1 /* 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 39 * 40 * $FreeBSD$ 41 */ 42 43 #include "opt_bpf.h" 44 #include "opt_mac.h" 45 #include "opt_netgraph.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/conf.h> 50 #include <sys/mac.h> 51 #include <sys/malloc.h> 52 #include <sys/mbuf.h> 53 #include <sys/time.h> 54 #include <sys/proc.h> 55 #include <sys/signalvar.h> 56 #include <sys/filio.h> 57 #include <sys/sockio.h> 58 #include <sys/ttycom.h> 59 #include <sys/filedesc.h> 60 61 #include <sys/poll.h> 62 63 #include <sys/socket.h> 64 #include <sys/vnode.h> 65 66 #include <net/if.h> 67 #include <net/bpf.h> 68 #include <net/bpfdesc.h> 69 70 #include <netinet/in.h> 71 #include <netinet/if_ether.h> 72 #include <sys/kernel.h> 73 #include <sys/sysctl.h> 74 75 static MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 76 77 #if defined(DEV_BPF) || defined(NETGRAPH_BPF) 78 79 #define PRINET 26 /* interruptible */ 80 81 /* 82 * The default read buffer size is patchable. 83 */ 84 static int bpf_bufsize = 4096; 85 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW, 86 &bpf_bufsize, 0, ""); 87 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 88 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW, 89 &bpf_maxbufsize, 0, ""); 90 91 /* 92 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 93 */ 94 static struct bpf_if *bpf_iflist; 95 static struct mtx bpf_mtx; /* bpf global lock */ 96 97 static int bpf_allocbufs(struct bpf_d *); 98 static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp); 99 static void bpf_detachd(struct bpf_d *d); 100 static void bpf_freed(struct bpf_d *); 101 static void bpf_mcopy(const void *, void *, size_t); 102 static int bpf_movein(struct uio *, int, 103 struct mbuf **, struct sockaddr *, int *); 104 static int bpf_setif(struct bpf_d *, struct ifreq *); 105 static void bpf_timed_out(void *); 106 static __inline void 107 bpf_wakeup(struct bpf_d *); 108 static void catchpacket(struct bpf_d *, u_char *, u_int, 109 u_int, void (*)(const void *, void *, size_t)); 110 static void reset_d(struct bpf_d *); 111 static int bpf_setf(struct bpf_d *, struct bpf_program *); 112 113 static d_open_t bpfopen; 114 static d_close_t bpfclose; 115 static d_read_t bpfread; 116 static d_write_t bpfwrite; 117 static d_ioctl_t bpfioctl; 118 static d_poll_t bpfpoll; 119 120 #define CDEV_MAJOR 23 121 static struct cdevsw bpf_cdevsw = { 122 /* open */ bpfopen, 123 /* close */ bpfclose, 124 /* read */ bpfread, 125 /* write */ bpfwrite, 126 /* ioctl */ bpfioctl, 127 /* poll */ bpfpoll, 128 /* mmap */ nommap, 129 /* strategy */ nostrategy, 130 /* name */ "bpf", 131 /* maj */ CDEV_MAJOR, 132 /* dump */ nodump, 133 /* psize */ nopsize, 134 /* flags */ 0, 135 }; 136 137 138 static int 139 bpf_movein(uio, linktype, mp, sockp, datlen) 140 register struct uio *uio; 141 int linktype, *datlen; 142 register struct mbuf **mp; 143 register struct sockaddr *sockp; 144 { 145 struct mbuf *m; 146 int error; 147 int len; 148 int hlen; 149 150 /* 151 * Build a sockaddr based on the data link layer type. 152 * We do this at this level because the ethernet header 153 * is copied directly into the data field of the sockaddr. 154 * In the case of SLIP, there is no header and the packet 155 * is forwarded as is. 156 * Also, we are careful to leave room at the front of the mbuf 157 * for the link level header. 158 */ 159 switch (linktype) { 160 161 case DLT_SLIP: 162 sockp->sa_family = AF_INET; 163 hlen = 0; 164 break; 165 166 case DLT_EN10MB: 167 sockp->sa_family = AF_UNSPEC; 168 /* XXX Would MAXLINKHDR be better? */ 169 hlen = sizeof(struct ether_header); 170 break; 171 172 case DLT_FDDI: 173 sockp->sa_family = AF_IMPLINK; 174 hlen = 0; 175 break; 176 177 case DLT_RAW: 178 case DLT_NULL: 179 sockp->sa_family = AF_UNSPEC; 180 hlen = 0; 181 break; 182 183 case DLT_ATM_RFC1483: 184 /* 185 * en atm driver requires 4-byte atm pseudo header. 186 * though it isn't standard, vpi:vci needs to be 187 * specified anyway. 188 */ 189 sockp->sa_family = AF_UNSPEC; 190 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 191 break; 192 193 case DLT_PPP: 194 sockp->sa_family = AF_UNSPEC; 195 hlen = 4; /* This should match PPP_HDRLEN */ 196 break; 197 198 default: 199 return (EIO); 200 } 201 202 len = uio->uio_resid; 203 *datlen = len - hlen; 204 if ((unsigned)len > MCLBYTES) 205 return (EIO); 206 207 MGETHDR(m, M_TRYWAIT, MT_DATA); 208 if (m == 0) 209 return (ENOBUFS); 210 if (len > MHLEN) { 211 MCLGET(m, M_TRYWAIT); 212 if ((m->m_flags & M_EXT) == 0) { 213 error = ENOBUFS; 214 goto bad; 215 } 216 } 217 m->m_pkthdr.len = m->m_len = len; 218 m->m_pkthdr.rcvif = NULL; 219 *mp = m; 220 /* 221 * Make room for link header. 222 */ 223 if (hlen != 0) { 224 m->m_pkthdr.len -= hlen; 225 m->m_len -= hlen; 226 #if BSD >= 199103 227 m->m_data += hlen; /* XXX */ 228 #else 229 m->m_off += hlen; 230 #endif 231 error = uiomove((caddr_t)sockp->sa_data, hlen, uio); 232 if (error) 233 goto bad; 234 } 235 error = uiomove(mtod(m, caddr_t), len - hlen, uio); 236 if (!error) 237 return (0); 238 bad: 239 m_freem(m); 240 return (error); 241 } 242 243 /* 244 * Attach file to the bpf interface, i.e. make d listen on bp. 245 */ 246 static void 247 bpf_attachd(d, bp) 248 struct bpf_d *d; 249 struct bpf_if *bp; 250 { 251 /* 252 * Point d at bp, and add d to the interface's list of listeners. 253 * Finally, point the driver's bpf cookie at the interface so 254 * it will divert packets to bpf. 255 */ 256 BPFIF_LOCK(bp); 257 d->bd_bif = bp; 258 d->bd_next = bp->bif_dlist; 259 bp->bif_dlist = d; 260 261 bp->bif_ifp->if_bpf = bp; 262 BPFIF_UNLOCK(bp); 263 } 264 265 /* 266 * Detach a file from its interface. 267 */ 268 static void 269 bpf_detachd(d) 270 struct bpf_d *d; 271 { 272 int error; 273 struct bpf_d **p; 274 struct bpf_if *bp; 275 276 bp = d->bd_bif; 277 /* 278 * Check if this descriptor had requested promiscuous mode. 279 * If so, turn it off. 280 */ 281 if (d->bd_promisc) { 282 d->bd_promisc = 0; 283 error = ifpromisc(bp->bif_ifp, 0); 284 if (error != 0 && error != ENXIO) { 285 /* 286 * ENXIO can happen if a pccard is unplugged 287 * Something is really wrong if we were able to put 288 * the driver into promiscuous mode, but can't 289 * take it out. 290 */ 291 if_printf(bp->bif_ifp, "ifpromisc failed %d\n", error); 292 } 293 } 294 /* Remove d from the interface's descriptor list. */ 295 BPFIF_LOCK(bp); 296 p = &bp->bif_dlist; 297 while (*p != d) { 298 p = &(*p)->bd_next; 299 if (*p == 0) 300 panic("bpf_detachd: descriptor not in list"); 301 } 302 *p = (*p)->bd_next; 303 if (bp->bif_dlist == 0) 304 /* 305 * Let the driver know that there are no more listeners. 306 */ 307 d->bd_bif->bif_ifp->if_bpf = 0; 308 BPFIF_UNLOCK(bp); 309 d->bd_bif = 0; 310 } 311 312 /* 313 * Open ethernet device. Returns ENXIO for illegal minor device number, 314 * EBUSY if file is open by another process. 315 */ 316 /* ARGSUSED */ 317 static int 318 bpfopen(dev, flags, fmt, td) 319 dev_t dev; 320 int flags; 321 int fmt; 322 struct thread *td; 323 { 324 struct bpf_d *d; 325 326 mtx_lock(&bpf_mtx); 327 d = dev->si_drv1; 328 /* 329 * Each minor can be opened by only one process. If the requested 330 * minor is in use, return EBUSY. 331 */ 332 if (d) { 333 mtx_unlock(&bpf_mtx); 334 return (EBUSY); 335 } 336 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */ 337 mtx_unlock(&bpf_mtx); 338 339 if ((dev->si_flags & SI_NAMED) == 0) 340 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 341 "bpf%d", dev2unit(dev)); 342 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 343 dev->si_drv1 = d; 344 d->bd_bufsize = bpf_bufsize; 345 d->bd_sig = SIGIO; 346 d->bd_seesent = 1; 347 #ifdef MAC 348 mac_init_bpfdesc(d); 349 mac_create_bpfdesc(td->td_ucred, d); 350 #endif 351 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 352 callout_init(&d->bd_callout, 1); 353 354 return (0); 355 } 356 357 /* 358 * Close the descriptor by detaching it from its interface, 359 * deallocating its buffers, and marking it free. 360 */ 361 /* ARGSUSED */ 362 static int 363 bpfclose(dev, flags, fmt, td) 364 dev_t dev; 365 int flags; 366 int fmt; 367 struct thread *td; 368 { 369 struct bpf_d *d = dev->si_drv1; 370 371 BPFD_LOCK(d); 372 if (d->bd_state == BPF_WAITING) 373 callout_stop(&d->bd_callout); 374 d->bd_state = BPF_IDLE; 375 BPFD_UNLOCK(d); 376 funsetown(&d->bd_sigio); 377 mtx_lock(&bpf_mtx); 378 if (d->bd_bif) 379 bpf_detachd(d); 380 mtx_unlock(&bpf_mtx); 381 #ifdef MAC 382 mac_destroy_bpfdesc(d); 383 #endif /* MAC */ 384 bpf_freed(d); 385 dev->si_drv1 = 0; 386 free(d, M_BPF); 387 388 return (0); 389 } 390 391 392 /* 393 * Rotate the packet buffers in descriptor d. Move the store buffer 394 * into the hold slot, and the free buffer into the store slot. 395 * Zero the length of the new store buffer. 396 */ 397 #define ROTATE_BUFFERS(d) \ 398 (d)->bd_hbuf = (d)->bd_sbuf; \ 399 (d)->bd_hlen = (d)->bd_slen; \ 400 (d)->bd_sbuf = (d)->bd_fbuf; \ 401 (d)->bd_slen = 0; \ 402 (d)->bd_fbuf = 0; 403 /* 404 * bpfread - read next chunk of packets from buffers 405 */ 406 static int 407 bpfread(dev, uio, ioflag) 408 dev_t dev; 409 register struct uio *uio; 410 int ioflag; 411 { 412 struct bpf_d *d = dev->si_drv1; 413 int timed_out; 414 int error; 415 416 /* 417 * Restrict application to use a buffer the same size as 418 * as kernel buffers. 419 */ 420 if (uio->uio_resid != d->bd_bufsize) 421 return (EINVAL); 422 423 BPFD_LOCK(d); 424 if (d->bd_state == BPF_WAITING) 425 callout_stop(&d->bd_callout); 426 timed_out = (d->bd_state == BPF_TIMED_OUT); 427 d->bd_state = BPF_IDLE; 428 /* 429 * If the hold buffer is empty, then do a timed sleep, which 430 * ends when the timeout expires or when enough packets 431 * have arrived to fill the store buffer. 432 */ 433 while (d->bd_hbuf == 0) { 434 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 435 /* 436 * A packet(s) either arrived since the previous 437 * read or arrived while we were asleep. 438 * Rotate the buffers and return what's here. 439 */ 440 ROTATE_BUFFERS(d); 441 break; 442 } 443 444 /* 445 * No data is available, check to see if the bpf device 446 * is still pointed at a real interface. If not, return 447 * ENXIO so that the userland process knows to rebind 448 * it before using it again. 449 */ 450 if (d->bd_bif == NULL) { 451 BPFD_UNLOCK(d); 452 return (ENXIO); 453 } 454 455 if (ioflag & IO_NDELAY) { 456 BPFD_UNLOCK(d); 457 return (EWOULDBLOCK); 458 } 459 error = msleep((caddr_t)d, &d->bd_mtx, PRINET|PCATCH, 460 "bpf", d->bd_rtout); 461 if (error == EINTR || error == ERESTART) { 462 BPFD_UNLOCK(d); 463 return (error); 464 } 465 if (error == EWOULDBLOCK) { 466 /* 467 * On a timeout, return what's in the buffer, 468 * which may be nothing. If there is something 469 * in the store buffer, we can rotate the buffers. 470 */ 471 if (d->bd_hbuf) 472 /* 473 * We filled up the buffer in between 474 * getting the timeout and arriving 475 * here, so we don't need to rotate. 476 */ 477 break; 478 479 if (d->bd_slen == 0) { 480 BPFD_UNLOCK(d); 481 return (0); 482 } 483 ROTATE_BUFFERS(d); 484 break; 485 } 486 } 487 /* 488 * At this point, we know we have something in the hold slot. 489 */ 490 BPFD_UNLOCK(d); 491 492 /* 493 * Move data from hold buffer into user space. 494 * We know the entire buffer is transferred since 495 * we checked above that the read buffer is bpf_bufsize bytes. 496 */ 497 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 498 499 BPFD_LOCK(d); 500 d->bd_fbuf = d->bd_hbuf; 501 d->bd_hbuf = 0; 502 d->bd_hlen = 0; 503 BPFD_UNLOCK(d); 504 505 return (error); 506 } 507 508 509 /* 510 * If there are processes sleeping on this descriptor, wake them up. 511 */ 512 static __inline void 513 bpf_wakeup(d) 514 register struct bpf_d *d; 515 { 516 if (d->bd_state == BPF_WAITING) { 517 callout_stop(&d->bd_callout); 518 d->bd_state = BPF_IDLE; 519 } 520 wakeup((caddr_t)d); 521 if (d->bd_async && d->bd_sig && d->bd_sigio) 522 pgsigio(&d->bd_sigio, d->bd_sig, 0); 523 524 selwakeup(&d->bd_sel); 525 } 526 527 static void 528 bpf_timed_out(arg) 529 void *arg; 530 { 531 struct bpf_d *d = (struct bpf_d *)arg; 532 533 BPFD_LOCK(d); 534 if (d->bd_state == BPF_WAITING) { 535 d->bd_state = BPF_TIMED_OUT; 536 if (d->bd_slen != 0) 537 bpf_wakeup(d); 538 } 539 BPFD_UNLOCK(d); 540 } 541 542 static int 543 bpfwrite(dev, uio, ioflag) 544 dev_t dev; 545 struct uio *uio; 546 int ioflag; 547 { 548 struct bpf_d *d = dev->si_drv1; 549 struct ifnet *ifp; 550 struct mbuf *m; 551 int error; 552 static struct sockaddr dst; 553 int datlen; 554 555 if (d->bd_bif == 0) 556 return (ENXIO); 557 558 ifp = d->bd_bif->bif_ifp; 559 560 if (uio->uio_resid == 0) 561 return (0); 562 563 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen); 564 if (error) 565 return (error); 566 567 if (datlen > ifp->if_mtu) 568 return (EMSGSIZE); 569 570 if (d->bd_hdrcmplt) 571 dst.sa_family = pseudo_AF_HDRCMPLT; 572 573 mtx_lock(&Giant); 574 #ifdef MAC 575 mac_create_mbuf_from_bpfdesc(d, m); 576 #endif 577 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0); 578 mtx_unlock(&Giant); 579 /* 580 * The driver frees the mbuf. 581 */ 582 return (error); 583 } 584 585 /* 586 * Reset a descriptor by flushing its packet buffer and clearing the 587 * receive and drop counts. 588 */ 589 static void 590 reset_d(d) 591 struct bpf_d *d; 592 { 593 594 mtx_assert(&d->bd_mtx, MA_OWNED); 595 if (d->bd_hbuf) { 596 /* Free the hold buffer. */ 597 d->bd_fbuf = d->bd_hbuf; 598 d->bd_hbuf = 0; 599 } 600 d->bd_slen = 0; 601 d->bd_hlen = 0; 602 d->bd_rcount = 0; 603 d->bd_dcount = 0; 604 } 605 606 /* 607 * FIONREAD Check for read packet available. 608 * SIOCGIFADDR Get interface address - convenient hook to driver. 609 * BIOCGBLEN Get buffer len [for read()]. 610 * BIOCSETF Set ethernet read filter. 611 * BIOCFLUSH Flush read packet buffer. 612 * BIOCPROMISC Put interface into promiscuous mode. 613 * BIOCGDLT Get link layer type. 614 * BIOCGETIF Get interface name. 615 * BIOCSETIF Set interface. 616 * BIOCSRTIMEOUT Set read timeout. 617 * BIOCGRTIMEOUT Get read timeout. 618 * BIOCGSTATS Get packet stats. 619 * BIOCIMMEDIATE Set immediate mode. 620 * BIOCVERSION Get filter language version. 621 * BIOCGHDRCMPLT Get "header already complete" flag 622 * BIOCSHDRCMPLT Set "header already complete" flag 623 * BIOCGSEESENT Get "see packets sent" flag 624 * BIOCSSEESENT Set "see packets sent" flag 625 */ 626 /* ARGSUSED */ 627 static int 628 bpfioctl(dev, cmd, addr, flags, td) 629 dev_t dev; 630 u_long cmd; 631 caddr_t addr; 632 int flags; 633 struct thread *td; 634 { 635 struct bpf_d *d = dev->si_drv1; 636 int error = 0; 637 638 BPFD_LOCK(d); 639 if (d->bd_state == BPF_WAITING) 640 callout_stop(&d->bd_callout); 641 d->bd_state = BPF_IDLE; 642 BPFD_UNLOCK(d); 643 644 switch (cmd) { 645 646 default: 647 error = EINVAL; 648 break; 649 650 /* 651 * Check for read packet available. 652 */ 653 case FIONREAD: 654 { 655 int n; 656 657 BPFD_LOCK(d); 658 n = d->bd_slen; 659 if (d->bd_hbuf) 660 n += d->bd_hlen; 661 BPFD_UNLOCK(d); 662 663 *(int *)addr = n; 664 break; 665 } 666 667 case SIOCGIFADDR: 668 { 669 struct ifnet *ifp; 670 671 if (d->bd_bif == 0) 672 error = EINVAL; 673 else { 674 ifp = d->bd_bif->bif_ifp; 675 error = (*ifp->if_ioctl)(ifp, cmd, addr); 676 } 677 break; 678 } 679 680 /* 681 * Get buffer len [for read()]. 682 */ 683 case BIOCGBLEN: 684 *(u_int *)addr = d->bd_bufsize; 685 break; 686 687 /* 688 * Set buffer length. 689 */ 690 case BIOCSBLEN: 691 if (d->bd_bif != 0) 692 error = EINVAL; 693 else { 694 register u_int size = *(u_int *)addr; 695 696 if (size > bpf_maxbufsize) 697 *(u_int *)addr = size = bpf_maxbufsize; 698 else if (size < BPF_MINBUFSIZE) 699 *(u_int *)addr = size = BPF_MINBUFSIZE; 700 d->bd_bufsize = size; 701 } 702 break; 703 704 /* 705 * Set link layer read filter. 706 */ 707 case BIOCSETF: 708 error = bpf_setf(d, (struct bpf_program *)addr); 709 break; 710 711 /* 712 * Flush read packet buffer. 713 */ 714 case BIOCFLUSH: 715 BPFD_LOCK(d); 716 reset_d(d); 717 BPFD_UNLOCK(d); 718 break; 719 720 /* 721 * Put interface into promiscuous mode. 722 */ 723 case BIOCPROMISC: 724 if (d->bd_bif == 0) { 725 /* 726 * No interface attached yet. 727 */ 728 error = EINVAL; 729 break; 730 } 731 if (d->bd_promisc == 0) { 732 mtx_lock(&Giant); 733 error = ifpromisc(d->bd_bif->bif_ifp, 1); 734 mtx_unlock(&Giant); 735 if (error == 0) 736 d->bd_promisc = 1; 737 } 738 break; 739 740 /* 741 * Get device parameters. 742 */ 743 case BIOCGDLT: 744 if (d->bd_bif == 0) 745 error = EINVAL; 746 else 747 *(u_int *)addr = d->bd_bif->bif_dlt; 748 break; 749 750 /* 751 * Get interface name. 752 */ 753 case BIOCGETIF: 754 if (d->bd_bif == 0) 755 error = EINVAL; 756 else { 757 struct ifnet *const ifp = d->bd_bif->bif_ifp; 758 struct ifreq *const ifr = (struct ifreq *)addr; 759 760 snprintf(ifr->ifr_name, sizeof(ifr->ifr_name), 761 "%s%d", ifp->if_name, ifp->if_unit); 762 } 763 break; 764 765 /* 766 * Set interface. 767 */ 768 case BIOCSETIF: 769 error = bpf_setif(d, (struct ifreq *)addr); 770 break; 771 772 /* 773 * Set read timeout. 774 */ 775 case BIOCSRTIMEOUT: 776 { 777 struct timeval *tv = (struct timeval *)addr; 778 779 /* 780 * Subtract 1 tick from tvtohz() since this isn't 781 * a one-shot timer. 782 */ 783 if ((error = itimerfix(tv)) == 0) 784 d->bd_rtout = tvtohz(tv) - 1; 785 break; 786 } 787 788 /* 789 * Get read timeout. 790 */ 791 case BIOCGRTIMEOUT: 792 { 793 struct timeval *tv = (struct timeval *)addr; 794 795 tv->tv_sec = d->bd_rtout / hz; 796 tv->tv_usec = (d->bd_rtout % hz) * tick; 797 break; 798 } 799 800 /* 801 * Get packet stats. 802 */ 803 case BIOCGSTATS: 804 { 805 struct bpf_stat *bs = (struct bpf_stat *)addr; 806 807 bs->bs_recv = d->bd_rcount; 808 bs->bs_drop = d->bd_dcount; 809 break; 810 } 811 812 /* 813 * Set immediate mode. 814 */ 815 case BIOCIMMEDIATE: 816 d->bd_immediate = *(u_int *)addr; 817 break; 818 819 case BIOCVERSION: 820 { 821 struct bpf_version *bv = (struct bpf_version *)addr; 822 823 bv->bv_major = BPF_MAJOR_VERSION; 824 bv->bv_minor = BPF_MINOR_VERSION; 825 break; 826 } 827 828 /* 829 * Get "header already complete" flag 830 */ 831 case BIOCGHDRCMPLT: 832 *(u_int *)addr = d->bd_hdrcmplt; 833 break; 834 835 /* 836 * Set "header already complete" flag 837 */ 838 case BIOCSHDRCMPLT: 839 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 840 break; 841 842 /* 843 * Get "see sent packets" flag 844 */ 845 case BIOCGSEESENT: 846 *(u_int *)addr = d->bd_seesent; 847 break; 848 849 /* 850 * Set "see sent packets" flag 851 */ 852 case BIOCSSEESENT: 853 d->bd_seesent = *(u_int *)addr; 854 break; 855 856 case FIONBIO: /* Non-blocking I/O */ 857 break; 858 859 case FIOASYNC: /* Send signal on receive packets */ 860 d->bd_async = *(int *)addr; 861 break; 862 863 case FIOSETOWN: 864 error = fsetown(*(int *)addr, &d->bd_sigio); 865 break; 866 867 case FIOGETOWN: 868 *(int *)addr = fgetown(&d->bd_sigio); 869 break; 870 871 /* This is deprecated, FIOSETOWN should be used instead. */ 872 case TIOCSPGRP: 873 error = fsetown(-(*(int *)addr), &d->bd_sigio); 874 break; 875 876 /* This is deprecated, FIOGETOWN should be used instead. */ 877 case TIOCGPGRP: 878 *(int *)addr = -fgetown(&d->bd_sigio); 879 break; 880 881 case BIOCSRSIG: /* Set receive signal */ 882 { 883 u_int sig; 884 885 sig = *(u_int *)addr; 886 887 if (sig >= NSIG) 888 error = EINVAL; 889 else 890 d->bd_sig = sig; 891 break; 892 } 893 case BIOCGRSIG: 894 *(u_int *)addr = d->bd_sig; 895 break; 896 } 897 return (error); 898 } 899 900 /* 901 * Set d's packet filter program to fp. If this file already has a filter, 902 * free it and replace it. Returns EINVAL for bogus requests. 903 */ 904 static int 905 bpf_setf(d, fp) 906 struct bpf_d *d; 907 struct bpf_program *fp; 908 { 909 struct bpf_insn *fcode, *old; 910 u_int flen, size; 911 912 old = d->bd_filter; 913 if (fp->bf_insns == 0) { 914 if (fp->bf_len != 0) 915 return (EINVAL); 916 BPFD_LOCK(d); 917 d->bd_filter = 0; 918 reset_d(d); 919 BPFD_UNLOCK(d); 920 if (old != 0) 921 free((caddr_t)old, M_BPF); 922 return (0); 923 } 924 flen = fp->bf_len; 925 if (flen > BPF_MAXINSNS) 926 return (EINVAL); 927 928 size = flen * sizeof(*fp->bf_insns); 929 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 930 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 931 bpf_validate(fcode, (int)flen)) { 932 BPFD_LOCK(d); 933 d->bd_filter = fcode; 934 reset_d(d); 935 BPFD_UNLOCK(d); 936 if (old != 0) 937 free((caddr_t)old, M_BPF); 938 939 return (0); 940 } 941 free((caddr_t)fcode, M_BPF); 942 return (EINVAL); 943 } 944 945 /* 946 * Detach a file from its current interface (if attached at all) and attach 947 * to the interface indicated by the name stored in ifr. 948 * Return an errno or 0. 949 */ 950 static int 951 bpf_setif(d, ifr) 952 struct bpf_d *d; 953 struct ifreq *ifr; 954 { 955 struct bpf_if *bp; 956 int error; 957 struct ifnet *theywant; 958 959 theywant = ifunit(ifr->ifr_name); 960 if (theywant == 0) 961 return ENXIO; 962 963 /* 964 * Look through attached interfaces for the named one. 965 */ 966 mtx_lock(&bpf_mtx); 967 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 968 struct ifnet *ifp = bp->bif_ifp; 969 970 if (ifp == 0 || ifp != theywant) 971 continue; 972 973 mtx_unlock(&bpf_mtx); 974 /* 975 * We found the requested interface. 976 * If it's not up, return an error. 977 * Allocate the packet buffers if we need to. 978 * If we're already attached to requested interface, 979 * just flush the buffer. 980 */ 981 if ((ifp->if_flags & IFF_UP) == 0) 982 return (ENETDOWN); 983 984 if (d->bd_sbuf == 0) { 985 error = bpf_allocbufs(d); 986 if (error != 0) 987 return (error); 988 } 989 if (bp != d->bd_bif) { 990 if (d->bd_bif) 991 /* 992 * Detach if attached to something else. 993 */ 994 bpf_detachd(d); 995 996 bpf_attachd(d, bp); 997 } 998 BPFD_LOCK(d); 999 reset_d(d); 1000 BPFD_UNLOCK(d); 1001 return (0); 1002 } 1003 mtx_unlock(&bpf_mtx); 1004 /* Not found. */ 1005 return (ENXIO); 1006 } 1007 1008 /* 1009 * Support for select() and poll() system calls 1010 * 1011 * Return true iff the specific operation will not block indefinitely. 1012 * Otherwise, return false but make a note that a selwakeup() must be done. 1013 */ 1014 static int 1015 bpfpoll(dev, events, td) 1016 register dev_t dev; 1017 int events; 1018 struct thread *td; 1019 { 1020 struct bpf_d *d; 1021 int revents; 1022 1023 d = dev->si_drv1; 1024 if (d->bd_bif == NULL) 1025 return (ENXIO); 1026 1027 revents = events & (POLLOUT | POLLWRNORM); 1028 BPFD_LOCK(d); 1029 if (events & (POLLIN | POLLRDNORM)) { 1030 /* 1031 * An imitation of the FIONREAD ioctl code. 1032 * XXX not quite. An exact imitation: 1033 * if (d->b_slen != 0 || 1034 * (d->bd_hbuf != NULL && d->bd_hlen != 0) 1035 */ 1036 if (d->bd_hlen != 0 || 1037 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1038 d->bd_slen != 0)) 1039 revents |= events & (POLLIN | POLLRDNORM); 1040 else { 1041 selrecord(td, &d->bd_sel); 1042 /* Start the read timeout if necessary. */ 1043 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1044 callout_reset(&d->bd_callout, d->bd_rtout, 1045 bpf_timed_out, d); 1046 d->bd_state = BPF_WAITING; 1047 } 1048 } 1049 } 1050 BPFD_UNLOCK(d); 1051 return (revents); 1052 } 1053 1054 /* 1055 * Incoming linkage from device drivers. Process the packet pkt, of length 1056 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1057 * by each process' filter, and if accepted, stashed into the corresponding 1058 * buffer. 1059 */ 1060 void 1061 bpf_tap(ifp, pkt, pktlen) 1062 struct ifnet *ifp; 1063 register u_char *pkt; 1064 register u_int pktlen; 1065 { 1066 struct bpf_if *bp; 1067 register struct bpf_d *d; 1068 register u_int slen; 1069 1070 bp = ifp->if_bpf; 1071 BPFIF_LOCK(bp); 1072 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1073 BPFD_LOCK(d); 1074 ++d->bd_rcount; 1075 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1076 if (slen != 0) { 1077 #ifdef MAC 1078 if (mac_check_bpfdesc_receive(d, ifp) == 0) 1079 #endif 1080 catchpacket(d, pkt, pktlen, slen, bcopy); 1081 } 1082 BPFD_UNLOCK(d); 1083 } 1084 BPFIF_UNLOCK(bp); 1085 } 1086 1087 /* 1088 * Copy data from an mbuf chain into a buffer. This code is derived 1089 * from m_copydata in sys/uipc_mbuf.c. 1090 */ 1091 static void 1092 bpf_mcopy(src_arg, dst_arg, len) 1093 const void *src_arg; 1094 void *dst_arg; 1095 register size_t len; 1096 { 1097 register const struct mbuf *m; 1098 register u_int count; 1099 u_char *dst; 1100 1101 m = src_arg; 1102 dst = dst_arg; 1103 while (len > 0) { 1104 if (m == 0) 1105 panic("bpf_mcopy"); 1106 count = min(m->m_len, len); 1107 bcopy(mtod(m, void *), dst, count); 1108 m = m->m_next; 1109 dst += count; 1110 len -= count; 1111 } 1112 } 1113 1114 /* 1115 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1116 */ 1117 void 1118 bpf_mtap(ifp, m) 1119 struct ifnet *ifp; 1120 struct mbuf *m; 1121 { 1122 struct bpf_if *bp = ifp->if_bpf; 1123 struct bpf_d *d; 1124 u_int pktlen, slen; 1125 1126 pktlen = m_length(m, NULL); 1127 if (pktlen == m->m_len) { 1128 bpf_tap(ifp, mtod(m, u_char *), pktlen); 1129 return; 1130 } 1131 1132 BPFIF_LOCK(bp); 1133 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1134 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1135 continue; 1136 BPFD_LOCK(d); 1137 ++d->bd_rcount; 1138 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1139 if (slen != 0) 1140 #ifdef MAC 1141 if (mac_check_bpfdesc_receive(d, ifp) == 0) 1142 #endif 1143 catchpacket(d, (u_char *)m, pktlen, slen, 1144 bpf_mcopy); 1145 BPFD_UNLOCK(d); 1146 } 1147 BPFIF_UNLOCK(bp); 1148 } 1149 1150 /* 1151 * Move the packet data from interface memory (pkt) into the 1152 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1153 * otherwise 0. "copy" is the routine called to do the actual data 1154 * transfer. bcopy is passed in to copy contiguous chunks, while 1155 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1156 * pkt is really an mbuf. 1157 */ 1158 static void 1159 catchpacket(d, pkt, pktlen, snaplen, cpfn) 1160 register struct bpf_d *d; 1161 register u_char *pkt; 1162 register u_int pktlen, snaplen; 1163 register void (*cpfn)(const void *, void *, size_t); 1164 { 1165 register struct bpf_hdr *hp; 1166 register int totlen, curlen; 1167 register int hdrlen = d->bd_bif->bif_hdrlen; 1168 /* 1169 * Figure out how many bytes to move. If the packet is 1170 * greater or equal to the snapshot length, transfer that 1171 * much. Otherwise, transfer the whole packet (unless 1172 * we hit the buffer size limit). 1173 */ 1174 totlen = hdrlen + min(snaplen, pktlen); 1175 if (totlen > d->bd_bufsize) 1176 totlen = d->bd_bufsize; 1177 1178 /* 1179 * Round up the end of the previous packet to the next longword. 1180 */ 1181 curlen = BPF_WORDALIGN(d->bd_slen); 1182 if (curlen + totlen > d->bd_bufsize) { 1183 /* 1184 * This packet will overflow the storage buffer. 1185 * Rotate the buffers if we can, then wakeup any 1186 * pending reads. 1187 */ 1188 if (d->bd_fbuf == 0) { 1189 /* 1190 * We haven't completed the previous read yet, 1191 * so drop the packet. 1192 */ 1193 ++d->bd_dcount; 1194 return; 1195 } 1196 ROTATE_BUFFERS(d); 1197 bpf_wakeup(d); 1198 curlen = 0; 1199 } 1200 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1201 /* 1202 * Immediate mode is set, or the read timeout has 1203 * already expired during a select call. A packet 1204 * arrived, so the reader should be woken up. 1205 */ 1206 bpf_wakeup(d); 1207 1208 /* 1209 * Append the bpf header. 1210 */ 1211 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1212 microtime(&hp->bh_tstamp); 1213 hp->bh_datalen = pktlen; 1214 hp->bh_hdrlen = hdrlen; 1215 /* 1216 * Copy the packet data into the store buffer and update its length. 1217 */ 1218 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1219 d->bd_slen = curlen + totlen; 1220 } 1221 1222 /* 1223 * Initialize all nonzero fields of a descriptor. 1224 */ 1225 static int 1226 bpf_allocbufs(d) 1227 register struct bpf_d *d; 1228 { 1229 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1230 if (d->bd_fbuf == 0) 1231 return (ENOBUFS); 1232 1233 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1234 if (d->bd_sbuf == 0) { 1235 free(d->bd_fbuf, M_BPF); 1236 return (ENOBUFS); 1237 } 1238 d->bd_slen = 0; 1239 d->bd_hlen = 0; 1240 return (0); 1241 } 1242 1243 /* 1244 * Free buffers currently in use by a descriptor. 1245 * Called on close. 1246 */ 1247 static void 1248 bpf_freed(d) 1249 register struct bpf_d *d; 1250 { 1251 /* 1252 * We don't need to lock out interrupts since this descriptor has 1253 * been detached from its interface and it yet hasn't been marked 1254 * free. 1255 */ 1256 if (d->bd_sbuf != 0) { 1257 free(d->bd_sbuf, M_BPF); 1258 if (d->bd_hbuf != 0) 1259 free(d->bd_hbuf, M_BPF); 1260 if (d->bd_fbuf != 0) 1261 free(d->bd_fbuf, M_BPF); 1262 } 1263 if (d->bd_filter) 1264 free((caddr_t)d->bd_filter, M_BPF); 1265 mtx_destroy(&d->bd_mtx); 1266 } 1267 1268 /* 1269 * Attach an interface to bpf. ifp is a pointer to the structure 1270 * defining the interface to be attached, dlt is the link layer type, 1271 * and hdrlen is the fixed size of the link header (variable length 1272 * headers are not yet supporrted). 1273 */ 1274 void 1275 bpfattach(ifp, dlt, hdrlen) 1276 struct ifnet *ifp; 1277 u_int dlt, hdrlen; 1278 { 1279 struct bpf_if *bp; 1280 bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 1281 if (bp == 0) 1282 panic("bpfattach"); 1283 1284 bp->bif_ifp = ifp; 1285 bp->bif_dlt = dlt; 1286 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 1287 1288 mtx_lock(&bpf_mtx); 1289 bp->bif_next = bpf_iflist; 1290 bpf_iflist = bp; 1291 mtx_unlock(&bpf_mtx); 1292 1293 bp->bif_ifp->if_bpf = 0; 1294 1295 /* 1296 * Compute the length of the bpf header. This is not necessarily 1297 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1298 * that the network layer header begins on a longword boundary (for 1299 * performance reasons and to alleviate alignment restrictions). 1300 */ 1301 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1302 1303 if (bootverbose) 1304 printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit); 1305 } 1306 1307 /* 1308 * Detach bpf from an interface. This involves detaching each descriptor 1309 * associated with the interface, and leaving bd_bif NULL. Notify each 1310 * descriptor as it's detached so that any sleepers wake up and get 1311 * ENXIO. 1312 */ 1313 void 1314 bpfdetach(ifp) 1315 struct ifnet *ifp; 1316 { 1317 struct bpf_if *bp, *bp_prev; 1318 struct bpf_d *d; 1319 1320 mtx_lock(&bpf_mtx); 1321 1322 /* Locate BPF interface information */ 1323 bp_prev = NULL; 1324 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1325 if (ifp == bp->bif_ifp) 1326 break; 1327 bp_prev = bp; 1328 } 1329 1330 /* Interface wasn't attached */ 1331 if (bp->bif_ifp == NULL) { 1332 mtx_unlock(&bpf_mtx); 1333 printf("bpfdetach: %s%d was not attached\n", ifp->if_name, 1334 ifp->if_unit); 1335 return; 1336 } 1337 1338 if (bp_prev) { 1339 bp_prev->bif_next = bp->bif_next; 1340 } else { 1341 bpf_iflist = bp->bif_next; 1342 } 1343 1344 while ((d = bp->bif_dlist) != NULL) { 1345 bpf_detachd(d); 1346 BPFD_LOCK(d); 1347 bpf_wakeup(d); 1348 BPFD_UNLOCK(d); 1349 } 1350 1351 mtx_destroy(&bp->bif_mtx); 1352 free(bp, M_BPF); 1353 1354 mtx_unlock(&bpf_mtx); 1355 } 1356 1357 static void bpf_drvinit(void *unused); 1358 1359 static void bpf_clone(void *arg, char *name, int namelen, dev_t *dev); 1360 1361 static void 1362 bpf_clone(arg, name, namelen, dev) 1363 void *arg; 1364 char *name; 1365 int namelen; 1366 dev_t *dev; 1367 { 1368 int u; 1369 1370 if (*dev != NODEV) 1371 return; 1372 if (dev_stdclone(name, NULL, "bpf", &u) != 1) 1373 return; 1374 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600, 1375 "bpf%d", u); 1376 (*dev)->si_flags |= SI_CHEAPCLONE; 1377 return; 1378 } 1379 1380 static void 1381 bpf_drvinit(unused) 1382 void *unused; 1383 { 1384 1385 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 1386 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000); 1387 cdevsw_add(&bpf_cdevsw); 1388 } 1389 1390 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL) 1391 1392 #else /* !DEV_BPF && !NETGRAPH_BPF */ 1393 /* 1394 * NOP stubs to allow bpf-using drivers to load and function. 1395 * 1396 * A 'better' implementation would allow the core bpf functionality 1397 * to be loaded at runtime. 1398 */ 1399 1400 void 1401 bpf_tap(ifp, pkt, pktlen) 1402 struct ifnet *ifp; 1403 register u_char *pkt; 1404 register u_int pktlen; 1405 { 1406 } 1407 1408 void 1409 bpf_mtap(ifp, m) 1410 struct ifnet *ifp; 1411 struct mbuf *m; 1412 { 1413 } 1414 1415 void 1416 bpfattach(ifp, dlt, hdrlen) 1417 struct ifnet *ifp; 1418 u_int dlt, hdrlen; 1419 { 1420 } 1421 1422 void 1423 bpfdetach(ifp) 1424 struct ifnet *ifp; 1425 { 1426 } 1427 1428 u_int 1429 bpf_filter(pc, p, wirelen, buflen) 1430 register const struct bpf_insn *pc; 1431 register u_char *p; 1432 u_int wirelen; 1433 register u_int buflen; 1434 { 1435 return -1; /* "no filter" behaviour */ 1436 } 1437 1438 int 1439 bpf_validate(f, len) 1440 const struct bpf_insn *f; 1441 int len; 1442 { 1443 return 0; /* false */ 1444 } 1445 1446 #endif /* !DEV_BPF && !NETGRAPH_BPF */ 1447