1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1990, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from the Stanford/CMU enet packet filter,
8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Berkeley Laboratory.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37 #ifndef _NET_BPF_H_
38 #define _NET_BPF_H_
39
40 #include <sys/types.h>
41 #include <sys/_eventhandler.h>
42 #include <sys/ck.h>
43 #include <net/dlt.h>
44
45 /* BSD style release date */
46 #define BPF_RELEASE 199606
47
48 typedef int32_t bpf_int32;
49 typedef u_int32_t bpf_u_int32;
50 typedef int64_t bpf_int64;
51 typedef u_int64_t bpf_u_int64;
52 struct ifnet;
53
54 /*
55 * Alignment macros. BPF_WORDALIGN rounds up to the next multiple of
56 * BPF_ALIGNMENT.
57 */
58 #define BPF_ALIGNMENT sizeof(long)
59 #define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1))
60
61 #define BPF_MAXINSNS 512
62 #define BPF_MAXBUFSIZE 0x80000
63 #define BPF_MINBUFSIZE 32
64
65 /*
66 * Structure for BIOCSETF.
67 */
68 struct bpf_program {
69 u_int bf_len;
70 struct bpf_insn *bf_insns;
71 };
72
73 /*
74 * Struct returned by BIOCGSTATS.
75 */
76 struct bpf_stat {
77 u_int bs_recv; /* number of packets received */
78 u_int bs_drop; /* number of packets dropped */
79 };
80
81 /*
82 * Struct return by BIOCVERSION. This represents the version number of
83 * the filter language described by the instruction encodings below.
84 * bpf understands a program iff kernel_major == filter_major &&
85 * kernel_minor >= filter_minor, that is, if the value returned by the
86 * running kernel has the same major number and a minor number equal
87 * equal to or less than the filter being downloaded. Otherwise, the
88 * results are undefined, meaning an error may be returned or packets
89 * may be accepted haphazardly.
90 * It has nothing to do with the source code version.
91 */
92 struct bpf_version {
93 u_short bv_major;
94 u_short bv_minor;
95 };
96 /* Current version number of filter architecture. */
97 #define BPF_MAJOR_VERSION 1
98 #define BPF_MINOR_VERSION 1
99
100 /*
101 * Historically, BPF has supported a single buffering model, first using mbuf
102 * clusters in kernel, and later using malloc(9) buffers in kernel. We now
103 * support multiple buffering modes, which may be queried and set using
104 * BIOCGETBUFMODE and BIOCSETBUFMODE. So as to avoid handling the complexity
105 * of changing modes while sniffing packets, the mode becomes fixed once an
106 * interface has been attached to the BPF descriptor.
107 */
108 #define BPF_BUFMODE_BUFFER 1 /* Kernel buffers with read(). */
109 #define BPF_BUFMODE_ZBUF 2 /* Zero-copy buffers. */
110
111 /*-
112 * Struct used by BIOCSETZBUF, BIOCROTZBUF: describes up to two zero-copy
113 * buffer as used by BPF.
114 */
115 struct bpf_zbuf {
116 void *bz_bufa; /* Location of 'a' zero-copy buffer. */
117 void *bz_bufb; /* Location of 'b' zero-copy buffer. */
118 size_t bz_buflen; /* Size of zero-copy buffers. */
119 };
120
121 /*
122 * Struct used by BIOCGETIFLIST.
123 */
124 struct bpf_iflist {
125 u_int bi_size;
126 u_int bi_count;
127 void *bi_ubuf;
128 };
129
130 #define BIOCGBLEN _IOR('B', 102, u_int)
131 #define BIOCSBLEN _IOWR('B', 102, u_int)
132 #define BIOCSETF _IOW('B', 103, struct bpf_program)
133 #define BIOCFLUSH _IO('B', 104)
134 #define BIOCPROMISC _IO('B', 105)
135 #define BIOCGDLT _IOR('B', 106, u_int)
136 #define BIOCGETIF _IOR('B', 107, struct ifreq)
137 #define BIOCSETIF _IOW('B', 108, struct ifreq)
138 #define BIOCSRTIMEOUT _IOW('B', 109, struct timeval)
139 #define BIOCGRTIMEOUT _IOR('B', 110, struct timeval)
140 #define BIOCGSTATS _IOR('B', 111, struct bpf_stat)
141 #define BIOCIMMEDIATE _IOW('B', 112, u_int)
142 #define BIOCVERSION _IOR('B', 113, struct bpf_version)
143 #define BIOCGRSIG _IOR('B', 114, u_int)
144 #define BIOCSRSIG _IOW('B', 115, u_int)
145 #define BIOCGHDRCMPLT _IOR('B', 116, u_int)
146 #define BIOCSHDRCMPLT _IOW('B', 117, u_int)
147 #define BIOCGDIRECTION _IOR('B', 118, u_int)
148 #define BIOCSDIRECTION _IOW('B', 119, u_int)
149 #define BIOCSDLT _IOW('B', 120, u_int)
150 #define BIOCGDLTLIST _IOWR('B', 121, struct bpf_dltlist)
151 #define BIOCLOCK _IO('B', 122)
152 #define BIOCSETWF _IOW('B', 123, struct bpf_program)
153 #define BIOCFEEDBACK _IOW('B', 124, u_int)
154 #define BIOCGETBUFMODE _IOR('B', 125, u_int)
155 #define BIOCSETBUFMODE _IOW('B', 126, u_int)
156 #define BIOCGETZMAX _IOR('B', 127, size_t)
157 #define BIOCROTZBUF _IOR('B', 128, struct bpf_zbuf)
158 #define BIOCSETZBUF _IOW('B', 129, struct bpf_zbuf)
159 #define BIOCSETFNR _IOW('B', 130, struct bpf_program)
160 #define BIOCGTSTAMP _IOR('B', 131, u_int)
161 #define BIOCSTSTAMP _IOW('B', 132, u_int)
162 #define BIOCSETVLANPCP _IOW('B', 133, u_int)
163 #define BIOCGETIFLIST _IOWR('B', 134, struct bpf_iflist)
164
165 /* Obsolete */
166 #define BIOCGSEESENT BIOCGDIRECTION
167 #define BIOCSSEESENT BIOCSDIRECTION
168
169 /* Packet directions */
170 enum bpf_direction {
171 BPF_D_IN, /* See incoming packets */
172 BPF_D_INOUT, /* See incoming and outgoing packets */
173 BPF_D_OUT /* See outgoing packets */
174 };
175
176 /* Time stamping functions */
177 #define BPF_T_MICROTIME 0x0000
178 #define BPF_T_NANOTIME 0x0001
179 #define BPF_T_BINTIME 0x0002
180 #define BPF_T_NONE 0x0003
181 #define BPF_T_FORMAT_MASK 0x0003
182 #define BPF_T_NORMAL 0x0000
183 #define BPF_T_FAST 0x0100
184 #define BPF_T_MONOTONIC 0x0200
185 #define BPF_T_MONOTONIC_FAST (BPF_T_FAST | BPF_T_MONOTONIC)
186 #define BPF_T_FLAG_MASK 0x0300
187 #define BPF_T_FORMAT(t) ((t) & BPF_T_FORMAT_MASK)
188 #define BPF_T_FLAG(t) ((t) & BPF_T_FLAG_MASK)
189 #define BPF_T_VALID(t) \
190 ((t) == BPF_T_NONE || (BPF_T_FORMAT(t) != BPF_T_NONE && \
191 ((t) & ~(BPF_T_FORMAT_MASK | BPF_T_FLAG_MASK)) == 0))
192
193 #define BPF_T_MICROTIME_FAST (BPF_T_MICROTIME | BPF_T_FAST)
194 #define BPF_T_NANOTIME_FAST (BPF_T_NANOTIME | BPF_T_FAST)
195 #define BPF_T_BINTIME_FAST (BPF_T_BINTIME | BPF_T_FAST)
196 #define BPF_T_MICROTIME_MONOTONIC (BPF_T_MICROTIME | BPF_T_MONOTONIC)
197 #define BPF_T_NANOTIME_MONOTONIC (BPF_T_NANOTIME | BPF_T_MONOTONIC)
198 #define BPF_T_BINTIME_MONOTONIC (BPF_T_BINTIME | BPF_T_MONOTONIC)
199 #define BPF_T_MICROTIME_MONOTONIC_FAST (BPF_T_MICROTIME | BPF_T_MONOTONIC_FAST)
200 #define BPF_T_NANOTIME_MONOTONIC_FAST (BPF_T_NANOTIME | BPF_T_MONOTONIC_FAST)
201 #define BPF_T_BINTIME_MONOTONIC_FAST (BPF_T_BINTIME | BPF_T_MONOTONIC_FAST)
202
203 /*
204 * Structure prepended to each packet.
205 */
206 struct bpf_ts {
207 bpf_int64 bt_sec; /* seconds */
208 bpf_u_int64 bt_frac; /* fraction */
209 };
210 struct bpf_xhdr {
211 struct bpf_ts bh_tstamp; /* time stamp */
212 bpf_u_int32 bh_caplen; /* length of captured portion */
213 bpf_u_int32 bh_datalen; /* original length of packet */
214 u_short bh_hdrlen; /* length of bpf header (this struct
215 plus alignment padding) */
216 };
217 /* Obsolete */
218 struct bpf_hdr {
219 struct timeval bh_tstamp; /* time stamp */
220 bpf_u_int32 bh_caplen; /* length of captured portion */
221 bpf_u_int32 bh_datalen; /* original length of packet */
222 u_short bh_hdrlen; /* length of bpf header (this struct
223 plus alignment padding) */
224 };
225 #ifdef _KERNEL
226 #define MTAG_BPF 0x627066
227 #define MTAG_BPF_TIMESTAMP 0
228 #endif
229
230 /*
231 * When using zero-copy BPF buffers, a shared memory header is present
232 * allowing the kernel BPF implementation and user process to synchronize
233 * without using system calls. This structure defines that header. When
234 * accessing these fields, appropriate atomic operation and memory barriers
235 * are required in order not to see stale or out-of-order data; see bpf(4)
236 * for reference code to access these fields from userspace.
237 *
238 * The layout of this structure is critical, and must not be changed; if must
239 * fit in a single page on all architectures.
240 */
241 struct bpf_zbuf_header {
242 volatile u_int bzh_kernel_gen; /* Kernel generation number. */
243 volatile u_int bzh_kernel_len; /* Length of data in the buffer. */
244 volatile u_int bzh_user_gen; /* User generation number. */
245 u_int _bzh_pad[5];
246 };
247
248 /*
249 * The instruction encodings.
250 *
251 * Please inform tcpdump-workers@lists.tcpdump.org if you use any
252 * of the reserved values, so that we can note that they're used
253 * (and perhaps implement it in the reference BPF implementation
254 * and encourage its implementation elsewhere).
255 */
256
257 /*
258 * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000.
259 */
260
261 /* instruction classes */
262 #define BPF_CLASS(code) ((code) & 0x07)
263 #define BPF_LD 0x00
264 #define BPF_LDX 0x01
265 #define BPF_ST 0x02
266 #define BPF_STX 0x03
267 #define BPF_ALU 0x04
268 #define BPF_JMP 0x05
269 #define BPF_RET 0x06
270 #define BPF_MISC 0x07
271
272 /* ld/ldx fields */
273 #define BPF_SIZE(code) ((code) & 0x18)
274 #define BPF_W 0x00
275 #define BPF_H 0x08
276 #define BPF_B 0x10
277 /* 0x18 reserved; used by BSD/OS */
278 #define BPF_MODE(code) ((code) & 0xe0)
279 #define BPF_IMM 0x00
280 #define BPF_ABS 0x20
281 #define BPF_IND 0x40
282 #define BPF_MEM 0x60
283 #define BPF_LEN 0x80
284 #define BPF_MSH 0xa0
285 /* 0xc0 reserved; used by BSD/OS */
286 /* 0xe0 reserved; used by BSD/OS */
287
288 /* alu/jmp fields */
289 #define BPF_OP(code) ((code) & 0xf0)
290 #define BPF_ADD 0x00
291 #define BPF_SUB 0x10
292 #define BPF_MUL 0x20
293 #define BPF_DIV 0x30
294 #define BPF_OR 0x40
295 #define BPF_AND 0x50
296 #define BPF_LSH 0x60
297 #define BPF_RSH 0x70
298 #define BPF_NEG 0x80
299 #define BPF_MOD 0x90
300 #define BPF_XOR 0xa0
301 /* 0xb0 reserved */
302 /* 0xc0 reserved */
303 /* 0xd0 reserved */
304 /* 0xe0 reserved */
305 /* 0xf0 reserved */
306
307 #define BPF_JA 0x00
308 #define BPF_JEQ 0x10
309 #define BPF_JGT 0x20
310 #define BPF_JGE 0x30
311 #define BPF_JSET 0x40
312 /* 0x50 reserved; used on BSD/OS */
313 /* 0x60 reserved */
314 /* 0x70 reserved */
315 /* 0x80 reserved */
316 /* 0x90 reserved */
317 /* 0xa0 reserved */
318 /* 0xb0 reserved */
319 /* 0xc0 reserved */
320 /* 0xd0 reserved */
321 /* 0xe0 reserved */
322 /* 0xf0 reserved */
323 #define BPF_SRC(code) ((code) & 0x08)
324 #define BPF_K 0x00
325 #define BPF_X 0x08
326
327 /* ret - BPF_K and BPF_X also apply */
328 #define BPF_RVAL(code) ((code) & 0x18)
329 #define BPF_A 0x10
330 /* 0x18 reserved */
331
332 /* misc */
333 #define BPF_MISCOP(code) ((code) & 0xf8)
334 #define BPF_TAX 0x00
335 /* 0x08 reserved */
336 /* 0x10 reserved */
337 /* 0x18 reserved */
338 /* #define BPF_COP 0x20 NetBSD "coprocessor" extensions */
339 /* 0x28 reserved */
340 /* 0x30 reserved */
341 /* 0x38 reserved */
342 /* #define BPF_COPX 0x40 NetBSD "coprocessor" extensions */
343 /* also used on BSD/OS */
344 /* 0x48 reserved */
345 /* 0x50 reserved */
346 /* 0x58 reserved */
347 /* 0x60 reserved */
348 /* 0x68 reserved */
349 /* 0x70 reserved */
350 /* 0x78 reserved */
351 #define BPF_TXA 0x80
352 /* 0x88 reserved */
353 /* 0x90 reserved */
354 /* 0x98 reserved */
355 /* 0xa0 reserved */
356 /* 0xa8 reserved */
357 /* 0xb0 reserved */
358 /* 0xb8 reserved */
359 /* 0xc0 reserved; used on BSD/OS */
360 /* 0xc8 reserved */
361 /* 0xd0 reserved */
362 /* 0xd8 reserved */
363 /* 0xe0 reserved */
364 /* 0xe8 reserved */
365 /* 0xf0 reserved */
366 /* 0xf8 reserved */
367
368 /*
369 * The instruction data structure.
370 */
371 struct bpf_insn {
372 u_short code;
373 u_char jt;
374 u_char jf;
375 bpf_u_int32 k;
376 };
377
378 /*
379 * Macros for insn array initializers.
380 */
381 #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
382 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
383
384 /*
385 * Structure to retrieve available DLTs for the interface.
386 */
387 struct bpf_dltlist {
388 u_int bfl_len; /* number of bfd_list array */
389 u_int *bfl_list; /* array of DLTs */
390 };
391
392 #ifdef _KERNEL
393 #ifdef MALLOC_DECLARE
394 MALLOC_DECLARE(M_BPF);
395 #endif
396 #ifdef SYSCTL_DECL
397 SYSCTL_DECL(_net_bpf);
398 #endif
399
400 /*
401 * Rotate the packet buffers in descriptor d. Move the store buffer into the
402 * hold slot, and the free buffer into the store slot. Zero the length of the
403 * new store buffer. Descriptor lock should be held. One must be careful to
404 * not rotate the buffers twice, i.e. if fbuf != NULL.
405 */
406 #define ROTATE_BUFFERS(d) do { \
407 (d)->bd_hbuf = (d)->bd_sbuf; \
408 (d)->bd_hlen = (d)->bd_slen; \
409 (d)->bd_sbuf = (d)->bd_fbuf; \
410 (d)->bd_slen = 0; \
411 (d)->bd_fbuf = NULL; \
412 bpf_bufheld(d); \
413 } while (0)
414
415 /*
416 * Descriptor associated with each attached hardware interface.
417 * Part of this structure is exposed to external callers to speed up
418 * bpf_peers_present() calls.
419 */
420 struct mbuf;
421 struct bpf_if;
422 struct bif_methods;
423 CK_LIST_HEAD(bpfd_list, bpf_d);
424
425 struct bpf_if * bpf_attach(const char *, u_int, u_int,
426 const struct bif_methods *, void *);
427 void bpf_detach(struct bpf_if *);
428 void bpf_vmove(struct bpf_if *bp);
429 void bpf_bufheld(struct bpf_d *d);
430 int bpf_validate(const struct bpf_insn *, int);
431 void bpf_tap(struct bpf_if *, u_char *, u_int);
432 void bpf_tap_if(struct ifnet *, u_char *, u_int);
433 void bpf_mtap(struct bpf_if *, struct mbuf *);
434 void bpf_mtap_if(struct ifnet *, struct mbuf *);
435 void bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *);
436 void bpf_mtap2_if(struct ifnet *, void *, u_int, struct mbuf *);
437 void bpfattach(struct ifnet *, u_int, u_int);
438 void bpfdetach(struct ifnet *);
439 bool bpf_peers_present_if(struct ifnet *);
440 #ifdef VIMAGE
441 void bpf_ifdetach(struct ifnet *);
442 #endif
443
444 void bpfilterattach(int);
445 u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int);
446
447 static __inline bool
bpf_peers_present(const struct bpf_if * bpf)448 bpf_peers_present(const struct bpf_if *bpf)
449 {
450 const struct bpfd_list *dlist;
451
452 dlist = (const struct bpfd_list *)bpf;
453 return (!CK_LIST_EMPTY(dlist));
454 }
455
456 #define BPF_TAP(_ifp, _pkt, _pktlen) \
457 bpf_tap_if((_ifp), (_pkt), (_pktlen))
458 #define BPF_MTAP(_ifp, _m) \
459 bpf_mtap_if((_ifp), (_m))
460 #define BPF_MTAP2(_ifp, _data, _dlen, _m) \
461 bpf_mtap2_if((_ifp), (_data), (_dlen), (_m))
462
463 typedef void bif_attachd_t(void *);
464 typedef void bif_detachd_t(void *);
465 typedef bool bif_chkdir_t(void *, const struct mbuf *, int);
466 typedef int bif_write_t(void *, struct mbuf *, struct mbuf *, int);
467 typedef uint32_t bif_wrsize_t(void *);
468 typedef int bif_promisc_t(void *, bool);
469 typedef int bif_mac_check_receive_t(void *, struct bpf_d *);
470 struct bif_methods {
471 bif_attachd_t *bif_attachd;
472 bif_detachd_t *bif_detachd;
473 bif_chkdir_t *bif_chkdir;
474 bif_promisc_t *bif_promisc;
475 /* Writable taps shall implement the below methods. */
476 bif_write_t *bif_write;
477 bif_wrsize_t *bif_wrsize;
478 bif_mac_check_receive_t *bif_mac_check_receive;
479 };
480
481 /* Ifnet methods implemented in bpf_ifnet.c are shared with net80211. */
482 extern bif_wrsize_t bpf_ifnet_wrsize;
483 extern bif_promisc_t bpf_ifnet_promisc;
484 #endif /* _KERNEL */
485
486 /*
487 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
488 */
489 #define BPF_MEMWORDS 16
490
491 /* BPF attach/detach events */
492 typedef void (*bpf_track_fn)(void *, struct ifnet *, int /* dlt */,
493 int /* 1 =>'s attach */);
494 EVENTHANDLER_DECLARE(bpf_track, bpf_track_fn);
495
496 #endif /* _NET_BPF_H_ */
497