1 /*- 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_bpf.h" 41 #include "opt_mac.h" 42 #include "opt_netgraph.h" 43 44 #include <sys/types.h> 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/conf.h> 48 #include <sys/fcntl.h> 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 #include <sys/time.h> 52 #include <sys/priv.h> 53 #include <sys/proc.h> 54 #include <sys/signalvar.h> 55 #include <sys/filio.h> 56 #include <sys/sockio.h> 57 #include <sys/ttycom.h> 58 #include <sys/uio.h> 59 60 #include <sys/event.h> 61 #include <sys/file.h> 62 #include <sys/poll.h> 63 #include <sys/proc.h> 64 65 #include <sys/socket.h> 66 67 #include <net/if.h> 68 #include <net/bpf.h> 69 #ifdef BPF_JITTER 70 #include <net/bpf_jitter.h> 71 #endif 72 #include <net/bpfdesc.h> 73 74 #include <netinet/in.h> 75 #include <netinet/if_ether.h> 76 #include <sys/kernel.h> 77 #include <sys/sysctl.h> 78 79 #include <net80211/ieee80211_freebsd.h> 80 81 #include <security/mac/mac_framework.h> 82 83 static MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 84 85 #if defined(DEV_BPF) || defined(NETGRAPH_BPF) 86 87 #define PRINET 26 /* interruptible */ 88 89 #define M_SKIP_BPF M_SKIP_FIREWALL 90 91 /* 92 * bpf_iflist is a list of BPF interface structures, each corresponding to a 93 * specific DLT. The same network interface might have several BPF interface 94 * structures registered by different layers in the stack (i.e., 802.11 95 * frames, ethernet frames, etc). 96 */ 97 static LIST_HEAD(, bpf_if) bpf_iflist; 98 static struct mtx bpf_mtx; /* bpf global lock */ 99 static int bpf_bpfd_cnt; 100 101 static void bpf_allocbufs(struct bpf_d *); 102 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 103 static void bpf_detachd(struct bpf_d *); 104 static void bpf_freed(struct bpf_d *); 105 static void bpf_mcopy(const void *, void *, size_t); 106 static int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **, 107 struct sockaddr *, int *, struct bpf_insn *); 108 static int bpf_setif(struct bpf_d *, struct ifreq *); 109 static void bpf_timed_out(void *); 110 static __inline void 111 bpf_wakeup(struct bpf_d *); 112 static void catchpacket(struct bpf_d *, u_char *, u_int, 113 u_int, void (*)(const void *, void *, size_t), 114 struct timeval *); 115 static void reset_d(struct bpf_d *); 116 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 117 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 118 static int bpf_setdlt(struct bpf_d *, u_int); 119 static void filt_bpfdetach(struct knote *); 120 static int filt_bpfread(struct knote *, long); 121 static void bpf_drvinit(void *); 122 static void bpf_clone(void *, struct ucred *, char *, int, struct cdev **); 123 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 124 125 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); 126 static int bpf_bufsize = 4096; 127 SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW, 128 &bpf_bufsize, 0, "Default bpf buffer size"); 129 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 130 SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW, 131 &bpf_maxbufsize, 0, "Maximum bpf buffer size"); 132 static int bpf_maxinsns = BPF_MAXINSNS; 133 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 134 &bpf_maxinsns, 0, "Maximum bpf program instructions"); 135 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW, 136 bpf_stats_sysctl, "bpf statistics portal"); 137 138 static d_open_t bpfopen; 139 static d_close_t bpfclose; 140 static d_read_t bpfread; 141 static d_write_t bpfwrite; 142 static d_ioctl_t bpfioctl; 143 static d_poll_t bpfpoll; 144 static d_kqfilter_t bpfkqfilter; 145 146 static struct cdevsw bpf_cdevsw = { 147 .d_version = D_VERSION, 148 .d_open = bpfopen, 149 .d_close = bpfclose, 150 .d_read = bpfread, 151 .d_write = bpfwrite, 152 .d_ioctl = bpfioctl, 153 .d_poll = bpfpoll, 154 .d_name = "bpf", 155 .d_kqfilter = bpfkqfilter, 156 }; 157 158 static struct filterops bpfread_filtops = 159 { 1, NULL, filt_bpfdetach, filt_bpfread }; 160 161 static int 162 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp, 163 struct sockaddr *sockp, int *hdrlen, struct bpf_insn *wfilter) 164 { 165 const struct ieee80211_bpf_params *p; 166 struct ether_header *eh; 167 struct mbuf *m; 168 int error; 169 int len; 170 int hlen; 171 int slen; 172 173 /* 174 * Build a sockaddr based on the data link layer type. 175 * We do this at this level because the ethernet header 176 * is copied directly into the data field of the sockaddr. 177 * In the case of SLIP, there is no header and the packet 178 * is forwarded as is. 179 * Also, we are careful to leave room at the front of the mbuf 180 * for the link level header. 181 */ 182 switch (linktype) { 183 184 case DLT_SLIP: 185 sockp->sa_family = AF_INET; 186 hlen = 0; 187 break; 188 189 case DLT_EN10MB: 190 sockp->sa_family = AF_UNSPEC; 191 /* XXX Would MAXLINKHDR be better? */ 192 hlen = ETHER_HDR_LEN; 193 break; 194 195 case DLT_FDDI: 196 sockp->sa_family = AF_IMPLINK; 197 hlen = 0; 198 break; 199 200 case DLT_RAW: 201 sockp->sa_family = AF_UNSPEC; 202 hlen = 0; 203 break; 204 205 case DLT_NULL: 206 /* 207 * null interface types require a 4 byte pseudo header which 208 * corresponds to the address family of the packet. 209 */ 210 sockp->sa_family = AF_UNSPEC; 211 hlen = 4; 212 break; 213 214 case DLT_ATM_RFC1483: 215 /* 216 * en atm driver requires 4-byte atm pseudo header. 217 * though it isn't standard, vpi:vci needs to be 218 * specified anyway. 219 */ 220 sockp->sa_family = AF_UNSPEC; 221 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 222 break; 223 224 case DLT_PPP: 225 sockp->sa_family = AF_UNSPEC; 226 hlen = 4; /* This should match PPP_HDRLEN */ 227 break; 228 229 case DLT_IEEE802_11: /* IEEE 802.11 wireless */ 230 sockp->sa_family = AF_IEEE80211; 231 hlen = 0; 232 break; 233 234 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */ 235 sockp->sa_family = AF_IEEE80211; 236 sockp->sa_len = 12; /* XXX != 0 */ 237 hlen = sizeof(struct ieee80211_bpf_params); 238 break; 239 240 default: 241 return (EIO); 242 } 243 244 len = uio->uio_resid; 245 246 if (len - hlen > ifp->if_mtu) 247 return (EMSGSIZE); 248 249 if ((unsigned)len > MCLBYTES) 250 return (EIO); 251 252 if (len > MHLEN) { 253 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR); 254 } else { 255 MGETHDR(m, M_TRYWAIT, MT_DATA); 256 } 257 if (m == NULL) 258 return (ENOBUFS); 259 m->m_pkthdr.len = m->m_len = len; 260 m->m_pkthdr.rcvif = NULL; 261 *mp = m; 262 263 if (m->m_len < hlen) { 264 error = EPERM; 265 goto bad; 266 } 267 268 error = uiomove(mtod(m, u_char *), len, uio); 269 if (error) 270 goto bad; 271 272 slen = bpf_filter(wfilter, mtod(m, u_char *), len, len); 273 if (slen == 0) { 274 error = EPERM; 275 goto bad; 276 } 277 278 /* Check for multicast destination */ 279 switch (linktype) { 280 case DLT_EN10MB: 281 eh = mtod(m, struct ether_header *); 282 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 283 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost, 284 ETHER_ADDR_LEN) == 0) 285 m->m_flags |= M_BCAST; 286 else 287 m->m_flags |= M_MCAST; 288 } 289 break; 290 } 291 292 /* 293 * Make room for link header, and copy it to sockaddr 294 */ 295 if (hlen != 0) { 296 if (sockp->sa_family == AF_IEEE80211) { 297 /* 298 * Collect true length from the parameter header 299 * NB: sockp is known to be zero'd so if we do a 300 * short copy unspecified parameters will be 301 * zero. 302 * NB: packet may not be aligned after stripping 303 * bpf params 304 * XXX check ibp_vers 305 */ 306 p = mtod(m, const struct ieee80211_bpf_params *); 307 hlen = p->ibp_len; 308 if (hlen > sizeof(sockp->sa_data)) { 309 error = EINVAL; 310 goto bad; 311 } 312 } 313 bcopy(m->m_data, sockp->sa_data, hlen); 314 } 315 *hdrlen = hlen; 316 317 return (0); 318 bad: 319 m_freem(m); 320 return (error); 321 } 322 323 /* 324 * Attach file to the bpf interface, i.e. make d listen on bp. 325 */ 326 static void 327 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 328 { 329 /* 330 * Point d at bp, and add d to the interface's list of listeners. 331 * Finally, point the driver's bpf cookie at the interface so 332 * it will divert packets to bpf. 333 */ 334 BPFIF_LOCK(bp); 335 d->bd_bif = bp; 336 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 337 338 bpf_bpfd_cnt++; 339 BPFIF_UNLOCK(bp); 340 } 341 342 /* 343 * Detach a file from its interface. 344 */ 345 static void 346 bpf_detachd(struct bpf_d *d) 347 { 348 int error; 349 struct bpf_if *bp; 350 struct ifnet *ifp; 351 352 bp = d->bd_bif; 353 BPFIF_LOCK(bp); 354 BPFD_LOCK(d); 355 ifp = d->bd_bif->bif_ifp; 356 357 /* 358 * Remove d from the interface's descriptor list. 359 */ 360 LIST_REMOVE(d, bd_next); 361 362 bpf_bpfd_cnt--; 363 d->bd_bif = NULL; 364 BPFD_UNLOCK(d); 365 BPFIF_UNLOCK(bp); 366 367 /* 368 * Check if this descriptor had requested promiscuous mode. 369 * If so, turn it off. 370 */ 371 if (d->bd_promisc) { 372 d->bd_promisc = 0; 373 error = ifpromisc(ifp, 0); 374 if (error != 0 && error != ENXIO) { 375 /* 376 * ENXIO can happen if a pccard is unplugged 377 * Something is really wrong if we were able to put 378 * the driver into promiscuous mode, but can't 379 * take it out. 380 */ 381 if_printf(bp->bif_ifp, 382 "bpf_detach: ifpromisc failed (%d)\n", error); 383 } 384 } 385 } 386 387 /* 388 * Open ethernet device. Returns ENXIO for illegal minor device number, 389 * EBUSY if file is open by another process. 390 */ 391 /* ARGSUSED */ 392 static int 393 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td) 394 { 395 struct bpf_d *d; 396 397 mtx_lock(&bpf_mtx); 398 d = dev->si_drv1; 399 /* 400 * Each minor can be opened by only one process. If the requested 401 * minor is in use, return EBUSY. 402 */ 403 if (d != NULL) { 404 mtx_unlock(&bpf_mtx); 405 return (EBUSY); 406 } 407 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */ 408 mtx_unlock(&bpf_mtx); 409 410 if ((dev->si_flags & SI_NAMED) == 0) 411 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 412 "bpf%d", dev2unit(dev)); 413 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 414 dev->si_drv1 = d; 415 d->bd_bufsize = bpf_bufsize; 416 d->bd_sig = SIGIO; 417 d->bd_direction = BPF_D_INOUT; 418 d->bd_pid = td->td_proc->p_pid; 419 #ifdef MAC 420 mac_bpfdesc_init(d); 421 mac_bpfdesc_create(td->td_ucred, d); 422 #endif 423 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 424 callout_init(&d->bd_callout, CALLOUT_MPSAFE); 425 knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL); 426 427 return (0); 428 } 429 430 /* 431 * Close the descriptor by detaching it from its interface, 432 * deallocating its buffers, and marking it free. 433 */ 434 /* ARGSUSED */ 435 static int 436 bpfclose(struct cdev *dev, int flags, int fmt, struct thread *td) 437 { 438 struct bpf_d *d = dev->si_drv1; 439 440 BPFD_LOCK(d); 441 if (d->bd_state == BPF_WAITING) 442 callout_stop(&d->bd_callout); 443 d->bd_state = BPF_IDLE; 444 BPFD_UNLOCK(d); 445 funsetown(&d->bd_sigio); 446 mtx_lock(&bpf_mtx); 447 if (d->bd_bif) 448 bpf_detachd(d); 449 mtx_unlock(&bpf_mtx); 450 selwakeuppri(&d->bd_sel, PRINET); 451 #ifdef MAC 452 mac_bpfdesc_destroy(d); 453 #endif /* MAC */ 454 knlist_destroy(&d->bd_sel.si_note); 455 bpf_freed(d); 456 dev->si_drv1 = NULL; 457 free(d, M_BPF); 458 459 return (0); 460 } 461 462 463 /* 464 * Rotate the packet buffers in descriptor d. Move the store buffer 465 * into the hold slot, and the free buffer into the store slot. 466 * Zero the length of the new store buffer. 467 */ 468 #define ROTATE_BUFFERS(d) \ 469 (d)->bd_hbuf = (d)->bd_sbuf; \ 470 (d)->bd_hlen = (d)->bd_slen; \ 471 (d)->bd_sbuf = (d)->bd_fbuf; \ 472 (d)->bd_slen = 0; \ 473 (d)->bd_fbuf = NULL; 474 /* 475 * bpfread - read next chunk of packets from buffers 476 */ 477 static int 478 bpfread(struct cdev *dev, struct uio *uio, int ioflag) 479 { 480 struct bpf_d *d = dev->si_drv1; 481 int timed_out; 482 int error; 483 484 /* 485 * Restrict application to use a buffer the same size as 486 * as kernel buffers. 487 */ 488 if (uio->uio_resid != d->bd_bufsize) 489 return (EINVAL); 490 491 BPFD_LOCK(d); 492 d->bd_pid = curthread->td_proc->p_pid; 493 if (d->bd_state == BPF_WAITING) 494 callout_stop(&d->bd_callout); 495 timed_out = (d->bd_state == BPF_TIMED_OUT); 496 d->bd_state = BPF_IDLE; 497 /* 498 * If the hold buffer is empty, then do a timed sleep, which 499 * ends when the timeout expires or when enough packets 500 * have arrived to fill the store buffer. 501 */ 502 while (d->bd_hbuf == NULL) { 503 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 504 /* 505 * A packet(s) either arrived since the previous 506 * read or arrived while we were asleep. 507 * Rotate the buffers and return what's here. 508 */ 509 ROTATE_BUFFERS(d); 510 break; 511 } 512 513 /* 514 * No data is available, check to see if the bpf device 515 * is still pointed at a real interface. If not, return 516 * ENXIO so that the userland process knows to rebind 517 * it before using it again. 518 */ 519 if (d->bd_bif == NULL) { 520 BPFD_UNLOCK(d); 521 return (ENXIO); 522 } 523 524 if (ioflag & O_NONBLOCK) { 525 BPFD_UNLOCK(d); 526 return (EWOULDBLOCK); 527 } 528 error = msleep(d, &d->bd_mtx, PRINET|PCATCH, 529 "bpf", d->bd_rtout); 530 if (error == EINTR || error == ERESTART) { 531 BPFD_UNLOCK(d); 532 return (error); 533 } 534 if (error == EWOULDBLOCK) { 535 /* 536 * On a timeout, return what's in the buffer, 537 * which may be nothing. If there is something 538 * in the store buffer, we can rotate the buffers. 539 */ 540 if (d->bd_hbuf) 541 /* 542 * We filled up the buffer in between 543 * getting the timeout and arriving 544 * here, so we don't need to rotate. 545 */ 546 break; 547 548 if (d->bd_slen == 0) { 549 BPFD_UNLOCK(d); 550 return (0); 551 } 552 ROTATE_BUFFERS(d); 553 break; 554 } 555 } 556 /* 557 * At this point, we know we have something in the hold slot. 558 */ 559 BPFD_UNLOCK(d); 560 561 /* 562 * Move data from hold buffer into user space. 563 * We know the entire buffer is transferred since 564 * we checked above that the read buffer is bpf_bufsize bytes. 565 * 566 * XXXRW: More synchronization needed here: what if a second thread 567 * issues a read on the same fd at the same time? Don't want this 568 * getting invalidated. 569 */ 570 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 571 572 BPFD_LOCK(d); 573 d->bd_fbuf = d->bd_hbuf; 574 d->bd_hbuf = NULL; 575 d->bd_hlen = 0; 576 BPFD_UNLOCK(d); 577 578 return (error); 579 } 580 581 /* 582 * If there are processes sleeping on this descriptor, wake them up. 583 */ 584 static __inline void 585 bpf_wakeup(struct bpf_d *d) 586 { 587 588 BPFD_LOCK_ASSERT(d); 589 if (d->bd_state == BPF_WAITING) { 590 callout_stop(&d->bd_callout); 591 d->bd_state = BPF_IDLE; 592 } 593 wakeup(d); 594 if (d->bd_async && d->bd_sig && d->bd_sigio) 595 pgsigio(&d->bd_sigio, d->bd_sig, 0); 596 597 selwakeuppri(&d->bd_sel, PRINET); 598 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 599 } 600 601 static void 602 bpf_timed_out(void *arg) 603 { 604 struct bpf_d *d = (struct bpf_d *)arg; 605 606 BPFD_LOCK(d); 607 if (d->bd_state == BPF_WAITING) { 608 d->bd_state = BPF_TIMED_OUT; 609 if (d->bd_slen != 0) 610 bpf_wakeup(d); 611 } 612 BPFD_UNLOCK(d); 613 } 614 615 static int 616 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag) 617 { 618 struct bpf_d *d = dev->si_drv1; 619 struct ifnet *ifp; 620 struct mbuf *m, *mc; 621 struct sockaddr dst; 622 int error, hlen; 623 624 d->bd_pid = curthread->td_proc->p_pid; 625 if (d->bd_bif == NULL) 626 return (ENXIO); 627 628 ifp = d->bd_bif->bif_ifp; 629 630 if ((ifp->if_flags & IFF_UP) == 0) 631 return (ENETDOWN); 632 633 if (uio->uio_resid == 0) 634 return (0); 635 636 bzero(&dst, sizeof(dst)); 637 m = NULL; 638 hlen = 0; 639 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp, 640 &m, &dst, &hlen, d->bd_wfilter); 641 if (error) 642 return (error); 643 644 if (d->bd_hdrcmplt) 645 dst.sa_family = pseudo_AF_HDRCMPLT; 646 647 if (d->bd_feedback) { 648 mc = m_dup(m, M_DONTWAIT); 649 if (mc != NULL) 650 mc->m_pkthdr.rcvif = ifp; 651 /* XXX Do not return the same packet twice. */ 652 if (d->bd_direction == BPF_D_INOUT) 653 m->m_flags |= M_SKIP_BPF; 654 } else 655 mc = NULL; 656 657 m->m_pkthdr.len -= hlen; 658 m->m_len -= hlen; 659 m->m_data += hlen; /* XXX */ 660 661 #ifdef MAC 662 BPFD_LOCK(d); 663 mac_bpfdesc_create_mbuf(d, m); 664 if (mc != NULL) 665 mac_bpfdesc_create_mbuf(d, mc); 666 BPFD_UNLOCK(d); 667 #endif 668 669 error = (*ifp->if_output)(ifp, m, &dst, NULL); 670 671 if (mc != NULL) { 672 if (error == 0) 673 (*ifp->if_input)(ifp, mc); 674 else 675 m_freem(mc); 676 } 677 678 return (error); 679 } 680 681 /* 682 * Reset a descriptor by flushing its packet buffer and clearing the 683 * receive and drop counts. 684 */ 685 static void 686 reset_d(struct bpf_d *d) 687 { 688 689 mtx_assert(&d->bd_mtx, MA_OWNED); 690 if (d->bd_hbuf) { 691 /* Free the hold buffer. */ 692 d->bd_fbuf = d->bd_hbuf; 693 d->bd_hbuf = NULL; 694 } 695 d->bd_slen = 0; 696 d->bd_hlen = 0; 697 d->bd_rcount = 0; 698 d->bd_dcount = 0; 699 d->bd_fcount = 0; 700 } 701 702 /* 703 * FIONREAD Check for read packet available. 704 * SIOCGIFADDR Get interface address - convenient hook to driver. 705 * BIOCGBLEN Get buffer len [for read()]. 706 * BIOCSETF Set ethernet read filter. 707 * BIOCSETWF Set ethernet write filter. 708 * BIOCFLUSH Flush read packet buffer. 709 * BIOCPROMISC Put interface into promiscuous mode. 710 * BIOCGDLT Get link layer type. 711 * BIOCGETIF Get interface name. 712 * BIOCSETIF Set interface. 713 * BIOCSRTIMEOUT Set read timeout. 714 * BIOCGRTIMEOUT Get read timeout. 715 * BIOCGSTATS Get packet stats. 716 * BIOCIMMEDIATE Set immediate mode. 717 * BIOCVERSION Get filter language version. 718 * BIOCGHDRCMPLT Get "header already complete" flag 719 * BIOCSHDRCMPLT Set "header already complete" flag 720 * BIOCGDIRECTION Get packet direction flag 721 * BIOCSDIRECTION Set packet direction flag 722 * BIOCLOCK Set "locked" flag 723 * BIOCFEEDBACK Set packet feedback mode. 724 */ 725 /* ARGSUSED */ 726 static int 727 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, 728 struct thread *td) 729 { 730 struct bpf_d *d = dev->si_drv1; 731 int error = 0; 732 733 /* 734 * Refresh PID associated with this descriptor. 735 */ 736 BPFD_LOCK(d); 737 d->bd_pid = td->td_proc->p_pid; 738 if (d->bd_state == BPF_WAITING) 739 callout_stop(&d->bd_callout); 740 d->bd_state = BPF_IDLE; 741 BPFD_UNLOCK(d); 742 743 if (d->bd_locked == 1) { 744 switch (cmd) { 745 case BIOCGBLEN: 746 case BIOCFLUSH: 747 case BIOCGDLT: 748 case BIOCGDLTLIST: 749 case BIOCGETIF: 750 case BIOCGRTIMEOUT: 751 case BIOCGSTATS: 752 case BIOCVERSION: 753 case BIOCGRSIG: 754 case BIOCGHDRCMPLT: 755 case BIOCFEEDBACK: 756 case FIONREAD: 757 case BIOCLOCK: 758 case BIOCSRTIMEOUT: 759 case BIOCIMMEDIATE: 760 case TIOCGPGRP: 761 break; 762 default: 763 return (EPERM); 764 } 765 } 766 switch (cmd) { 767 768 default: 769 error = EINVAL; 770 break; 771 772 /* 773 * Check for read packet available. 774 */ 775 case FIONREAD: 776 { 777 int n; 778 779 BPFD_LOCK(d); 780 n = d->bd_slen; 781 if (d->bd_hbuf) 782 n += d->bd_hlen; 783 BPFD_UNLOCK(d); 784 785 *(int *)addr = n; 786 break; 787 } 788 789 case SIOCGIFADDR: 790 { 791 struct ifnet *ifp; 792 793 if (d->bd_bif == NULL) 794 error = EINVAL; 795 else { 796 ifp = d->bd_bif->bif_ifp; 797 error = (*ifp->if_ioctl)(ifp, cmd, addr); 798 } 799 break; 800 } 801 802 /* 803 * Get buffer len [for read()]. 804 */ 805 case BIOCGBLEN: 806 *(u_int *)addr = d->bd_bufsize; 807 break; 808 809 /* 810 * Set buffer length. 811 */ 812 case BIOCSBLEN: 813 if (d->bd_bif != NULL) 814 error = EINVAL; 815 else { 816 u_int size = *(u_int *)addr; 817 818 if (size > bpf_maxbufsize) 819 *(u_int *)addr = size = bpf_maxbufsize; 820 else if (size < BPF_MINBUFSIZE) 821 *(u_int *)addr = size = BPF_MINBUFSIZE; 822 d->bd_bufsize = size; 823 } 824 break; 825 826 /* 827 * Set link layer read filter. 828 */ 829 case BIOCSETF: 830 case BIOCSETWF: 831 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 832 break; 833 834 /* 835 * Flush read packet buffer. 836 */ 837 case BIOCFLUSH: 838 BPFD_LOCK(d); 839 reset_d(d); 840 BPFD_UNLOCK(d); 841 break; 842 843 /* 844 * Put interface into promiscuous mode. 845 */ 846 case BIOCPROMISC: 847 if (d->bd_bif == NULL) { 848 /* 849 * No interface attached yet. 850 */ 851 error = EINVAL; 852 break; 853 } 854 if (d->bd_promisc == 0) { 855 error = ifpromisc(d->bd_bif->bif_ifp, 1); 856 if (error == 0) 857 d->bd_promisc = 1; 858 } 859 break; 860 861 /* 862 * Get current data link type. 863 */ 864 case BIOCGDLT: 865 if (d->bd_bif == NULL) 866 error = EINVAL; 867 else 868 *(u_int *)addr = d->bd_bif->bif_dlt; 869 break; 870 871 /* 872 * Get a list of supported data link types. 873 */ 874 case BIOCGDLTLIST: 875 if (d->bd_bif == NULL) 876 error = EINVAL; 877 else 878 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 879 break; 880 881 /* 882 * Set data link type. 883 */ 884 case BIOCSDLT: 885 if (d->bd_bif == NULL) 886 error = EINVAL; 887 else 888 error = bpf_setdlt(d, *(u_int *)addr); 889 break; 890 891 /* 892 * Get interface name. 893 */ 894 case BIOCGETIF: 895 if (d->bd_bif == NULL) 896 error = EINVAL; 897 else { 898 struct ifnet *const ifp = d->bd_bif->bif_ifp; 899 struct ifreq *const ifr = (struct ifreq *)addr; 900 901 strlcpy(ifr->ifr_name, ifp->if_xname, 902 sizeof(ifr->ifr_name)); 903 } 904 break; 905 906 /* 907 * Set interface. 908 */ 909 case BIOCSETIF: 910 error = bpf_setif(d, (struct ifreq *)addr); 911 break; 912 913 /* 914 * Set read timeout. 915 */ 916 case BIOCSRTIMEOUT: 917 { 918 struct timeval *tv = (struct timeval *)addr; 919 920 /* 921 * Subtract 1 tick from tvtohz() since this isn't 922 * a one-shot timer. 923 */ 924 if ((error = itimerfix(tv)) == 0) 925 d->bd_rtout = tvtohz(tv) - 1; 926 break; 927 } 928 929 /* 930 * Get read timeout. 931 */ 932 case BIOCGRTIMEOUT: 933 { 934 struct timeval *tv = (struct timeval *)addr; 935 936 tv->tv_sec = d->bd_rtout / hz; 937 tv->tv_usec = (d->bd_rtout % hz) * tick; 938 break; 939 } 940 941 /* 942 * Get packet stats. 943 */ 944 case BIOCGSTATS: 945 { 946 struct bpf_stat *bs = (struct bpf_stat *)addr; 947 948 bs->bs_recv = d->bd_rcount; 949 bs->bs_drop = d->bd_dcount; 950 break; 951 } 952 953 /* 954 * Set immediate mode. 955 */ 956 case BIOCIMMEDIATE: 957 d->bd_immediate = *(u_int *)addr; 958 break; 959 960 case BIOCVERSION: 961 { 962 struct bpf_version *bv = (struct bpf_version *)addr; 963 964 bv->bv_major = BPF_MAJOR_VERSION; 965 bv->bv_minor = BPF_MINOR_VERSION; 966 break; 967 } 968 969 /* 970 * Get "header already complete" flag 971 */ 972 case BIOCGHDRCMPLT: 973 *(u_int *)addr = d->bd_hdrcmplt; 974 break; 975 976 /* 977 * Set "header already complete" flag 978 */ 979 case BIOCSHDRCMPLT: 980 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 981 break; 982 983 /* 984 * Get packet direction flag 985 */ 986 case BIOCGDIRECTION: 987 *(u_int *)addr = d->bd_direction; 988 break; 989 990 /* 991 * Set packet direction flag 992 */ 993 case BIOCSDIRECTION: 994 { 995 u_int direction; 996 997 direction = *(u_int *)addr; 998 switch (direction) { 999 case BPF_D_IN: 1000 case BPF_D_INOUT: 1001 case BPF_D_OUT: 1002 d->bd_direction = direction; 1003 break; 1004 default: 1005 error = EINVAL; 1006 } 1007 } 1008 break; 1009 1010 case BIOCFEEDBACK: 1011 d->bd_feedback = *(u_int *)addr; 1012 break; 1013 1014 case BIOCLOCK: 1015 d->bd_locked = 1; 1016 break; 1017 1018 case FIONBIO: /* Non-blocking I/O */ 1019 break; 1020 1021 case FIOASYNC: /* Send signal on receive packets */ 1022 d->bd_async = *(int *)addr; 1023 break; 1024 1025 case FIOSETOWN: 1026 error = fsetown(*(int *)addr, &d->bd_sigio); 1027 break; 1028 1029 case FIOGETOWN: 1030 *(int *)addr = fgetown(&d->bd_sigio); 1031 break; 1032 1033 /* This is deprecated, FIOSETOWN should be used instead. */ 1034 case TIOCSPGRP: 1035 error = fsetown(-(*(int *)addr), &d->bd_sigio); 1036 break; 1037 1038 /* This is deprecated, FIOGETOWN should be used instead. */ 1039 case TIOCGPGRP: 1040 *(int *)addr = -fgetown(&d->bd_sigio); 1041 break; 1042 1043 case BIOCSRSIG: /* Set receive signal */ 1044 { 1045 u_int sig; 1046 1047 sig = *(u_int *)addr; 1048 1049 if (sig >= NSIG) 1050 error = EINVAL; 1051 else 1052 d->bd_sig = sig; 1053 break; 1054 } 1055 case BIOCGRSIG: 1056 *(u_int *)addr = d->bd_sig; 1057 break; 1058 } 1059 return (error); 1060 } 1061 1062 /* 1063 * Set d's packet filter program to fp. If this file already has a filter, 1064 * free it and replace it. Returns EINVAL for bogus requests. 1065 */ 1066 static int 1067 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd) 1068 { 1069 struct bpf_insn *fcode, *old; 1070 u_int wfilter, flen, size; 1071 #ifdef BPF_JITTER 1072 bpf_jit_filter *ofunc; 1073 #endif 1074 1075 if (cmd == BIOCSETWF) { 1076 old = d->bd_wfilter; 1077 wfilter = 1; 1078 #ifdef BPF_JITTER 1079 ofunc = NULL; 1080 #endif 1081 } else { 1082 wfilter = 0; 1083 old = d->bd_rfilter; 1084 #ifdef BPF_JITTER 1085 ofunc = d->bd_bfilter; 1086 #endif 1087 } 1088 if (fp->bf_insns == NULL) { 1089 if (fp->bf_len != 0) 1090 return (EINVAL); 1091 BPFD_LOCK(d); 1092 if (wfilter) 1093 d->bd_wfilter = NULL; 1094 else { 1095 d->bd_rfilter = NULL; 1096 #ifdef BPF_JITTER 1097 d->bd_bfilter = NULL; 1098 #endif 1099 } 1100 reset_d(d); 1101 BPFD_UNLOCK(d); 1102 if (old != NULL) 1103 free((caddr_t)old, M_BPF); 1104 #ifdef BPF_JITTER 1105 if (ofunc != NULL) 1106 bpf_destroy_jit_filter(ofunc); 1107 #endif 1108 return (0); 1109 } 1110 flen = fp->bf_len; 1111 if (flen > bpf_maxinsns) 1112 return (EINVAL); 1113 1114 size = flen * sizeof(*fp->bf_insns); 1115 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 1116 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 1117 bpf_validate(fcode, (int)flen)) { 1118 BPFD_LOCK(d); 1119 if (wfilter) 1120 d->bd_wfilter = fcode; 1121 else { 1122 d->bd_rfilter = fcode; 1123 #ifdef BPF_JITTER 1124 d->bd_bfilter = bpf_jitter(fcode, flen); 1125 #endif 1126 } 1127 reset_d(d); 1128 BPFD_UNLOCK(d); 1129 if (old != NULL) 1130 free((caddr_t)old, M_BPF); 1131 #ifdef BPF_JITTER 1132 if (ofunc != NULL) 1133 bpf_destroy_jit_filter(ofunc); 1134 #endif 1135 1136 return (0); 1137 } 1138 free((caddr_t)fcode, M_BPF); 1139 return (EINVAL); 1140 } 1141 1142 /* 1143 * Detach a file from its current interface (if attached at all) and attach 1144 * to the interface indicated by the name stored in ifr. 1145 * Return an errno or 0. 1146 */ 1147 static int 1148 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1149 { 1150 struct bpf_if *bp; 1151 struct ifnet *theywant; 1152 1153 theywant = ifunit(ifr->ifr_name); 1154 if (theywant == NULL || theywant->if_bpf == NULL) 1155 return (ENXIO); 1156 1157 bp = theywant->if_bpf; 1158 /* 1159 * Allocate the packet buffers if we need to. 1160 * If we're already attached to requested interface, 1161 * just flush the buffer. 1162 */ 1163 if (d->bd_sbuf == NULL) 1164 bpf_allocbufs(d); 1165 if (bp != d->bd_bif) { 1166 if (d->bd_bif) 1167 /* 1168 * Detach if attached to something else. 1169 */ 1170 bpf_detachd(d); 1171 1172 bpf_attachd(d, bp); 1173 } 1174 BPFD_LOCK(d); 1175 reset_d(d); 1176 BPFD_UNLOCK(d); 1177 return (0); 1178 } 1179 1180 /* 1181 * Support for select() and poll() system calls 1182 * 1183 * Return true iff the specific operation will not block indefinitely. 1184 * Otherwise, return false but make a note that a selwakeup() must be done. 1185 */ 1186 static int 1187 bpfpoll(struct cdev *dev, int events, struct thread *td) 1188 { 1189 struct bpf_d *d; 1190 int revents; 1191 1192 d = dev->si_drv1; 1193 if (d->bd_bif == NULL) 1194 return (ENXIO); 1195 1196 /* 1197 * Refresh PID associated with this descriptor. 1198 */ 1199 revents = events & (POLLOUT | POLLWRNORM); 1200 BPFD_LOCK(d); 1201 d->bd_pid = td->td_proc->p_pid; 1202 if (events & (POLLIN | POLLRDNORM)) { 1203 if (bpf_ready(d)) 1204 revents |= events & (POLLIN | POLLRDNORM); 1205 else { 1206 selrecord(td, &d->bd_sel); 1207 /* Start the read timeout if necessary. */ 1208 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1209 callout_reset(&d->bd_callout, d->bd_rtout, 1210 bpf_timed_out, d); 1211 d->bd_state = BPF_WAITING; 1212 } 1213 } 1214 } 1215 BPFD_UNLOCK(d); 1216 return (revents); 1217 } 1218 1219 /* 1220 * Support for kevent() system call. Register EVFILT_READ filters and 1221 * reject all others. 1222 */ 1223 int 1224 bpfkqfilter(struct cdev *dev, struct knote *kn) 1225 { 1226 struct bpf_d *d = (struct bpf_d *)dev->si_drv1; 1227 1228 if (kn->kn_filter != EVFILT_READ) 1229 return (1); 1230 1231 /* 1232 * Refresh PID associated with this descriptor. 1233 */ 1234 BPFD_LOCK(d); 1235 d->bd_pid = curthread->td_proc->p_pid; 1236 kn->kn_fop = &bpfread_filtops; 1237 kn->kn_hook = d; 1238 knlist_add(&d->bd_sel.si_note, kn, 1); 1239 BPFD_UNLOCK(d); 1240 1241 return (0); 1242 } 1243 1244 static void 1245 filt_bpfdetach(struct knote *kn) 1246 { 1247 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1248 1249 knlist_remove(&d->bd_sel.si_note, kn, 0); 1250 } 1251 1252 static int 1253 filt_bpfread(struct knote *kn, long hint) 1254 { 1255 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1256 int ready; 1257 1258 BPFD_LOCK_ASSERT(d); 1259 ready = bpf_ready(d); 1260 if (ready) { 1261 kn->kn_data = d->bd_slen; 1262 if (d->bd_hbuf) 1263 kn->kn_data += d->bd_hlen; 1264 } 1265 else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1266 callout_reset(&d->bd_callout, d->bd_rtout, 1267 bpf_timed_out, d); 1268 d->bd_state = BPF_WAITING; 1269 } 1270 1271 return (ready); 1272 } 1273 1274 /* 1275 * Incoming linkage from device drivers. Process the packet pkt, of length 1276 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1277 * by each process' filter, and if accepted, stashed into the corresponding 1278 * buffer. 1279 */ 1280 void 1281 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1282 { 1283 struct bpf_d *d; 1284 u_int slen; 1285 int gottime; 1286 struct timeval tv; 1287 1288 gottime = 0; 1289 BPFIF_LOCK(bp); 1290 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1291 BPFD_LOCK(d); 1292 ++d->bd_rcount; 1293 #ifdef BPF_JITTER 1294 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL) 1295 slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen); 1296 else 1297 #endif 1298 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1299 if (slen != 0) { 1300 d->bd_fcount++; 1301 if (!gottime) { 1302 microtime(&tv); 1303 gottime = 1; 1304 } 1305 #ifdef MAC 1306 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1307 #endif 1308 catchpacket(d, pkt, pktlen, slen, bcopy, &tv); 1309 } 1310 BPFD_UNLOCK(d); 1311 } 1312 BPFIF_UNLOCK(bp); 1313 } 1314 1315 /* 1316 * Copy data from an mbuf chain into a buffer. This code is derived 1317 * from m_copydata in sys/uipc_mbuf.c. 1318 */ 1319 static void 1320 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1321 { 1322 const struct mbuf *m; 1323 u_int count; 1324 u_char *dst; 1325 1326 m = src_arg; 1327 dst = dst_arg; 1328 while (len > 0) { 1329 if (m == NULL) 1330 panic("bpf_mcopy"); 1331 count = min(m->m_len, len); 1332 bcopy(mtod(m, void *), dst, count); 1333 m = m->m_next; 1334 dst += count; 1335 len -= count; 1336 } 1337 } 1338 1339 #define BPF_CHECK_DIRECTION(d, m) \ 1340 if (((d)->bd_direction == BPF_D_IN && (m)->m_pkthdr.rcvif == NULL) || \ 1341 ((d)->bd_direction == BPF_D_OUT && (m)->m_pkthdr.rcvif != NULL)) 1342 1343 /* 1344 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1345 */ 1346 void 1347 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1348 { 1349 struct bpf_d *d; 1350 u_int pktlen, slen; 1351 int gottime; 1352 struct timeval tv; 1353 1354 if (m->m_flags & M_SKIP_BPF) { 1355 m->m_flags &= ~M_SKIP_BPF; 1356 return; 1357 } 1358 1359 gottime = 0; 1360 1361 pktlen = m_length(m, NULL); 1362 1363 BPFIF_LOCK(bp); 1364 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1365 BPF_CHECK_DIRECTION(d, m) 1366 continue; 1367 BPFD_LOCK(d); 1368 ++d->bd_rcount; 1369 #ifdef BPF_JITTER 1370 /* XXX We cannot handle multiple mbufs. */ 1371 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL && 1372 m->m_next == NULL) 1373 slen = (*(d->bd_bfilter->func))(mtod(m, u_char *), 1374 pktlen, pktlen); 1375 else 1376 #endif 1377 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1378 if (slen != 0) { 1379 d->bd_fcount++; 1380 if (!gottime) { 1381 microtime(&tv); 1382 gottime = 1; 1383 } 1384 #ifdef MAC 1385 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1386 #endif 1387 catchpacket(d, (u_char *)m, pktlen, slen, 1388 bpf_mcopy, &tv); 1389 } 1390 BPFD_UNLOCK(d); 1391 } 1392 BPFIF_UNLOCK(bp); 1393 } 1394 1395 /* 1396 * Incoming linkage from device drivers, when packet is in 1397 * an mbuf chain and to be prepended by a contiguous header. 1398 */ 1399 void 1400 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 1401 { 1402 struct mbuf mb; 1403 struct bpf_d *d; 1404 u_int pktlen, slen; 1405 int gottime; 1406 struct timeval tv; 1407 1408 if (m->m_flags & M_SKIP_BPF) { 1409 m->m_flags &= ~M_SKIP_BPF; 1410 return; 1411 } 1412 1413 gottime = 0; 1414 1415 pktlen = m_length(m, NULL); 1416 /* 1417 * Craft on-stack mbuf suitable for passing to bpf_filter. 1418 * Note that we cut corners here; we only setup what's 1419 * absolutely needed--this mbuf should never go anywhere else. 1420 */ 1421 mb.m_next = m; 1422 mb.m_data = data; 1423 mb.m_len = dlen; 1424 pktlen += dlen; 1425 1426 BPFIF_LOCK(bp); 1427 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1428 BPF_CHECK_DIRECTION(d, m) 1429 continue; 1430 BPFD_LOCK(d); 1431 ++d->bd_rcount; 1432 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 1433 if (slen != 0) { 1434 d->bd_fcount++; 1435 if (!gottime) { 1436 microtime(&tv); 1437 gottime = 1; 1438 } 1439 #ifdef MAC 1440 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 1441 #endif 1442 catchpacket(d, (u_char *)&mb, pktlen, slen, 1443 bpf_mcopy, &tv); 1444 } 1445 BPFD_UNLOCK(d); 1446 } 1447 BPFIF_UNLOCK(bp); 1448 } 1449 1450 #undef BPF_CHECK_DIRECTION 1451 1452 /* 1453 * Move the packet data from interface memory (pkt) into the 1454 * store buffer. "cpfn" is the routine called to do the actual data 1455 * transfer. bcopy is passed in to copy contiguous chunks, while 1456 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1457 * pkt is really an mbuf. 1458 */ 1459 static void 1460 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1461 void (*cpfn)(const void *, void *, size_t), struct timeval *tv) 1462 { 1463 struct bpf_hdr *hp; 1464 int totlen, curlen; 1465 int hdrlen = d->bd_bif->bif_hdrlen; 1466 int do_wakeup = 0; 1467 1468 BPFD_LOCK_ASSERT(d); 1469 /* 1470 * Figure out how many bytes to move. If the packet is 1471 * greater or equal to the snapshot length, transfer that 1472 * much. Otherwise, transfer the whole packet (unless 1473 * we hit the buffer size limit). 1474 */ 1475 totlen = hdrlen + min(snaplen, pktlen); 1476 if (totlen > d->bd_bufsize) 1477 totlen = d->bd_bufsize; 1478 1479 /* 1480 * Round up the end of the previous packet to the next longword. 1481 */ 1482 curlen = BPF_WORDALIGN(d->bd_slen); 1483 if (curlen + totlen > d->bd_bufsize) { 1484 /* 1485 * This packet will overflow the storage buffer. 1486 * Rotate the buffers if we can, then wakeup any 1487 * pending reads. 1488 */ 1489 if (d->bd_fbuf == NULL) { 1490 /* 1491 * We haven't completed the previous read yet, 1492 * so drop the packet. 1493 */ 1494 ++d->bd_dcount; 1495 return; 1496 } 1497 ROTATE_BUFFERS(d); 1498 do_wakeup = 1; 1499 curlen = 0; 1500 } 1501 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1502 /* 1503 * Immediate mode is set, or the read timeout has 1504 * already expired during a select call. A packet 1505 * arrived, so the reader should be woken up. 1506 */ 1507 do_wakeup = 1; 1508 1509 /* 1510 * Append the bpf header. 1511 */ 1512 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1513 hp->bh_tstamp = *tv; 1514 hp->bh_datalen = pktlen; 1515 hp->bh_hdrlen = hdrlen; 1516 /* 1517 * Copy the packet data into the store buffer and update its length. 1518 */ 1519 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1520 d->bd_slen = curlen + totlen; 1521 1522 if (do_wakeup) 1523 bpf_wakeup(d); 1524 } 1525 1526 /* 1527 * Initialize all nonzero fields of a descriptor. 1528 */ 1529 static void 1530 bpf_allocbufs(struct bpf_d *d) 1531 { 1532 1533 KASSERT(d->bd_fbuf == NULL, ("bpf_allocbufs: bd_fbuf != NULL")); 1534 KASSERT(d->bd_sbuf == NULL, ("bpf_allocbufs: bd_sbuf != NULL")); 1535 KASSERT(d->bd_hbuf == NULL, ("bpf_allocbufs: bd_hbuf != NULL")); 1536 1537 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1538 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1539 d->bd_slen = 0; 1540 d->bd_hlen = 0; 1541 } 1542 1543 /* 1544 * Free buffers currently in use by a descriptor. 1545 * Called on close. 1546 */ 1547 static void 1548 bpf_freed(struct bpf_d *d) 1549 { 1550 /* 1551 * We don't need to lock out interrupts since this descriptor has 1552 * been detached from its interface and it yet hasn't been marked 1553 * free. 1554 */ 1555 if (d->bd_sbuf != NULL) { 1556 free(d->bd_sbuf, M_BPF); 1557 if (d->bd_hbuf != NULL) 1558 free(d->bd_hbuf, M_BPF); 1559 if (d->bd_fbuf != NULL) 1560 free(d->bd_fbuf, M_BPF); 1561 } 1562 if (d->bd_rfilter) { 1563 free((caddr_t)d->bd_rfilter, M_BPF); 1564 #ifdef BPF_JITTER 1565 bpf_destroy_jit_filter(d->bd_bfilter); 1566 #endif 1567 } 1568 if (d->bd_wfilter) 1569 free((caddr_t)d->bd_wfilter, M_BPF); 1570 mtx_destroy(&d->bd_mtx); 1571 } 1572 1573 /* 1574 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1575 * fixed size of the link header (variable length headers not yet supported). 1576 */ 1577 void 1578 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1579 { 1580 1581 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1582 } 1583 1584 /* 1585 * Attach an interface to bpf. ifp is a pointer to the structure 1586 * defining the interface to be attached, dlt is the link layer type, 1587 * and hdrlen is the fixed size of the link header (variable length 1588 * headers are not yet supporrted). 1589 */ 1590 void 1591 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1592 { 1593 struct bpf_if *bp; 1594 1595 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 1596 if (bp == NULL) 1597 panic("bpfattach"); 1598 1599 LIST_INIT(&bp->bif_dlist); 1600 bp->bif_ifp = ifp; 1601 bp->bif_dlt = dlt; 1602 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 1603 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized")); 1604 *driverp = bp; 1605 1606 mtx_lock(&bpf_mtx); 1607 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 1608 mtx_unlock(&bpf_mtx); 1609 1610 /* 1611 * Compute the length of the bpf header. This is not necessarily 1612 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1613 * that the network layer header begins on a longword boundary (for 1614 * performance reasons and to alleviate alignment restrictions). 1615 */ 1616 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1617 1618 if (bootverbose) 1619 if_printf(ifp, "bpf attached\n"); 1620 } 1621 1622 /* 1623 * Detach bpf from an interface. This involves detaching each descriptor 1624 * associated with the interface, and leaving bd_bif NULL. Notify each 1625 * descriptor as it's detached so that any sleepers wake up and get 1626 * ENXIO. 1627 */ 1628 void 1629 bpfdetach(struct ifnet *ifp) 1630 { 1631 struct bpf_if *bp; 1632 struct bpf_d *d; 1633 1634 /* Locate BPF interface information */ 1635 mtx_lock(&bpf_mtx); 1636 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1637 if (ifp == bp->bif_ifp) 1638 break; 1639 } 1640 1641 /* Interface wasn't attached */ 1642 if ((bp == NULL) || (bp->bif_ifp == NULL)) { 1643 mtx_unlock(&bpf_mtx); 1644 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1645 return; 1646 } 1647 1648 LIST_REMOVE(bp, bif_next); 1649 mtx_unlock(&bpf_mtx); 1650 1651 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { 1652 bpf_detachd(d); 1653 BPFD_LOCK(d); 1654 bpf_wakeup(d); 1655 BPFD_UNLOCK(d); 1656 } 1657 1658 mtx_destroy(&bp->bif_mtx); 1659 free(bp, M_BPF); 1660 } 1661 1662 /* 1663 * Get a list of available data link type of the interface. 1664 */ 1665 static int 1666 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1667 { 1668 int n, error; 1669 struct ifnet *ifp; 1670 struct bpf_if *bp; 1671 1672 ifp = d->bd_bif->bif_ifp; 1673 n = 0; 1674 error = 0; 1675 mtx_lock(&bpf_mtx); 1676 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1677 if (bp->bif_ifp != ifp) 1678 continue; 1679 if (bfl->bfl_list != NULL) { 1680 if (n >= bfl->bfl_len) { 1681 mtx_unlock(&bpf_mtx); 1682 return (ENOMEM); 1683 } 1684 error = copyout(&bp->bif_dlt, 1685 bfl->bfl_list + n, sizeof(u_int)); 1686 } 1687 n++; 1688 } 1689 mtx_unlock(&bpf_mtx); 1690 bfl->bfl_len = n; 1691 return (error); 1692 } 1693 1694 /* 1695 * Set the data link type of a BPF instance. 1696 */ 1697 static int 1698 bpf_setdlt(struct bpf_d *d, u_int dlt) 1699 { 1700 int error, opromisc; 1701 struct ifnet *ifp; 1702 struct bpf_if *bp; 1703 1704 if (d->bd_bif->bif_dlt == dlt) 1705 return (0); 1706 ifp = d->bd_bif->bif_ifp; 1707 mtx_lock(&bpf_mtx); 1708 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1709 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1710 break; 1711 } 1712 mtx_unlock(&bpf_mtx); 1713 if (bp != NULL) { 1714 opromisc = d->bd_promisc; 1715 bpf_detachd(d); 1716 bpf_attachd(d, bp); 1717 BPFD_LOCK(d); 1718 reset_d(d); 1719 BPFD_UNLOCK(d); 1720 if (opromisc) { 1721 error = ifpromisc(bp->bif_ifp, 1); 1722 if (error) 1723 if_printf(bp->bif_ifp, 1724 "bpf_setdlt: ifpromisc failed (%d)\n", 1725 error); 1726 else 1727 d->bd_promisc = 1; 1728 } 1729 } 1730 return (bp == NULL ? EINVAL : 0); 1731 } 1732 1733 static void 1734 bpf_clone(void *arg, struct ucred *cred, char *name, int namelen, 1735 struct cdev **dev) 1736 { 1737 int u; 1738 1739 if (*dev != NULL) 1740 return; 1741 if (dev_stdclone(name, NULL, "bpf", &u) != 1) 1742 return; 1743 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600, 1744 "bpf%d", u); 1745 dev_ref(*dev); 1746 (*dev)->si_flags |= SI_CHEAPCLONE; 1747 return; 1748 } 1749 1750 static void 1751 bpf_drvinit(void *unused) 1752 { 1753 1754 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 1755 LIST_INIT(&bpf_iflist); 1756 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000); 1757 } 1758 1759 static void 1760 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 1761 { 1762 1763 bzero(d, sizeof(*d)); 1764 BPFD_LOCK_ASSERT(bd); 1765 d->bd_immediate = bd->bd_immediate; 1766 d->bd_promisc = bd->bd_promisc; 1767 d->bd_hdrcmplt = bd->bd_hdrcmplt; 1768 d->bd_direction = bd->bd_direction; 1769 d->bd_feedback = bd->bd_feedback; 1770 d->bd_async = bd->bd_async; 1771 d->bd_rcount = bd->bd_rcount; 1772 d->bd_dcount = bd->bd_dcount; 1773 d->bd_fcount = bd->bd_fcount; 1774 d->bd_sig = bd->bd_sig; 1775 d->bd_slen = bd->bd_slen; 1776 d->bd_hlen = bd->bd_hlen; 1777 d->bd_bufsize = bd->bd_bufsize; 1778 d->bd_pid = bd->bd_pid; 1779 strlcpy(d->bd_ifname, 1780 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 1781 d->bd_locked = bd->bd_locked; 1782 } 1783 1784 static int 1785 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 1786 { 1787 struct xbpf_d *xbdbuf, *xbd; 1788 int index, error; 1789 struct bpf_if *bp; 1790 struct bpf_d *bd; 1791 1792 /* 1793 * XXX This is not technically correct. It is possible for non 1794 * privileged users to open bpf devices. It would make sense 1795 * if the users who opened the devices were able to retrieve 1796 * the statistics for them, too. 1797 */ 1798 error = priv_check(req->td, PRIV_NET_BPF); 1799 if (error) 1800 return (error); 1801 if (req->oldptr == NULL) 1802 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 1803 if (bpf_bpfd_cnt == 0) 1804 return (SYSCTL_OUT(req, 0, 0)); 1805 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 1806 mtx_lock(&bpf_mtx); 1807 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 1808 mtx_unlock(&bpf_mtx); 1809 free(xbdbuf, M_BPF); 1810 return (ENOMEM); 1811 } 1812 index = 0; 1813 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1814 BPFIF_LOCK(bp); 1815 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 1816 xbd = &xbdbuf[index++]; 1817 BPFD_LOCK(bd); 1818 bpfstats_fill_xbpf(xbd, bd); 1819 BPFD_UNLOCK(bd); 1820 } 1821 BPFIF_UNLOCK(bp); 1822 } 1823 mtx_unlock(&bpf_mtx); 1824 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 1825 free(xbdbuf, M_BPF); 1826 return (error); 1827 } 1828 1829 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL) 1830 1831 #else /* !DEV_BPF && !NETGRAPH_BPF */ 1832 /* 1833 * NOP stubs to allow bpf-using drivers to load and function. 1834 * 1835 * A 'better' implementation would allow the core bpf functionality 1836 * to be loaded at runtime. 1837 */ 1838 static struct bpf_if bp_null; 1839 1840 void 1841 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1842 { 1843 } 1844 1845 void 1846 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1847 { 1848 } 1849 1850 void 1851 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m) 1852 { 1853 } 1854 1855 void 1856 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1857 { 1858 1859 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1860 } 1861 1862 void 1863 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1864 { 1865 1866 *driverp = &bp_null; 1867 } 1868 1869 void 1870 bpfdetach(struct ifnet *ifp) 1871 { 1872 } 1873 1874 u_int 1875 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1876 { 1877 return -1; /* "no filter" behaviour */ 1878 } 1879 1880 int 1881 bpf_validate(const struct bpf_insn *f, int len) 1882 { 1883 return 0; /* false */ 1884 } 1885 1886 #endif /* !DEV_BPF && !NETGRAPH_BPF */ 1887