bpf.c revision 207195
161374Sdcs/*- 261374Sdcs * Copyright (c) 1990, 1991, 1993 361374Sdcs * The Regents of the University of California. All rights reserved. 461374Sdcs * 561374Sdcs * This code is derived from the Stanford/CMU enet packet filter, 661374Sdcs * (net/enet.c) distributed as part of 4.3BSD, and code contributed 761374Sdcs * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 861374Sdcs * Berkeley Laboratory. 961374Sdcs * 1061374Sdcs * Redistribution and use in source and binary forms, with or without 1161374Sdcs * modification, are permitted provided that the following conditions 1261374Sdcs * are met: 1361374Sdcs * 1. Redistributions of source code must retain the above copyright 1461374Sdcs * notice, this list of conditions and the following disclaimer. 1561374Sdcs * 2. Redistributions in binary form must reproduce the above copyright 1661374Sdcs * notice, this list of conditions and the following disclaimer in the 1761374Sdcs * documentation and/or other materials provided with the distribution. 1861374Sdcs * 4. Neither the name of the University nor the names of its contributors 1961374Sdcs * may be used to endorse or promote products derived from this software 2061374Sdcs * without specific prior written permission. 2161374Sdcs * 2261374Sdcs * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 2361374Sdcs * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2461374Sdcs * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2561374Sdcs * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2661374Sdcs * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2761374Sdcs * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2861374Sdcs * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2961374Sdcs * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3061374Sdcs * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3161374Sdcs * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3261374Sdcs * SUCH DAMAGE. 3361374Sdcs * 3461374Sdcs * @(#)bpf.c 8.4 (Berkeley) 1/9/95 35102215Sscottl */ 36253862Smarcel 37253862Smarcel#include <sys/cdefs.h> 38253862Smarcel__FBSDID("$FreeBSD: head/sys/net/bpf.c 207195 2010-04-25 16:43:41Z kib $"); 39253862Smarcel 40253862Smarcel#include "opt_bpf.h" 41102215Sscottl#include "opt_compat.h" 42253862Smarcel#include "opt_netgraph.h" 43102215Sscottl 4461374Sdcs#include <sys/types.h> 45102215Sscottl#include <sys/param.h> 4661374Sdcs#include <sys/systm.h> 4761374Sdcs#include <sys/conf.h> 4861374Sdcs#include <sys/fcntl.h> 4961374Sdcs#include <sys/jail.h> 5076116Sdcs#include <sys/malloc.h> 5161374Sdcs#include <sys/mbuf.h> 5261374Sdcs#include <sys/time.h> 5361374Sdcs#include <sys/priv.h> 5461374Sdcs#include <sys/proc.h> 5561374Sdcs#include <sys/signalvar.h> 5661374Sdcs#include <sys/filio.h> 5761374Sdcs#include <sys/sockio.h> 5865617Sdcs#include <sys/ttycom.h> 5965617Sdcs#include <sys/uio.h> 6065617Sdcs 6165617Sdcs#include <sys/event.h> 6276116Sdcs#include <sys/file.h> 6361374Sdcs#include <sys/poll.h> 6461374Sdcs#include <sys/proc.h> 6561374Sdcs 6661374Sdcs#include <sys/socket.h> 6761374Sdcs 68138223Sscottl#include <net/if.h> 69138223Sscottl#include <net/bpf.h> 70138223Sscottl#include <net/bpf_buffer.h> 71138223Sscottl#ifdef BPF_JITTER 7261374Sdcs#include <net/bpf_jitter.h> 7361374Sdcs#endif 7461374Sdcs#include <net/bpf_zerocopy.h> 7561374Sdcs#include <net/bpfdesc.h> 7661374Sdcs#include <net/vnet.h> 7761374Sdcs 7861374Sdcs#include <netinet/in.h> 7961374Sdcs#include <netinet/if_ether.h> 8061374Sdcs#include <sys/kernel.h> 8161374Sdcs#include <sys/sysctl.h> 82138223Sscottl 8361374Sdcs#include <net80211/ieee80211_freebsd.h> 8461374Sdcs 8561374Sdcs#include <security/mac/mac_framework.h> 8661374Sdcs 8761374SdcsMALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 8861374Sdcs 8961374Sdcs#if defined(DEV_BPF) || defined(NETGRAPH_BPF) 9061374Sdcs 9161374Sdcs#define PRINET 26 /* interruptible */ 9261374Sdcs 9361374Sdcs#ifdef COMPAT_FREEBSD32 9461374Sdcs#include <sys/mount.h> 9561374Sdcs#include <compat/freebsd32/freebsd32.h> 9661374Sdcs#define BPF_ALIGNMENT32 sizeof(int32_t) 97138223Sscottl#define BPF_WORDALIGN32(x) (((x)+(BPF_ALIGNMENT32-1))&~(BPF_ALIGNMENT32-1)) 9861374Sdcs 9961374Sdcs/* 10061374Sdcs * 32-bit version of structure prepended to each packet. We use this header 10161374Sdcs * instead of the standard one for 32-bit streams. We mark the a stream as 10261374Sdcs * 32-bit the first time we see a 32-bit compat ioctl request. 10361374Sdcs */ 10461374Sdcsstruct bpf_hdr32 { 105138223Sscottl struct timeval32 bh_tstamp; /* time stamp */ 106138223Sscottl uint32_t bh_caplen; /* length of captured portion */ 107138223Sscottl uint32_t bh_datalen; /* original length of packet */ 108138223Sscottl uint16_t bh_hdrlen; /* length of bpf header (this struct 10961374Sdcs plus alignment padding) */ 11061374Sdcs}; 11161374Sdcs 11261374Sdcsstruct bpf_program32 { 11361374Sdcs u_int bf_len; 11461374Sdcs uint32_t bf_insns; 11561374Sdcs}; 11661374Sdcs 11761374Sdcsstruct bpf_dltlist32 { 11861374Sdcs u_int bfl_len; 11961374Sdcs u_int bfl_list; 120138223Sscottl}; 12161374Sdcs 12261374Sdcs#define BIOCSETF32 _IOW('B', 103, struct bpf_program32) 12361374Sdcs#define BIOCSRTIMEOUT32 _IOW('B',109, struct timeval32) 12461374Sdcs#define BIOCGRTIMEOUT32 _IOR('B',110, struct timeval32) 12561374Sdcs#define BIOCGDLTLIST32 _IOWR('B',121, struct bpf_dltlist32) 12661374Sdcs#define BIOCSETWF32 _IOW('B',123, struct bpf_program32) 12761374Sdcs#define BIOCSETFNR32 _IOW('B',130, struct bpf_program32) 12861374Sdcs#endif 12961374Sdcs 13061374Sdcs/* 13161374Sdcs * bpf_iflist is a list of BPF interface structures, each corresponding to a 13261374Sdcs * specific DLT. The same network interface might have several BPF interface 13361374Sdcs * structures registered by different layers in the stack (i.e., 802.11 13461374Sdcs * frames, ethernet frames, etc). 135138223Sscottl */ 13661374Sdcsstatic LIST_HEAD(, bpf_if) bpf_iflist; 13761374Sdcsstatic struct mtx bpf_mtx; /* bpf global lock */ 13861374Sdcsstatic int bpf_bpfd_cnt; 13961374Sdcs 14061374Sdcsstatic void bpf_attachd(struct bpf_d *, struct bpf_if *); 14161374Sdcsstatic void bpf_detachd(struct bpf_d *); 14261374Sdcsstatic void bpf_freed(struct bpf_d *); 143138223Sscottlstatic int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **, 144253862Smarcel struct sockaddr *, int *, struct bpf_insn *); 145138223Sscottlstatic int bpf_setif(struct bpf_d *, struct ifreq *); 146253862Smarcelstatic void bpf_timed_out(void *); 14761374Sdcsstatic __inline void 14861374Sdcs bpf_wakeup(struct bpf_d *); 14961374Sdcsstatic void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 15061374Sdcs void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int), 15161374Sdcs struct timeval *); 15261374Sdcsstatic void reset_d(struct bpf_d *); 15361374Sdcsstatic int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 15461374Sdcsstatic int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 155138223Sscottlstatic int bpf_setdlt(struct bpf_d *, u_int); 15661374Sdcsstatic void filt_bpfdetach(struct knote *); 15761374Sdcsstatic int filt_bpfread(struct knote *, long); 15861374Sdcsstatic void bpf_drvinit(void *); 15961374Sdcsstatic int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 16061374Sdcs 16161374SdcsSYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); 16261374Sdcsint bpf_maxinsns = BPF_MAXINSNS; 16361374SdcsSYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 16461374Sdcs &bpf_maxinsns, 0, "Maximum bpf program instructions"); 16561374Sdcsstatic int bpf_zerocopy_enable = 0; 16661374SdcsSYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW, 16761374Sdcs &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions"); 16861374SdcsSYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW, 169138223Sscottl bpf_stats_sysctl, "bpf statistics portal"); 17061374Sdcs 17161374Sdcsstatic d_open_t bpfopen; 17261374Sdcsstatic d_read_t bpfread; 17361374Sdcsstatic d_write_t bpfwrite; 17461374Sdcsstatic d_ioctl_t bpfioctl; 17561374Sdcsstatic d_poll_t bpfpoll; 17661374Sdcsstatic d_kqfilter_t bpfkqfilter; 17761374Sdcs 178138223Sscottlstatic struct cdevsw bpf_cdevsw = { 179138223Sscottl .d_version = D_VERSION, 180138223Sscottl .d_open = bpfopen, 181138223Sscottl .d_read = bpfread, 18261374Sdcs .d_write = bpfwrite, 18361374Sdcs .d_ioctl = bpfioctl, 18461374Sdcs .d_poll = bpfpoll, 18561374Sdcs .d_name = "bpf", 18661374Sdcs .d_kqfilter = bpfkqfilter, 18761374Sdcs}; 18861374Sdcs 18961374Sdcsstatic struct filterops bpfread_filtops = { 190138223Sscottl .f_isfd = 1, 19161374Sdcs .f_detach = filt_bpfdetach, 19261374Sdcs .f_event = filt_bpfread, 19361374Sdcs}; 19461374Sdcs 19561374Sdcs/* 19661374Sdcs * Wrapper functions for various buffering methods. If the set of buffer 19761374Sdcs * modes expands, we will probably want to introduce a switch data structure 19861374Sdcs * similar to protosw, et. 199138223Sscottl */ 20061374Sdcsstatic void 20161374Sdcsbpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src, 20261374Sdcs u_int len) 20361374Sdcs{ 20461374Sdcs 20561374Sdcs BPFD_LOCK_ASSERT(d); 20661374Sdcs 20761374Sdcs switch (d->bd_bufmode) { 20861374Sdcs case BPF_BUFMODE_BUFFER: 20961374Sdcs return (bpf_buffer_append_bytes(d, buf, offset, src, len)); 21061374Sdcs 21161374Sdcs case BPF_BUFMODE_ZBUF: 21261374Sdcs d->bd_zcopy++; 21361374Sdcs return (bpf_zerocopy_append_bytes(d, buf, offset, src, len)); 21461374Sdcs 21561374Sdcs default: 21661374Sdcs panic("bpf_buf_append_bytes"); 21761374Sdcs } 21861374Sdcs} 219138223Sscottl 22061374Sdcsstatic void 221138223Sscottlbpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src, 22261374Sdcs u_int len) 22361374Sdcs{ 22461374Sdcs 22561374Sdcs BPFD_LOCK_ASSERT(d); 22661374Sdcs 22761374Sdcs switch (d->bd_bufmode) { 22861374Sdcs case BPF_BUFMODE_BUFFER: 22961374Sdcs return (bpf_buffer_append_mbuf(d, buf, offset, src, len)); 23061374Sdcs 23161374Sdcs case BPF_BUFMODE_ZBUF: 23261374Sdcs d->bd_zcopy++; 23361374Sdcs return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len)); 23461374Sdcs 23561374Sdcs default: 23661374Sdcs panic("bpf_buf_append_mbuf"); 23761374Sdcs } 23861374Sdcs} 23961374Sdcs 24061374Sdcs/* 241138223Sscottl * This function gets called when the free buffer is re-assigned. 24261374Sdcs */ 243138223Sscottlstatic void 24461374Sdcsbpf_buf_reclaimed(struct bpf_d *d) 24561374Sdcs{ 24661374Sdcs 24761374Sdcs BPFD_LOCK_ASSERT(d); 24865617Sdcs 24965617Sdcs switch (d->bd_bufmode) { 25065617Sdcs case BPF_BUFMODE_BUFFER: 251138223Sscottl return; 252253862Smarcel 253138223Sscottl case BPF_BUFMODE_ZBUF: 254253862Smarcel bpf_zerocopy_buf_reclaimed(d); 25565617Sdcs return; 25665617Sdcs 25765617Sdcs default: 25865617Sdcs panic("bpf_buf_reclaimed"); 25965617Sdcs } 26065617Sdcs} 26165617Sdcs 26265617Sdcs/* 26365617Sdcs * If the buffer mechanism has a way to decide that a held buffer can be made 26465617Sdcs * free, then it is exposed via the bpf_canfreebuf() interface. (1) is 26565617Sdcs * returned if the buffer can be discarded, (0) is returned if it cannot. 266138223Sscottl */ 26765617Sdcsstatic int 26865617Sdcsbpf_canfreebuf(struct bpf_d *d) 26965617Sdcs{ 27065617Sdcs 27165617Sdcs BPFD_LOCK_ASSERT(d); 27265617Sdcs 27365617Sdcs switch (d->bd_bufmode) { 27465617Sdcs case BPF_BUFMODE_ZBUF: 27565617Sdcs return (bpf_zerocopy_canfreebuf(d)); 27665617Sdcs } 27765617Sdcs return (0); 27865617Sdcs} 279138223Sscottl 280138223Sscottl/* 281138223Sscottl * Allow the buffer model to indicate that the current store buffer is 28265617Sdcs * immutable, regardless of the appearance of space. Return (1) if the 28365617Sdcs * buffer is writable, and (0) if not. 28465617Sdcs */ 28565617Sdcsstatic int 28665617Sdcsbpf_canwritebuf(struct bpf_d *d) 287138223Sscottl{ 28865677Sdfr 28965677Sdfr BPFD_LOCK_ASSERT(d); 29065617Sdcs 29165617Sdcs switch (d->bd_bufmode) { 29265617Sdcs case BPF_BUFMODE_ZBUF: 29365617Sdcs return (bpf_zerocopy_canwritebuf(d)); 29465617Sdcs } 29565617Sdcs return (1); 29665617Sdcs} 29765617Sdcs 29865617Sdcs/* 29965617Sdcs * Notify buffer model that an attempt to write to the store buffer has 30065617Sdcs * resulted in a dropped packet, in which case the buffer may be considered 30165617Sdcs * full. 30265617Sdcs */ 30365617Sdcsstatic void 30465617Sdcsbpf_buffull(struct bpf_d *d) 30565617Sdcs{ 30665617Sdcs 30765617Sdcs BPFD_LOCK_ASSERT(d); 30865617Sdcs 30965617Sdcs switch (d->bd_bufmode) { 31065617Sdcs case BPF_BUFMODE_ZBUF: 31165617Sdcs bpf_zerocopy_buffull(d); 31265617Sdcs break; 31365617Sdcs } 31465617Sdcs} 31565617Sdcs 31665617Sdcs/* 31765617Sdcs * Notify the buffer model that a buffer has moved into the hold position. 31865617Sdcs */ 31965617Sdcsvoid 32065677Sdfrbpf_bufheld(struct bpf_d *d) 32165677Sdfr{ 32276116Sdcs 32376116Sdcs BPFD_LOCK_ASSERT(d); 32465617Sdcs 32565617Sdcs switch (d->bd_bufmode) { 32665617Sdcs case BPF_BUFMODE_ZBUF: 32765617Sdcs bpf_zerocopy_bufheld(d); 32865617Sdcs break; 32965617Sdcs } 33065617Sdcs} 33165617Sdcs 33265617Sdcsstatic void 33365617Sdcsbpf_free(struct bpf_d *d) 33465617Sdcs{ 33565617Sdcs 33665617Sdcs switch (d->bd_bufmode) { 33765617Sdcs case BPF_BUFMODE_BUFFER: 33865617Sdcs return (bpf_buffer_free(d)); 33965617Sdcs 34065617Sdcs case BPF_BUFMODE_ZBUF: 34165617Sdcs return (bpf_zerocopy_free(d)); 34265617Sdcs 34365617Sdcs default: 34465617Sdcs panic("bpf_buf_free"); 34565617Sdcs } 34665617Sdcs} 34765617Sdcs 34865617Sdcsstatic int 34965617Sdcsbpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio) 35065617Sdcs{ 35165617Sdcs 35265617Sdcs if (d->bd_bufmode != BPF_BUFMODE_BUFFER) 35376116Sdcs return (EOPNOTSUPP); 35476116Sdcs return (bpf_buffer_uiomove(d, buf, len, uio)); 35576116Sdcs} 35676116Sdcs 35776116Sdcsstatic int 35876116Sdcsbpf_ioctl_sblen(struct bpf_d *d, u_int *i) 35976116Sdcs{ 36076116Sdcs 36176116Sdcs if (d->bd_bufmode != BPF_BUFMODE_BUFFER) 36276116Sdcs return (EOPNOTSUPP); 36376116Sdcs return (bpf_buffer_ioctl_sblen(d, i)); 36476116Sdcs} 36576116Sdcs 36676116Sdcsstatic int 36776116Sdcsbpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i) 36876116Sdcs{ 36976116Sdcs 37076116Sdcs if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 37176116Sdcs return (EOPNOTSUPP); 37276116Sdcs return (bpf_zerocopy_ioctl_getzmax(td, d, i)); 37376116Sdcs} 37476116Sdcs 37576116Sdcsstatic int 37676116Sdcsbpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz) 37776116Sdcs{ 37876116Sdcs 37976116Sdcs if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 38076116Sdcs return (EOPNOTSUPP); 38176116Sdcs return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz)); 38276116Sdcs} 38376116Sdcs 38476116Sdcsstatic int 38576116Sdcsbpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz) 38676116Sdcs{ 38776116Sdcs 38876116Sdcs if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 38976116Sdcs return (EOPNOTSUPP); 39076116Sdcs return (bpf_zerocopy_ioctl_setzbuf(td, d, bz)); 39176116Sdcs} 39276116Sdcs 39376116Sdcs/* 39476116Sdcs * General BPF functions. 39576116Sdcs */ 39676116Sdcsstatic int 39776116Sdcsbpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp, 39876116Sdcs struct sockaddr *sockp, int *hdrlen, struct bpf_insn *wfilter) 39976116Sdcs{ 40076116Sdcs const struct ieee80211_bpf_params *p; 40176116Sdcs struct ether_header *eh; 40276116Sdcs struct mbuf *m; 40376116Sdcs int error; 40476116Sdcs int len; 40576116Sdcs int hlen; 40676116Sdcs int slen; 40776116Sdcs 40876116Sdcs /* 40976116Sdcs * Build a sockaddr based on the data link layer type. 41076116Sdcs * We do this at this level because the ethernet header 41176116Sdcs * is copied directly into the data field of the sockaddr. 41276116Sdcs * In the case of SLIP, there is no header and the packet 413253172Smarcel * is forwarded as is. 414253172Smarcel * Also, we are careful to leave room at the front of the mbuf 415253172Smarcel * for the link level header. 416253172Smarcel */ 417253172Smarcel switch (linktype) { 418253172Smarcel 419253172Smarcel case DLT_SLIP: 420253172Smarcel sockp->sa_family = AF_INET; 421253172Smarcel hlen = 0; 422253172Smarcel break; 423253172Smarcel 424253172Smarcel case DLT_EN10MB: 425253172Smarcel sockp->sa_family = AF_UNSPEC; 426253172Smarcel /* XXX Would MAXLINKHDR be better? */ 427253172Smarcel hlen = ETHER_HDR_LEN; 428253172Smarcel break; 429253172Smarcel 430253172Smarcel case DLT_FDDI: 431253172Smarcel sockp->sa_family = AF_IMPLINK; 432253172Smarcel hlen = 0; 433253172Smarcel break; 434253172Smarcel 435253172Smarcel case DLT_RAW: 436253172Smarcel sockp->sa_family = AF_UNSPEC; 437253172Smarcel hlen = 0; 438253172Smarcel break; 439253172Smarcel 440253172Smarcel case DLT_NULL: 44176116Sdcs /* 44276116Sdcs * null interface types require a 4 byte pseudo header which 44387636Sjhb * corresponds to the address family of the packet. 44476116Sdcs */ 44576116Sdcs sockp->sa_family = AF_UNSPEC; 44676116Sdcs hlen = 4; 44787636Sjhb break; 44887636Sjhb 44976116Sdcs case DLT_ATM_RFC1483: 45076116Sdcs /* 45187636Sjhb * en atm driver requires 4-byte atm pseudo header. 45276116Sdcs * though it isn't standard, vpi:vci needs to be 45387636Sjhb * specified anyway. 45487636Sjhb */ 45587636Sjhb sockp->sa_family = AF_UNSPEC; 45687636Sjhb hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 45787636Sjhb break; 45887636Sjhb 45987636Sjhb case DLT_PPP: 46087636Sjhb sockp->sa_family = AF_UNSPEC; 46187636Sjhb hlen = 4; /* This should match PPP_HDRLEN */ 46287636Sjhb break; 46387636Sjhb 46487636Sjhb case DLT_IEEE802_11: /* IEEE 802.11 wireless */ 46587636Sjhb sockp->sa_family = AF_IEEE80211; 46687636Sjhb hlen = 0; 46787636Sjhb break; 46887636Sjhb 46987636Sjhb case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */ 47087636Sjhb sockp->sa_family = AF_IEEE80211; 47176116Sdcs sockp->sa_len = 12; /* XXX != 0 */ 47276116Sdcs hlen = sizeof(struct ieee80211_bpf_params); 47387636Sjhb break; 47476116Sdcs 47576116Sdcs default: 47676116Sdcs return (EIO); 47776116Sdcs } 47876116Sdcs 47976116Sdcs len = uio->uio_resid; 48076116Sdcs 48176116Sdcs if (len - hlen > ifp->if_mtu) 48276116Sdcs return (EMSGSIZE); 48376116Sdcs 48476116Sdcs if ((unsigned)len > MJUM16BYTES) 48576116Sdcs return (EIO); 48676116Sdcs 48776116Sdcs if (len <= MHLEN) 48876116Sdcs MGETHDR(m, M_WAIT, MT_DATA); 48976116Sdcs else if (len <= MCLBYTES) 49076116Sdcs m = m_getcl(M_WAIT, MT_DATA, M_PKTHDR); 49176116Sdcs else 49276116Sdcs m = m_getjcl(M_WAIT, MT_DATA, M_PKTHDR, 49376116Sdcs#if (MJUMPAGESIZE > MCLBYTES) 49476116Sdcs len <= MJUMPAGESIZE ? MJUMPAGESIZE : 49576116Sdcs#endif 49676116Sdcs (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES)); 49776116Sdcs m->m_pkthdr.len = m->m_len = len; 49876116Sdcs m->m_pkthdr.rcvif = NULL; 49976116Sdcs *mp = m; 50076116Sdcs 50176116Sdcs if (m->m_len < hlen) { 50276116Sdcs error = EPERM; 50376116Sdcs goto bad; 50476116Sdcs } 50576116Sdcs 50676116Sdcs error = uiomove(mtod(m, u_char *), len, uio); 50776116Sdcs if (error) 50876116Sdcs goto bad; 50976116Sdcs 51076116Sdcs slen = bpf_filter(wfilter, mtod(m, u_char *), len, len); 51176116Sdcs if (slen == 0) { 51276116Sdcs error = EPERM; 51376116Sdcs goto bad; 514253172Smarcel } 515253172Smarcel 516253172Smarcel /* Check for multicast destination */ 517253172Smarcel switch (linktype) { 518253172Smarcel case DLT_EN10MB: 519253172Smarcel eh = mtod(m, struct ether_header *); 520253862Smarcel if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 521254155Smarcel if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost, 522254155Smarcel ETHER_ADDR_LEN) == 0) 523254155Smarcel m->m_flags |= M_BCAST; 524254155Smarcel else 525254155Smarcel m->m_flags |= M_MCAST; 526254155Smarcel } 527253862Smarcel break; 528253172Smarcel } 529253172Smarcel 530253172Smarcel /* 531253172Smarcel * Make room for link header, and copy it to sockaddr 532253172Smarcel */ 533253172Smarcel if (hlen != 0) { 534253172Smarcel if (sockp->sa_family == AF_IEEE80211) { 535253172Smarcel /* 536253862Smarcel * Collect true length from the parameter header 537253862Smarcel * NB: sockp is known to be zero'd so if we do a 538253862Smarcel * short copy unspecified parameters will be 539253862Smarcel * zero. 540253862Smarcel * NB: packet may not be aligned after stripping 541253862Smarcel * bpf params 542254155Smarcel * XXX check ibp_vers 543254155Smarcel */ 544254155Smarcel p = mtod(m, const struct ieee80211_bpf_params *); 545254155Smarcel hlen = p->ibp_len; 546254155Smarcel if (hlen > sizeof(sockp->sa_data)) { 547254155Smarcel error = EINVAL; 548254155Smarcel goto bad; 549254155Smarcel } 550254155Smarcel } 551254155Smarcel bcopy(m->m_data, sockp->sa_data, hlen); 552254155Smarcel } 553254155Smarcel *hdrlen = hlen; 554254155Smarcel 555254155Smarcel return (0); 556254155Smarcelbad: 557254155Smarcel m_freem(m); 558254155Smarcel return (error); 559254155Smarcel} 560254155Smarcel 561254155Smarcel/* 562254155Smarcel * Attach file to the bpf interface, i.e. make d listen on bp. 563254155Smarcel */ 564254155Smarcelstatic void 565254155Smarcelbpf_attachd(struct bpf_d *d, struct bpf_if *bp) 566254155Smarcel{ 567254155Smarcel /* 568254155Smarcel * Point d at bp, and add d to the interface's list of listeners. 569254155Smarcel * Finally, point the driver's bpf cookie at the interface so 570254155Smarcel * it will divert packets to bpf. 571254155Smarcel */ 572254155Smarcel BPFIF_LOCK(bp); 573254155Smarcel d->bd_bif = bp; 574254155Smarcel LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 575253862Smarcel 576253172Smarcel bpf_bpfd_cnt++; 577253862Smarcel BPFIF_UNLOCK(bp); 578253172Smarcel 579253172Smarcel EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1); 580253172Smarcel} 581253172Smarcel 582253172Smarcel/* 583253172Smarcel * Detach a file from its interface. 584253172Smarcel */ 585253172Smarcelstatic void 586253172Smarcelbpf_detachd(struct bpf_d *d) 58776116Sdcs{ 58876116Sdcs int error; 58976116Sdcs struct bpf_if *bp; 59076116Sdcs struct ifnet *ifp; 59176116Sdcs 59276116Sdcs bp = d->bd_bif; 59376116Sdcs BPFIF_LOCK(bp); 59476116Sdcs BPFD_LOCK(d); 59576116Sdcs ifp = d->bd_bif->bif_ifp; 59676116Sdcs 59776116Sdcs /* 59876116Sdcs * Remove d from the interface's descriptor list. 59976116Sdcs */ 60076116Sdcs LIST_REMOVE(d, bd_next); 60176116Sdcs 60276116Sdcs bpf_bpfd_cnt--; 60376116Sdcs d->bd_bif = NULL; 60487636Sjhb BPFD_UNLOCK(d); 60587636Sjhb BPFIF_UNLOCK(bp); 60687636Sjhb 60787636Sjhb EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0); 60887636Sjhb 60987636Sjhb /* 61087636Sjhb * Check if this descriptor had requested promiscuous mode. 61187636Sjhb * If so, turn it off. 61287636Sjhb */ 61387636Sjhb if (d->bd_promisc) { 61487636Sjhb d->bd_promisc = 0; 61587636Sjhb CURVNET_SET(ifp->if_vnet); 61687636Sjhb error = ifpromisc(ifp, 0); 61787636Sjhb CURVNET_RESTORE(); 61887636Sjhb if (error != 0 && error != ENXIO) { 61987636Sjhb /* 62087636Sjhb * ENXIO can happen if a pccard is unplugged 62187636Sjhb * Something is really wrong if we were able to put 62287636Sjhb * the driver into promiscuous mode, but can't 62387636Sjhb * take it out. 62487636Sjhb */ 62587636Sjhb if_printf(bp->bif_ifp, 62687636Sjhb "bpf_detach: ifpromisc failed (%d)\n", error); 62787636Sjhb } 62887636Sjhb } 62987636Sjhb} 63087636Sjhb 63187636Sjhb/* 63287636Sjhb * Close the descriptor by detaching it from its interface, 63387636Sjhb * deallocating its buffers, and marking it free. 63487636Sjhb */ 63587636Sjhbstatic void 63687636Sjhbbpf_dtor(void *data) 63787636Sjhb{ 63887636Sjhb struct bpf_d *d = data; 63987636Sjhb 64087636Sjhb BPFD_LOCK(d); 64187636Sjhb if (d->bd_state == BPF_WAITING) 64287636Sjhb callout_stop(&d->bd_callout); 64387636Sjhb d->bd_state = BPF_IDLE; 64476116Sdcs BPFD_UNLOCK(d); 64576116Sdcs funsetown(&d->bd_sigio); 64676116Sdcs mtx_lock(&bpf_mtx); 64776116Sdcs if (d->bd_bif) 64876116Sdcs bpf_detachd(d); 64976116Sdcs mtx_unlock(&bpf_mtx); 65076116Sdcs selwakeuppri(&d->bd_sel, PRINET); 65176116Sdcs#ifdef MAC 65276116Sdcs mac_bpfdesc_destroy(d); 65376116Sdcs#endif /* MAC */ 65476116Sdcs knlist_destroy(&d->bd_sel.si_note); 65576116Sdcs callout_drain(&d->bd_callout); 65676116Sdcs bpf_freed(d); 65776116Sdcs free(d, M_BPF); 65876116Sdcs} 65976116Sdcs 66076116Sdcs/* 66176116Sdcs * Open ethernet device. Returns ENXIO for illegal minor device number, 66276116Sdcs * EBUSY if file is open by another process. 66376116Sdcs */ 66476116Sdcs/* ARGSUSED */ 66576116Sdcsstatic int 66676116Sdcsbpfopen(struct cdev *dev, int flags, int fmt, struct thread *td) 66776116Sdcs{ 66876116Sdcs struct bpf_d *d; 66976116Sdcs int error; 67076116Sdcs 67176116Sdcs d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 67276116Sdcs error = devfs_set_cdevpriv(d, bpf_dtor); 67376116Sdcs if (error != 0) { 67476116Sdcs free(d, M_BPF); 67576116Sdcs return (error); 67676116Sdcs } 67776116Sdcs 67876116Sdcs /* 67976116Sdcs * For historical reasons, perform a one-time initialization call to 68076116Sdcs * the buffer routines, even though we're not yet committed to a 68176116Sdcs * particular buffer method. 68276116Sdcs */ 68376116Sdcs bpf_buffer_init(d); 68476116Sdcs d->bd_bufmode = BPF_BUFMODE_BUFFER; 68576116Sdcs d->bd_sig = SIGIO; 68676116Sdcs d->bd_direction = BPF_D_INOUT; 68776116Sdcs d->bd_pid = td->td_proc->p_pid; 68876116Sdcs#ifdef MAC 68976116Sdcs mac_bpfdesc_init(d); 69076116Sdcs mac_bpfdesc_create(td->td_ucred, d); 69176116Sdcs#endif 69276116Sdcs mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 69376116Sdcs callout_init_mtx(&d->bd_callout, &d->bd_mtx, 0); 69476116Sdcs knlist_init_mtx(&d->bd_sel.si_note, &d->bd_mtx); 69576116Sdcs 69676116Sdcs return (0); 69776116Sdcs} 69876116Sdcs 69976116Sdcs/* 70076116Sdcs * bpfread - read next chunk of packets from buffers 70176116Sdcs */ 70276116Sdcsstatic int 70376116Sdcsbpfread(struct cdev *dev, struct uio *uio, int ioflag) 70476116Sdcs{ 70576116Sdcs struct bpf_d *d; 70676116Sdcs int error; 70776116Sdcs int non_block; 70876116Sdcs int timed_out; 70976116Sdcs 71076116Sdcs error = devfs_get_cdevpriv((void **)&d); 71176116Sdcs if (error != 0) 71276116Sdcs return (error); 71376116Sdcs 71476116Sdcs /* 71576116Sdcs * Restrict application to use a buffer the same size as 71676116Sdcs * as kernel buffers. 71776116Sdcs */ 71876116Sdcs if (uio->uio_resid != d->bd_bufsize) 71976116Sdcs return (EINVAL); 72076116Sdcs 72176116Sdcs non_block = ((ioflag & O_NONBLOCK) != 0); 72276116Sdcs 72376116Sdcs BPFD_LOCK(d); 72476116Sdcs d->bd_pid = curthread->td_proc->p_pid; 72576116Sdcs if (d->bd_bufmode != BPF_BUFMODE_BUFFER) { 72676116Sdcs BPFD_UNLOCK(d); 72776116Sdcs return (EOPNOTSUPP); 72876116Sdcs } 72976116Sdcs if (d->bd_state == BPF_WAITING) 73076116Sdcs callout_stop(&d->bd_callout); 73176116Sdcs timed_out = (d->bd_state == BPF_TIMED_OUT); 73276116Sdcs d->bd_state = BPF_IDLE; 73376116Sdcs /* 73476116Sdcs * If the hold buffer is empty, then do a timed sleep, which 73576116Sdcs * ends when the timeout expires or when enough packets 73694290Sdcs * have arrived to fill the store buffer. 73776116Sdcs */ 73876116Sdcs while (d->bd_hbuf == NULL) { 73976116Sdcs if (d->bd_slen != 0) { 74076116Sdcs /* 74176116Sdcs * A packet(s) either arrived since the previous 74276116Sdcs * read or arrived while we were asleep. 74376116Sdcs */ 74476116Sdcs if (d->bd_immediate || non_block || timed_out) { 74576116Sdcs /* 74676116Sdcs * Rotate the buffers and return what's here 74776116Sdcs * if we are in immediate mode, non-blocking 74876116Sdcs * flag is set, or this descriptor timed out. 74976116Sdcs */ 75076116Sdcs ROTATE_BUFFERS(d); 75176116Sdcs break; 75276116Sdcs } 75376116Sdcs } 75476116Sdcs 75576116Sdcs /* 75676116Sdcs * No data is available, check to see if the bpf device 75776116Sdcs * is still pointed at a real interface. If not, return 75876116Sdcs * ENXIO so that the userland process knows to rebind 75976116Sdcs * it before using it again. 76076116Sdcs */ 76176116Sdcs if (d->bd_bif == NULL) { 76276116Sdcs BPFD_UNLOCK(d); 763253172Smarcel return (ENXIO); 76476116Sdcs } 76576116Sdcs 76676116Sdcs if (non_block) { 767253172Smarcel BPFD_UNLOCK(d); 76876116Sdcs return (EWOULDBLOCK); 76976116Sdcs } 77087636Sjhb error = msleep(d, &d->bd_mtx, PRINET|PCATCH, 77187636Sjhb "bpf", d->bd_rtout); 77276116Sdcs if (error == EINTR || error == ERESTART) { 77376116Sdcs BPFD_UNLOCK(d); 77476116Sdcs return (error); 77576116Sdcs } 77676116Sdcs if (error == EWOULDBLOCK) { 77776116Sdcs /* 77876116Sdcs * On a timeout, return what's in the buffer, 77976116Sdcs * which may be nothing. If there is something 78076116Sdcs * in the store buffer, we can rotate the buffers. 78176116Sdcs */ 78276116Sdcs if (d->bd_hbuf) 78376116Sdcs /* 78476116Sdcs * We filled up the buffer in between 78576116Sdcs * getting the timeout and arriving 78676116Sdcs * here, so we don't need to rotate. 787138223Sscottl */ 788138223Sscottl break; 789138223Sscottl 790138223Sscottl if (d->bd_slen == 0) { 791138223Sscottl BPFD_UNLOCK(d); 792138223Sscottl return (0); 79376116Sdcs } 79476116Sdcs ROTATE_BUFFERS(d); 79576116Sdcs break; 79676116Sdcs } 79776116Sdcs } 79876116Sdcs /* 799116000Snyan * At this point, we know we have something in the hold slot. 800116000Snyan */ 801116000Snyan BPFD_UNLOCK(d); 80294290Sdcs 80394290Sdcs /* 804123373Sgrehan * Move data from hold buffer into user space. 80582941Sdfr * We know the entire buffer is transferred since 80694290Sdcs * we checked above that the read buffer is bpf_bufsize bytes. 80794290Sdcs * 808123373Sgrehan * XXXRW: More synchronization needed here: what if a second thread 809123373Sgrehan * issues a read on the same fd at the same time? Don't want this 810123373Sgrehan * getting invalidated. 811123373Sgrehan */ 812123373Sgrehan error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio); 81376116Sdcs 81476116Sdcs BPFD_LOCK(d); 81576116Sdcs d->bd_fbuf = d->bd_hbuf; 81676116Sdcs d->bd_hbuf = NULL; 81776116Sdcs d->bd_hlen = 0; 818 bpf_buf_reclaimed(d); 819 BPFD_UNLOCK(d); 820 821 return (error); 822} 823 824/* 825 * If there are processes sleeping on this descriptor, wake them up. 826 */ 827static __inline void 828bpf_wakeup(struct bpf_d *d) 829{ 830 831 BPFD_LOCK_ASSERT(d); 832 if (d->bd_state == BPF_WAITING) { 833 callout_stop(&d->bd_callout); 834 d->bd_state = BPF_IDLE; 835 } 836 wakeup(d); 837 if (d->bd_async && d->bd_sig && d->bd_sigio) 838 pgsigio(&d->bd_sigio, d->bd_sig, 0); 839 840 selwakeuppri(&d->bd_sel, PRINET); 841 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 842} 843 844static void 845bpf_timed_out(void *arg) 846{ 847 struct bpf_d *d = (struct bpf_d *)arg; 848 849 BPFD_LOCK_ASSERT(d); 850 851 if (callout_pending(&d->bd_callout) || !callout_active(&d->bd_callout)) 852 return; 853 if (d->bd_state == BPF_WAITING) { 854 d->bd_state = BPF_TIMED_OUT; 855 if (d->bd_slen != 0) 856 bpf_wakeup(d); 857 } 858} 859 860static int 861bpf_ready(struct bpf_d *d) 862{ 863 864 BPFD_LOCK_ASSERT(d); 865 866 if (!bpf_canfreebuf(d) && d->bd_hlen != 0) 867 return (1); 868 if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 869 d->bd_slen != 0) 870 return (1); 871 return (0); 872} 873 874static int 875bpfwrite(struct cdev *dev, struct uio *uio, int ioflag) 876{ 877 struct bpf_d *d; 878 struct ifnet *ifp; 879 struct mbuf *m, *mc; 880 struct sockaddr dst; 881 int error, hlen; 882 883 error = devfs_get_cdevpriv((void **)&d); 884 if (error != 0) 885 return (error); 886 887 d->bd_pid = curthread->td_proc->p_pid; 888 d->bd_wcount++; 889 if (d->bd_bif == NULL) { 890 d->bd_wdcount++; 891 return (ENXIO); 892 } 893 894 ifp = d->bd_bif->bif_ifp; 895 896 if ((ifp->if_flags & IFF_UP) == 0) { 897 d->bd_wdcount++; 898 return (ENETDOWN); 899 } 900 901 if (uio->uio_resid == 0) { 902 d->bd_wdcount++; 903 return (0); 904 } 905 906 bzero(&dst, sizeof(dst)); 907 m = NULL; 908 hlen = 0; 909 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp, 910 &m, &dst, &hlen, d->bd_wfilter); 911 if (error) { 912 d->bd_wdcount++; 913 return (error); 914 } 915 d->bd_wfcount++; 916 if (d->bd_hdrcmplt) 917 dst.sa_family = pseudo_AF_HDRCMPLT; 918 919 if (d->bd_feedback) { 920 mc = m_dup(m, M_DONTWAIT); 921 if (mc != NULL) 922 mc->m_pkthdr.rcvif = ifp; 923 /* Set M_PROMISC for outgoing packets to be discarded. */ 924 if (d->bd_direction == BPF_D_INOUT) 925 m->m_flags |= M_PROMISC; 926 } else 927 mc = NULL; 928 929 m->m_pkthdr.len -= hlen; 930 m->m_len -= hlen; 931 m->m_data += hlen; /* XXX */ 932 933 CURVNET_SET(ifp->if_vnet); 934#ifdef MAC 935 BPFD_LOCK(d); 936 mac_bpfdesc_create_mbuf(d, m); 937 if (mc != NULL) 938 mac_bpfdesc_create_mbuf(d, mc); 939 BPFD_UNLOCK(d); 940#endif 941 942 error = (*ifp->if_output)(ifp, m, &dst, NULL); 943 if (error) 944 d->bd_wdcount++; 945 946 if (mc != NULL) { 947 if (error == 0) 948 (*ifp->if_input)(ifp, mc); 949 else 950 m_freem(mc); 951 } 952 CURVNET_RESTORE(); 953 954 return (error); 955} 956 957/* 958 * Reset a descriptor by flushing its packet buffer and clearing the receive 959 * and drop counts. This is doable for kernel-only buffers, but with 960 * zero-copy buffers, we can't write to (or rotate) buffers that are 961 * currently owned by userspace. It would be nice if we could encapsulate 962 * this logic in the buffer code rather than here. 963 */ 964static void 965reset_d(struct bpf_d *d) 966{ 967 968 mtx_assert(&d->bd_mtx, MA_OWNED); 969 970 if ((d->bd_hbuf != NULL) && 971 (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) { 972 /* Free the hold buffer. */ 973 d->bd_fbuf = d->bd_hbuf; 974 d->bd_hbuf = NULL; 975 d->bd_hlen = 0; 976 bpf_buf_reclaimed(d); 977 } 978 if (bpf_canwritebuf(d)) 979 d->bd_slen = 0; 980 d->bd_rcount = 0; 981 d->bd_dcount = 0; 982 d->bd_fcount = 0; 983 d->bd_wcount = 0; 984 d->bd_wfcount = 0; 985 d->bd_wdcount = 0; 986 d->bd_zcopy = 0; 987} 988 989/* 990 * FIONREAD Check for read packet available. 991 * SIOCGIFADDR Get interface address - convenient hook to driver. 992 * BIOCGBLEN Get buffer len [for read()]. 993 * BIOCSETF Set read filter. 994 * BIOCSETFNR Set read filter without resetting descriptor. 995 * BIOCSETWF Set write filter. 996 * BIOCFLUSH Flush read packet buffer. 997 * BIOCPROMISC Put interface into promiscuous mode. 998 * BIOCGDLT Get link layer type. 999 * BIOCGETIF Get interface name. 1000 * BIOCSETIF Set interface. 1001 * BIOCSRTIMEOUT Set read timeout. 1002 * BIOCGRTIMEOUT Get read timeout. 1003 * BIOCGSTATS Get packet stats. 1004 * BIOCIMMEDIATE Set immediate mode. 1005 * BIOCVERSION Get filter language version. 1006 * BIOCGHDRCMPLT Get "header already complete" flag 1007 * BIOCSHDRCMPLT Set "header already complete" flag 1008 * BIOCGDIRECTION Get packet direction flag 1009 * BIOCSDIRECTION Set packet direction flag 1010 * BIOCLOCK Set "locked" flag 1011 * BIOCFEEDBACK Set packet feedback mode. 1012 * BIOCSETZBUF Set current zero-copy buffer locations. 1013 * BIOCGETZMAX Get maximum zero-copy buffer size. 1014 * BIOCROTZBUF Force rotation of zero-copy buffer 1015 * BIOCSETBUFMODE Set buffer mode. 1016 * BIOCGETBUFMODE Get current buffer mode. 1017 */ 1018/* ARGSUSED */ 1019static int 1020bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, 1021 struct thread *td) 1022{ 1023 struct bpf_d *d; 1024 int error; 1025 1026 error = devfs_get_cdevpriv((void **)&d); 1027 if (error != 0) 1028 return (error); 1029 1030 /* 1031 * Refresh PID associated with this descriptor. 1032 */ 1033 BPFD_LOCK(d); 1034 d->bd_pid = td->td_proc->p_pid; 1035 if (d->bd_state == BPF_WAITING) 1036 callout_stop(&d->bd_callout); 1037 d->bd_state = BPF_IDLE; 1038 BPFD_UNLOCK(d); 1039 1040 if (d->bd_locked == 1) { 1041 switch (cmd) { 1042 case BIOCGBLEN: 1043 case BIOCFLUSH: 1044 case BIOCGDLT: 1045 case BIOCGDLTLIST: 1046#ifdef COMPAT_FREEBSD32 1047 case BIOCGDLTLIST32: 1048#endif 1049 case BIOCGETIF: 1050 case BIOCGRTIMEOUT: 1051#ifdef COMPAT_FREEBSD32 1052 case BIOCGRTIMEOUT32: 1053#endif 1054 case BIOCGSTATS: 1055 case BIOCVERSION: 1056 case BIOCGRSIG: 1057 case BIOCGHDRCMPLT: 1058 case BIOCFEEDBACK: 1059 case FIONREAD: 1060 case BIOCLOCK: 1061 case BIOCSRTIMEOUT: 1062#ifdef COMPAT_FREEBSD32 1063 case BIOCSRTIMEOUT32: 1064#endif 1065 case BIOCIMMEDIATE: 1066 case TIOCGPGRP: 1067 case BIOCROTZBUF: 1068 break; 1069 default: 1070 return (EPERM); 1071 } 1072 } 1073#ifdef COMPAT_FREEBSD32 1074 /* 1075 * If we see a 32-bit compat ioctl, mark the stream as 32-bit so 1076 * that it will get 32-bit packet headers. 1077 */ 1078 switch (cmd) { 1079 case BIOCSETF32: 1080 case BIOCSETFNR32: 1081 case BIOCSETWF32: 1082 case BIOCGDLTLIST32: 1083 case BIOCGRTIMEOUT32: 1084 case BIOCSRTIMEOUT32: 1085 d->bd_compat32 = 1; 1086 } 1087#endif 1088 1089 CURVNET_SET(TD_TO_VNET(td)); 1090 switch (cmd) { 1091 1092 default: 1093 error = EINVAL; 1094 break; 1095 1096 /* 1097 * Check for read packet available. 1098 */ 1099 case FIONREAD: 1100 { 1101 int n; 1102 1103 BPFD_LOCK(d); 1104 n = d->bd_slen; 1105 if (d->bd_hbuf) 1106 n += d->bd_hlen; 1107 BPFD_UNLOCK(d); 1108 1109 *(int *)addr = n; 1110 break; 1111 } 1112 1113 case SIOCGIFADDR: 1114 { 1115 struct ifnet *ifp; 1116 1117 if (d->bd_bif == NULL) 1118 error = EINVAL; 1119 else { 1120 ifp = d->bd_bif->bif_ifp; 1121 error = (*ifp->if_ioctl)(ifp, cmd, addr); 1122 } 1123 break; 1124 } 1125 1126 /* 1127 * Get buffer len [for read()]. 1128 */ 1129 case BIOCGBLEN: 1130 *(u_int *)addr = d->bd_bufsize; 1131 break; 1132 1133 /* 1134 * Set buffer length. 1135 */ 1136 case BIOCSBLEN: 1137 error = bpf_ioctl_sblen(d, (u_int *)addr); 1138 break; 1139 1140 /* 1141 * Set link layer read filter. 1142 */ 1143 case BIOCSETF: 1144 case BIOCSETFNR: 1145 case BIOCSETWF: 1146#ifdef COMPAT_FREEBSD32 1147 case BIOCSETF32: 1148 case BIOCSETFNR32: 1149 case BIOCSETWF32: 1150#endif 1151 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 1152 break; 1153 1154 /* 1155 * Flush read packet buffer. 1156 */ 1157 case BIOCFLUSH: 1158 BPFD_LOCK(d); 1159 reset_d(d); 1160 BPFD_UNLOCK(d); 1161 break; 1162 1163 /* 1164 * Put interface into promiscuous mode. 1165 */ 1166 case BIOCPROMISC: 1167 if (d->bd_bif == NULL) { 1168 /* 1169 * No interface attached yet. 1170 */ 1171 error = EINVAL; 1172 break; 1173 } 1174 if (d->bd_promisc == 0) { 1175 error = ifpromisc(d->bd_bif->bif_ifp, 1); 1176 if (error == 0) 1177 d->bd_promisc = 1; 1178 } 1179 break; 1180 1181 /* 1182 * Get current data link type. 1183 */ 1184 case BIOCGDLT: 1185 if (d->bd_bif == NULL) 1186 error = EINVAL; 1187 else 1188 *(u_int *)addr = d->bd_bif->bif_dlt; 1189 break; 1190 1191 /* 1192 * Get a list of supported data link types. 1193 */ 1194#ifdef COMPAT_FREEBSD32 1195 case BIOCGDLTLIST32: 1196 { 1197 struct bpf_dltlist32 *list32; 1198 struct bpf_dltlist dltlist; 1199 1200 list32 = (struct bpf_dltlist32 *)addr; 1201 dltlist.bfl_len = list32->bfl_len; 1202 dltlist.bfl_list = PTRIN(list32->bfl_list); 1203 if (d->bd_bif == NULL) 1204 error = EINVAL; 1205 else { 1206 error = bpf_getdltlist(d, &dltlist); 1207 if (error == 0) 1208 list32->bfl_len = dltlist.bfl_len; 1209 } 1210 break; 1211 } 1212#endif 1213 1214 case BIOCGDLTLIST: 1215 if (d->bd_bif == NULL) 1216 error = EINVAL; 1217 else 1218 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 1219 break; 1220 1221 /* 1222 * Set data link type. 1223 */ 1224 case BIOCSDLT: 1225 if (d->bd_bif == NULL) 1226 error = EINVAL; 1227 else 1228 error = bpf_setdlt(d, *(u_int *)addr); 1229 break; 1230 1231 /* 1232 * Get interface name. 1233 */ 1234 case BIOCGETIF: 1235 if (d->bd_bif == NULL) 1236 error = EINVAL; 1237 else { 1238 struct ifnet *const ifp = d->bd_bif->bif_ifp; 1239 struct ifreq *const ifr = (struct ifreq *)addr; 1240 1241 strlcpy(ifr->ifr_name, ifp->if_xname, 1242 sizeof(ifr->ifr_name)); 1243 } 1244 break; 1245 1246 /* 1247 * Set interface. 1248 */ 1249 case BIOCSETIF: 1250 error = bpf_setif(d, (struct ifreq *)addr); 1251 break; 1252 1253 /* 1254 * Set read timeout. 1255 */ 1256 case BIOCSRTIMEOUT: 1257#ifdef COMPAT_FREEBSD32 1258 case BIOCSRTIMEOUT32: 1259#endif 1260 { 1261 struct timeval *tv = (struct timeval *)addr; 1262#ifdef COMPAT_FREEBSD32 1263 struct timeval32 *tv32; 1264 struct timeval tv64; 1265 1266 if (cmd == BIOCSRTIMEOUT32) { 1267 tv32 = (struct timeval32 *)addr; 1268 tv = &tv64; 1269 tv->tv_sec = tv32->tv_sec; 1270 tv->tv_usec = tv32->tv_usec; 1271 } else 1272#endif 1273 tv = (struct timeval *)addr; 1274 1275 /* 1276 * Subtract 1 tick from tvtohz() since this isn't 1277 * a one-shot timer. 1278 */ 1279 if ((error = itimerfix(tv)) == 0) 1280 d->bd_rtout = tvtohz(tv) - 1; 1281 break; 1282 } 1283 1284 /* 1285 * Get read timeout. 1286 */ 1287 case BIOCGRTIMEOUT: 1288#ifdef COMPAT_FREEBSD32 1289 case BIOCGRTIMEOUT32: 1290#endif 1291 { 1292 struct timeval *tv; 1293#ifdef COMPAT_FREEBSD32 1294 struct timeval32 *tv32; 1295 struct timeval tv64; 1296 1297 if (cmd == BIOCGRTIMEOUT32) 1298 tv = &tv64; 1299 else 1300#endif 1301 tv = (struct timeval *)addr; 1302 1303 tv->tv_sec = d->bd_rtout / hz; 1304 tv->tv_usec = (d->bd_rtout % hz) * tick; 1305#ifdef COMPAT_FREEBSD32 1306 if (cmd == BIOCGRTIMEOUT32) { 1307 tv32 = (struct timeval32 *)addr; 1308 tv32->tv_sec = tv->tv_sec; 1309 tv32->tv_usec = tv->tv_usec; 1310 } 1311#endif 1312 1313 break; 1314 } 1315 1316 /* 1317 * Get packet stats. 1318 */ 1319 case BIOCGSTATS: 1320 { 1321 struct bpf_stat *bs = (struct bpf_stat *)addr; 1322 1323 /* XXXCSJP overflow */ 1324 bs->bs_recv = d->bd_rcount; 1325 bs->bs_drop = d->bd_dcount; 1326 break; 1327 } 1328 1329 /* 1330 * Set immediate mode. 1331 */ 1332 case BIOCIMMEDIATE: 1333 d->bd_immediate = *(u_int *)addr; 1334 break; 1335 1336 case BIOCVERSION: 1337 { 1338 struct bpf_version *bv = (struct bpf_version *)addr; 1339 1340 bv->bv_major = BPF_MAJOR_VERSION; 1341 bv->bv_minor = BPF_MINOR_VERSION; 1342 break; 1343 } 1344 1345 /* 1346 * Get "header already complete" flag 1347 */ 1348 case BIOCGHDRCMPLT: 1349 *(u_int *)addr = d->bd_hdrcmplt; 1350 break; 1351 1352 /* 1353 * Set "header already complete" flag 1354 */ 1355 case BIOCSHDRCMPLT: 1356 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 1357 break; 1358 1359 /* 1360 * Get packet direction flag 1361 */ 1362 case BIOCGDIRECTION: 1363 *(u_int *)addr = d->bd_direction; 1364 break; 1365 1366 /* 1367 * Set packet direction flag 1368 */ 1369 case BIOCSDIRECTION: 1370 { 1371 u_int direction; 1372 1373 direction = *(u_int *)addr; 1374 switch (direction) { 1375 case BPF_D_IN: 1376 case BPF_D_INOUT: 1377 case BPF_D_OUT: 1378 d->bd_direction = direction; 1379 break; 1380 default: 1381 error = EINVAL; 1382 } 1383 } 1384 break; 1385 1386 case BIOCFEEDBACK: 1387 d->bd_feedback = *(u_int *)addr; 1388 break; 1389 1390 case BIOCLOCK: 1391 d->bd_locked = 1; 1392 break; 1393 1394 case FIONBIO: /* Non-blocking I/O */ 1395 break; 1396 1397 case FIOASYNC: /* Send signal on receive packets */ 1398 d->bd_async = *(int *)addr; 1399 break; 1400 1401 case FIOSETOWN: 1402 error = fsetown(*(int *)addr, &d->bd_sigio); 1403 break; 1404 1405 case FIOGETOWN: 1406 *(int *)addr = fgetown(&d->bd_sigio); 1407 break; 1408 1409 /* This is deprecated, FIOSETOWN should be used instead. */ 1410 case TIOCSPGRP: 1411 error = fsetown(-(*(int *)addr), &d->bd_sigio); 1412 break; 1413 1414 /* This is deprecated, FIOGETOWN should be used instead. */ 1415 case TIOCGPGRP: 1416 *(int *)addr = -fgetown(&d->bd_sigio); 1417 break; 1418 1419 case BIOCSRSIG: /* Set receive signal */ 1420 { 1421 u_int sig; 1422 1423 sig = *(u_int *)addr; 1424 1425 if (sig >= NSIG) 1426 error = EINVAL; 1427 else 1428 d->bd_sig = sig; 1429 break; 1430 } 1431 case BIOCGRSIG: 1432 *(u_int *)addr = d->bd_sig; 1433 break; 1434 1435 case BIOCGETBUFMODE: 1436 *(u_int *)addr = d->bd_bufmode; 1437 break; 1438 1439 case BIOCSETBUFMODE: 1440 /* 1441 * Allow the buffering mode to be changed as long as we 1442 * haven't yet committed to a particular mode. Our 1443 * definition of commitment, for now, is whether or not a 1444 * buffer has been allocated or an interface attached, since 1445 * that's the point where things get tricky. 1446 */ 1447 switch (*(u_int *)addr) { 1448 case BPF_BUFMODE_BUFFER: 1449 break; 1450 1451 case BPF_BUFMODE_ZBUF: 1452 if (bpf_zerocopy_enable) 1453 break; 1454 /* FALLSTHROUGH */ 1455 1456 default: 1457 return (EINVAL); 1458 } 1459 1460 BPFD_LOCK(d); 1461 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL || 1462 d->bd_fbuf != NULL || d->bd_bif != NULL) { 1463 BPFD_UNLOCK(d); 1464 return (EBUSY); 1465 } 1466 d->bd_bufmode = *(u_int *)addr; 1467 BPFD_UNLOCK(d); 1468 break; 1469 1470 case BIOCGETZMAX: 1471 return (bpf_ioctl_getzmax(td, d, (size_t *)addr)); 1472 1473 case BIOCSETZBUF: 1474 return (bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr)); 1475 1476 case BIOCROTZBUF: 1477 return (bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr)); 1478 } 1479 CURVNET_RESTORE(); 1480 return (error); 1481} 1482 1483/* 1484 * Set d's packet filter program to fp. If this file already has a filter, 1485 * free it and replace it. Returns EINVAL for bogus requests. 1486 */ 1487static int 1488bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd) 1489{ 1490 struct bpf_insn *fcode, *old; 1491 u_int wfilter, flen, size; 1492#ifdef BPF_JITTER 1493 bpf_jit_filter *ofunc; 1494#endif 1495#ifdef COMPAT_FREEBSD32 1496 struct bpf_program32 *fp32; 1497 struct bpf_program fp_swab; 1498 1499 if (cmd == BIOCSETWF32 || cmd == BIOCSETF32 || cmd == BIOCSETFNR32) { 1500 fp32 = (struct bpf_program32 *)fp; 1501 fp_swab.bf_len = fp32->bf_len; 1502 fp_swab.bf_insns = (struct bpf_insn *)(uintptr_t)fp32->bf_insns; 1503 fp = &fp_swab; 1504 if (cmd == BIOCSETWF32) 1505 cmd = BIOCSETWF; 1506 } 1507#endif 1508 if (cmd == BIOCSETWF) { 1509 old = d->bd_wfilter; 1510 wfilter = 1; 1511#ifdef BPF_JITTER 1512 ofunc = NULL; 1513#endif 1514 } else { 1515 wfilter = 0; 1516 old = d->bd_rfilter; 1517#ifdef BPF_JITTER 1518 ofunc = d->bd_bfilter; 1519#endif 1520 } 1521 if (fp->bf_insns == NULL) { 1522 if (fp->bf_len != 0) 1523 return (EINVAL); 1524 BPFD_LOCK(d); 1525 if (wfilter) 1526 d->bd_wfilter = NULL; 1527 else { 1528 d->bd_rfilter = NULL; 1529#ifdef BPF_JITTER 1530 d->bd_bfilter = NULL; 1531#endif 1532 if (cmd == BIOCSETF) 1533 reset_d(d); 1534 } 1535 BPFD_UNLOCK(d); 1536 if (old != NULL) 1537 free((caddr_t)old, M_BPF); 1538#ifdef BPF_JITTER 1539 if (ofunc != NULL) 1540 bpf_destroy_jit_filter(ofunc); 1541#endif 1542 return (0); 1543 } 1544 flen = fp->bf_len; 1545 if (flen > bpf_maxinsns) 1546 return (EINVAL); 1547 1548 size = flen * sizeof(*fp->bf_insns); 1549 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 1550 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 1551 bpf_validate(fcode, (int)flen)) { 1552 BPFD_LOCK(d); 1553 if (wfilter) 1554 d->bd_wfilter = fcode; 1555 else { 1556 d->bd_rfilter = fcode; 1557#ifdef BPF_JITTER 1558 d->bd_bfilter = bpf_jitter(fcode, flen); 1559#endif 1560 if (cmd == BIOCSETF) 1561 reset_d(d); 1562 } 1563 BPFD_UNLOCK(d); 1564 if (old != NULL) 1565 free((caddr_t)old, M_BPF); 1566#ifdef BPF_JITTER 1567 if (ofunc != NULL) 1568 bpf_destroy_jit_filter(ofunc); 1569#endif 1570 1571 return (0); 1572 } 1573 free((caddr_t)fcode, M_BPF); 1574 return (EINVAL); 1575} 1576 1577/* 1578 * Detach a file from its current interface (if attached at all) and attach 1579 * to the interface indicated by the name stored in ifr. 1580 * Return an errno or 0. 1581 */ 1582static int 1583bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1584{ 1585 struct bpf_if *bp; 1586 struct ifnet *theywant; 1587 1588 theywant = ifunit(ifr->ifr_name); 1589 if (theywant == NULL || theywant->if_bpf == NULL) 1590 return (ENXIO); 1591 1592 bp = theywant->if_bpf; 1593 1594 /* 1595 * Behavior here depends on the buffering model. If we're using 1596 * kernel memory buffers, then we can allocate them here. If we're 1597 * using zero-copy, then the user process must have registered 1598 * buffers by the time we get here. If not, return an error. 1599 * 1600 * XXXRW: There are locking issues here with multi-threaded use: what 1601 * if two threads try to set the interface at once? 1602 */ 1603 switch (d->bd_bufmode) { 1604 case BPF_BUFMODE_BUFFER: 1605 if (d->bd_sbuf == NULL) 1606 bpf_buffer_alloc(d); 1607 KASSERT(d->bd_sbuf != NULL, ("bpf_setif: bd_sbuf NULL")); 1608 break; 1609 1610 case BPF_BUFMODE_ZBUF: 1611 if (d->bd_sbuf == NULL) 1612 return (EINVAL); 1613 break; 1614 1615 default: 1616 panic("bpf_setif: bufmode %d", d->bd_bufmode); 1617 } 1618 if (bp != d->bd_bif) { 1619 if (d->bd_bif) 1620 /* 1621 * Detach if attached to something else. 1622 */ 1623 bpf_detachd(d); 1624 1625 bpf_attachd(d, bp); 1626 } 1627 BPFD_LOCK(d); 1628 reset_d(d); 1629 BPFD_UNLOCK(d); 1630 return (0); 1631} 1632 1633/* 1634 * Support for select() and poll() system calls 1635 * 1636 * Return true iff the specific operation will not block indefinitely. 1637 * Otherwise, return false but make a note that a selwakeup() must be done. 1638 */ 1639static int 1640bpfpoll(struct cdev *dev, int events, struct thread *td) 1641{ 1642 struct bpf_d *d; 1643 int revents; 1644 1645 if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL) 1646 return (events & 1647 (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM)); 1648 1649 /* 1650 * Refresh PID associated with this descriptor. 1651 */ 1652 revents = events & (POLLOUT | POLLWRNORM); 1653 BPFD_LOCK(d); 1654 d->bd_pid = td->td_proc->p_pid; 1655 if (events & (POLLIN | POLLRDNORM)) { 1656 if (bpf_ready(d)) 1657 revents |= events & (POLLIN | POLLRDNORM); 1658 else { 1659 selrecord(td, &d->bd_sel); 1660 /* Start the read timeout if necessary. */ 1661 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1662 callout_reset(&d->bd_callout, d->bd_rtout, 1663 bpf_timed_out, d); 1664 d->bd_state = BPF_WAITING; 1665 } 1666 } 1667 } 1668 BPFD_UNLOCK(d); 1669 return (revents); 1670} 1671 1672/* 1673 * Support for kevent() system call. Register EVFILT_READ filters and 1674 * reject all others. 1675 */ 1676int 1677bpfkqfilter(struct cdev *dev, struct knote *kn) 1678{ 1679 struct bpf_d *d; 1680 1681 if (devfs_get_cdevpriv((void **)&d) != 0 || 1682 kn->kn_filter != EVFILT_READ) 1683 return (1); 1684 1685 /* 1686 * Refresh PID associated with this descriptor. 1687 */ 1688 BPFD_LOCK(d); 1689 d->bd_pid = curthread->td_proc->p_pid; 1690 kn->kn_fop = &bpfread_filtops; 1691 kn->kn_hook = d; 1692 knlist_add(&d->bd_sel.si_note, kn, 1); 1693 BPFD_UNLOCK(d); 1694 1695 return (0); 1696} 1697 1698static void 1699filt_bpfdetach(struct knote *kn) 1700{ 1701 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1702 1703 knlist_remove(&d->bd_sel.si_note, kn, 0); 1704} 1705 1706static int 1707filt_bpfread(struct knote *kn, long hint) 1708{ 1709 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1710 int ready; 1711 1712 BPFD_LOCK_ASSERT(d); 1713 ready = bpf_ready(d); 1714 if (ready) { 1715 kn->kn_data = d->bd_slen; 1716 if (d->bd_hbuf) 1717 kn->kn_data += d->bd_hlen; 1718 } else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1719 callout_reset(&d->bd_callout, d->bd_rtout, 1720 bpf_timed_out, d); 1721 d->bd_state = BPF_WAITING; 1722 } 1723 1724 return (ready); 1725} 1726 1727/* 1728 * Incoming linkage from device drivers. Process the packet pkt, of length 1729 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1730 * by each process' filter, and if accepted, stashed into the corresponding 1731 * buffer. 1732 */ 1733void 1734bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1735{ 1736 struct bpf_d *d; 1737#ifdef BPF_JITTER 1738 bpf_jit_filter *bf; 1739#endif 1740 u_int slen; 1741 int gottime; 1742 struct timeval tv; 1743 1744 gottime = 0; 1745 BPFIF_LOCK(bp); 1746 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1747 BPFD_LOCK(d); 1748 ++d->bd_rcount; 1749 /* 1750 * NB: We dont call BPF_CHECK_DIRECTION() here since there is no 1751 * way for the caller to indiciate to us whether this packet 1752 * is inbound or outbound. In the bpf_mtap() routines, we use 1753 * the interface pointers on the mbuf to figure it out. 1754 */ 1755#ifdef BPF_JITTER 1756 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL; 1757 if (bf != NULL) 1758 slen = (*(bf->func))(pkt, pktlen, pktlen); 1759 else 1760#endif 1761 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1762 if (slen != 0) { 1763 d->bd_fcount++; 1764 if (!gottime) { 1765 microtime(&tv); 1766 gottime = 1; 1767 } 1768#ifdef MAC 1769 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1770#endif 1771 catchpacket(d, pkt, pktlen, slen, 1772 bpf_append_bytes, &tv); 1773 } 1774 BPFD_UNLOCK(d); 1775 } 1776 BPFIF_UNLOCK(bp); 1777} 1778 1779#define BPF_CHECK_DIRECTION(d, r, i) \ 1780 (((d)->bd_direction == BPF_D_IN && (r) != (i)) || \ 1781 ((d)->bd_direction == BPF_D_OUT && (r) == (i))) 1782 1783/* 1784 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1785 */ 1786void 1787bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1788{ 1789 struct bpf_d *d; 1790#ifdef BPF_JITTER 1791 bpf_jit_filter *bf; 1792#endif 1793 u_int pktlen, slen; 1794 int gottime; 1795 struct timeval tv; 1796 1797 /* Skip outgoing duplicate packets. */ 1798 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) { 1799 m->m_flags &= ~M_PROMISC; 1800 return; 1801 } 1802 1803 gottime = 0; 1804 1805 pktlen = m_length(m, NULL); 1806 1807 BPFIF_LOCK(bp); 1808 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1809 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp)) 1810 continue; 1811 BPFD_LOCK(d); 1812 ++d->bd_rcount; 1813#ifdef BPF_JITTER 1814 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL; 1815 /* XXX We cannot handle multiple mbufs. */ 1816 if (bf != NULL && m->m_next == NULL) 1817 slen = (*(bf->func))(mtod(m, u_char *), pktlen, pktlen); 1818 else 1819#endif 1820 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1821 if (slen != 0) { 1822 d->bd_fcount++; 1823 if (!gottime) { 1824 microtime(&tv); 1825 gottime = 1; 1826 } 1827#ifdef MAC 1828 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1829#endif 1830 catchpacket(d, (u_char *)m, pktlen, slen, 1831 bpf_append_mbuf, &tv); 1832 } 1833 BPFD_UNLOCK(d); 1834 } 1835 BPFIF_UNLOCK(bp); 1836} 1837 1838/* 1839 * Incoming linkage from device drivers, when packet is in 1840 * an mbuf chain and to be prepended by a contiguous header. 1841 */ 1842void 1843bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 1844{ 1845 struct mbuf mb; 1846 struct bpf_d *d; 1847 u_int pktlen, slen; 1848 int gottime; 1849 struct timeval tv; 1850 1851 /* Skip outgoing duplicate packets. */ 1852 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) { 1853 m->m_flags &= ~M_PROMISC; 1854 return; 1855 } 1856 1857 gottime = 0; 1858 1859 pktlen = m_length(m, NULL); 1860 /* 1861 * Craft on-stack mbuf suitable for passing to bpf_filter. 1862 * Note that we cut corners here; we only setup what's 1863 * absolutely needed--this mbuf should never go anywhere else. 1864 */ 1865 mb.m_next = m; 1866 mb.m_data = data; 1867 mb.m_len = dlen; 1868 pktlen += dlen; 1869 1870 BPFIF_LOCK(bp); 1871 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1872 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp)) 1873 continue; 1874 BPFD_LOCK(d); 1875 ++d->bd_rcount; 1876 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 1877 if (slen != 0) { 1878 d->bd_fcount++; 1879 if (!gottime) { 1880 microtime(&tv); 1881 gottime = 1; 1882 } 1883#ifdef MAC 1884 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1885#endif 1886 catchpacket(d, (u_char *)&mb, pktlen, slen, 1887 bpf_append_mbuf, &tv); 1888 } 1889 BPFD_UNLOCK(d); 1890 } 1891 BPFIF_UNLOCK(bp); 1892} 1893 1894#undef BPF_CHECK_DIRECTION 1895 1896/* 1897 * Move the packet data from interface memory (pkt) into the 1898 * store buffer. "cpfn" is the routine called to do the actual data 1899 * transfer. bcopy is passed in to copy contiguous chunks, while 1900 * bpf_append_mbuf is passed in to copy mbuf chains. In the latter case, 1901 * pkt is really an mbuf. 1902 */ 1903static void 1904catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1905 void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int), 1906 struct timeval *tv) 1907{ 1908 struct bpf_hdr hdr; 1909#ifdef COMPAT_FREEBSD32 1910 struct bpf_hdr32 hdr32; 1911#endif 1912 int totlen, curlen; 1913 int hdrlen = d->bd_bif->bif_hdrlen; 1914 int do_wakeup = 0; 1915 1916 BPFD_LOCK_ASSERT(d); 1917 1918 /* 1919 * Detect whether user space has released a buffer back to us, and if 1920 * so, move it from being a hold buffer to a free buffer. This may 1921 * not be the best place to do it (for example, we might only want to 1922 * run this check if we need the space), but for now it's a reliable 1923 * spot to do it. 1924 */ 1925 if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) { 1926 d->bd_fbuf = d->bd_hbuf; 1927 d->bd_hbuf = NULL; 1928 d->bd_hlen = 0; 1929 bpf_buf_reclaimed(d); 1930 } 1931 1932 /* 1933 * Figure out how many bytes to move. If the packet is 1934 * greater or equal to the snapshot length, transfer that 1935 * much. Otherwise, transfer the whole packet (unless 1936 * we hit the buffer size limit). 1937 */ 1938 totlen = hdrlen + min(snaplen, pktlen); 1939 if (totlen > d->bd_bufsize) 1940 totlen = d->bd_bufsize; 1941 1942 /* 1943 * Round up the end of the previous packet to the next longword. 1944 * 1945 * Drop the packet if there's no room and no hope of room 1946 * If the packet would overflow the storage buffer or the storage 1947 * buffer is considered immutable by the buffer model, try to rotate 1948 * the buffer and wakeup pending processes. 1949 */ 1950#ifdef COMPAT_FREEBSD32 1951 if (d->bd_compat32) 1952 curlen = BPF_WORDALIGN32(d->bd_slen); 1953 else 1954#endif 1955 curlen = BPF_WORDALIGN(d->bd_slen); 1956 if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) { 1957 if (d->bd_fbuf == NULL) { 1958 /* 1959 * There's no room in the store buffer, and no 1960 * prospect of room, so drop the packet. Notify the 1961 * buffer model. 1962 */ 1963 bpf_buffull(d); 1964 ++d->bd_dcount; 1965 return; 1966 } 1967 ROTATE_BUFFERS(d); 1968 do_wakeup = 1; 1969 curlen = 0; 1970 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1971 /* 1972 * Immediate mode is set, or the read timeout has already 1973 * expired during a select call. A packet arrived, so the 1974 * reader should be woken up. 1975 */ 1976 do_wakeup = 1; 1977#ifdef COMPAT_FREEBSD32 1978 /* 1979 * If this is a 32-bit stream, then stick a 32-bit header at the 1980 * front and copy the data into the buffer. 1981 */ 1982 if (d->bd_compat32) { 1983 bzero(&hdr32, sizeof(hdr32)); 1984 hdr32.bh_tstamp.tv_sec = tv->tv_sec; 1985 hdr32.bh_tstamp.tv_usec = tv->tv_usec; 1986 hdr32.bh_datalen = pktlen; 1987 hdr32.bh_hdrlen = hdrlen; 1988 hdr.bh_caplen = hdr32.bh_caplen = totlen - hdrlen; 1989 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr32, sizeof(hdr32)); 1990 goto copy; 1991 } 1992#endif 1993 1994 /* 1995 * Append the bpf header. Note we append the actual header size, but 1996 * move forward the length of the header plus padding. 1997 */ 1998 bzero(&hdr, sizeof(hdr)); 1999 hdr.bh_tstamp = *tv; 2000 hdr.bh_datalen = pktlen; 2001 hdr.bh_hdrlen = hdrlen; 2002 hdr.bh_caplen = totlen - hdrlen; 2003 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr)); 2004 2005 /* 2006 * Copy the packet data into the store buffer and update its length. 2007 */ 2008#ifdef COMPAT_FREEBSD32 2009 copy: 2010#endif 2011 (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, hdr.bh_caplen); 2012 d->bd_slen = curlen + totlen; 2013 2014 if (do_wakeup) 2015 bpf_wakeup(d); 2016} 2017 2018/* 2019 * Free buffers currently in use by a descriptor. 2020 * Called on close. 2021 */ 2022static void 2023bpf_freed(struct bpf_d *d) 2024{ 2025 2026 /* 2027 * We don't need to lock out interrupts since this descriptor has 2028 * been detached from its interface and it yet hasn't been marked 2029 * free. 2030 */ 2031 bpf_free(d); 2032 if (d->bd_rfilter != NULL) { 2033 free((caddr_t)d->bd_rfilter, M_BPF); 2034#ifdef BPF_JITTER 2035 if (d->bd_bfilter != NULL) 2036 bpf_destroy_jit_filter(d->bd_bfilter); 2037#endif 2038 } 2039 if (d->bd_wfilter != NULL) 2040 free((caddr_t)d->bd_wfilter, M_BPF); 2041 mtx_destroy(&d->bd_mtx); 2042} 2043 2044/* 2045 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 2046 * fixed size of the link header (variable length headers not yet supported). 2047 */ 2048void 2049bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 2050{ 2051 2052 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 2053} 2054 2055/* 2056 * Attach an interface to bpf. ifp is a pointer to the structure 2057 * defining the interface to be attached, dlt is the link layer type, 2058 * and hdrlen is the fixed size of the link header (variable length 2059 * headers are not yet supporrted). 2060 */ 2061void 2062bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 2063{ 2064 struct bpf_if *bp; 2065 2066 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 2067 if (bp == NULL) 2068 panic("bpfattach"); 2069 2070 LIST_INIT(&bp->bif_dlist); 2071 bp->bif_ifp = ifp; 2072 bp->bif_dlt = dlt; 2073 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 2074 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized")); 2075 *driverp = bp; 2076 2077 mtx_lock(&bpf_mtx); 2078 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 2079 mtx_unlock(&bpf_mtx); 2080 2081 /* 2082 * Compute the length of the bpf header. This is not necessarily 2083 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 2084 * that the network layer header begins on a longword boundary (for 2085 * performance reasons and to alleviate alignment restrictions). 2086 */ 2087 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 2088 2089 if (bootverbose) 2090 if_printf(ifp, "bpf attached\n"); 2091} 2092 2093/* 2094 * Detach bpf from an interface. This involves detaching each descriptor 2095 * associated with the interface, and leaving bd_bif NULL. Notify each 2096 * descriptor as it's detached so that any sleepers wake up and get 2097 * ENXIO. 2098 */ 2099void 2100bpfdetach(struct ifnet *ifp) 2101{ 2102 struct bpf_if *bp; 2103 struct bpf_d *d; 2104 2105 /* Locate BPF interface information */ 2106 mtx_lock(&bpf_mtx); 2107 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2108 if (ifp == bp->bif_ifp) 2109 break; 2110 } 2111 2112 /* Interface wasn't attached */ 2113 if ((bp == NULL) || (bp->bif_ifp == NULL)) { 2114 mtx_unlock(&bpf_mtx); 2115 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 2116 return; 2117 } 2118 2119 LIST_REMOVE(bp, bif_next); 2120 mtx_unlock(&bpf_mtx); 2121 2122 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { 2123 bpf_detachd(d); 2124 BPFD_LOCK(d); 2125 bpf_wakeup(d); 2126 BPFD_UNLOCK(d); 2127 } 2128 2129 mtx_destroy(&bp->bif_mtx); 2130 free(bp, M_BPF); 2131} 2132 2133/* 2134 * Get a list of available data link type of the interface. 2135 */ 2136static int 2137bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 2138{ 2139 int n, error; 2140 struct ifnet *ifp; 2141 struct bpf_if *bp; 2142 2143 ifp = d->bd_bif->bif_ifp; 2144 n = 0; 2145 error = 0; 2146 mtx_lock(&bpf_mtx); 2147 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2148 if (bp->bif_ifp != ifp) 2149 continue; 2150 if (bfl->bfl_list != NULL) { 2151 if (n >= bfl->bfl_len) { 2152 mtx_unlock(&bpf_mtx); 2153 return (ENOMEM); 2154 } 2155 error = copyout(&bp->bif_dlt, 2156 bfl->bfl_list + n, sizeof(u_int)); 2157 } 2158 n++; 2159 } 2160 mtx_unlock(&bpf_mtx); 2161 bfl->bfl_len = n; 2162 return (error); 2163} 2164 2165/* 2166 * Set the data link type of a BPF instance. 2167 */ 2168static int 2169bpf_setdlt(struct bpf_d *d, u_int dlt) 2170{ 2171 int error, opromisc; 2172 struct ifnet *ifp; 2173 struct bpf_if *bp; 2174 2175 if (d->bd_bif->bif_dlt == dlt) 2176 return (0); 2177 ifp = d->bd_bif->bif_ifp; 2178 mtx_lock(&bpf_mtx); 2179 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2180 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 2181 break; 2182 } 2183 mtx_unlock(&bpf_mtx); 2184 if (bp != NULL) { 2185 opromisc = d->bd_promisc; 2186 bpf_detachd(d); 2187 bpf_attachd(d, bp); 2188 BPFD_LOCK(d); 2189 reset_d(d); 2190 BPFD_UNLOCK(d); 2191 if (opromisc) { 2192 error = ifpromisc(bp->bif_ifp, 1); 2193 if (error) 2194 if_printf(bp->bif_ifp, 2195 "bpf_setdlt: ifpromisc failed (%d)\n", 2196 error); 2197 else 2198 d->bd_promisc = 1; 2199 } 2200 } 2201 return (bp == NULL ? EINVAL : 0); 2202} 2203 2204static void 2205bpf_drvinit(void *unused) 2206{ 2207 struct cdev *dev; 2208 2209 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 2210 LIST_INIT(&bpf_iflist); 2211 2212 dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf"); 2213 /* For compatibility */ 2214 make_dev_alias(dev, "bpf0"); 2215} 2216 2217/* 2218 * Zero out the various packet counters associated with all of the bpf 2219 * descriptors. At some point, we will probably want to get a bit more 2220 * granular and allow the user to specify descriptors to be zeroed. 2221 */ 2222static void 2223bpf_zero_counters(void) 2224{ 2225 struct bpf_if *bp; 2226 struct bpf_d *bd; 2227 2228 mtx_lock(&bpf_mtx); 2229 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2230 BPFIF_LOCK(bp); 2231 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 2232 BPFD_LOCK(bd); 2233 bd->bd_rcount = 0; 2234 bd->bd_dcount = 0; 2235 bd->bd_fcount = 0; 2236 bd->bd_wcount = 0; 2237 bd->bd_wfcount = 0; 2238 bd->bd_zcopy = 0; 2239 BPFD_UNLOCK(bd); 2240 } 2241 BPFIF_UNLOCK(bp); 2242 } 2243 mtx_unlock(&bpf_mtx); 2244} 2245 2246static void 2247bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 2248{ 2249 2250 bzero(d, sizeof(*d)); 2251 BPFD_LOCK_ASSERT(bd); 2252 d->bd_structsize = sizeof(*d); 2253 d->bd_immediate = bd->bd_immediate; 2254 d->bd_promisc = bd->bd_promisc; 2255 d->bd_hdrcmplt = bd->bd_hdrcmplt; 2256 d->bd_direction = bd->bd_direction; 2257 d->bd_feedback = bd->bd_feedback; 2258 d->bd_async = bd->bd_async; 2259 d->bd_rcount = bd->bd_rcount; 2260 d->bd_dcount = bd->bd_dcount; 2261 d->bd_fcount = bd->bd_fcount; 2262 d->bd_sig = bd->bd_sig; 2263 d->bd_slen = bd->bd_slen; 2264 d->bd_hlen = bd->bd_hlen; 2265 d->bd_bufsize = bd->bd_bufsize; 2266 d->bd_pid = bd->bd_pid; 2267 strlcpy(d->bd_ifname, 2268 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 2269 d->bd_locked = bd->bd_locked; 2270 d->bd_wcount = bd->bd_wcount; 2271 d->bd_wdcount = bd->bd_wdcount; 2272 d->bd_wfcount = bd->bd_wfcount; 2273 d->bd_zcopy = bd->bd_zcopy; 2274 d->bd_bufmode = bd->bd_bufmode; 2275} 2276 2277static int 2278bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 2279{ 2280 struct xbpf_d *xbdbuf, *xbd, zerostats; 2281 int index, error; 2282 struct bpf_if *bp; 2283 struct bpf_d *bd; 2284 2285 /* 2286 * XXX This is not technically correct. It is possible for non 2287 * privileged users to open bpf devices. It would make sense 2288 * if the users who opened the devices were able to retrieve 2289 * the statistics for them, too. 2290 */ 2291 error = priv_check(req->td, PRIV_NET_BPF); 2292 if (error) 2293 return (error); 2294 /* 2295 * Check to see if the user is requesting that the counters be 2296 * zeroed out. Explicitly check that the supplied data is zeroed, 2297 * as we aren't allowing the user to set the counters currently. 2298 */ 2299 if (req->newptr != NULL) { 2300 if (req->newlen != sizeof(zerostats)) 2301 return (EINVAL); 2302 bzero(&zerostats, sizeof(zerostats)); 2303 xbd = req->newptr; 2304 if (bcmp(xbd, &zerostats, sizeof(*xbd)) != 0) 2305 return (EINVAL); 2306 bpf_zero_counters(); 2307 return (0); 2308 } 2309 if (req->oldptr == NULL) 2310 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 2311 if (bpf_bpfd_cnt == 0) 2312 return (SYSCTL_OUT(req, 0, 0)); 2313 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 2314 mtx_lock(&bpf_mtx); 2315 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 2316 mtx_unlock(&bpf_mtx); 2317 free(xbdbuf, M_BPF); 2318 return (ENOMEM); 2319 } 2320 index = 0; 2321 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2322 BPFIF_LOCK(bp); 2323 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 2324 xbd = &xbdbuf[index++]; 2325 BPFD_LOCK(bd); 2326 bpfstats_fill_xbpf(xbd, bd); 2327 BPFD_UNLOCK(bd); 2328 } 2329 BPFIF_UNLOCK(bp); 2330 } 2331 mtx_unlock(&bpf_mtx); 2332 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 2333 free(xbdbuf, M_BPF); 2334 return (error); 2335} 2336 2337SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL); 2338 2339#else /* !DEV_BPF && !NETGRAPH_BPF */ 2340/* 2341 * NOP stubs to allow bpf-using drivers to load and function. 2342 * 2343 * A 'better' implementation would allow the core bpf functionality 2344 * to be loaded at runtime. 2345 */ 2346static struct bpf_if bp_null; 2347 2348void 2349bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 2350{ 2351} 2352 2353void 2354bpf_mtap(struct bpf_if *bp, struct mbuf *m) 2355{ 2356} 2357 2358void 2359bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m) 2360{ 2361} 2362 2363void 2364bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 2365{ 2366 2367 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 2368} 2369 2370void 2371bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 2372{ 2373 2374 *driverp = &bp_null; 2375} 2376 2377void 2378bpfdetach(struct ifnet *ifp) 2379{ 2380} 2381 2382u_int 2383bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 2384{ 2385 return -1; /* "no filter" behaviour */ 2386} 2387 2388int 2389bpf_validate(const struct bpf_insn *f, int len) 2390{ 2391 return 0; /* false */ 2392} 2393 2394#endif /* !DEV_BPF && !NETGRAPH_BPF */ 2395