detachd(struct bpf_d *d)
337{
338	int error;
339	struct bpf_if *bp;
340	struct ifnet *ifp;
341
342	bp = d->bd_bif;
343	BPFIF_LOCK(bp);
344	BPFD_LOCK(d);
345	ifp = d->bd_bif->bif_ifp;
346
347	/*
348	 * Remove d from the interface's descriptor list.
349	 */
350	LIST_REMOVE(d, bd_next);
351
352	bpf_bpfd_cnt--;
353	d->bd_bif = NULL;
354	BPFD_UNLOCK(d);
355	BPFIF_UNLOCK(bp);
356
357	/*
358	 * Check if this descriptor had requested promiscuous mode.
359	 * If so, turn it off.
360	 */
361	if (d->bd_promisc) {
362		d->bd_promisc = 0;
363		error = ifpromisc(ifp, 0);
364		if (error != 0 && error != ENXIO) {
365			/*
366			 * ENXIO can happen if a pccard is unplugged
367			 * Something is really wrong if we were able to put
368			 * the driver into promiscuous mode, but can't
369			 * take it out.
370			 */
371			if_printf(bp->bif_ifp,
372				"bpf_detach: ifpromisc failed (%d)\n", error);
373		}
374	}
375}
376
377/*
378 * Open ethernet device.  Returns ENXIO for illegal minor device number,
379 * EBUSY if file is open by another process.
380 */
381/* ARGSUSED */
382static	int
383bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
384{
385	struct bpf_d *d;
386
387	mtx_lock(&bpf_mtx);
388	d = dev->si_drv1;
389	/*
390	 * Each minor can be opened by only one process.  If the requested
391	 * minor is in use, return EBUSY.
392	 */
393	if (d != NULL) {
394		mtx_unlock(&bpf_mtx);
395		return (EBUSY);
396	}
397	dev->si_drv1 = (struct bpf_d *)~0;	/* mark device in use */
398	mtx_unlock(&bpf_mtx);
399
400	if ((dev->si_flags & SI_NAMED) == 0)
401		make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600,
402		    "bpf%d", dev2unit(dev));
403	MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
404	dev->si_drv1 = d;
405	d->bd_bufsize = bpf_bufsize;
406	d->bd_sig = SIGIO;
407	d->bd_seesent = 1;
408	d->bd_pid = td->td_proc->p_pid;
409#ifdef MAC
410	mac_init_bpfdesc(d);
411	mac_create_bpfdesc(td->td_ucred, d);
412#endif
413	mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF);
414	callout_init(&d->bd_callout, NET_CALLOUT_MPSAFE);
415	knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL);
416
417	return (0);
418}
419
420/*
421 * Close the descriptor by detaching it from its interface,
422 * deallocating its buffers, and marking it free.
423 */
424/* ARGSUSED */
425static	int
426bpfclose(struct cdev *dev, int flags, int fmt, struct thread *td)
427{
428	struct bpf_d *d = dev->si_drv1;
429
430	BPFD_LOCK(d);
431	if (d->bd_state == BPF_WAITING)
432		callout_stop(&d->bd_callout);
433	d->bd_state = BPF_IDLE;
434	BPFD_UNLOCK(d);
435	funsetown(&d->bd_sigio);
436	mtx_lock(&bpf_mtx);
437	if (d->bd_bif)
438		bpf_detachd(d);
439	mtx_unlock(&bpf_mtx);
440	selwakeuppri(&d->bd_sel, PRINET);
441#ifdef MAC
442	mac_destroy_bpfdesc(d);
443#endif /* MAC */
444	knlist_destroy(&d->bd_sel.si_note);
445	bpf_freed(d);
446	dev->si_drv1 = NULL;
447	free(d, M_BPF);
448
449	return (0);
450}
451
452
453/*
454 * Rotate the packet buffers in descriptor d.  Move the store buffer
455 * into the hold slot, and the free buffer into the store slot.
456 * Zero the length of the new store buffer.
457 */
458#define ROTATE_BUFFERS(d) \
459	(d)->bd_hbuf = (d)->bd_sbuf; \
460	(d)->bd_hlen = (d)->bd_slen; \
461	(d)->bd_sbuf = (d)->bd_fbuf; \
462	(d)->bd_slen = 0; \
463	(d)->bd_fbuf = NULL;
464/*
465 *  bpfread - read next chunk of packets from buffers
466 */
467static	int
468bpfread(struct cdev *dev, struct uio *uio, int ioflag)
469{
470	struct bpf_d *d = dev->si_drv1;
471	int timed_out;
472	int error;
473
474	/*
475	 * Restrict application to use a buffer the same size as
476	 * as kernel buffers.
477	 */
478	if (uio->uio_resid != d->bd_bufsize)
479		return (EINVAL);
480
481	BPFD_LOCK(d);
482	if (d->bd_state == BPF_WAITING)
483		callout_stop(&d->bd_callout);
484	timed_out = (d->bd_state == BPF_TIMED_OUT);
485	d->bd_state = BPF_IDLE;
486	/*
487	 * If the hold buffer is empty, then do a timed sleep, which
488	 * ends when the timeout expires or when enough packets
489	 * have arrived to fill the store buffer.
490	 */
491	while (d->bd_hbuf == NULL) {
492		if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
493			/*
494			 * A packet(s) either arrived since the previous
495			 * read or arrived while we were asleep.
496			 * Rotate the buffers and return what's here.
497			 */
498			ROTATE_BUFFERS(d);
499			break;
500		}
501
502		/*
503		 * No data is available, check to see if the bpf device
504		 * is still pointed at a real interface.  If not, return
505		 * ENXIO so that the userland process knows to rebind
506		 * it before using it again.
507		 */
508		if (d->bd_bif == NULL) {
509			BPFD_UNLOCK(d);
510			return (ENXIO);
511		}
512
513		if (ioflag & O_NONBLOCK) {
514			BPFD_UNLOCK(d);
515			return (EWOULDBLOCK);
516		}
517		error = msleep(d, &d->bd_mtx, PRINET|PCATCH,
518		     "bpf", d->bd_rtout);
519		if (error == EINTR || error == ERESTART) {
520			BPFD_UNLOCK(d);
521			return (error);
522		}
523		if (error == EWOULDBLOCK) {
524			/*
525			 * On a timeout, return what's in the buffer,
526			 * which may be nothing.  If there is something
527			 * in the store buffer, we can rotate the buffers.
528			 */
529			if (d->bd_hbuf)
530				/*
531				 * We filled up the buffer in between
532				 * getting the timeout and arriving
533				 * here, so we don't need to rotate.
534				 */
535				break;
536
537			if (d->bd_slen == 0) {
538				BPFD_UNLOCK(d);
539				return (0);
540			}
541			ROTATE_BUFFERS(d);
542			break;
543		}
544	}
545	/*
546	 * At this point, we know we have something in the hold slot.
547	 */
548	BPFD_UNLOCK(d);
549
550	/*
551	 * Move data from hold buffer into user space.
552	 * We know the entire buffer is transferred since
553	 * we checked above that the read buffer is bpf_bufsize bytes.
554	 */
555	error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
556
557	BPFD_LOCK(d);
558	d->bd_fbuf = d->bd_hbuf;
559	d->bd_hbuf = NULL;
560	d->bd_hlen = 0;
561	BPFD_UNLOCK(d);
562
563	return (error);
564}
565
566
567/*
568 * If there are processes sleeping on this descriptor, wake them up.
569 */
570static __inline void
571bpf_wakeup(struct bpf_d *d)
572{
573
574	BPFD_LOCK_ASSERT(d);
575	if (d->bd_state == BPF_WAITING) {
576		callout_stop(&d->bd_callout);
577		d->bd_state = BPF_IDLE;
578	}
579	wakeup(d);
580	if (d->bd_async && d->bd_sig && d->bd_sigio)
581		pgsigio(&d->bd_sigio, d->bd_sig, 0);
582
583	selwakeuppri(&d->bd_sel, PRINET);
584	KNOTE_LOCKED(&d->bd_sel.si_note, 0);
585}
586
587static void
588bpf_timed_out(void *arg)
589{
590	struct bpf_d *d = (struct bpf_d *)arg;
591
592	BPFD_LOCK(d);
593	if (d->bd_state == BPF_WAITING) {
594		d->bd_state = BPF_TIMED_OUT;
595		if (d->bd_slen != 0)
596			bpf_wakeup(d);
597	}
598	BPFD_UNLOCK(d);
599}
600
601static int
602bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
603{
604	struct bpf_d *d = dev->si_drv1;
605	struct ifnet *ifp;
606	struct mbuf *m;
607	int error;
608	struct sockaddr dst;
609
610	if (d->bd_bif == NULL)
611		return (ENXIO);
612
613	ifp = d->bd_bif->bif_ifp;
614
615	if ((ifp->if_flags & IFF_UP) == 0)
616		return (ENETDOWN);
617
618	if (uio->uio_resid == 0)
619		return (0);
620
621	bzero(&dst, sizeof(dst));
622	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu,
623	    &m, &dst, d->bd_wfilter);
624	if (error)
625		return (error);
626
627	if (d->bd_hdrcmplt)
628		dst.sa_family = pseudo_AF_HDRCMPLT;
629
630#ifdef MAC
631	BPFD_LOCK(d);
632	mac_create_mbuf_from_bpfdesc(d, m);
633	BPFD_UNLOCK(d);
634#endif
635	NET_LOCK_GIANT();
636	error = (*ifp->if_output)(ifp, m, &dst, NULL);
637	NET_UNLOCK_GIANT();
638	/*
639	 * The driver frees the mbuf.
640	 */
641	return (error);
642}
643
644/*
645 * Reset a descriptor by flushing its packet buffer and clearing the
646 * receive and drop counts.
647 */
648static void
649reset_d(struct bpf_d *d)
650{
651
652	mtx_assert(&d->bd_mtx, MA_OWNED);
653	if (d->bd_hbuf) {
654		/* Free the hold buffer. */
655		d->bd_fbuf = d->bd_hbuf;
656		d->bd_hbuf = NULL;
657	}
658	d->bd_slen = 0;
659	d->bd_hlen = 0;
660	d->bd_rcount = 0;
661	d->bd_dcount = 0;
662	d->bd_fcount = 0;
663}
664
665/*
666 *  FIONREAD		Check for read packet available.
667 *  SIOCGIFADDR		Get interface address - convenient hook to driver.
668 *  BIOCGBLEN		Get buffer len [for read()].
669 *  BIOCSETF		Set ethernet read filter.
670 *  BIOCSETWF		Set ethernet write filter.
671 *  BIOCFLUSH		Flush read packet buffer.
672 *  BIOCPROMISC		Put interface into promiscuous mode.
673 *  BIOCGDLT		Get link layer type.
674 *  BIOCGETIF		Get interface name.
675 *  BIOCSETIF		Set interface.
676 *  BIOCSRTIMEOUT	Set read timeout.
677 *  BIOCGRTIMEOUT	Get read timeout.
678 *  BIOCGSTATS		Get packet stats.
679 *  BIOCIMMEDIATE	Set immediate mode.
680 *  BIOCVERSION		Get filter language version.
681 *  BIOCGHDRCMPLT	Get "header already complete" flag
682 *  BIOCSHDRCMPLT	Set "header already complete" flag
683 *  BIOCGSEESENT	Get "see packets sent" flag
684 *  BIOCSSEESENT	Set "see packets sent" flag
685 *  BIOCLOCK		Set "locked" flag
686 */
687/* ARGSUSED */
688static	int
689bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
690    struct thread *td)
691{
692	struct bpf_d *d = dev->si_drv1;
693	int error = 0;
694
695	/*
696	 * Refresh PID associated with this descriptor.
697	 */
698	BPFD_LOCK(d);
699	d->bd_pid = td->td_proc->p_pid;
700	if (d->bd_state == BPF_WAITING)
701		callout_stop(&d->bd_callout);
702	d->bd_state = BPF_IDLE;
703	BPFD_UNLOCK(d);
704
705	if (d->bd_locked == 1) {
706		switch (cmd) {
707		case BIOCGBLEN:
708		case BIOCFLUSH:
709		case BIOCGDLT:
710		case BIOCGDLTLIST:
711		case BIOCGETIF:
712		case BIOCGRTIMEOUT:
713		case BIOCGSTATS:
714		case BIOCVERSION:
715		case BIOCGRSIG:
716		case BIOCGHDRCMPLT:
717		case FIONREAD:
718		case BIOCLOCK:
719		case BIOCSRTIMEOUT:
720		case BIOCIMMEDIATE:
721		case TIOCGPGRP:
722			break;
723		default:
724			return (EPERM);
725		}
726	}
727	switch (cmd) {
728
729	default:
730		error = EINVAL;
731		break;
732
733	/*
734	 * Check for read packet available.
735	 */
736	case FIONREAD:
737		{
738			int n;
739
740			BPFD_LOCK(d);
741			n = d->bd_slen;
742			if (d->bd_hbuf)
743				n += d->bd_hlen;
744			BPFD_UNLOCK(d);
745
746			*(int *)addr = n;
747			break;
748		}
749
750	case SIOCGIFADDR:
751		{
752			struct ifnet *ifp;
753
754			if (d->bd_bif == NULL)
755				error = EINVAL;
756			else {
757				ifp = d->bd_bif->bif_ifp;
758				error = (*ifp->if_ioctl)(ifp, cmd, addr);
759			}
760			break;
761		}
762
763	/*
764	 * Get buffer len [for read()].
765	 */
766	case BIOCGBLEN:
767		*(u_int *)addr = d->bd_bufsize;
768		break;
769
770	/*
771	 * Set buffer length.
772	 */
773	case BIOCSBLEN:
774		if (d->bd_bif != NULL)
775			error = EINVAL;
776		else {
777			u_int size = *(u_int *)addr;
778
779			if (size > bpf_maxbufsize)
780				*(u_int *)addr = size = bpf_maxbufsize;
781			else if (size < BPF_MINBUFSIZE)
782				*(u_int *)addr = size = BPF_MINBUFSIZE;
783			d->bd_bufsize = size;
784		}
785		break;
786
787	/*
788	 * Set link layer read filter.
789	 */
790	case BIOCSETF:
791	case BIOCSETWF:
792		error = bpf_setf(d, (struct bpf_program *)addr, cmd);
793		break;
794
795	/*
796	 * Flush read packet buffer.
797	 */
798	case BIOCFLUSH:
799		BPFD_LOCK(d);
800		reset_d(d);
801		BPFD_UNLOCK(d);
802		break;
803
804	/*
805	 * Put interface into promiscuous mode.
806	 */
807	case BIOCPROMISC:
808		if (d->bd_bif == NULL) {
809			/*
810			 * No interface attached yet.
811			 */
812			error = EINVAL;
813			break;
814		}
815		if (d->bd_promisc == 0) {
816			mtx_lock(&Giant);
817			error = ifpromisc(d->bd_bif->bif_ifp, 1);
818			mtx_unlock(&Giant);
819			if (error == 0)
820				d->bd_promisc = 1;
821		}
822		break;
823
824	/*
825	 * Get current data link type.
826	 */
827	case BIOCGDLT:
828		if (d->bd_bif == NULL)
829			error = EINVAL;
830		else
831			*(u_int *)addr = d->bd_bif->bif_dlt;
832		break;
833
834	/*
835	 * Get a list of supported data link types.
836	 */
837	case BIOCGDLTLIST:
838		if (d->bd_bif == NULL)
839			error = EINVAL;
840		else
841			error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
842		break;
843
844	/*
845	 * Set data link type.
846	 */
847	case BIOCSDLT:
848		if (d->bd_bif == NULL)
849			error = EINVAL;
850		else
851			error = bpf_setdlt(d, *(u_int *)addr);
852		break;
853
854	/*
855	 * Get interface name.
856	 */
857	case BIOCGETIF:
858		if (d->bd_bif == NULL)
859			error = EINVAL;
860		else {
861			struct ifnet *const ifp = d->bd_bif->bif_ifp;
862			struct ifreq *const ifr = (struct ifreq *)addr;
863
864			strlcpy(ifr->ifr_name, ifp->if_xname,
865			    sizeof(ifr->ifr_name));
866		}
867		break;
868
869	/*
870	 * Set interface.
871	 */
872	case BIOCSETIF:
873		error = bpf_setif(d, (struct ifreq *)addr);
874		break;
875
876	/*
877	 * Set read timeout.
878	 */
879	case BIOCSRTIMEOUT:
880		{
881			struct timeval *tv = (struct timeval *)addr;
882
883			/*
884			 * Subtract 1 tick from tvtohz() since this isn't
885			 * a one-shot timer.
886			 */
887			if ((error = itimerfix(tv)) == 0)
888				d->bd_rtout = tvtohz(tv) - 1;
889			break;
890		}
891
892	/*
893	 * Get read timeout.
894	 */
895	case BIOCGRTIMEOUT:
896		{
897			struct timeval *tv = (struct timeval *)addr;
898
899			tv->tv_sec = d->bd_rtout / hz;
900			tv->tv_usec = (d->bd_rtout % hz) * tick;
901			break;
902		}
903
904	/*
905	 * Get packet stats.
906	 */
907	case BIOCGSTATS:
908		{
909			struct bpf_stat *bs = (struct bpf_stat *)addr;
910
911			bs->bs_recv = d->bd_rcount;
912			bs->bs_drop = d->bd_dcount;
913			break;
914		}
915
916	/*
917	 * Set immediate mode.
918	 */
919	case BIOCIMMEDIATE:
920		d->bd_immediate = *(u_int *)addr;
921		break;
922
923	case BIOCVERSION:
924		{
925			struct bpf_version *bv = (struct bpf_version *)addr;
926
927			bv->bv_major = BPF_MAJOR_VERSION;
928			bv->bv_minor = BPF_MINOR_VERSION;
929			break;
930		}
931
932	/*
933	 * Get "header already complete" flag
934	 */
935	case BIOCGHDRCMPLT:
936		*(u_int *)addr = d->bd_hdrcmplt;
937		break;
938
939	case BIOCLOCK:
940		d->bd_locked = 1;
941		break;
942	/*
943	 * Set "header already complete" flag
944	 */
945	case BIOCSHDRCMPLT:
946		d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
947		break;
948
949	/*
950	 * Get "see sent packets" flag
951	 */
952	case BIOCGSEESENT:
953		*(u_int *)addr = d->bd_seesent;
954		break;
955
956	/*
957	 * Set "see sent packets" flag
958	 */
959	case BIOCSSEESENT:
960		d->bd_seesent = *(u_int *)addr;
961		break;
962
963	case FIONBIO:		/* Non-blocking I/O */
964		break;
965
966	case FIOASYNC:		/* Send signal on receive packets */
967		d->bd_async = *(int *)addr;
968		break;
969
970	case FIOSETOWN:
971		error = fsetown(*(int *)addr, &d->bd_sigio);
972		break;
973
974	case FIOGETOWN:
975		*(int *)addr = fgetown(&d->bd_sigio);
976		break;
977
978	/* This is deprecated, FIOSETOWN should be used instead. */
979	case TIOCSPGRP:
980		error = fsetown(-(*(int *)addr), &d->bd_sigio);
981		break;
982
983	/* This is deprecated, FIOGETOWN should be used instead. */
984	case TIOCGPGRP:
985		*(int *)addr = -fgetown(&d->bd_sigio);
986		break;
987
988	case BIOCSRSIG:		/* Set receive signal */
989		{
990			u_int sig;
991
992			sig = *(u_int *)addr;
993
994			if (sig >= NSIG)
995				error = EINVAL;
996			else
997				d->bd_sig = sig;
998			break;
999		}
1000	case BIOCGRSIG:
1001		*(u_int *)addr = d->bd_sig;
1002		break;
1003	}
1004	return (error);
1005}
1006
1007/*
1008 * Set d's packet filter program to fp.  If this file already has a filter,
1009 * free it and replace it.  Returns EINVAL for bogus requests.
1010 */
1011static int
1012bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
1013{
1014	struct bpf_insn *fcode, *old;
1015	u_int wfilter, flen, size;
1016#ifdef BPF_JITTER
1017	bpf_jit_filter *ofunc;
1018#endif
1019
1020	if (cmd == BIOCSETWF) {
1021		old = d->bd_wfilter;
1022		wfilter = 1;
1023#ifdef BPF_JITTER
1024		ofunc = NULL;
1025#endif
1026	} else {
1027		wfilter = 0;
1028		old = d->bd_rfilter;
1029#ifdef BPF_JITTER
1030		ofunc = d->bd_bfilter;
1031#endif
1032	}
1033	if (fp->bf_insns == NULL) {
1034		if (fp->bf_len != 0)
1035			return (EINVAL);
1036		BPFD_LOCK(d);
1037		if (wfilter)
1038			d->bd_wfilter = NULL;
1039		else {
1040			d->bd_rfilter = NULL;
1041#ifdef BPF_JITTER
1042			d->bd_bfilter = NULL;
1043#endif
1044		}
1045		reset_d(d);
1046		BPFD_UNLOCK(d);
1047		if (old != NULL)
1048			free((caddr_t)old, M_BPF);
1049#ifdef BPF_JITTER
1050		if (ofunc != NULL)
1051			bpf_destroy_jit_filter(ofunc);
1052#endif
1053		return (0);
1054	}
1055	flen = fp->bf_len;
1056	if (flen > bpf_maxinsns)
1057		return (EINVAL);
1058
1059	size = flen * sizeof(*fp->bf_insns);
1060	fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
1061	if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
1062	    bpf_validate(fcode, (int)flen)) {
1063		BPFD_LOCK(d);
1064		if (wfilter)
1065			d->bd_wfilter = fcode;
1066		else {
1067			d->bd_rfilter = fcode;
1068#ifdef BPF_JITTER
1069			d->bd_bfilter = bpf_jitter(fcode, flen);
1070#endif
1071		}
1072		reset_d(d);
1073		BPFD_UNLOCK(d);
1074		if (old != NULL)
1075			free((caddr_t)old, M_BPF);
1076#ifdef BPF_JITTER
1077		if (ofunc != NULL)
1078			bpf_destroy_jit_filter(ofunc);
1079#endif
1080
1081		return (0);
1082	}
1083	free((caddr_t)fcode, M_BPF);
1084	return (EINVAL);
1085}
1086
1087/*
1088 * Detach a file from its current interface (if attached at all) and attach
1089 * to the interface indicated by the name stored in ifr.
1090 * Return an errno or 0.
1091 */
1092static int
1093bpf_setif(struct bpf_d *d, struct ifreq *ifr)
1094{
1095	struct bpf_if *bp;
1096	struct ifnet *theywant;
1097
1098	theywant = ifunit(ifr->ifr_name);
1099	if (theywant == NULL || theywant->if_bpf == NULL)
1100		return (ENXIO);
1101
1102	bp = theywant->if_bpf;
1103	/*
1104	 * Allocate the packet buffers if we need to.
1105	 * If we're already attached to requested interface,
1106	 * just flush the buffer.
1107	 */
1108	if (d->bd_sbuf == NULL)
1109		bpf_allocbufs(d);
1110	if (bp != d->bd_bif) {
1111		if (d->bd_bif)
1112			/*
1113			 * Detach if attached to something else.
1114			 */
1115			bpf_detachd(d);
1116
1117		bpf_attachd(d, bp);
1118	}
1119	BPFD_LOCK(d);
1120	reset_d(d);
1121	BPFD_UNLOCK(d);
1122	return (0);
1123}
1124
1125/*
1126 * Support for select() and poll() system calls
1127 *
1128 * Return true iff the specific operation will not block indefinitely.
1129 * Otherwise, return false but make a note that a selwakeup() must be done.
1130 */
1131static int
1132bpfpoll(struct cdev *dev, int events, struct thread *td)
1133{
1134	struct bpf_d *d;
1135	int revents;
1136
1137	d = dev->si_drv1;
1138	if (d->bd_bif == NULL)
1139		return (ENXIO);
1140
1141	/*
1142	 * Refresh PID associated with this descriptor.
1143	 */
1144	revents = events & (POLLOUT | POLLWRNORM);
1145	BPFD_LOCK(d);
1146	d->bd_pid = td->td_proc->p_pid;
1147	if (events & (POLLIN | POLLRDNORM)) {
1148		if (bpf_ready(d))
1149			revents |= events & (POLLIN | POLLRDNORM);
1150		else {
1151			selrecord(td, &d->bd_sel);
1152			/* Start the read timeout if necessary. */
1153			if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1154				callout_reset(&d->bd_callout, d->bd_rtout,
1155				    bpf_timed_out, d);
1156				d->bd_state = BPF_WAITING;
1157			}
1158		}
1159	}
1160	BPFD_UNLOCK(d);
1161	return (revents);
1162}
1163
1164/*
1165 * Support for kevent() system call.  Register EVFILT_READ filters and
1166 * reject all others.
1167 */
1168int
1169bpfkqfilter(struct cdev *dev, struct knote *kn)
1170{
1171	struct bpf_d *d = (struct bpf_d *)dev->si_drv1;
1172
1173	if (kn->kn_filter != EVFILT_READ)
1174		return (1);
1175
1176	/*
1177	 * Refresh PID associated with this descriptor.
1178	 */
1179	BPFD_LOCK(d);
1180	d->bd_pid = curthread->td_proc->p_pid;
1181	kn->kn_fop = &bpfread_filtops;
1182	kn->kn_hook = d;
1183	knlist_add(&d->bd_sel.si_note, kn, 1);
1184	BPFD_UNLOCK(d);
1185
1186	return (0);
1187}
1188
1189static void
1190filt_bpfdetach(struct knote *kn)
1191{
1192	struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1193
1194	knlist_remove(&d->bd_sel.si_note, kn, 0);
1195}
1196
1197static int
1198filt_bpfread(struct knote *kn, long hint)
1199{
1200	struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1201	int ready;
1202
1203	BPFD_LOCK_ASSERT(d);
1204	ready = bpf_ready(d);
1205	if (ready) {
1206		kn->kn_data = d->bd_slen;
1207		if (d->bd_hbuf)
1208			kn->kn_data += d->bd_hlen;
1209	}
1210	else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1211		callout_reset(&d->bd_callout, d->bd_rtout,
1212		    bpf_timed_out, d);
1213		d->bd_state = BPF_WAITING;
1214	}
1215
1216	return (ready);
1217}
1218
1219/*
1220 * Incoming linkage from device drivers.  Process the packet pkt, of length
1221 * pktlen, which is stored in a contiguous buffer.  The packet is parsed
1222 * by each process' filter, and if accepted, stashed into the corresponding
1223 * buffer.
1224 */
1225void
1226bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
1227{
1228	struct bpf_d *d;
1229	u_int slen;
1230	int gottime;
1231	struct timeval tv;
1232
1233	gottime = 0;
1234	BPFIF_LOCK(bp);
1235	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1236		BPFD_LOCK(d);
1237		++d->bd_rcount;
1238#ifdef BPF_JITTER
1239		if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL)
1240			slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen);
1241		else
1242#endif
1243		slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
1244		if (slen != 0) {
1245			d->bd_fcount++;
1246			if (!gottime) {
1247				microtime(&tv);
1248				gottime = 1;
1249			}
1250#ifdef MAC
1251			if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1252#endif
1253				catchpacket(d, pkt, pktlen, slen, bcopy, &tv);
1254		}
1255		BPFD_UNLOCK(d);
1256	}
1257	BPFIF_UNLOCK(bp);
1258}
1259
1260/*
1261 * Copy data from an mbuf chain into a buffer.  This code is derived
1262 * from m_copydata in sys/uipc_mbuf.c.
1263 */
1264static void
1265bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
1266{
1267	const struct mbuf *m;
1268	u_int count;
1269	u_char *dst;
1270
1271	m = src_arg;
1272	dst = dst_arg;
1273	while (len > 0) {
1274		if (m == NULL)
1275			panic("bpf_mcopy");
1276		count = min(m->m_len, len);
1277		bcopy(mtod(m, void *), dst, count);
1278		m = m->m_next;
1279		dst += count;
1280		len -= count;
1281	}
1282}
1283
1284/*
1285 * Incoming linkage from device drivers, when packet is in an mbuf chain.
1286 */
1287void
1288bpf_mtap(struct bpf_if *bp, struct mbuf *m)
1289{
1290	struct bpf_d *d;
1291	u_int pktlen, slen;
1292	int gottime;
1293	struct timeval tv;
1294
1295	gottime = 0;
1296
1297	pktlen = m_length(m, NULL);
1298
1299	BPFIF_LOCK(bp);
1300	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1301		if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1302			continue;
1303		BPFD_LOCK(d);
1304		++d->bd_rcount;
1305#ifdef BPF_JITTER
1306		/* XXX We cannot handle multiple mbufs. */
1307		if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL &&
1308		    m->m_next == NULL)
1309			slen = (*(d->bd_bfilter->func))(mtod(m, u_char *),
1310			    pktlen, pktlen);
1311		else
1312#endif
1313		slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
1314		if (slen != 0) {
1315			d->bd_fcount++;
1316			if (!gottime) {
1317				microtime(&tv);
1318				gottime = 1;
1319			}
1320#ifdef MAC
1321			if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1322#endif
1323				catchpacket(d, (u_char *)m, pktlen, slen,
1324				    bpf_mcopy, &tv);
1325		}
1326		BPFD_UNLOCK(d);
1327	}
1328	BPFIF_UNLOCK(bp);
1329}
1330
1331/*
1332 * Incoming linkage from device drivers, when packet is in
1333 * an mbuf chain and to be prepended by a contiguous header.
1334 */
1335void
1336bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
1337{
1338	struct mbuf mb;
1339	struct bpf_d *d;
1340	u_int pktlen, slen;
1341	int gottime;
1342	struct timeval tv;
1343
1344	gottime = 0;
1345
1346	pktlen = m_length(m, NULL);
1347	/*
1348	 * Craft on-stack mbuf suitable for passing to bpf_filter.
1349	 * Note that we cut corners here; we only setup what's
1350	 * absolutely needed--this mbuf should never go anywhere else.
1351	 */
1352	mb.m_next = m;
1353	mb.m_data = data;
1354	mb.m_len = dlen;
1355	pktlen += dlen;
1356
1357	BPFIF_LOCK(bp);
1358	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1359		if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1360			continue;
1361		BPFD_LOCK(d);
1362		++d->bd_rcount;
1363		slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
1364		if (slen != 0) {
1365			d->bd_fcount++;
1366			if (!gottime) {
1367				microtime(&tv);
1368				gottime = 1;
1369			}
1370#ifdef MAC
1371			if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1372#endif
1373				catchpacket(d, (u_char *)&mb, pktlen, slen,
1374				    bpf_mcopy, &tv);
1375		}
1376		BPFD_UNLOCK(d);
1377	}
1378	BPFIF_UNLOCK(bp);
1379}
1380
1381/*
1382 * Move the packet data from interface memory (pkt) into the
1383 * store buffer.  "cpfn" is the routine called to do the actual data
1384 * transfer.  bcopy is passed in to copy contiguous chunks, while
1385 * bpf_mcopy is passed in to copy mbuf chains.  In the latter case,
1386 * pkt is really an mbuf.
1387 */
1388static void
1389catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
1390    void (*cpfn)(const void *, void *, size_t), struct timeval *tv)
1391{
1392	struct bpf_hdr *hp;
1393	int totlen, curlen;
1394	int hdrlen = d->bd_bif->bif_hdrlen;
1395	int do_wakeup = 0;
1396
1397	BPFD_LOCK_ASSERT(d);
1398	/*
1399	 * Figure out how many bytes to move.  If the packet is
1400	 * greater or equal to the snapshot length, transfer that
1401	 * much.  Otherwise, transfer the whole packet (unless
1402	 * we hit the buffer size limit).
1403	 */
1404	totlen = hdrlen + min(snaplen, pktlen);
1405	if (totlen > d->bd_bufsize)
1406		totlen = d->bd_bufsize;
1407
1408	/*
1409	 * Round up the end of the previous packet to the next longword.
1410	 */
1411	curlen = BPF_WORDALIGN(d->bd_slen);
1412	if (curlen + totlen > d->bd_bufsize) {
1413		/*
1414		 * This packet will overflow the storage buffer.
1415		 * Rotate the buffers if we can, then wakeup any
1416		 * pending reads.
1417		 */
1418		if (d->bd_fbuf == NULL) {
1419			/*
1420			 * We haven't completed the previous read yet,
1421			 * so drop the packet.
1422			 */
1423			++d->bd_dcount;
1424			return;
1425		}
1426		ROTATE_BUFFERS(d);
1427		do_wakeup = 1;
1428		curlen = 0;
1429	}
1430	else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
1431		/*
1432		 * Immediate mode is set, or the read timeout has
1433		 * already expired during a select call.  A packet
1434		 * arrived, so the reader should be woken up.
1435		 */
1436		do_wakeup = 1;
1437
1438	/*
1439	 * Append the bpf header.
1440	 */
1441	hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1442	hp->bh_tstamp = *tv;
1443	hp->bh_datalen = pktlen;
1444	hp->bh_hdrlen = hdrlen;
1445	/*
1446	 * Copy the packet data into the store buffer and update its length.
1447	 */
1448	(*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1449	d->bd_slen = curlen + totlen;
1450
1451	if (do_wakeup)
1452		bpf_wakeup(d);
1453}
1454
1455/*
1456 * Initialize all nonzero fields of a descriptor.
1457 */
1458static void
1459bpf_allocbufs(struct bpf_d *d)
1460{
1461
1462	KASSERT(d->bd_fbuf == NULL, ("bpf_allocbufs: bd_fbuf != NULL"));
1463	KASSERT(d->bd_sbuf == NULL, ("bpf_allocbufs: bd_sbuf != NULL"));
1464	KASSERT(d->bd_hbuf == NULL, ("bpf_allocbufs: bd_hbuf != NULL"));
1465
1466	d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1467	d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1468	d->bd_slen = 0;
1469	d->bd_hlen = 0;
1470}
1471
1472/*
1473 * Free buffers currently in use by a descriptor.
1474 * Called on close.
1475 */
1476static void
1477bpf_freed(struct bpf_d *d)
1478{
1479	/*
1480	 * We don't need to lock out interrupts since this descriptor has
1481	 * been detached from its interface and it yet hasn't been marked
1482	 * free.
1483	 */
1484	if (d->bd_sbuf != NULL) {
1485		free(d->bd_sbuf, M_BPF);
1486		if (d->bd_hbuf != NULL)
1487			free(d->bd_hbuf, M_BPF);
1488		if (d->bd_fbuf != NULL)
1489			free(d->bd_fbuf, M_BPF);
1490	}
1491	if (d->bd_rfilter) {
1492		free((caddr_t)d->bd_rfilter, M_BPF);
1493#ifdef BPF_JITTER
1494		bpf_destroy_jit_filter(d->bd_bfilter);
1495#endif
1496	}
1497	if (d->bd_wfilter)
1498		free((caddr_t)d->bd_wfilter, M_BPF);
1499	mtx_destroy(&d->bd_mtx);
1500}
1501
1502/*
1503 * Attach an interface to bpf.  dlt is the link layer type; hdrlen is the
1504 * fixed size of the link header (variable length headers not yet supported).
1505 */
1506void
1507bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
1508{
1509
1510	bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
1511}
1512
1513/*
1514 * Attach an interface to bpf.  ifp is a pointer to the structure
1515 * defining the interface to be attached, dlt is the link layer type,
1516 * and hdrlen is the fixed size of the link header (variable length
1517 * headers are not yet supporrted).
1518 */
1519void
1520bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
1521{
1522	struct bpf_if *bp;
1523
1524	bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
1525	if (bp == NULL)
1526		panic("bpfattach");
1527
1528	LIST_INIT(&bp->bif_dlist);
1529	bp->bif_ifp = ifp;
1530	bp->bif_dlt = dlt;
1531	mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF);
1532	KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
1533	*driverp = bp;
1534
1535	mtx_lock(&bpf_mtx);
1536	LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
1537	mtx_unlock(&bpf_mtx);
1538
1539	/*
1540	 * Compute the length of the bpf header.  This is not necessarily
1541	 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1542	 * that the network layer header begins on a longword boundary (for
1543	 * performance reasons and to alleviate alignment restrictions).
1544	 */
1545	bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1546
1547	if (bootverbose)
1548		if_printf(ifp, "bpf attached\n");
1549}
1550
1551/*
1552 * Detach bpf from an interface.  This involves detaching each descriptor
1553 * associated with the interface, and leaving bd_bif NULL.  Notify each
1554 * descriptor as it's detached so that any sleepers wake up and get
1555 * ENXIO.
1556 */
1557void
1558bpfdetach(struct ifnet *ifp)
1559{
1560	struct bpf_if	*bp;
1561	struct bpf_d	*d;
1562
1563	/* Locate BPF interface information */
1564	mtx_lock(&bpf_mtx);
1565	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1566		if (ifp == bp->bif_ifp)
1567			break;
1568	}
1569
1570	/* Interface wasn't attached */
1571	if ((bp == NULL) || (bp->bif_ifp == NULL)) {
1572		mtx_unlock(&bpf_mtx);
1573		printf("bpfdetach: %s was not attached\n", ifp->if_xname);
1574		return;
1575	}
1576
1577	LIST_REMOVE(bp, bif_next);
1578	mtx_unlock(&bpf_mtx);
1579
1580	while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
1581		bpf_detachd(d);
1582		BPFD_LOCK(d);
1583		bpf_wakeup(d);
1584		BPFD_UNLOCK(d);
1585	}
1586
1587	mtx_destroy(&bp->bif_mtx);
1588	free(bp, M_BPF);
1589}
1590
1591/*
1592 * Get a list of available data link type of the interface.
1593 */
1594static int
1595bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
1596{
1597	int n, error;
1598	struct ifnet *ifp;
1599	struct bpf_if *bp;
1600
1601	ifp = d->bd_bif->bif_ifp;
1602	n = 0;
1603	error = 0;
1604	mtx_lock(&bpf_mtx);
1605	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1606		if (bp->bif_ifp != ifp)
1607			continue;
1608		if (bfl->bfl_list != NULL) {
1609			if (n >= bfl->bfl_len) {
1610				mtx_unlock(&bpf_mtx);
1611				return (ENOMEM);
1612			}
1613			error = copyout(&bp->bif_dlt,
1614			    bfl->bfl_list + n, sizeof(u_int));
1615		}
1616		n++;
1617	}
1618	mtx_unlock(&bpf_mtx);
1619	bfl->bfl_len = n;
1620	return (error);
1621}
1622
1623/*
1624 * Set the data link type of a BPF instance.
1625 */
1626static int
1627bpf_setdlt(struct bpf_d *d, u_int dlt)
1628{
1629	int error, opromisc;
1630	struct ifnet *ifp;
1631	struct bpf_if *bp;
1632
1633	if (d->bd_bif->bif_dlt == dlt)
1634		return (0);
1635	ifp = d->bd_bif->bif_ifp;
1636	mtx_lock(&bpf_mtx);
1637	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1638		if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1639			break;
1640	}
1641	mtx_unlock(&bpf_mtx);
1642	if (bp != NULL) {
1643		opromisc = d->bd_promisc;
1644		bpf_detachd(d);
1645		bpf_attachd(d, bp);
1646		BPFD_LOCK(d);
1647		reset_d(d);
1648		BPFD_UNLOCK(d);
1649		if (opromisc) {
1650			error = ifpromisc(bp->bif_ifp, 1);
1651			if (error)
1652				if_printf(bp->bif_ifp,
1653					"bpf_setdlt: ifpromisc failed (%d)\n",
1654					error);
1655			else
1656				d->bd_promisc = 1;
1657		}
1658	}
1659	return (bp == NULL ? EINVAL : 0);
1660}
1661
1662static void
1663bpf_clone(void *arg, struct ucred *cred, char *name, int namelen,
1664    struct cdev **dev)
1665{
1666	int u;
1667
1668	if (*dev != NULL)
1669		return;
1670	if (dev_stdclone(name, NULL, "bpf", &u) != 1)
1671		return;
1672	*dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600,
1673	    "bpf%d", u);
1674	dev_ref(*dev);
1675	(*dev)->si_flags |= SI_CHEAPCLONE;
1676	return;
1677}
1678
1679static void
1680bpf_drvinit(void *unused)
1681{
1682
1683	mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
1684	LIST_INIT(&bpf_iflist);
1685	EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000);
1686}
1687
1688static void
1689bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
1690{
1691
1692	bzero(d, sizeof(*d));
1693	BPFD_LOCK_ASSERT(bd);
1694	d->bd_immediate = bd->bd_immediate;
1695	d->bd_promisc = bd->bd_promisc;
1696	d->bd_hdrcmplt = bd->bd_hdrcmplt;
1697	d->bd_seesent = bd->bd_seesent;
1698	d->bd_async = bd->bd_async;
1699	d->bd_rcount = bd->bd_rcount;
1700	d->bd_dcount = bd->bd_dcount;
1701	d->bd_fcount = bd->bd_fcount;
1702	d->bd_sig = bd->bd_sig;
1703	d->bd_slen = bd->bd_slen;
1704	d->bd_hlen = bd->bd_hlen;
1705	d->bd_bufsize = bd->bd_bufsize;
1706	d->bd_pid = bd->bd_pid;
1707	strlcpy(d->bd_ifname,
1708	    bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
1709	d->bd_locked = bd->bd_locked;
1710}
1711
1712static int
1713bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
1714{
1715	struct xbpf_d *xbdbuf, *xbd;
1716	int index, error;
1717	struct bpf_if *bp;
1718	struct bpf_d *bd;
1719
1720	/*
1721	 * XXX This is not technically correct. It is possible for non
1722	 * privileged users to open bpf devices. It would make sense
1723	 * if the users who opened the devices were able to retrieve
1724	 * the statistics for them, too.
1725	 */
1726	error = suser(req->td);
1727	if (error)
1728		return (error);
1729	if (req->oldptr == NULL)
1730		return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
1731	if (bpf_bpfd_cnt == 0)
1732		return (SYSCTL_OUT(req, 0, 0));
1733	xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
1734	mtx_lock(&bpf_mtx);
1735	if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
1736		mtx_unlock(&bpf_mtx);
1737		free(xbdbuf, M_BPF);
1738		return (ENOMEM);
1739	}
1740	index = 0;
1741	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1742		BPFIF_LOCK(bp);
1743		LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
1744			xbd = &xbdbuf[index++];
1745			BPFD_LOCK(bd);
1746			bpfstats_fill_xbpf(xbd, bd);
1747			BPFD_UNLOCK(bd);
1748		}
1749		BPFIF_UNLOCK(bp);
1750	}
1751	mtx_unlock(&bpf_mtx);
1752	error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
1753	free(xbdbuf, M_BPF);
1754	return (error);
1755}
1756
1757SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL)
1758
1759#else /* !DEV_BPF && !NETGRAPH_BPF */
1760/*
1761 * NOP stubs to allow bpf-using drivers to load and function.
1762 *
1763 * A 'better' implementation would allow the core bpf functionality
1764 * to be loaded at runtime.
1765 */
1766static struct bpf_if bp_null;
1767
1768void
1769bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
1770{
1771}
1772
1773void
1774bpf_mtap(struct bpf_if *bp, struct mbuf *m)
1775{
1776}
1777
1778void
1779bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
1780{
1781}
1782
1783void
1784bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
1785{
1786
1787	bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
1788}
1789
1790void
1791bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
1792{
1793
1794	*driverp = &bp_null;
1795}
1796
1797void
1798bpfdetach(struct ifnet *ifp)
1799{
1800}
1801
1802u_int
1803bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
1804{
1805	return -1;	/* "no filter" behaviour */
1806}
1807
1808int
1809bpf_validate(const struct bpf_insn *f, int len)
1810{
1811	return 0;		/* false */
1812}
1813
1814#endif /* !DEV_BPF && !NETGRAPH_BPF */
1815