xref: /freebsd/sys/net/bpf.c (revision 6c6c03be2ddb04c54e455122799923deaefa4114)
1 /*-
2  * Copyright (c) 1990, 1991, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * This code is derived from the Stanford/CMU enet packet filter,
6  * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7  * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8  * Berkeley Laboratory.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 4. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  *      @(#)bpf.c	8.4 (Berkeley) 1/9/95
35  */
36 
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
39 
40 #include "opt_bpf.h"
41 #include "opt_mac.h"
42 #include "opt_netgraph.h"
43 
44 #include <sys/types.h>
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/conf.h>
48 #include <sys/fcntl.h>
49 #include <sys/malloc.h>
50 #include <sys/mbuf.h>
51 #include <sys/time.h>
52 #include <sys/priv.h>
53 #include <sys/proc.h>
54 #include <sys/signalvar.h>
55 #include <sys/filio.h>
56 #include <sys/sockio.h>
57 #include <sys/ttycom.h>
58 #include <sys/uio.h>
59 
60 #include <sys/event.h>
61 #include <sys/file.h>
62 #include <sys/poll.h>
63 #include <sys/proc.h>
64 
65 #include <sys/socket.h>
66 
67 #include <net/if.h>
68 #include <net/bpf.h>
69 #include <net/bpf_buffer.h>
70 #ifdef BPF_JITTER
71 #include <net/bpf_jitter.h>
72 #endif
73 #include <net/bpf_zerocopy.h>
74 #include <net/bpfdesc.h>
75 
76 #include <netinet/in.h>
77 #include <netinet/if_ether.h>
78 #include <sys/kernel.h>
79 #include <sys/sysctl.h>
80 
81 #include <net80211/ieee80211_freebsd.h>
82 
83 #include <security/mac/mac_framework.h>
84 
85 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
86 
87 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
88 
89 #define PRINET  26			/* interruptible */
90 
91 /*
92  * bpf_iflist is a list of BPF interface structures, each corresponding to a
93  * specific DLT.  The same network interface might have several BPF interface
94  * structures registered by different layers in the stack (i.e., 802.11
95  * frames, ethernet frames, etc).
96  */
97 static LIST_HEAD(, bpf_if)	bpf_iflist;
98 static struct mtx	bpf_mtx;		/* bpf global lock */
99 static int		bpf_bpfd_cnt;
100 
101 static void	bpf_attachd(struct bpf_d *, struct bpf_if *);
102 static void	bpf_detachd(struct bpf_d *);
103 static void	bpf_freed(struct bpf_d *);
104 static int	bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **,
105 		    struct sockaddr *, int *, struct bpf_insn *);
106 static int	bpf_setif(struct bpf_d *, struct ifreq *);
107 static void	bpf_timed_out(void *);
108 static __inline void
109 		bpf_wakeup(struct bpf_d *);
110 static void	catchpacket(struct bpf_d *, u_char *, u_int, u_int,
111 		    void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int),
112 		    struct timeval *);
113 static void	reset_d(struct bpf_d *);
114 static int	 bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
115 static int	bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
116 static int	bpf_setdlt(struct bpf_d *, u_int);
117 static void	filt_bpfdetach(struct knote *);
118 static int	filt_bpfread(struct knote *, long);
119 static void	bpf_drvinit(void *);
120 static int	bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
121 
122 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
123 int bpf_maxinsns = BPF_MAXINSNS;
124 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
125     &bpf_maxinsns, 0, "Maximum bpf program instructions");
126 static int bpf_zerocopy_enable = 0;
127 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW,
128     &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions");
129 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW,
130     bpf_stats_sysctl, "bpf statistics portal");
131 
132 static	d_open_t	bpfopen;
133 static	d_read_t	bpfread;
134 static	d_write_t	bpfwrite;
135 static	d_ioctl_t	bpfioctl;
136 static	d_poll_t	bpfpoll;
137 static	d_kqfilter_t	bpfkqfilter;
138 
139 static struct cdevsw bpf_cdevsw = {
140 	.d_version =	D_VERSION,
141 	.d_open =	bpfopen,
142 	.d_read =	bpfread,
143 	.d_write =	bpfwrite,
144 	.d_ioctl =	bpfioctl,
145 	.d_poll =	bpfpoll,
146 	.d_name =	"bpf",
147 	.d_kqfilter =	bpfkqfilter,
148 };
149 
150 static struct filterops bpfread_filtops =
151 	{ 1, NULL, filt_bpfdetach, filt_bpfread };
152 
153 /*
154  * Wrapper functions for various buffering methods.  If the set of buffer
155  * modes expands, we will probably want to introduce a switch data structure
156  * similar to protosw, et.
157  */
158 static void
159 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
160     u_int len)
161 {
162 
163 	BPFD_LOCK_ASSERT(d);
164 
165 	switch (d->bd_bufmode) {
166 	case BPF_BUFMODE_BUFFER:
167 		return (bpf_buffer_append_bytes(d, buf, offset, src, len));
168 
169 	case BPF_BUFMODE_ZBUF:
170 		d->bd_zcopy++;
171 		return (bpf_zerocopy_append_bytes(d, buf, offset, src, len));
172 
173 	default:
174 		panic("bpf_buf_append_bytes");
175 	}
176 }
177 
178 static void
179 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
180     u_int len)
181 {
182 
183 	BPFD_LOCK_ASSERT(d);
184 
185 	switch (d->bd_bufmode) {
186 	case BPF_BUFMODE_BUFFER:
187 		return (bpf_buffer_append_mbuf(d, buf, offset, src, len));
188 
189 	case BPF_BUFMODE_ZBUF:
190 		d->bd_zcopy++;
191 		return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len));
192 
193 	default:
194 		panic("bpf_buf_append_mbuf");
195 	}
196 }
197 
198 /*
199  * This function gets called when the free buffer is re-assigned.
200  */
201 static void
202 bpf_buf_reclaimed(struct bpf_d *d)
203 {
204 
205 	BPFD_LOCK_ASSERT(d);
206 
207 	switch (d->bd_bufmode) {
208 	case BPF_BUFMODE_BUFFER:
209 		return;
210 
211 	case BPF_BUFMODE_ZBUF:
212 		bpf_zerocopy_buf_reclaimed(d);
213 		return;
214 
215 	default:
216 		panic("bpf_buf_reclaimed");
217 	}
218 }
219 
220 /*
221  * If the buffer mechanism has a way to decide that a held buffer can be made
222  * free, then it is exposed via the bpf_canfreebuf() interface.  (1) is
223  * returned if the buffer can be discarded, (0) is returned if it cannot.
224  */
225 static int
226 bpf_canfreebuf(struct bpf_d *d)
227 {
228 
229 	BPFD_LOCK_ASSERT(d);
230 
231 	switch (d->bd_bufmode) {
232 	case BPF_BUFMODE_ZBUF:
233 		return (bpf_zerocopy_canfreebuf(d));
234 	}
235 	return (0);
236 }
237 
238 /*
239  * Allow the buffer model to indicate that the current store buffer is
240  * immutable, regardless of the appearance of space.  Return (1) if the
241  * buffer is writable, and (0) if not.
242  */
243 static int
244 bpf_canwritebuf(struct bpf_d *d)
245 {
246 
247 	BPFD_LOCK_ASSERT(d);
248 
249 	switch (d->bd_bufmode) {
250 	case BPF_BUFMODE_ZBUF:
251 		return (bpf_zerocopy_canwritebuf(d));
252 	}
253 	return (1);
254 }
255 
256 /*
257  * Notify buffer model that an attempt to write to the store buffer has
258  * resulted in a dropped packet, in which case the buffer may be considered
259  * full.
260  */
261 static void
262 bpf_buffull(struct bpf_d *d)
263 {
264 
265 	BPFD_LOCK_ASSERT(d);
266 
267 	switch (d->bd_bufmode) {
268 	case BPF_BUFMODE_ZBUF:
269 		bpf_zerocopy_buffull(d);
270 		break;
271 	}
272 }
273 
274 /*
275  * Notify the buffer model that a buffer has moved into the hold position.
276  */
277 void
278 bpf_bufheld(struct bpf_d *d)
279 {
280 
281 	BPFD_LOCK_ASSERT(d);
282 
283 	switch (d->bd_bufmode) {
284 	case BPF_BUFMODE_ZBUF:
285 		bpf_zerocopy_bufheld(d);
286 		break;
287 	}
288 }
289 
290 static void
291 bpf_free(struct bpf_d *d)
292 {
293 
294 	switch (d->bd_bufmode) {
295 	case BPF_BUFMODE_BUFFER:
296 		return (bpf_buffer_free(d));
297 
298 	case BPF_BUFMODE_ZBUF:
299 		return (bpf_zerocopy_free(d));
300 
301 	default:
302 		panic("bpf_buf_free");
303 	}
304 }
305 
306 static int
307 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio)
308 {
309 
310 	if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
311 		return (EOPNOTSUPP);
312 	return (bpf_buffer_uiomove(d, buf, len, uio));
313 }
314 
315 static int
316 bpf_ioctl_sblen(struct bpf_d *d, u_int *i)
317 {
318 
319 	if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
320 		return (EOPNOTSUPP);
321 	return (bpf_buffer_ioctl_sblen(d, i));
322 }
323 
324 static int
325 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i)
326 {
327 
328 	if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
329 		return (EOPNOTSUPP);
330 	return (bpf_zerocopy_ioctl_getzmax(td, d, i));
331 }
332 
333 static int
334 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
335 {
336 
337 	if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
338 		return (EOPNOTSUPP);
339 	return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz));
340 }
341 
342 static int
343 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
344 {
345 
346 	if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
347 		return (EOPNOTSUPP);
348 	return (bpf_zerocopy_ioctl_setzbuf(td, d, bz));
349 }
350 
351 /*
352  * General BPF functions.
353  */
354 static int
355 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
356     struct sockaddr *sockp, int *hdrlen, struct bpf_insn *wfilter)
357 {
358 	const struct ieee80211_bpf_params *p;
359 	struct ether_header *eh;
360 	struct mbuf *m;
361 	int error;
362 	int len;
363 	int hlen;
364 	int slen;
365 
366 	/*
367 	 * Build a sockaddr based on the data link layer type.
368 	 * We do this at this level because the ethernet header
369 	 * is copied directly into the data field of the sockaddr.
370 	 * In the case of SLIP, there is no header and the packet
371 	 * is forwarded as is.
372 	 * Also, we are careful to leave room at the front of the mbuf
373 	 * for the link level header.
374 	 */
375 	switch (linktype) {
376 
377 	case DLT_SLIP:
378 		sockp->sa_family = AF_INET;
379 		hlen = 0;
380 		break;
381 
382 	case DLT_EN10MB:
383 		sockp->sa_family = AF_UNSPEC;
384 		/* XXX Would MAXLINKHDR be better? */
385 		hlen = ETHER_HDR_LEN;
386 		break;
387 
388 	case DLT_FDDI:
389 		sockp->sa_family = AF_IMPLINK;
390 		hlen = 0;
391 		break;
392 
393 	case DLT_RAW:
394 		sockp->sa_family = AF_UNSPEC;
395 		hlen = 0;
396 		break;
397 
398 	case DLT_NULL:
399 		/*
400 		 * null interface types require a 4 byte pseudo header which
401 		 * corresponds to the address family of the packet.
402 		 */
403 		sockp->sa_family = AF_UNSPEC;
404 		hlen = 4;
405 		break;
406 
407 	case DLT_ATM_RFC1483:
408 		/*
409 		 * en atm driver requires 4-byte atm pseudo header.
410 		 * though it isn't standard, vpi:vci needs to be
411 		 * specified anyway.
412 		 */
413 		sockp->sa_family = AF_UNSPEC;
414 		hlen = 12;	/* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
415 		break;
416 
417 	case DLT_PPP:
418 		sockp->sa_family = AF_UNSPEC;
419 		hlen = 4;	/* This should match PPP_HDRLEN */
420 		break;
421 
422 	case DLT_IEEE802_11:		/* IEEE 802.11 wireless */
423 		sockp->sa_family = AF_IEEE80211;
424 		hlen = 0;
425 		break;
426 
427 	case DLT_IEEE802_11_RADIO:	/* IEEE 802.11 wireless w/ phy params */
428 		sockp->sa_family = AF_IEEE80211;
429 		sockp->sa_len = 12;	/* XXX != 0 */
430 		hlen = sizeof(struct ieee80211_bpf_params);
431 		break;
432 
433 	default:
434 		return (EIO);
435 	}
436 
437 	len = uio->uio_resid;
438 
439 	if (len - hlen > ifp->if_mtu)
440 		return (EMSGSIZE);
441 
442 	if ((unsigned)len > MJUM16BYTES)
443 		return (EIO);
444 
445 	if (len <= MHLEN)
446 		MGETHDR(m, M_WAIT, MT_DATA);
447 	else if (len <= MCLBYTES)
448 		m = m_getcl(M_WAIT, MT_DATA, M_PKTHDR);
449 	else
450 		m = m_getjcl(M_WAIT, MT_DATA, M_PKTHDR,
451 #if (MJUMPAGESIZE > MCLBYTES)
452 		    len <= MJUMPAGESIZE ? MJUMPAGESIZE :
453 #endif
454 		    (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
455 	m->m_pkthdr.len = m->m_len = len;
456 	m->m_pkthdr.rcvif = NULL;
457 	*mp = m;
458 
459 	if (m->m_len < hlen) {
460 		error = EPERM;
461 		goto bad;
462 	}
463 
464 	error = uiomove(mtod(m, u_char *), len, uio);
465 	if (error)
466 		goto bad;
467 
468 	slen = bpf_filter(wfilter, mtod(m, u_char *), len, len);
469 	if (slen == 0) {
470 		error = EPERM;
471 		goto bad;
472 	}
473 
474 	/* Check for multicast destination */
475 	switch (linktype) {
476 	case DLT_EN10MB:
477 		eh = mtod(m, struct ether_header *);
478 		if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
479 			if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
480 			    ETHER_ADDR_LEN) == 0)
481 				m->m_flags |= M_BCAST;
482 			else
483 				m->m_flags |= M_MCAST;
484 		}
485 		break;
486 	}
487 
488 	/*
489 	 * Make room for link header, and copy it to sockaddr
490 	 */
491 	if (hlen != 0) {
492 		if (sockp->sa_family == AF_IEEE80211) {
493 			/*
494 			 * Collect true length from the parameter header
495 			 * NB: sockp is known to be zero'd so if we do a
496 			 *     short copy unspecified parameters will be
497 			 *     zero.
498 			 * NB: packet may not be aligned after stripping
499 			 *     bpf params
500 			 * XXX check ibp_vers
501 			 */
502 			p = mtod(m, const struct ieee80211_bpf_params *);
503 			hlen = p->ibp_len;
504 			if (hlen > sizeof(sockp->sa_data)) {
505 				error = EINVAL;
506 				goto bad;
507 			}
508 		}
509 		bcopy(m->m_data, sockp->sa_data, hlen);
510 	}
511 	*hdrlen = hlen;
512 
513 	return (0);
514 bad:
515 	m_freem(m);
516 	return (error);
517 }
518 
519 /*
520  * Attach file to the bpf interface, i.e. make d listen on bp.
521  */
522 static void
523 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
524 {
525 	/*
526 	 * Point d at bp, and add d to the interface's list of listeners.
527 	 * Finally, point the driver's bpf cookie at the interface so
528 	 * it will divert packets to bpf.
529 	 */
530 	BPFIF_LOCK(bp);
531 	d->bd_bif = bp;
532 	LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
533 
534 	bpf_bpfd_cnt++;
535 	BPFIF_UNLOCK(bp);
536 }
537 
538 /*
539  * Detach a file from its interface.
540  */
541 static void
542 bpf_detachd(struct bpf_d *d)
543 {
544 	int error;
545 	struct bpf_if *bp;
546 	struct ifnet *ifp;
547 
548 	bp = d->bd_bif;
549 	BPFIF_LOCK(bp);
550 	BPFD_LOCK(d);
551 	ifp = d->bd_bif->bif_ifp;
552 
553 	/*
554 	 * Remove d from the interface's descriptor list.
555 	 */
556 	LIST_REMOVE(d, bd_next);
557 
558 	bpf_bpfd_cnt--;
559 	d->bd_bif = NULL;
560 	BPFD_UNLOCK(d);
561 	BPFIF_UNLOCK(bp);
562 
563 	/*
564 	 * Check if this descriptor had requested promiscuous mode.
565 	 * If so, turn it off.
566 	 */
567 	if (d->bd_promisc) {
568 		d->bd_promisc = 0;
569 		error = ifpromisc(ifp, 0);
570 		if (error != 0 && error != ENXIO) {
571 			/*
572 			 * ENXIO can happen if a pccard is unplugged
573 			 * Something is really wrong if we were able to put
574 			 * the driver into promiscuous mode, but can't
575 			 * take it out.
576 			 */
577 			if_printf(bp->bif_ifp,
578 				"bpf_detach: ifpromisc failed (%d)\n", error);
579 		}
580 	}
581 }
582 
583 /*
584  * Close the descriptor by detaching it from its interface,
585  * deallocating its buffers, and marking it free.
586  */
587 static void
588 bpf_dtor(void *data)
589 {
590 	struct bpf_d *d = data;
591 
592 	BPFD_LOCK(d);
593 	if (d->bd_state == BPF_WAITING)
594 		callout_stop(&d->bd_callout);
595 	d->bd_state = BPF_IDLE;
596 	BPFD_UNLOCK(d);
597 	funsetown(&d->bd_sigio);
598 	mtx_lock(&bpf_mtx);
599 	if (d->bd_bif)
600 		bpf_detachd(d);
601 	mtx_unlock(&bpf_mtx);
602 	selwakeuppri(&d->bd_sel, PRINET);
603 #ifdef MAC
604 	mac_bpfdesc_destroy(d);
605 #endif /* MAC */
606 	knlist_destroy(&d->bd_sel.si_note);
607 	bpf_freed(d);
608 	free(d, M_BPF);
609 }
610 
611 /*
612  * Open ethernet device.  Returns ENXIO for illegal minor device number,
613  * EBUSY if file is open by another process.
614  */
615 /* ARGSUSED */
616 static	int
617 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
618 {
619 	struct bpf_d *d;
620 	int error;
621 
622 	d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
623 	error = devfs_set_cdevpriv(d, bpf_dtor);
624 	if (error != 0) {
625 		free(d, M_BPF);
626 		return (error);
627 	}
628 
629 	/*
630 	 * For historical reasons, perform a one-time initialization call to
631 	 * the buffer routines, even though we're not yet committed to a
632 	 * particular buffer method.
633 	 */
634 	bpf_buffer_init(d);
635 	d->bd_bufmode = BPF_BUFMODE_BUFFER;
636 	d->bd_sig = SIGIO;
637 	d->bd_direction = BPF_D_INOUT;
638 	d->bd_pid = td->td_proc->p_pid;
639 #ifdef MAC
640 	mac_bpfdesc_init(d);
641 	mac_bpfdesc_create(td->td_ucred, d);
642 #endif
643 	mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF);
644 	callout_init(&d->bd_callout, CALLOUT_MPSAFE);
645 	knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL);
646 
647 	return (0);
648 }
649 
650 /*
651  *  bpfread - read next chunk of packets from buffers
652  */
653 static	int
654 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
655 {
656 	struct bpf_d *d;
657 	int timed_out;
658 	int error;
659 
660 	error = devfs_get_cdevpriv((void **)&d);
661 	if (error != 0)
662 		return (error);
663 
664 	/*
665 	 * Restrict application to use a buffer the same size as
666 	 * as kernel buffers.
667 	 */
668 	if (uio->uio_resid != d->bd_bufsize)
669 		return (EINVAL);
670 
671 	BPFD_LOCK(d);
672 	d->bd_pid = curthread->td_proc->p_pid;
673 	if (d->bd_bufmode != BPF_BUFMODE_BUFFER) {
674 		BPFD_UNLOCK(d);
675 		return (EOPNOTSUPP);
676 	}
677 	if (d->bd_state == BPF_WAITING)
678 		callout_stop(&d->bd_callout);
679 	timed_out = (d->bd_state == BPF_TIMED_OUT);
680 	d->bd_state = BPF_IDLE;
681 	/*
682 	 * If the hold buffer is empty, then do a timed sleep, which
683 	 * ends when the timeout expires or when enough packets
684 	 * have arrived to fill the store buffer.
685 	 */
686 	while (d->bd_hbuf == NULL) {
687 		if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
688 			/*
689 			 * A packet(s) either arrived since the previous
690 			 * read or arrived while we were asleep.
691 			 * Rotate the buffers and return what's here.
692 			 */
693 			ROTATE_BUFFERS(d);
694 			break;
695 		}
696 
697 		/*
698 		 * No data is available, check to see if the bpf device
699 		 * is still pointed at a real interface.  If not, return
700 		 * ENXIO so that the userland process knows to rebind
701 		 * it before using it again.
702 		 */
703 		if (d->bd_bif == NULL) {
704 			BPFD_UNLOCK(d);
705 			return (ENXIO);
706 		}
707 
708 		if (ioflag & O_NONBLOCK) {
709 			BPFD_UNLOCK(d);
710 			return (EWOULDBLOCK);
711 		}
712 		error = msleep(d, &d->bd_mtx, PRINET|PCATCH,
713 		     "bpf", d->bd_rtout);
714 		if (error == EINTR || error == ERESTART) {
715 			BPFD_UNLOCK(d);
716 			return (error);
717 		}
718 		if (error == EWOULDBLOCK) {
719 			/*
720 			 * On a timeout, return what's in the buffer,
721 			 * which may be nothing.  If there is something
722 			 * in the store buffer, we can rotate the buffers.
723 			 */
724 			if (d->bd_hbuf)
725 				/*
726 				 * We filled up the buffer in between
727 				 * getting the timeout and arriving
728 				 * here, so we don't need to rotate.
729 				 */
730 				break;
731 
732 			if (d->bd_slen == 0) {
733 				BPFD_UNLOCK(d);
734 				return (0);
735 			}
736 			ROTATE_BUFFERS(d);
737 			break;
738 		}
739 	}
740 	/*
741 	 * At this point, we know we have something in the hold slot.
742 	 */
743 	BPFD_UNLOCK(d);
744 
745 	/*
746 	 * Move data from hold buffer into user space.
747 	 * We know the entire buffer is transferred since
748 	 * we checked above that the read buffer is bpf_bufsize bytes.
749 	 *
750 	 * XXXRW: More synchronization needed here: what if a second thread
751 	 * issues a read on the same fd at the same time?  Don't want this
752 	 * getting invalidated.
753 	 */
754 	error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio);
755 
756 	BPFD_LOCK(d);
757 	d->bd_fbuf = d->bd_hbuf;
758 	d->bd_hbuf = NULL;
759 	d->bd_hlen = 0;
760 	bpf_buf_reclaimed(d);
761 	BPFD_UNLOCK(d);
762 
763 	return (error);
764 }
765 
766 /*
767  * If there are processes sleeping on this descriptor, wake them up.
768  */
769 static __inline void
770 bpf_wakeup(struct bpf_d *d)
771 {
772 
773 	BPFD_LOCK_ASSERT(d);
774 	if (d->bd_state == BPF_WAITING) {
775 		callout_stop(&d->bd_callout);
776 		d->bd_state = BPF_IDLE;
777 	}
778 	wakeup(d);
779 	if (d->bd_async && d->bd_sig && d->bd_sigio)
780 		pgsigio(&d->bd_sigio, d->bd_sig, 0);
781 
782 	selwakeuppri(&d->bd_sel, PRINET);
783 	KNOTE_LOCKED(&d->bd_sel.si_note, 0);
784 }
785 
786 static void
787 bpf_timed_out(void *arg)
788 {
789 	struct bpf_d *d = (struct bpf_d *)arg;
790 
791 	BPFD_LOCK(d);
792 	if (d->bd_state == BPF_WAITING) {
793 		d->bd_state = BPF_TIMED_OUT;
794 		if (d->bd_slen != 0)
795 			bpf_wakeup(d);
796 	}
797 	BPFD_UNLOCK(d);
798 }
799 
800 static int
801 bpf_ready(struct bpf_d *d)
802 {
803 
804 	BPFD_LOCK_ASSERT(d);
805 
806 	if (!bpf_canfreebuf(d) && d->bd_hlen != 0)
807 		return (1);
808 	if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
809 	    d->bd_slen != 0)
810 		return (1);
811 	return (0);
812 }
813 
814 static int
815 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
816 {
817 	struct bpf_d *d;
818 	struct ifnet *ifp;
819 	struct mbuf *m, *mc;
820 	struct sockaddr dst;
821 	int error, hlen;
822 
823 	error = devfs_get_cdevpriv((void **)&d);
824 	if (error != 0)
825 		return (error);
826 
827 	d->bd_pid = curthread->td_proc->p_pid;
828 	d->bd_wcount++;
829 	if (d->bd_bif == NULL) {
830 		d->bd_wdcount++;
831 		return (ENXIO);
832 	}
833 
834 	ifp = d->bd_bif->bif_ifp;
835 
836 	if ((ifp->if_flags & IFF_UP) == 0) {
837 		d->bd_wdcount++;
838 		return (ENETDOWN);
839 	}
840 
841 	if (uio->uio_resid == 0) {
842 		d->bd_wdcount++;
843 		return (0);
844 	}
845 
846 	bzero(&dst, sizeof(dst));
847 	m = NULL;
848 	hlen = 0;
849 	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp,
850 	    &m, &dst, &hlen, d->bd_wfilter);
851 	if (error) {
852 		d->bd_wdcount++;
853 		return (error);
854 	}
855 	d->bd_wfcount++;
856 	if (d->bd_hdrcmplt)
857 		dst.sa_family = pseudo_AF_HDRCMPLT;
858 
859 	if (d->bd_feedback) {
860 		mc = m_dup(m, M_DONTWAIT);
861 		if (mc != NULL)
862 			mc->m_pkthdr.rcvif = ifp;
863 		/* Set M_PROMISC for outgoing packets to be discarded. */
864 		if (d->bd_direction == BPF_D_INOUT)
865 			m->m_flags |= M_PROMISC;
866 	} else
867 		mc = NULL;
868 
869 	m->m_pkthdr.len -= hlen;
870 	m->m_len -= hlen;
871 	m->m_data += hlen;	/* XXX */
872 
873 #ifdef MAC
874 	BPFD_LOCK(d);
875 	mac_bpfdesc_create_mbuf(d, m);
876 	if (mc != NULL)
877 		mac_bpfdesc_create_mbuf(d, mc);
878 	BPFD_UNLOCK(d);
879 #endif
880 
881 	error = (*ifp->if_output)(ifp, m, &dst, NULL);
882 	if (error)
883 		d->bd_wdcount++;
884 
885 	if (mc != NULL) {
886 		if (error == 0)
887 			(*ifp->if_input)(ifp, mc);
888 		else
889 			m_freem(mc);
890 	}
891 
892 	return (error);
893 }
894 
895 /*
896  * Reset a descriptor by flushing its packet buffer and clearing the
897  * receive and drop counts.
898  */
899 static void
900 reset_d(struct bpf_d *d)
901 {
902 
903 	mtx_assert(&d->bd_mtx, MA_OWNED);
904 	if (d->bd_hbuf) {
905 		/* Free the hold buffer. */
906 		d->bd_fbuf = d->bd_hbuf;
907 		d->bd_hbuf = NULL;
908 		bpf_buf_reclaimed(d);
909 	}
910 	d->bd_slen = 0;
911 	d->bd_hlen = 0;
912 	d->bd_rcount = 0;
913 	d->bd_dcount = 0;
914 	d->bd_fcount = 0;
915 	d->bd_wcount = 0;
916 	d->bd_wfcount = 0;
917 	d->bd_wdcount = 0;
918 	d->bd_zcopy = 0;
919 }
920 
921 /*
922  *  FIONREAD		Check for read packet available.
923  *  SIOCGIFADDR		Get interface address - convenient hook to driver.
924  *  BIOCGBLEN		Get buffer len [for read()].
925  *  BIOCSETF		Set read filter.
926  *  BIOCSETFNR		Set read filter without resetting descriptor.
927  *  BIOCSETWF		Set write filter.
928  *  BIOCFLUSH		Flush read packet buffer.
929  *  BIOCPROMISC		Put interface into promiscuous mode.
930  *  BIOCGDLT		Get link layer type.
931  *  BIOCGETIF		Get interface name.
932  *  BIOCSETIF		Set interface.
933  *  BIOCSRTIMEOUT	Set read timeout.
934  *  BIOCGRTIMEOUT	Get read timeout.
935  *  BIOCGSTATS		Get packet stats.
936  *  BIOCIMMEDIATE	Set immediate mode.
937  *  BIOCVERSION		Get filter language version.
938  *  BIOCGHDRCMPLT	Get "header already complete" flag
939  *  BIOCSHDRCMPLT	Set "header already complete" flag
940  *  BIOCGDIRECTION	Get packet direction flag
941  *  BIOCSDIRECTION	Set packet direction flag
942  *  BIOCLOCK		Set "locked" flag
943  *  BIOCFEEDBACK	Set packet feedback mode.
944  *  BIOCSETZBUF		Set current zero-copy buffer locations.
945  *  BIOCGETZMAX		Get maximum zero-copy buffer size.
946  *  BIOCROTZBUF		Force rotation of zero-copy buffer
947  *  BIOCSETBUFMODE	Set buffer mode.
948  *  BIOCGETBUFMODE	Get current buffer mode.
949  */
950 /* ARGSUSED */
951 static	int
952 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
953     struct thread *td)
954 {
955 	struct bpf_d *d;
956 	int error;
957 
958 	error = devfs_get_cdevpriv((void **)&d);
959 	if (error != 0)
960 		return (error);
961 
962 	/*
963 	 * Refresh PID associated with this descriptor.
964 	 */
965 	BPFD_LOCK(d);
966 	d->bd_pid = td->td_proc->p_pid;
967 	if (d->bd_state == BPF_WAITING)
968 		callout_stop(&d->bd_callout);
969 	d->bd_state = BPF_IDLE;
970 	BPFD_UNLOCK(d);
971 
972 	if (d->bd_locked == 1) {
973 		switch (cmd) {
974 		case BIOCGBLEN:
975 		case BIOCFLUSH:
976 		case BIOCGDLT:
977 		case BIOCGDLTLIST:
978 		case BIOCGETIF:
979 		case BIOCGRTIMEOUT:
980 		case BIOCGSTATS:
981 		case BIOCVERSION:
982 		case BIOCGRSIG:
983 		case BIOCGHDRCMPLT:
984 		case BIOCFEEDBACK:
985 		case FIONREAD:
986 		case BIOCLOCK:
987 		case BIOCSRTIMEOUT:
988 		case BIOCIMMEDIATE:
989 		case TIOCGPGRP:
990 		case BIOCROTZBUF:
991 			break;
992 		default:
993 			return (EPERM);
994 		}
995 	}
996 	switch (cmd) {
997 
998 	default:
999 		error = EINVAL;
1000 		break;
1001 
1002 	/*
1003 	 * Check for read packet available.
1004 	 */
1005 	case FIONREAD:
1006 		{
1007 			int n;
1008 
1009 			BPFD_LOCK(d);
1010 			n = d->bd_slen;
1011 			if (d->bd_hbuf)
1012 				n += d->bd_hlen;
1013 			BPFD_UNLOCK(d);
1014 
1015 			*(int *)addr = n;
1016 			break;
1017 		}
1018 
1019 	case SIOCGIFADDR:
1020 		{
1021 			struct ifnet *ifp;
1022 
1023 			if (d->bd_bif == NULL)
1024 				error = EINVAL;
1025 			else {
1026 				ifp = d->bd_bif->bif_ifp;
1027 				error = (*ifp->if_ioctl)(ifp, cmd, addr);
1028 			}
1029 			break;
1030 		}
1031 
1032 	/*
1033 	 * Get buffer len [for read()].
1034 	 */
1035 	case BIOCGBLEN:
1036 		*(u_int *)addr = d->bd_bufsize;
1037 		break;
1038 
1039 	/*
1040 	 * Set buffer length.
1041 	 */
1042 	case BIOCSBLEN:
1043 		error = bpf_ioctl_sblen(d, (u_int *)addr);
1044 		break;
1045 
1046 	/*
1047 	 * Set link layer read filter.
1048 	 */
1049 	case BIOCSETF:
1050 	case BIOCSETFNR:
1051 	case BIOCSETWF:
1052 		error = bpf_setf(d, (struct bpf_program *)addr, cmd);
1053 		break;
1054 
1055 	/*
1056 	 * Flush read packet buffer.
1057 	 */
1058 	case BIOCFLUSH:
1059 		BPFD_LOCK(d);
1060 		reset_d(d);
1061 		BPFD_UNLOCK(d);
1062 		break;
1063 
1064 	/*
1065 	 * Put interface into promiscuous mode.
1066 	 */
1067 	case BIOCPROMISC:
1068 		if (d->bd_bif == NULL) {
1069 			/*
1070 			 * No interface attached yet.
1071 			 */
1072 			error = EINVAL;
1073 			break;
1074 		}
1075 		if (d->bd_promisc == 0) {
1076 			error = ifpromisc(d->bd_bif->bif_ifp, 1);
1077 			if (error == 0)
1078 				d->bd_promisc = 1;
1079 		}
1080 		break;
1081 
1082 	/*
1083 	 * Get current data link type.
1084 	 */
1085 	case BIOCGDLT:
1086 		if (d->bd_bif == NULL)
1087 			error = EINVAL;
1088 		else
1089 			*(u_int *)addr = d->bd_bif->bif_dlt;
1090 		break;
1091 
1092 	/*
1093 	 * Get a list of supported data link types.
1094 	 */
1095 	case BIOCGDLTLIST:
1096 		if (d->bd_bif == NULL)
1097 			error = EINVAL;
1098 		else
1099 			error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
1100 		break;
1101 
1102 	/*
1103 	 * Set data link type.
1104 	 */
1105 	case BIOCSDLT:
1106 		if (d->bd_bif == NULL)
1107 			error = EINVAL;
1108 		else
1109 			error = bpf_setdlt(d, *(u_int *)addr);
1110 		break;
1111 
1112 	/*
1113 	 * Get interface name.
1114 	 */
1115 	case BIOCGETIF:
1116 		if (d->bd_bif == NULL)
1117 			error = EINVAL;
1118 		else {
1119 			struct ifnet *const ifp = d->bd_bif->bif_ifp;
1120 			struct ifreq *const ifr = (struct ifreq *)addr;
1121 
1122 			strlcpy(ifr->ifr_name, ifp->if_xname,
1123 			    sizeof(ifr->ifr_name));
1124 		}
1125 		break;
1126 
1127 	/*
1128 	 * Set interface.
1129 	 */
1130 	case BIOCSETIF:
1131 		error = bpf_setif(d, (struct ifreq *)addr);
1132 		break;
1133 
1134 	/*
1135 	 * Set read timeout.
1136 	 */
1137 	case BIOCSRTIMEOUT:
1138 		{
1139 			struct timeval *tv = (struct timeval *)addr;
1140 
1141 			/*
1142 			 * Subtract 1 tick from tvtohz() since this isn't
1143 			 * a one-shot timer.
1144 			 */
1145 			if ((error = itimerfix(tv)) == 0)
1146 				d->bd_rtout = tvtohz(tv) - 1;
1147 			break;
1148 		}
1149 
1150 	/*
1151 	 * Get read timeout.
1152 	 */
1153 	case BIOCGRTIMEOUT:
1154 		{
1155 			struct timeval *tv = (struct timeval *)addr;
1156 
1157 			tv->tv_sec = d->bd_rtout / hz;
1158 			tv->tv_usec = (d->bd_rtout % hz) * tick;
1159 			break;
1160 		}
1161 
1162 	/*
1163 	 * Get packet stats.
1164 	 */
1165 	case BIOCGSTATS:
1166 		{
1167 			struct bpf_stat *bs = (struct bpf_stat *)addr;
1168 
1169 			/* XXXCSJP overflow */
1170 			bs->bs_recv = d->bd_rcount;
1171 			bs->bs_drop = d->bd_dcount;
1172 			break;
1173 		}
1174 
1175 	/*
1176 	 * Set immediate mode.
1177 	 */
1178 	case BIOCIMMEDIATE:
1179 		d->bd_immediate = *(u_int *)addr;
1180 		break;
1181 
1182 	case BIOCVERSION:
1183 		{
1184 			struct bpf_version *bv = (struct bpf_version *)addr;
1185 
1186 			bv->bv_major = BPF_MAJOR_VERSION;
1187 			bv->bv_minor = BPF_MINOR_VERSION;
1188 			break;
1189 		}
1190 
1191 	/*
1192 	 * Get "header already complete" flag
1193 	 */
1194 	case BIOCGHDRCMPLT:
1195 		*(u_int *)addr = d->bd_hdrcmplt;
1196 		break;
1197 
1198 	/*
1199 	 * Set "header already complete" flag
1200 	 */
1201 	case BIOCSHDRCMPLT:
1202 		d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1203 		break;
1204 
1205 	/*
1206 	 * Get packet direction flag
1207 	 */
1208 	case BIOCGDIRECTION:
1209 		*(u_int *)addr = d->bd_direction;
1210 		break;
1211 
1212 	/*
1213 	 * Set packet direction flag
1214 	 */
1215 	case BIOCSDIRECTION:
1216 		{
1217 			u_int	direction;
1218 
1219 			direction = *(u_int *)addr;
1220 			switch (direction) {
1221 			case BPF_D_IN:
1222 			case BPF_D_INOUT:
1223 			case BPF_D_OUT:
1224 				d->bd_direction = direction;
1225 				break;
1226 			default:
1227 				error = EINVAL;
1228 			}
1229 		}
1230 		break;
1231 
1232 	case BIOCFEEDBACK:
1233 		d->bd_feedback = *(u_int *)addr;
1234 		break;
1235 
1236 	case BIOCLOCK:
1237 		d->bd_locked = 1;
1238 		break;
1239 
1240 	case FIONBIO:		/* Non-blocking I/O */
1241 		break;
1242 
1243 	case FIOASYNC:		/* Send signal on receive packets */
1244 		d->bd_async = *(int *)addr;
1245 		break;
1246 
1247 	case FIOSETOWN:
1248 		error = fsetown(*(int *)addr, &d->bd_sigio);
1249 		break;
1250 
1251 	case FIOGETOWN:
1252 		*(int *)addr = fgetown(&d->bd_sigio);
1253 		break;
1254 
1255 	/* This is deprecated, FIOSETOWN should be used instead. */
1256 	case TIOCSPGRP:
1257 		error = fsetown(-(*(int *)addr), &d->bd_sigio);
1258 		break;
1259 
1260 	/* This is deprecated, FIOGETOWN should be used instead. */
1261 	case TIOCGPGRP:
1262 		*(int *)addr = -fgetown(&d->bd_sigio);
1263 		break;
1264 
1265 	case BIOCSRSIG:		/* Set receive signal */
1266 		{
1267 			u_int sig;
1268 
1269 			sig = *(u_int *)addr;
1270 
1271 			if (sig >= NSIG)
1272 				error = EINVAL;
1273 			else
1274 				d->bd_sig = sig;
1275 			break;
1276 		}
1277 	case BIOCGRSIG:
1278 		*(u_int *)addr = d->bd_sig;
1279 		break;
1280 
1281 	case BIOCGETBUFMODE:
1282 		*(u_int *)addr = d->bd_bufmode;
1283 		break;
1284 
1285 	case BIOCSETBUFMODE:
1286 		/*
1287 		 * Allow the buffering mode to be changed as long as we
1288 		 * haven't yet committed to a particular mode.  Our
1289 		 * definition of commitment, for now, is whether or not a
1290 		 * buffer has been allocated or an interface attached, since
1291 		 * that's the point where things get tricky.
1292 		 */
1293 		switch (*(u_int *)addr) {
1294 		case BPF_BUFMODE_BUFFER:
1295 			break;
1296 
1297 		case BPF_BUFMODE_ZBUF:
1298 			if (bpf_zerocopy_enable)
1299 				break;
1300 			/* FALLSTHROUGH */
1301 
1302 		default:
1303 			return (EINVAL);
1304 		}
1305 
1306 		BPFD_LOCK(d);
1307 		if (d->bd_sbuf != NULL || d->bd_hbuf != NULL ||
1308 		    d->bd_fbuf != NULL || d->bd_bif != NULL) {
1309 			BPFD_UNLOCK(d);
1310 			return (EBUSY);
1311 		}
1312 		d->bd_bufmode = *(u_int *)addr;
1313 		BPFD_UNLOCK(d);
1314 		break;
1315 
1316 	case BIOCGETZMAX:
1317 		return (bpf_ioctl_getzmax(td, d, (size_t *)addr));
1318 
1319 	case BIOCSETZBUF:
1320 		return (bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr));
1321 
1322 	case BIOCROTZBUF:
1323 		return (bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr));
1324 	}
1325 	return (error);
1326 }
1327 
1328 /*
1329  * Set d's packet filter program to fp.  If this file already has a filter,
1330  * free it and replace it.  Returns EINVAL for bogus requests.
1331  */
1332 static int
1333 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
1334 {
1335 	struct bpf_insn *fcode, *old;
1336 	u_int wfilter, flen, size;
1337 #ifdef BPF_JITTER
1338 	bpf_jit_filter *ofunc;
1339 #endif
1340 
1341 	if (cmd == BIOCSETWF) {
1342 		old = d->bd_wfilter;
1343 		wfilter = 1;
1344 #ifdef BPF_JITTER
1345 		ofunc = NULL;
1346 #endif
1347 	} else {
1348 		wfilter = 0;
1349 		old = d->bd_rfilter;
1350 #ifdef BPF_JITTER
1351 		ofunc = d->bd_bfilter;
1352 #endif
1353 	}
1354 	if (fp->bf_insns == NULL) {
1355 		if (fp->bf_len != 0)
1356 			return (EINVAL);
1357 		BPFD_LOCK(d);
1358 		if (wfilter)
1359 			d->bd_wfilter = NULL;
1360 		else {
1361 			d->bd_rfilter = NULL;
1362 #ifdef BPF_JITTER
1363 			d->bd_bfilter = NULL;
1364 #endif
1365 			if (cmd == BIOCSETF)
1366 				reset_d(d);
1367 		}
1368 		BPFD_UNLOCK(d);
1369 		if (old != NULL)
1370 			free((caddr_t)old, M_BPF);
1371 #ifdef BPF_JITTER
1372 		if (ofunc != NULL)
1373 			bpf_destroy_jit_filter(ofunc);
1374 #endif
1375 		return (0);
1376 	}
1377 	flen = fp->bf_len;
1378 	if (flen > bpf_maxinsns)
1379 		return (EINVAL);
1380 
1381 	size = flen * sizeof(*fp->bf_insns);
1382 	fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
1383 	if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
1384 	    bpf_validate(fcode, (int)flen)) {
1385 		BPFD_LOCK(d);
1386 		if (wfilter)
1387 			d->bd_wfilter = fcode;
1388 		else {
1389 			d->bd_rfilter = fcode;
1390 #ifdef BPF_JITTER
1391 			d->bd_bfilter = bpf_jitter(fcode, flen);
1392 #endif
1393 			if (cmd == BIOCSETF)
1394 				reset_d(d);
1395 		}
1396 		BPFD_UNLOCK(d);
1397 		if (old != NULL)
1398 			free((caddr_t)old, M_BPF);
1399 #ifdef BPF_JITTER
1400 		if (ofunc != NULL)
1401 			bpf_destroy_jit_filter(ofunc);
1402 #endif
1403 
1404 		return (0);
1405 	}
1406 	free((caddr_t)fcode, M_BPF);
1407 	return (EINVAL);
1408 }
1409 
1410 /*
1411  * Detach a file from its current interface (if attached at all) and attach
1412  * to the interface indicated by the name stored in ifr.
1413  * Return an errno or 0.
1414  */
1415 static int
1416 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
1417 {
1418 	struct bpf_if *bp;
1419 	struct ifnet *theywant;
1420 
1421 	theywant = ifunit(ifr->ifr_name);
1422 	if (theywant == NULL || theywant->if_bpf == NULL)
1423 		return (ENXIO);
1424 
1425 	bp = theywant->if_bpf;
1426 
1427 	/*
1428 	 * Behavior here depends on the buffering model.  If we're using
1429 	 * kernel memory buffers, then we can allocate them here.  If we're
1430 	 * using zero-copy, then the user process must have registered
1431 	 * buffers by the time we get here.  If not, return an error.
1432 	 *
1433 	 * XXXRW: There are locking issues here with multi-threaded use: what
1434 	 * if two threads try to set the interface at once?
1435 	 */
1436 	switch (d->bd_bufmode) {
1437 	case BPF_BUFMODE_BUFFER:
1438 		if (d->bd_sbuf == NULL)
1439 			bpf_buffer_alloc(d);
1440 		KASSERT(d->bd_sbuf != NULL, ("bpf_setif: bd_sbuf NULL"));
1441 		break;
1442 
1443 	case BPF_BUFMODE_ZBUF:
1444 		if (d->bd_sbuf == NULL)
1445 			return (EINVAL);
1446 		break;
1447 
1448 	default:
1449 		panic("bpf_setif: bufmode %d", d->bd_bufmode);
1450 	}
1451 	if (bp != d->bd_bif) {
1452 		if (d->bd_bif)
1453 			/*
1454 			 * Detach if attached to something else.
1455 			 */
1456 			bpf_detachd(d);
1457 
1458 		bpf_attachd(d, bp);
1459 	}
1460 	BPFD_LOCK(d);
1461 	reset_d(d);
1462 	BPFD_UNLOCK(d);
1463 	return (0);
1464 }
1465 
1466 /*
1467  * Support for select() and poll() system calls
1468  *
1469  * Return true iff the specific operation will not block indefinitely.
1470  * Otherwise, return false but make a note that a selwakeup() must be done.
1471  */
1472 static int
1473 bpfpoll(struct cdev *dev, int events, struct thread *td)
1474 {
1475 	struct bpf_d *d;
1476 	int revents;
1477 
1478 	if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL)
1479 		return (events &
1480 		    (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
1481 
1482 	/*
1483 	 * Refresh PID associated with this descriptor.
1484 	 */
1485 	revents = events & (POLLOUT | POLLWRNORM);
1486 	BPFD_LOCK(d);
1487 	d->bd_pid = td->td_proc->p_pid;
1488 	if (events & (POLLIN | POLLRDNORM)) {
1489 		if (bpf_ready(d))
1490 			revents |= events & (POLLIN | POLLRDNORM);
1491 		else {
1492 			selrecord(td, &d->bd_sel);
1493 			/* Start the read timeout if necessary. */
1494 			if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1495 				callout_reset(&d->bd_callout, d->bd_rtout,
1496 				    bpf_timed_out, d);
1497 				d->bd_state = BPF_WAITING;
1498 			}
1499 		}
1500 	}
1501 	BPFD_UNLOCK(d);
1502 	return (revents);
1503 }
1504 
1505 /*
1506  * Support for kevent() system call.  Register EVFILT_READ filters and
1507  * reject all others.
1508  */
1509 int
1510 bpfkqfilter(struct cdev *dev, struct knote *kn)
1511 {
1512 	struct bpf_d *d;
1513 
1514 	if (devfs_get_cdevpriv((void **)&d) != 0 ||
1515 	    kn->kn_filter != EVFILT_READ)
1516 		return (1);
1517 
1518 	/*
1519 	 * Refresh PID associated with this descriptor.
1520 	 */
1521 	BPFD_LOCK(d);
1522 	d->bd_pid = curthread->td_proc->p_pid;
1523 	kn->kn_fop = &bpfread_filtops;
1524 	kn->kn_hook = d;
1525 	knlist_add(&d->bd_sel.si_note, kn, 1);
1526 	BPFD_UNLOCK(d);
1527 
1528 	return (0);
1529 }
1530 
1531 static void
1532 filt_bpfdetach(struct knote *kn)
1533 {
1534 	struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1535 
1536 	knlist_remove(&d->bd_sel.si_note, kn, 0);
1537 }
1538 
1539 static int
1540 filt_bpfread(struct knote *kn, long hint)
1541 {
1542 	struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1543 	int ready;
1544 
1545 	BPFD_LOCK_ASSERT(d);
1546 	ready = bpf_ready(d);
1547 	if (ready) {
1548 		kn->kn_data = d->bd_slen;
1549 		if (d->bd_hbuf)
1550 			kn->kn_data += d->bd_hlen;
1551 	}
1552 	else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1553 		callout_reset(&d->bd_callout, d->bd_rtout,
1554 		    bpf_timed_out, d);
1555 		d->bd_state = BPF_WAITING;
1556 	}
1557 
1558 	return (ready);
1559 }
1560 
1561 /*
1562  * Incoming linkage from device drivers.  Process the packet pkt, of length
1563  * pktlen, which is stored in a contiguous buffer.  The packet is parsed
1564  * by each process' filter, and if accepted, stashed into the corresponding
1565  * buffer.
1566  */
1567 void
1568 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
1569 {
1570 	struct bpf_d *d;
1571 	u_int slen;
1572 	int gottime;
1573 	struct timeval tv;
1574 
1575 	gottime = 0;
1576 	BPFIF_LOCK(bp);
1577 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1578 		BPFD_LOCK(d);
1579 		++d->bd_rcount;
1580 		/*
1581 		 * NB: We dont call BPF_CHECK_DIRECTION() here since there is no
1582 		 * way for the caller to indiciate to us whether this packet
1583 		 * is inbound or outbound.  In the bpf_mtap() routines, we use
1584 		 * the interface pointers on the mbuf to figure it out.
1585 		 */
1586 #ifdef BPF_JITTER
1587 		if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL)
1588 			slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen);
1589 		else
1590 #endif
1591 		slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
1592 		if (slen != 0) {
1593 			d->bd_fcount++;
1594 			if (!gottime) {
1595 				microtime(&tv);
1596 				gottime = 1;
1597 			}
1598 #ifdef MAC
1599 			if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
1600 #endif
1601 				catchpacket(d, pkt, pktlen, slen,
1602 				    bpf_append_bytes, &tv);
1603 		}
1604 		BPFD_UNLOCK(d);
1605 	}
1606 	BPFIF_UNLOCK(bp);
1607 }
1608 
1609 #define	BPF_CHECK_DIRECTION(d, r, i)				\
1610 	    (((d)->bd_direction == BPF_D_IN && (r) != (i)) ||	\
1611 	    ((d)->bd_direction == BPF_D_OUT && (r) == (i)))
1612 
1613 /*
1614  * Incoming linkage from device drivers, when packet is in an mbuf chain.
1615  */
1616 void
1617 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
1618 {
1619 	struct bpf_d *d;
1620 	u_int pktlen, slen;
1621 	int gottime;
1622 	struct timeval tv;
1623 
1624 	/* Skip outgoing duplicate packets. */
1625 	if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
1626 		m->m_flags &= ~M_PROMISC;
1627 		return;
1628 	}
1629 
1630 	gottime = 0;
1631 
1632 	pktlen = m_length(m, NULL);
1633 
1634 	BPFIF_LOCK(bp);
1635 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1636 		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
1637 			continue;
1638 		BPFD_LOCK(d);
1639 		++d->bd_rcount;
1640 #ifdef BPF_JITTER
1641 		/* XXX We cannot handle multiple mbufs. */
1642 		if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL &&
1643 		    m->m_next == NULL)
1644 			slen = (*(d->bd_bfilter->func))(mtod(m, u_char *),
1645 			    pktlen, pktlen);
1646 		else
1647 #endif
1648 		slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
1649 		if (slen != 0) {
1650 			d->bd_fcount++;
1651 			if (!gottime) {
1652 				microtime(&tv);
1653 				gottime = 1;
1654 			}
1655 #ifdef MAC
1656 			if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
1657 #endif
1658 				catchpacket(d, (u_char *)m, pktlen, slen,
1659 				    bpf_append_mbuf, &tv);
1660 		}
1661 		BPFD_UNLOCK(d);
1662 	}
1663 	BPFIF_UNLOCK(bp);
1664 }
1665 
1666 /*
1667  * Incoming linkage from device drivers, when packet is in
1668  * an mbuf chain and to be prepended by a contiguous header.
1669  */
1670 void
1671 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
1672 {
1673 	struct mbuf mb;
1674 	struct bpf_d *d;
1675 	u_int pktlen, slen;
1676 	int gottime;
1677 	struct timeval tv;
1678 
1679 	/* Skip outgoing duplicate packets. */
1680 	if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
1681 		m->m_flags &= ~M_PROMISC;
1682 		return;
1683 	}
1684 
1685 	gottime = 0;
1686 
1687 	pktlen = m_length(m, NULL);
1688 	/*
1689 	 * Craft on-stack mbuf suitable for passing to bpf_filter.
1690 	 * Note that we cut corners here; we only setup what's
1691 	 * absolutely needed--this mbuf should never go anywhere else.
1692 	 */
1693 	mb.m_next = m;
1694 	mb.m_data = data;
1695 	mb.m_len = dlen;
1696 	pktlen += dlen;
1697 
1698 	BPFIF_LOCK(bp);
1699 	LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1700 		if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
1701 			continue;
1702 		BPFD_LOCK(d);
1703 		++d->bd_rcount;
1704 		slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
1705 		if (slen != 0) {
1706 			d->bd_fcount++;
1707 			if (!gottime) {
1708 				microtime(&tv);
1709 				gottime = 1;
1710 			}
1711 #ifdef MAC
1712 			if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
1713 #endif
1714 				catchpacket(d, (u_char *)&mb, pktlen, slen,
1715 				    bpf_append_mbuf, &tv);
1716 		}
1717 		BPFD_UNLOCK(d);
1718 	}
1719 	BPFIF_UNLOCK(bp);
1720 }
1721 
1722 #undef	BPF_CHECK_DIRECTION
1723 
1724 /*
1725  * Move the packet data from interface memory (pkt) into the
1726  * store buffer.  "cpfn" is the routine called to do the actual data
1727  * transfer.  bcopy is passed in to copy contiguous chunks, while
1728  * bpf_append_mbuf is passed in to copy mbuf chains.  In the latter case,
1729  * pkt is really an mbuf.
1730  */
1731 static void
1732 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
1733     void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int),
1734     struct timeval *tv)
1735 {
1736 	struct bpf_hdr hdr;
1737 	int totlen, curlen;
1738 	int hdrlen = d->bd_bif->bif_hdrlen;
1739 	int do_wakeup = 0;
1740 
1741 	BPFD_LOCK_ASSERT(d);
1742 
1743 	/*
1744 	 * Detect whether user space has released a buffer back to us, and if
1745 	 * so, move it from being a hold buffer to a free buffer.  This may
1746 	 * not be the best place to do it (for example, we might only want to
1747 	 * run this check if we need the space), but for now it's a reliable
1748 	 * spot to do it.
1749 	 */
1750 	if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) {
1751 		d->bd_fbuf = d->bd_hbuf;
1752 		d->bd_hbuf = NULL;
1753 		d->bd_hlen = 0;
1754 		bpf_buf_reclaimed(d);
1755 	}
1756 
1757 	/*
1758 	 * Figure out how many bytes to move.  If the packet is
1759 	 * greater or equal to the snapshot length, transfer that
1760 	 * much.  Otherwise, transfer the whole packet (unless
1761 	 * we hit the buffer size limit).
1762 	 */
1763 	totlen = hdrlen + min(snaplen, pktlen);
1764 	if (totlen > d->bd_bufsize)
1765 		totlen = d->bd_bufsize;
1766 
1767 	/*
1768 	 * Round up the end of the previous packet to the next longword.
1769 	 *
1770 	 * Drop the packet if there's no room and no hope of room
1771 	 * If the packet would overflow the storage buffer or the storage
1772 	 * buffer is considered immutable by the buffer model, try to rotate
1773 	 * the buffer and wakeup pending processes.
1774 	 */
1775 	curlen = BPF_WORDALIGN(d->bd_slen);
1776 	if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) {
1777 		if (d->bd_fbuf == NULL) {
1778 			/*
1779 			 * There's no room in the store buffer, and no
1780 			 * prospect of room, so drop the packet.  Notify the
1781 			 * buffer model.
1782 			 */
1783 			bpf_buffull(d);
1784 			++d->bd_dcount;
1785 			return;
1786 		}
1787 		ROTATE_BUFFERS(d);
1788 		do_wakeup = 1;
1789 		curlen = 0;
1790 	} else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
1791 		/*
1792 		 * Immediate mode is set, or the read timeout has already
1793 		 * expired during a select call.  A packet arrived, so the
1794 		 * reader should be woken up.
1795 		 */
1796 		do_wakeup = 1;
1797 
1798 	/*
1799 	 * Append the bpf header.  Note we append the actual header size, but
1800 	 * move forward the length of the header plus padding.
1801 	 */
1802 	bzero(&hdr, sizeof(hdr));
1803 	hdr.bh_tstamp = *tv;
1804 	hdr.bh_datalen = pktlen;
1805 	hdr.bh_hdrlen = hdrlen;
1806 	hdr.bh_caplen = totlen - hdrlen;
1807 	bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr));
1808 
1809 	/*
1810 	 * Copy the packet data into the store buffer and update its length.
1811 	 */
1812 	(*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, hdr.bh_caplen);
1813 	d->bd_slen = curlen + totlen;
1814 
1815 	if (do_wakeup)
1816 		bpf_wakeup(d);
1817 }
1818 
1819 /*
1820  * Free buffers currently in use by a descriptor.
1821  * Called on close.
1822  */
1823 static void
1824 bpf_freed(struct bpf_d *d)
1825 {
1826 
1827 	/*
1828 	 * We don't need to lock out interrupts since this descriptor has
1829 	 * been detached from its interface and it yet hasn't been marked
1830 	 * free.
1831 	 */
1832 	bpf_free(d);
1833 	if (d->bd_rfilter) {
1834 		free((caddr_t)d->bd_rfilter, M_BPF);
1835 #ifdef BPF_JITTER
1836 		bpf_destroy_jit_filter(d->bd_bfilter);
1837 #endif
1838 	}
1839 	if (d->bd_wfilter)
1840 		free((caddr_t)d->bd_wfilter, M_BPF);
1841 	mtx_destroy(&d->bd_mtx);
1842 }
1843 
1844 /*
1845  * Attach an interface to bpf.  dlt is the link layer type; hdrlen is the
1846  * fixed size of the link header (variable length headers not yet supported).
1847  */
1848 void
1849 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
1850 {
1851 
1852 	bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
1853 }
1854 
1855 /*
1856  * Attach an interface to bpf.  ifp is a pointer to the structure
1857  * defining the interface to be attached, dlt is the link layer type,
1858  * and hdrlen is the fixed size of the link header (variable length
1859  * headers are not yet supporrted).
1860  */
1861 void
1862 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
1863 {
1864 	struct bpf_if *bp;
1865 
1866 	bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
1867 	if (bp == NULL)
1868 		panic("bpfattach");
1869 
1870 	LIST_INIT(&bp->bif_dlist);
1871 	bp->bif_ifp = ifp;
1872 	bp->bif_dlt = dlt;
1873 	mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF);
1874 	KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
1875 	*driverp = bp;
1876 
1877 	mtx_lock(&bpf_mtx);
1878 	LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
1879 	mtx_unlock(&bpf_mtx);
1880 
1881 	/*
1882 	 * Compute the length of the bpf header.  This is not necessarily
1883 	 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1884 	 * that the network layer header begins on a longword boundary (for
1885 	 * performance reasons and to alleviate alignment restrictions).
1886 	 */
1887 	bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1888 
1889 	if (bootverbose)
1890 		if_printf(ifp, "bpf attached\n");
1891 }
1892 
1893 /*
1894  * Detach bpf from an interface.  This involves detaching each descriptor
1895  * associated with the interface, and leaving bd_bif NULL.  Notify each
1896  * descriptor as it's detached so that any sleepers wake up and get
1897  * ENXIO.
1898  */
1899 void
1900 bpfdetach(struct ifnet *ifp)
1901 {
1902 	struct bpf_if	*bp;
1903 	struct bpf_d	*d;
1904 
1905 	/* Locate BPF interface information */
1906 	mtx_lock(&bpf_mtx);
1907 	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1908 		if (ifp == bp->bif_ifp)
1909 			break;
1910 	}
1911 
1912 	/* Interface wasn't attached */
1913 	if ((bp == NULL) || (bp->bif_ifp == NULL)) {
1914 		mtx_unlock(&bpf_mtx);
1915 		printf("bpfdetach: %s was not attached\n", ifp->if_xname);
1916 		return;
1917 	}
1918 
1919 	LIST_REMOVE(bp, bif_next);
1920 	mtx_unlock(&bpf_mtx);
1921 
1922 	while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
1923 		bpf_detachd(d);
1924 		BPFD_LOCK(d);
1925 		bpf_wakeup(d);
1926 		BPFD_UNLOCK(d);
1927 	}
1928 
1929 	mtx_destroy(&bp->bif_mtx);
1930 	free(bp, M_BPF);
1931 }
1932 
1933 /*
1934  * Get a list of available data link type of the interface.
1935  */
1936 static int
1937 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
1938 {
1939 	int n, error;
1940 	struct ifnet *ifp;
1941 	struct bpf_if *bp;
1942 
1943 	ifp = d->bd_bif->bif_ifp;
1944 	n = 0;
1945 	error = 0;
1946 	mtx_lock(&bpf_mtx);
1947 	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1948 		if (bp->bif_ifp != ifp)
1949 			continue;
1950 		if (bfl->bfl_list != NULL) {
1951 			if (n >= bfl->bfl_len) {
1952 				mtx_unlock(&bpf_mtx);
1953 				return (ENOMEM);
1954 			}
1955 			error = copyout(&bp->bif_dlt,
1956 			    bfl->bfl_list + n, sizeof(u_int));
1957 		}
1958 		n++;
1959 	}
1960 	mtx_unlock(&bpf_mtx);
1961 	bfl->bfl_len = n;
1962 	return (error);
1963 }
1964 
1965 /*
1966  * Set the data link type of a BPF instance.
1967  */
1968 static int
1969 bpf_setdlt(struct bpf_d *d, u_int dlt)
1970 {
1971 	int error, opromisc;
1972 	struct ifnet *ifp;
1973 	struct bpf_if *bp;
1974 
1975 	if (d->bd_bif->bif_dlt == dlt)
1976 		return (0);
1977 	ifp = d->bd_bif->bif_ifp;
1978 	mtx_lock(&bpf_mtx);
1979 	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1980 		if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1981 			break;
1982 	}
1983 	mtx_unlock(&bpf_mtx);
1984 	if (bp != NULL) {
1985 		opromisc = d->bd_promisc;
1986 		bpf_detachd(d);
1987 		bpf_attachd(d, bp);
1988 		BPFD_LOCK(d);
1989 		reset_d(d);
1990 		BPFD_UNLOCK(d);
1991 		if (opromisc) {
1992 			error = ifpromisc(bp->bif_ifp, 1);
1993 			if (error)
1994 				if_printf(bp->bif_ifp,
1995 					"bpf_setdlt: ifpromisc failed (%d)\n",
1996 					error);
1997 			else
1998 				d->bd_promisc = 1;
1999 		}
2000 	}
2001 	return (bp == NULL ? EINVAL : 0);
2002 }
2003 
2004 static void
2005 bpf_drvinit(void *unused)
2006 {
2007 	struct cdev *dev;
2008 
2009 	mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
2010 	LIST_INIT(&bpf_iflist);
2011 
2012 	dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf");
2013 	/* For compatibility */
2014 	make_dev_alias(dev, "bpf0");
2015 
2016 }
2017 
2018 static void
2019 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
2020 {
2021 
2022 	bzero(d, sizeof(*d));
2023 	BPFD_LOCK_ASSERT(bd);
2024 	d->bd_structsize = sizeof(*d);
2025 	d->bd_immediate = bd->bd_immediate;
2026 	d->bd_promisc = bd->bd_promisc;
2027 	d->bd_hdrcmplt = bd->bd_hdrcmplt;
2028 	d->bd_direction = bd->bd_direction;
2029 	d->bd_feedback = bd->bd_feedback;
2030 	d->bd_async = bd->bd_async;
2031 	d->bd_rcount = bd->bd_rcount;
2032 	d->bd_dcount = bd->bd_dcount;
2033 	d->bd_fcount = bd->bd_fcount;
2034 	d->bd_sig = bd->bd_sig;
2035 	d->bd_slen = bd->bd_slen;
2036 	d->bd_hlen = bd->bd_hlen;
2037 	d->bd_bufsize = bd->bd_bufsize;
2038 	d->bd_pid = bd->bd_pid;
2039 	strlcpy(d->bd_ifname,
2040 	    bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
2041 	d->bd_locked = bd->bd_locked;
2042 	d->bd_wcount = bd->bd_wcount;
2043 	d->bd_wdcount = bd->bd_wdcount;
2044 	d->bd_wfcount = bd->bd_wfcount;
2045 	d->bd_zcopy = bd->bd_zcopy;
2046 	d->bd_bufmode = bd->bd_bufmode;
2047 }
2048 
2049 static int
2050 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
2051 {
2052 	struct xbpf_d *xbdbuf, *xbd;
2053 	int index, error;
2054 	struct bpf_if *bp;
2055 	struct bpf_d *bd;
2056 
2057 	/*
2058 	 * XXX This is not technically correct. It is possible for non
2059 	 * privileged users to open bpf devices. It would make sense
2060 	 * if the users who opened the devices were able to retrieve
2061 	 * the statistics for them, too.
2062 	 */
2063 	error = priv_check(req->td, PRIV_NET_BPF);
2064 	if (error)
2065 		return (error);
2066 	if (req->oldptr == NULL)
2067 		return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
2068 	if (bpf_bpfd_cnt == 0)
2069 		return (SYSCTL_OUT(req, 0, 0));
2070 	xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
2071 	mtx_lock(&bpf_mtx);
2072 	if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
2073 		mtx_unlock(&bpf_mtx);
2074 		free(xbdbuf, M_BPF);
2075 		return (ENOMEM);
2076 	}
2077 	index = 0;
2078 	LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2079 		BPFIF_LOCK(bp);
2080 		LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2081 			xbd = &xbdbuf[index++];
2082 			BPFD_LOCK(bd);
2083 			bpfstats_fill_xbpf(xbd, bd);
2084 			BPFD_UNLOCK(bd);
2085 		}
2086 		BPFIF_UNLOCK(bp);
2087 	}
2088 	mtx_unlock(&bpf_mtx);
2089 	error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
2090 	free(xbdbuf, M_BPF);
2091 	return (error);
2092 }
2093 
2094 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL);
2095 
2096 #else /* !DEV_BPF && !NETGRAPH_BPF */
2097 /*
2098  * NOP stubs to allow bpf-using drivers to load and function.
2099  *
2100  * A 'better' implementation would allow the core bpf functionality
2101  * to be loaded at runtime.
2102  */
2103 static struct bpf_if bp_null;
2104 
2105 void
2106 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
2107 {
2108 }
2109 
2110 void
2111 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2112 {
2113 }
2114 
2115 void
2116 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
2117 {
2118 }
2119 
2120 void
2121 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2122 {
2123 
2124 	bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2125 }
2126 
2127 void
2128 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
2129 {
2130 
2131 	*driverp = &bp_null;
2132 }
2133 
2134 void
2135 bpfdetach(struct ifnet *ifp)
2136 {
2137 }
2138 
2139 u_int
2140 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
2141 {
2142 	return -1;	/* "no filter" behaviour */
2143 }
2144 
2145 int
2146 bpf_validate(const struct bpf_insn *f, int len)
2147 {
2148 	return 0;		/* false */
2149 }
2150 
2151 #endif /* !DEV_BPF && !NETGRAPH_BPF */
2152