xref: /freebsd/sys/net/bpf.c (revision b601c69bdbe8755d26570261d7fd4c02ee4eff74)
1 /*
2  * Copyright (c) 1990, 1991, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * This code is derived from the Stanford/CMU enet packet filter,
6  * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7  * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8  * Berkeley Laboratory.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. All advertising materials mentioning features or use of this software
19  *    must display the following acknowledgement:
20  *	This product includes software developed by the University of
21  *	California, Berkeley and its contributors.
22  * 4. Neither the name of the University nor the names of its contributors
23  *    may be used to endorse or promote products derived from this software
24  *    without specific prior written permission.
25  *
26  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36  * SUCH DAMAGE.
37  *
38  *      @(#)bpf.c	8.2 (Berkeley) 3/28/94
39  *
40  * $FreeBSD$
41  */
42 
43 #include "bpf.h"
44 
45 #ifndef __GNUC__
46 #define inline
47 #else
48 #define inline __inline
49 #endif
50 
51 #include <sys/param.h>
52 #include <sys/systm.h>
53 #include <sys/conf.h>
54 #include <sys/malloc.h>
55 #include <sys/mbuf.h>
56 #include <sys/time.h>
57 #include <sys/proc.h>
58 #include <sys/signalvar.h>
59 #include <sys/filio.h>
60 #include <sys/sockio.h>
61 #include <sys/ttycom.h>
62 #include <sys/filedesc.h>
63 
64 #if defined(sparc) && BSD < 199103
65 #include <sys/stream.h>
66 #endif
67 #include <sys/poll.h>
68 
69 #include <sys/socket.h>
70 #include <sys/vnode.h>
71 
72 #include <net/if.h>
73 #include <net/bpf.h>
74 #include <net/bpfdesc.h>
75 
76 #include <netinet/in.h>
77 #include <netinet/if_ether.h>
78 #include <sys/kernel.h>
79 #include <sys/sysctl.h>
80 
81 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
82 
83 #if NBPF > 0
84 
85 /*
86  * Older BSDs don't have kernel malloc.
87  */
88 #if BSD < 199103
89 extern bcopy();
90 static caddr_t bpf_alloc();
91 #include <net/bpf_compat.h>
92 #define BPF_BUFSIZE (MCLBYTES-8)
93 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
94 #else
95 #define BPF_BUFSIZE 4096
96 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
97 #endif
98 
99 #define PRINET  26			/* interruptible */
100 
101 /*
102  * The default read buffer size is patchable.
103  */
104 static int bpf_bufsize = BPF_BUFSIZE;
105 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW,
106 	&bpf_bufsize, 0, "");
107 static int bpf_maxbufsize = BPF_MAXBUFSIZE;
108 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW,
109 	&bpf_maxbufsize, 0, "");
110 
111 /*
112  *  bpf_iflist is the list of interfaces; each corresponds to an ifnet
113  */
114 static struct bpf_if	*bpf_iflist;
115 
116 static int	bpf_allocbufs __P((struct bpf_d *));
117 static void	bpf_attachd __P((struct bpf_d *d, struct bpf_if *bp));
118 static void	bpf_detachd __P((struct bpf_d *d));
119 static void	bpf_freed __P((struct bpf_d *));
120 static void	bpf_mcopy __P((const void *, void *, size_t));
121 static int	bpf_movein __P((struct uio *, int,
122 		    struct mbuf **, struct sockaddr *, int *));
123 static int	bpf_setif __P((struct bpf_d *, struct ifreq *));
124 static inline void
125 		bpf_wakeup __P((struct bpf_d *));
126 static void	catchpacket __P((struct bpf_d *, u_char *, u_int,
127 		    u_int, void (*)(const void *, void *, size_t)));
128 static void	reset_d __P((struct bpf_d *));
129 static int	 bpf_setf __P((struct bpf_d *, struct bpf_program *));
130 
131 static	d_open_t	bpfopen;
132 static	d_close_t	bpfclose;
133 static	d_read_t	bpfread;
134 static	d_write_t	bpfwrite;
135 static	d_ioctl_t	bpfioctl;
136 static	d_poll_t	bpfpoll;
137 
138 #define CDEV_MAJOR 23
139 static struct cdevsw bpf_cdevsw = {
140 	/* open */	bpfopen,
141 	/* close */	bpfclose,
142 	/* read */	bpfread,
143 	/* write */	bpfwrite,
144 	/* ioctl */	bpfioctl,
145 	/* poll */	bpfpoll,
146 	/* mmap */	nommap,
147 	/* strategy */	nostrategy,
148 	/* name */	"bpf",
149 	/* maj */	CDEV_MAJOR,
150 	/* dump */	nodump,
151 	/* psize */	nopsize,
152 	/* flags */	0,
153 	/* bmaj */	-1
154 };
155 
156 
157 static int
158 bpf_movein(uio, linktype, mp, sockp, datlen)
159 	register struct uio *uio;
160 	int linktype, *datlen;
161 	register struct mbuf **mp;
162 	register struct sockaddr *sockp;
163 {
164 	struct mbuf *m;
165 	int error;
166 	int len;
167 	int hlen;
168 
169 	/*
170 	 * Build a sockaddr based on the data link layer type.
171 	 * We do this at this level because the ethernet header
172 	 * is copied directly into the data field of the sockaddr.
173 	 * In the case of SLIP, there is no header and the packet
174 	 * is forwarded as is.
175 	 * Also, we are careful to leave room at the front of the mbuf
176 	 * for the link level header.
177 	 */
178 	switch (linktype) {
179 
180 	case DLT_SLIP:
181 		sockp->sa_family = AF_INET;
182 		hlen = 0;
183 		break;
184 
185 	case DLT_EN10MB:
186 		sockp->sa_family = AF_UNSPEC;
187 		/* XXX Would MAXLINKHDR be better? */
188 		hlen = sizeof(struct ether_header);
189 		break;
190 
191 	case DLT_FDDI:
192 #if defined(__FreeBSD__) || defined(__bsdi__)
193 		sockp->sa_family = AF_IMPLINK;
194 		hlen = 0;
195 #else
196 		sockp->sa_family = AF_UNSPEC;
197 		/* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
198 		hlen = 24;
199 #endif
200 		break;
201 
202 	case DLT_RAW:
203 	case DLT_NULL:
204 		sockp->sa_family = AF_UNSPEC;
205 		hlen = 0;
206 		break;
207 
208 #ifdef __FreeBSD__
209 	case DLT_ATM_RFC1483:
210 		/*
211 		 * en atm driver requires 4-byte atm pseudo header.
212 		 * though it isn't standard, vpi:vci needs to be
213 		 * specified anyway.
214 		 */
215 		sockp->sa_family = AF_UNSPEC;
216 		hlen = 12; 	/* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
217 		break;
218 #endif
219 
220 	default:
221 		return (EIO);
222 	}
223 
224 	len = uio->uio_resid;
225 	*datlen = len - hlen;
226 	if ((unsigned)len > MCLBYTES)
227 		return (EIO);
228 
229 	MGETHDR(m, M_WAIT, MT_DATA);
230 	if (m == 0)
231 		return (ENOBUFS);
232 	if (len > MHLEN) {
233 #if BSD >= 199103
234 		MCLGET(m, M_WAIT);
235 		if ((m->m_flags & M_EXT) == 0) {
236 #else
237 		MCLGET(m);
238 		if (m->m_len != MCLBYTES) {
239 #endif
240 			error = ENOBUFS;
241 			goto bad;
242 		}
243 	}
244 	m->m_pkthdr.len = m->m_len = len;
245 	m->m_pkthdr.rcvif = NULL;
246 	*mp = m;
247 	/*
248 	 * Make room for link header.
249 	 */
250 	if (hlen != 0) {
251 		m->m_pkthdr.len -= hlen;
252 		m->m_len -= hlen;
253 #if BSD >= 199103
254 		m->m_data += hlen; /* XXX */
255 #else
256 		m->m_off += hlen;
257 #endif
258 		error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
259 		if (error)
260 			goto bad;
261 	}
262 	error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
263 	if (!error)
264 		return (0);
265  bad:
266 	m_freem(m);
267 	return (error);
268 }
269 
270 /*
271  * Attach file to the bpf interface, i.e. make d listen on bp.
272  * Must be called at splimp.
273  */
274 static void
275 bpf_attachd(d, bp)
276 	struct bpf_d *d;
277 	struct bpf_if *bp;
278 {
279 	/*
280 	 * Point d at bp, and add d to the interface's list of listeners.
281 	 * Finally, point the driver's bpf cookie at the interface so
282 	 * it will divert packets to bpf.
283 	 */
284 	d->bd_bif = bp;
285 	d->bd_next = bp->bif_dlist;
286 	bp->bif_dlist = d;
287 
288 	bp->bif_ifp->if_bpf = bp;
289 }
290 
291 /*
292  * Detach a file from its interface.
293  */
294 static void
295 bpf_detachd(d)
296 	struct bpf_d *d;
297 {
298 	int error;
299 	struct bpf_d **p;
300 	struct bpf_if *bp;
301 
302 	bp = d->bd_bif;
303 	/*
304 	 * Check if this descriptor had requested promiscuous mode.
305 	 * If so, turn it off.
306 	 */
307 	if (d->bd_promisc) {
308 		d->bd_promisc = 0;
309 		error = ifpromisc(bp->bif_ifp, 0);
310 		if (error != 0 && error != ENXIO) {
311 			/*
312 			 * ENXIO can happen if a pccard is unplugged
313 			 * Something is really wrong if we were able to put
314 			 * the driver into promiscuous mode, but can't
315 			 * take it out.
316 			 */
317 			printf("%s%d: ifpromisc failed %d\n",
318 			    bp->bif_ifp->if_name, bp->bif_ifp->if_unit, error);
319 		}
320 	}
321 	/* Remove d from the interface's descriptor list. */
322 	p = &bp->bif_dlist;
323 	while (*p != d) {
324 		p = &(*p)->bd_next;
325 		if (*p == 0)
326 			panic("bpf_detachd: descriptor not in list");
327 	}
328 	*p = (*p)->bd_next;
329 	if (bp->bif_dlist == 0)
330 		/*
331 		 * Let the driver know that there are no more listeners.
332 		 */
333 		d->bd_bif->bif_ifp->if_bpf = 0;
334 	d->bd_bif = 0;
335 }
336 
337 /*
338  * Open ethernet device.  Returns ENXIO for illegal minor device number,
339  * EBUSY if file is open by another process.
340  */
341 /* ARGSUSED */
342 static	int
343 bpfopen(dev, flags, fmt, p)
344 	dev_t dev;
345 	int flags;
346 	int fmt;
347 	struct proc *p;
348 {
349 	register struct bpf_d *d;
350 
351 	if (p->p_prison)
352 		return (EPERM);
353 
354 	d = dev->si_drv1;
355 	/*
356 	 * Each minor can be opened by only one process.  If the requested
357 	 * minor is in use, return EBUSY.
358 	 */
359 	if (d)
360 		return (EBUSY);
361 	make_dev(&bpf_cdevsw, minor(dev), 0, 0, 0600, "bpf%d", lminor(dev));
362 	MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK);
363 	bzero(d, sizeof(*d));
364 	dev->si_drv1 = d;
365 	d->bd_bufsize = bpf_bufsize;
366 	d->bd_sig = SIGIO;
367 	d->bd_seesent = 1;
368 
369 	return (0);
370 }
371 
372 /*
373  * Close the descriptor by detaching it from its interface,
374  * deallocating its buffers, and marking it free.
375  */
376 /* ARGSUSED */
377 static	int
378 bpfclose(dev, flags, fmt, p)
379 	dev_t dev;
380 	int flags;
381 	int fmt;
382 	struct proc *p;
383 {
384 	register struct bpf_d *d = dev->si_drv1;
385 	register int s;
386 
387 	funsetown(d->bd_sigio);
388 	s = splimp();
389 	if (d->bd_bif)
390 		bpf_detachd(d);
391 	splx(s);
392 	bpf_freed(d);
393 	dev->si_drv1 = 0;
394 	FREE(d, M_BPF);
395 
396 	return (0);
397 }
398 
399 /*
400  * Support for SunOS, which does not have tsleep.
401  */
402 #if BSD < 199103
403 static
404 bpf_timeout(arg)
405 	caddr_t arg;
406 {
407 	struct bpf_d *d = (struct bpf_d *)arg;
408 	d->bd_timedout = 1;
409 	wakeup(arg);
410 }
411 
412 #define BPF_SLEEP(chan, pri, s, t) bpf_sleep((struct bpf_d *)chan)
413 
414 int
415 bpf_sleep(d)
416 	register struct bpf_d *d;
417 {
418 	register int rto = d->bd_rtout;
419 	register int st;
420 
421 	if (rto != 0) {
422 		d->bd_timedout = 0;
423 		timeout(bpf_timeout, (caddr_t)d, rto);
424 	}
425 	st = sleep((caddr_t)d, PRINET|PCATCH);
426 	if (rto != 0) {
427 		if (d->bd_timedout == 0)
428 			untimeout(bpf_timeout, (caddr_t)d);
429 		else if (st == 0)
430 			return EWOULDBLOCK;
431 	}
432 	return (st != 0) ? EINTR : 0;
433 }
434 #else
435 #define BPF_SLEEP tsleep
436 #endif
437 
438 /*
439  * Rotate the packet buffers in descriptor d.  Move the store buffer
440  * into the hold slot, and the free buffer into the store slot.
441  * Zero the length of the new store buffer.
442  */
443 #define ROTATE_BUFFERS(d) \
444 	(d)->bd_hbuf = (d)->bd_sbuf; \
445 	(d)->bd_hlen = (d)->bd_slen; \
446 	(d)->bd_sbuf = (d)->bd_fbuf; \
447 	(d)->bd_slen = 0; \
448 	(d)->bd_fbuf = 0;
449 /*
450  *  bpfread - read next chunk of packets from buffers
451  */
452 static	int
453 bpfread(dev, uio, ioflag)
454 	dev_t dev;
455 	register struct uio *uio;
456 	int ioflag;
457 {
458 	register struct bpf_d *d = dev->si_drv1;
459 	int error;
460 	int s;
461 
462 	/*
463 	 * Restrict application to use a buffer the same size as
464 	 * as kernel buffers.
465 	 */
466 	if (uio->uio_resid != d->bd_bufsize)
467 		return (EINVAL);
468 
469 	s = splimp();
470 	/*
471 	 * If the hold buffer is empty, then do a timed sleep, which
472 	 * ends when the timeout expires or when enough packets
473 	 * have arrived to fill the store buffer.
474 	 */
475 	while (d->bd_hbuf == 0) {
476 		if (d->bd_immediate && d->bd_slen != 0) {
477 			/*
478 			 * A packet(s) either arrived since the previous
479 			 * read or arrived while we were asleep.
480 			 * Rotate the buffers and return what's here.
481 			 */
482 			ROTATE_BUFFERS(d);
483 			break;
484 		}
485 
486 		/*
487 		 * No data is available, check to see if the bpf device
488 		 * is still pointed at a real interface.  If not, return
489 		 * ENXIO so that the userland process knows to rebind
490 		 * it before using it again.
491 		 */
492 		if (d->bd_bif == NULL) {
493 			splx(s);
494 			return (ENXIO);
495 		}
496 
497 		if (ioflag & IO_NDELAY)
498 			error = EWOULDBLOCK;
499 		else
500 			error = BPF_SLEEP((caddr_t)d, PRINET|PCATCH, "bpf",
501 					  d->bd_rtout);
502 		if (error == EINTR || error == ERESTART) {
503 			splx(s);
504 			return (error);
505 		}
506 		if (error == EWOULDBLOCK) {
507 			/*
508 			 * On a timeout, return what's in the buffer,
509 			 * which may be nothing.  If there is something
510 			 * in the store buffer, we can rotate the buffers.
511 			 */
512 			if (d->bd_hbuf)
513 				/*
514 				 * We filled up the buffer in between
515 				 * getting the timeout and arriving
516 				 * here, so we don't need to rotate.
517 				 */
518 				break;
519 
520 			if (d->bd_slen == 0) {
521 				splx(s);
522 				return (0);
523 			}
524 			ROTATE_BUFFERS(d);
525 			break;
526 		}
527 	}
528 	/*
529 	 * At this point, we know we have something in the hold slot.
530 	 */
531 	splx(s);
532 
533 	/*
534 	 * Move data from hold buffer into user space.
535 	 * We know the entire buffer is transferred since
536 	 * we checked above that the read buffer is bpf_bufsize bytes.
537 	 */
538 	error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
539 
540 	s = splimp();
541 	d->bd_fbuf = d->bd_hbuf;
542 	d->bd_hbuf = 0;
543 	d->bd_hlen = 0;
544 	splx(s);
545 
546 	return (error);
547 }
548 
549 
550 /*
551  * If there are processes sleeping on this descriptor, wake them up.
552  */
553 static inline void
554 bpf_wakeup(d)
555 	register struct bpf_d *d;
556 {
557 	wakeup((caddr_t)d);
558 	if (d->bd_async && d->bd_sig && d->bd_sigio)
559 		pgsigio(d->bd_sigio, d->bd_sig, 0);
560 
561 #if BSD >= 199103
562 	selwakeup(&d->bd_sel);
563 	/* XXX */
564 	d->bd_sel.si_pid = 0;
565 #else
566 	if (d->bd_selproc) {
567 		selwakeup(d->bd_selproc, (int)d->bd_selcoll);
568 		d->bd_selcoll = 0;
569 		d->bd_selproc = 0;
570 	}
571 #endif
572 }
573 
574 static	int
575 bpfwrite(dev, uio, ioflag)
576 	dev_t dev;
577 	struct uio *uio;
578 	int ioflag;
579 {
580 	register struct bpf_d *d = dev->si_drv1;
581 	struct ifnet *ifp;
582 	struct mbuf *m;
583 	int error, s;
584 	static struct sockaddr dst;
585 	int datlen;
586 
587 	if (d->bd_bif == 0)
588 		return (ENXIO);
589 
590 	ifp = d->bd_bif->bif_ifp;
591 
592 	if (uio->uio_resid == 0)
593 		return (0);
594 
595 	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
596 	if (error)
597 		return (error);
598 
599 	if (datlen > ifp->if_mtu)
600 		return (EMSGSIZE);
601 
602 	if (d->bd_hdrcmplt)
603 		dst.sa_family = pseudo_AF_HDRCMPLT;
604 
605 	s = splnet();
606 #if BSD >= 199103
607 	error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0);
608 #else
609 	error = (*ifp->if_output)(ifp, m, &dst);
610 #endif
611 	splx(s);
612 	/*
613 	 * The driver frees the mbuf.
614 	 */
615 	return (error);
616 }
617 
618 /*
619  * Reset a descriptor by flushing its packet buffer and clearing the
620  * receive and drop counts.  Should be called at splimp.
621  */
622 static void
623 reset_d(d)
624 	struct bpf_d *d;
625 {
626 	if (d->bd_hbuf) {
627 		/* Free the hold buffer. */
628 		d->bd_fbuf = d->bd_hbuf;
629 		d->bd_hbuf = 0;
630 	}
631 	d->bd_slen = 0;
632 	d->bd_hlen = 0;
633 	d->bd_rcount = 0;
634 	d->bd_dcount = 0;
635 }
636 
637 /*
638  *  FIONREAD		Check for read packet available.
639  *  SIOCGIFADDR		Get interface address - convenient hook to driver.
640  *  BIOCGBLEN		Get buffer len [for read()].
641  *  BIOCSETF		Set ethernet read filter.
642  *  BIOCFLUSH		Flush read packet buffer.
643  *  BIOCPROMISC		Put interface into promiscuous mode.
644  *  BIOCGDLT		Get link layer type.
645  *  BIOCGETIF		Get interface name.
646  *  BIOCSETIF		Set interface.
647  *  BIOCSRTIMEOUT	Set read timeout.
648  *  BIOCGRTIMEOUT	Get read timeout.
649  *  BIOCGSTATS		Get packet stats.
650  *  BIOCIMMEDIATE	Set immediate mode.
651  *  BIOCVERSION		Get filter language version.
652  *  BIOCGHDRCMPLT	Get "header already complete" flag
653  *  BIOCSHDRCMPLT	Set "header already complete" flag
654  *  BIOCGSEESENT	Get "see packets sent" flag
655  *  BIOCSSEESENT	Set "see packets sent" flag
656  */
657 /* ARGSUSED */
658 static	int
659 bpfioctl(dev, cmd, addr, flags, p)
660 	dev_t dev;
661 	u_long cmd;
662 	caddr_t addr;
663 	int flags;
664 	struct proc *p;
665 {
666 	register struct bpf_d *d = dev->si_drv1;
667 	int s, error = 0;
668 
669 	switch (cmd) {
670 
671 	default:
672 		error = EINVAL;
673 		break;
674 
675 	/*
676 	 * Check for read packet available.
677 	 */
678 	case FIONREAD:
679 		{
680 			int n;
681 
682 			s = splimp();
683 			n = d->bd_slen;
684 			if (d->bd_hbuf)
685 				n += d->bd_hlen;
686 			splx(s);
687 
688 			*(int *)addr = n;
689 			break;
690 		}
691 
692 	case SIOCGIFADDR:
693 		{
694 			struct ifnet *ifp;
695 
696 			if (d->bd_bif == 0)
697 				error = EINVAL;
698 			else {
699 				ifp = d->bd_bif->bif_ifp;
700 				error = (*ifp->if_ioctl)(ifp, cmd, addr);
701 			}
702 			break;
703 		}
704 
705 	/*
706 	 * Get buffer len [for read()].
707 	 */
708 	case BIOCGBLEN:
709 		*(u_int *)addr = d->bd_bufsize;
710 		break;
711 
712 	/*
713 	 * Set buffer length.
714 	 */
715 	case BIOCSBLEN:
716 #if BSD < 199103
717 		error = EINVAL;
718 #else
719 		if (d->bd_bif != 0)
720 			error = EINVAL;
721 		else {
722 			register u_int size = *(u_int *)addr;
723 
724 			if (size > bpf_maxbufsize)
725 				*(u_int *)addr = size = bpf_maxbufsize;
726 			else if (size < BPF_MINBUFSIZE)
727 				*(u_int *)addr = size = BPF_MINBUFSIZE;
728 			d->bd_bufsize = size;
729 		}
730 #endif
731 		break;
732 
733 	/*
734 	 * Set link layer read filter.
735 	 */
736 	case BIOCSETF:
737 		error = bpf_setf(d, (struct bpf_program *)addr);
738 		break;
739 
740 	/*
741 	 * Flush read packet buffer.
742 	 */
743 	case BIOCFLUSH:
744 		s = splimp();
745 		reset_d(d);
746 		splx(s);
747 		break;
748 
749 	/*
750 	 * Put interface into promiscuous mode.
751 	 */
752 	case BIOCPROMISC:
753 		if (d->bd_bif == 0) {
754 			/*
755 			 * No interface attached yet.
756 			 */
757 			error = EINVAL;
758 			break;
759 		}
760 		s = splimp();
761 		if (d->bd_promisc == 0) {
762 			error = ifpromisc(d->bd_bif->bif_ifp, 1);
763 			if (error == 0)
764 				d->bd_promisc = 1;
765 		}
766 		splx(s);
767 		break;
768 
769 	/*
770 	 * Get device parameters.
771 	 */
772 	case BIOCGDLT:
773 		if (d->bd_bif == 0)
774 			error = EINVAL;
775 		else
776 			*(u_int *)addr = d->bd_bif->bif_dlt;
777 		break;
778 
779 	/*
780 	 * Get interface name.
781 	 */
782 	case BIOCGETIF:
783 		if (d->bd_bif == 0)
784 			error = EINVAL;
785 		else {
786 			struct ifnet *const ifp = d->bd_bif->bif_ifp;
787 			struct ifreq *const ifr = (struct ifreq *)addr;
788 
789 			snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
790 			    "%s%d", ifp->if_name, ifp->if_unit);
791 		}
792 		break;
793 
794 	/*
795 	 * Set interface.
796 	 */
797 	case BIOCSETIF:
798 		error = bpf_setif(d, (struct ifreq *)addr);
799 		break;
800 
801 	/*
802 	 * Set read timeout.
803 	 */
804 	case BIOCSRTIMEOUT:
805 		{
806 			struct timeval *tv = (struct timeval *)addr;
807 
808 			/*
809 			 * Subtract 1 tick from tvtohz() since this isn't
810 			 * a one-shot timer.
811 			 */
812 			if ((error = itimerfix(tv)) == 0)
813 				d->bd_rtout = tvtohz(tv) - 1;
814 			break;
815 		}
816 
817 	/*
818 	 * Get read timeout.
819 	 */
820 	case BIOCGRTIMEOUT:
821 		{
822 			struct timeval *tv = (struct timeval *)addr;
823 
824 			tv->tv_sec = d->bd_rtout / hz;
825 			tv->tv_usec = (d->bd_rtout % hz) * tick;
826 			break;
827 		}
828 
829 	/*
830 	 * Get packet stats.
831 	 */
832 	case BIOCGSTATS:
833 		{
834 			struct bpf_stat *bs = (struct bpf_stat *)addr;
835 
836 			bs->bs_recv = d->bd_rcount;
837 			bs->bs_drop = d->bd_dcount;
838 			break;
839 		}
840 
841 	/*
842 	 * Set immediate mode.
843 	 */
844 	case BIOCIMMEDIATE:
845 		d->bd_immediate = *(u_int *)addr;
846 		break;
847 
848 	case BIOCVERSION:
849 		{
850 			struct bpf_version *bv = (struct bpf_version *)addr;
851 
852 			bv->bv_major = BPF_MAJOR_VERSION;
853 			bv->bv_minor = BPF_MINOR_VERSION;
854 			break;
855 		}
856 
857 	/*
858 	 * Get "header already complete" flag
859 	 */
860 	case BIOCGHDRCMPLT:
861 		*(u_int *)addr = d->bd_hdrcmplt;
862 		break;
863 
864 	/*
865 	 * Set "header already complete" flag
866 	 */
867 	case BIOCSHDRCMPLT:
868 		d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
869 		break;
870 
871 	/*
872 	 * Get "see sent packets" flag
873 	 */
874 	case BIOCGSEESENT:
875 		*(u_int *)addr = d->bd_seesent;
876 		break;
877 
878 	/*
879 	 * Set "see sent packets" flag
880 	 */
881 	case BIOCSSEESENT:
882 		d->bd_seesent = *(u_int *)addr;
883 		break;
884 
885 	case FIONBIO:		/* Non-blocking I/O */
886 		break;
887 
888 	case FIOASYNC:		/* Send signal on receive packets */
889 		d->bd_async = *(int *)addr;
890 		break;
891 
892 	case FIOSETOWN:
893 		error = fsetown(*(int *)addr, &d->bd_sigio);
894 		break;
895 
896 	case FIOGETOWN:
897 		*(int *)addr = fgetown(d->bd_sigio);
898 		break;
899 
900 	/* This is deprecated, FIOSETOWN should be used instead. */
901 	case TIOCSPGRP:
902 		error = fsetown(-(*(int *)addr), &d->bd_sigio);
903 		break;
904 
905 	/* This is deprecated, FIOGETOWN should be used instead. */
906 	case TIOCGPGRP:
907 		*(int *)addr = -fgetown(d->bd_sigio);
908 		break;
909 
910 	case BIOCSRSIG:		/* Set receive signal */
911 		{
912 		 	u_int sig;
913 
914 			sig = *(u_int *)addr;
915 
916 			if (sig >= NSIG)
917 				error = EINVAL;
918 			else
919 				d->bd_sig = sig;
920 			break;
921 		}
922 	case BIOCGRSIG:
923 		*(u_int *)addr = d->bd_sig;
924 		break;
925 	}
926 	return (error);
927 }
928 
929 /*
930  * Set d's packet filter program to fp.  If this file already has a filter,
931  * free it and replace it.  Returns EINVAL for bogus requests.
932  */
933 static int
934 bpf_setf(d, fp)
935 	struct bpf_d *d;
936 	struct bpf_program *fp;
937 {
938 	struct bpf_insn *fcode, *old;
939 	u_int flen, size;
940 	int s;
941 
942 	old = d->bd_filter;
943 	if (fp->bf_insns == 0) {
944 		if (fp->bf_len != 0)
945 			return (EINVAL);
946 		s = splimp();
947 		d->bd_filter = 0;
948 		reset_d(d);
949 		splx(s);
950 		if (old != 0)
951 			free((caddr_t)old, M_BPF);
952 		return (0);
953 	}
954 	flen = fp->bf_len;
955 	if (flen > BPF_MAXINSNS)
956 		return (EINVAL);
957 
958 	size = flen * sizeof(*fp->bf_insns);
959 	fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
960 	if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
961 	    bpf_validate(fcode, (int)flen)) {
962 		s = splimp();
963 		d->bd_filter = fcode;
964 		reset_d(d);
965 		splx(s);
966 		if (old != 0)
967 			free((caddr_t)old, M_BPF);
968 
969 		return (0);
970 	}
971 	free((caddr_t)fcode, M_BPF);
972 	return (EINVAL);
973 }
974 
975 /*
976  * Detach a file from its current interface (if attached at all) and attach
977  * to the interface indicated by the name stored in ifr.
978  * Return an errno or 0.
979  */
980 static int
981 bpf_setif(d, ifr)
982 	struct bpf_d *d;
983 	struct ifreq *ifr;
984 {
985 	struct bpf_if *bp;
986 	int s, error;
987 	struct ifnet *theywant;
988 
989 	theywant = ifunit(ifr->ifr_name);
990 	if (theywant == 0)
991 		return ENXIO;
992 
993 	/*
994 	 * Look through attached interfaces for the named one.
995 	 */
996 	for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
997 		struct ifnet *ifp = bp->bif_ifp;
998 
999 		if (ifp == 0 || ifp != theywant)
1000 			continue;
1001 		/*
1002 		 * We found the requested interface.
1003 		 * If it's not up, return an error.
1004 		 * Allocate the packet buffers if we need to.
1005 		 * If we're already attached to requested interface,
1006 		 * just flush the buffer.
1007 		 */
1008 		if ((ifp->if_flags & IFF_UP) == 0)
1009 			return (ENETDOWN);
1010 
1011 		if (d->bd_sbuf == 0) {
1012 			error = bpf_allocbufs(d);
1013 			if (error != 0)
1014 				return (error);
1015 		}
1016 		s = splimp();
1017 		if (bp != d->bd_bif) {
1018 			if (d->bd_bif)
1019 				/*
1020 				 * Detach if attached to something else.
1021 				 */
1022 				bpf_detachd(d);
1023 
1024 			bpf_attachd(d, bp);
1025 		}
1026 		reset_d(d);
1027 		splx(s);
1028 		return (0);
1029 	}
1030 	/* Not found. */
1031 	return (ENXIO);
1032 }
1033 
1034 /*
1035  * Support for select() and poll() system calls
1036  *
1037  * Return true iff the specific operation will not block indefinitely.
1038  * Otherwise, return false but make a note that a selwakeup() must be done.
1039  */
1040 int
1041 bpfpoll(dev, events, p)
1042 	register dev_t dev;
1043 	int events;
1044 	struct proc *p;
1045 {
1046 	register struct bpf_d *d;
1047 	register int s;
1048 	int revents = 0;
1049 
1050 	/*
1051 	 * An imitation of the FIONREAD ioctl code.
1052 	 */
1053 	d = dev->si_drv1;
1054 
1055 	if (d->bd_bif == NULL)
1056 		return (ENXIO);
1057 
1058 	s = splimp();
1059 	if (events & (POLLIN | POLLRDNORM)) {
1060 		if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0))
1061 			revents |= events & (POLLIN | POLLRDNORM);
1062 		else
1063 			selrecord(p, &d->bd_sel);
1064 	}
1065 	splx(s);
1066 	return (revents);
1067 }
1068 
1069 /*
1070  * Incoming linkage from device drivers.  Process the packet pkt, of length
1071  * pktlen, which is stored in a contiguous buffer.  The packet is parsed
1072  * by each process' filter, and if accepted, stashed into the corresponding
1073  * buffer.
1074  */
1075 void
1076 bpf_tap(ifp, pkt, pktlen)
1077 	struct ifnet *ifp;
1078 	register u_char *pkt;
1079 	register u_int pktlen;
1080 {
1081 	struct bpf_if *bp;
1082 	register struct bpf_d *d;
1083 	register u_int slen;
1084 	/*
1085 	 * Note that the ipl does not have to be raised at this point.
1086 	 * The only problem that could arise here is that if two different
1087 	 * interfaces shared any data.  This is not the case.
1088 	 */
1089 	bp = ifp->if_bpf;
1090 	for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1091 		++d->bd_rcount;
1092 		slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
1093 		if (slen != 0)
1094 			catchpacket(d, pkt, pktlen, slen, bcopy);
1095 	}
1096 }
1097 
1098 /*
1099  * Copy data from an mbuf chain into a buffer.  This code is derived
1100  * from m_copydata in sys/uipc_mbuf.c.
1101  */
1102 static void
1103 bpf_mcopy(src_arg, dst_arg, len)
1104 	const void *src_arg;
1105 	void *dst_arg;
1106 	register size_t len;
1107 {
1108 	register const struct mbuf *m;
1109 	register u_int count;
1110 	u_char *dst;
1111 
1112 	m = src_arg;
1113 	dst = dst_arg;
1114 	while (len > 0) {
1115 		if (m == 0)
1116 			panic("bpf_mcopy");
1117 		count = min(m->m_len, len);
1118 		bcopy(mtod(m, void *), dst, count);
1119 		m = m->m_next;
1120 		dst += count;
1121 		len -= count;
1122 	}
1123 }
1124 
1125 /*
1126  * Incoming linkage from device drivers, when packet is in an mbuf chain.
1127  */
1128 void
1129 bpf_mtap(ifp, m)
1130 	struct ifnet *ifp;
1131 	struct mbuf *m;
1132 {
1133 	struct bpf_if *bp = ifp->if_bpf;
1134 	struct bpf_d *d;
1135 	u_int pktlen, slen;
1136 	struct mbuf *m0;
1137 
1138 	pktlen = 0;
1139 	for (m0 = m; m0 != 0; m0 = m0->m_next)
1140 		pktlen += m0->m_len;
1141 
1142 	for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1143 		if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1144 			continue;
1145 		++d->bd_rcount;
1146 		slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1147 		if (slen != 0)
1148 			catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1149 	}
1150 }
1151 
1152 /*
1153  * Move the packet data from interface memory (pkt) into the
1154  * store buffer.  Return 1 if it's time to wakeup a listener (buffer full),
1155  * otherwise 0.  "copy" is the routine called to do the actual data
1156  * transfer.  bcopy is passed in to copy contiguous chunks, while
1157  * bpf_mcopy is passed in to copy mbuf chains.  In the latter case,
1158  * pkt is really an mbuf.
1159  */
1160 static void
1161 catchpacket(d, pkt, pktlen, snaplen, cpfn)
1162 	register struct bpf_d *d;
1163 	register u_char *pkt;
1164 	register u_int pktlen, snaplen;
1165 	register void (*cpfn) __P((const void *, void *, size_t));
1166 {
1167 	register struct bpf_hdr *hp;
1168 	register int totlen, curlen;
1169 	register int hdrlen = d->bd_bif->bif_hdrlen;
1170 	/*
1171 	 * Figure out how many bytes to move.  If the packet is
1172 	 * greater or equal to the snapshot length, transfer that
1173 	 * much.  Otherwise, transfer the whole packet (unless
1174 	 * we hit the buffer size limit).
1175 	 */
1176 	totlen = hdrlen + min(snaplen, pktlen);
1177 	if (totlen > d->bd_bufsize)
1178 		totlen = d->bd_bufsize;
1179 
1180 	/*
1181 	 * Round up the end of the previous packet to the next longword.
1182 	 */
1183 	curlen = BPF_WORDALIGN(d->bd_slen);
1184 	if (curlen + totlen > d->bd_bufsize) {
1185 		/*
1186 		 * This packet will overflow the storage buffer.
1187 		 * Rotate the buffers if we can, then wakeup any
1188 		 * pending reads.
1189 		 */
1190 		if (d->bd_fbuf == 0) {
1191 			/*
1192 			 * We haven't completed the previous read yet,
1193 			 * so drop the packet.
1194 			 */
1195 			++d->bd_dcount;
1196 			return;
1197 		}
1198 		ROTATE_BUFFERS(d);
1199 		bpf_wakeup(d);
1200 		curlen = 0;
1201 	}
1202 	else if (d->bd_immediate)
1203 		/*
1204 		 * Immediate mode is set.  A packet arrived so any
1205 		 * reads should be woken up.
1206 		 */
1207 		bpf_wakeup(d);
1208 
1209 	/*
1210 	 * Append the bpf header.
1211 	 */
1212 	hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1213 #if BSD >= 199103
1214 	microtime(&hp->bh_tstamp);
1215 #elif defined(sun)
1216 	uniqtime(&hp->bh_tstamp);
1217 #else
1218 	hp->bh_tstamp = time;
1219 #endif
1220 	hp->bh_datalen = pktlen;
1221 	hp->bh_hdrlen = hdrlen;
1222 	/*
1223 	 * Copy the packet data into the store buffer and update its length.
1224 	 */
1225 	(*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1226 	d->bd_slen = curlen + totlen;
1227 }
1228 
1229 /*
1230  * Initialize all nonzero fields of a descriptor.
1231  */
1232 static int
1233 bpf_allocbufs(d)
1234 	register struct bpf_d *d;
1235 {
1236 	d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1237 	if (d->bd_fbuf == 0)
1238 		return (ENOBUFS);
1239 
1240 	d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1241 	if (d->bd_sbuf == 0) {
1242 		free(d->bd_fbuf, M_BPF);
1243 		return (ENOBUFS);
1244 	}
1245 	d->bd_slen = 0;
1246 	d->bd_hlen = 0;
1247 	return (0);
1248 }
1249 
1250 /*
1251  * Free buffers currently in use by a descriptor.
1252  * Called on close.
1253  */
1254 static void
1255 bpf_freed(d)
1256 	register struct bpf_d *d;
1257 {
1258 	/*
1259 	 * We don't need to lock out interrupts since this descriptor has
1260 	 * been detached from its interface and it yet hasn't been marked
1261 	 * free.
1262 	 */
1263 	if (d->bd_sbuf != 0) {
1264 		free(d->bd_sbuf, M_BPF);
1265 		if (d->bd_hbuf != 0)
1266 			free(d->bd_hbuf, M_BPF);
1267 		if (d->bd_fbuf != 0)
1268 			free(d->bd_fbuf, M_BPF);
1269 	}
1270 	if (d->bd_filter)
1271 		free((caddr_t)d->bd_filter, M_BPF);
1272 }
1273 
1274 /*
1275  * Attach an interface to bpf.  driverp is a pointer to a (struct bpf_if *)
1276  * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
1277  * size of the link header (variable length headers not yet supported).
1278  */
1279 void
1280 bpfattach(ifp, dlt, hdrlen)
1281 	struct ifnet *ifp;
1282 	u_int dlt, hdrlen;
1283 {
1284 	struct bpf_if *bp;
1285 	bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_DONTWAIT);
1286 	if (bp == 0)
1287 		panic("bpfattach");
1288 
1289 	bp->bif_dlist = 0;
1290 	bp->bif_ifp = ifp;
1291 	bp->bif_dlt = dlt;
1292 
1293 	bp->bif_next = bpf_iflist;
1294 	bpf_iflist = bp;
1295 
1296 	bp->bif_ifp->if_bpf = 0;
1297 
1298 	/*
1299 	 * Compute the length of the bpf header.  This is not necessarily
1300 	 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1301 	 * that the network layer header begins on a longword boundary (for
1302 	 * performance reasons and to alleviate alignment restrictions).
1303 	 */
1304 	bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1305 
1306 	if (bootverbose)
1307 		printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
1308 }
1309 
1310 /*
1311  * Detach bpf from an interface.  This involves detaching each descriptor
1312  * associated with the interface, and leaving bd_bif NULL.  Notify each
1313  * descriptor as it's detached so that any sleepers wake up and get
1314  * ENXIO.
1315  */
1316 void
1317 bpfdetach(ifp)
1318 	struct ifnet *ifp;
1319 {
1320 	struct bpf_if	*bp, *bp_prev;
1321 	struct bpf_d	*d;
1322 	int	s;
1323 
1324 	s = splimp();
1325 
1326 	/* Locate BPF interface information */
1327 	bp_prev = NULL;
1328 	for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) {
1329 		if (ifp == bp->bif_ifp)
1330 			break;
1331 		bp_prev = bp;
1332 	}
1333 
1334 	/* Interface wasn't attached */
1335 	if (bp->bif_ifp == NULL) {
1336 		splx(s);
1337 		printf("bpfdetach: %s%d was not attached\n", ifp->if_name,
1338 		    ifp->if_unit);
1339 		return;
1340 	}
1341 
1342 	while ((d = bp->bif_dlist) != NULL) {
1343 		bpf_detachd(d);
1344 		bpf_wakeup(d);
1345 	}
1346 
1347 	if (bp_prev) {
1348 		bp_prev->bif_next = bp->bif_next;
1349 	} else {
1350 		bpf_iflist = bp->bif_next;
1351 	}
1352 
1353 	free(bp, M_BPF);
1354 
1355 	splx(s);
1356 }
1357 
1358 static void bpf_drvinit __P((void *unused));
1359 
1360 static void
1361 bpf_drvinit(unused)
1362 	void *unused;
1363 {
1364 
1365 	cdevsw_add(&bpf_cdevsw);
1366 }
1367 
1368 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
1369 
1370 #else /* !BPF */
1371 /*
1372  * NOP stubs to allow bpf-using drivers to load and function.
1373  *
1374  * A 'better' implementation would allow the core bpf functionality
1375  * to be loaded at runtime.
1376  */
1377 
1378 void
1379 bpf_tap(ifp, pkt, pktlen)
1380 	struct ifnet *ifp;
1381 	register u_char *pkt;
1382 	register u_int pktlen;
1383 {
1384 }
1385 
1386 void
1387 bpf_mtap(ifp, m)
1388 	struct ifnet *ifp;
1389 	struct mbuf *m;
1390 {
1391 }
1392 
1393 void
1394 bpfattach(ifp, dlt, hdrlen)
1395 	struct ifnet *ifp;
1396 	u_int dlt, hdrlen;
1397 {
1398 }
1399 
1400 void
1401 bpfdetach(ifp)
1402 	struct ifnet *ifp;
1403 {
1404 }
1405 
1406 u_int
1407 bpf_filter(pc, p, wirelen, buflen)
1408 	register const struct bpf_insn *pc;
1409 	register u_char *p;
1410 	u_int wirelen;
1411 	register u_int buflen;
1412 {
1413 	return -1;	/* "no filter" behaviour */
1414 }
1415 
1416 #endif /* !BPF */
1417