1 /*- 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 35 * 36 * $FreeBSD$ 37 */ 38 39 #include "opt_bpf.h" 40 #include "opt_mac.h" 41 #include "opt_netgraph.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/conf.h> 47 #include <sys/fcntl.h> 48 #include <sys/malloc.h> 49 #include <sys/mbuf.h> 50 #include <sys/time.h> 51 #include <sys/priv.h> 52 #include <sys/proc.h> 53 #include <sys/signalvar.h> 54 #include <sys/filio.h> 55 #include <sys/sockio.h> 56 #include <sys/ttycom.h> 57 #include <sys/uio.h> 58 59 #include <sys/event.h> 60 #include <sys/file.h> 61 #include <sys/poll.h> 62 #include <sys/proc.h> 63 64 #include <sys/socket.h> 65 66 #include <net/if.h> 67 #include <net/bpf.h> 68 #ifdef BPF_JITTER 69 #include <net/bpf_jitter.h> 70 #endif 71 #include <net/bpfdesc.h> 72 73 #include <netinet/in.h> 74 #include <netinet/if_ether.h> 75 #include <sys/kernel.h> 76 #include <sys/sysctl.h> 77 78 #include <net80211/ieee80211_freebsd.h> 79 80 #include <security/mac/mac_framework.h> 81 82 static MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 83 84 #if defined(DEV_BPF) || defined(NETGRAPH_BPF) 85 86 #define PRINET 26 /* interruptible */ 87 88 /* 89 * bpf_iflist is a list of BPF interface structures, each corresponding to a 90 * specific DLT. The same network interface might have several BPF interface 91 * structures registered by different layers in the stack (i.e., 802.11 92 * frames, ethernet frames, etc). 93 */ 94 static LIST_HEAD(, bpf_if) bpf_iflist; 95 static struct mtx bpf_mtx; /* bpf global lock */ 96 static int bpf_bpfd_cnt; 97 98 static void bpf_allocbufs(struct bpf_d *); 99 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 100 static void bpf_detachd(struct bpf_d *); 101 static void bpf_freed(struct bpf_d *); 102 static void bpf_mcopy(const void *, void *, size_t); 103 static int bpf_movein(struct uio *, int, int, 104 struct mbuf **, struct sockaddr *, struct bpf_insn *); 105 static int bpf_setif(struct bpf_d *, struct ifreq *); 106 static void bpf_timed_out(void *); 107 static __inline void 108 bpf_wakeup(struct bpf_d *); 109 static void catchpacket(struct bpf_d *, u_char *, u_int, 110 u_int, void (*)(const void *, void *, size_t), 111 struct timeval *); 112 static void reset_d(struct bpf_d *); 113 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 114 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 115 static int bpf_setdlt(struct bpf_d *, u_int); 116 static void filt_bpfdetach(struct knote *); 117 static int filt_bpfread(struct knote *, long); 118 static void bpf_drvinit(void *); 119 static void bpf_clone(void *, struct ucred *, char *, int, struct cdev **); 120 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 121 122 /* 123 * The default read buffer size is patchable. 124 */ 125 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); 126 static int bpf_bufsize = 4096; 127 SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW, 128 &bpf_bufsize, 0, ""); 129 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 130 SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW, 131 &bpf_maxbufsize, 0, ""); 132 static int bpf_maxinsns = BPF_MAXINSNS; 133 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 134 &bpf_maxinsns, 0, "Maximum bpf program instructions"); 135 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW, 136 bpf_stats_sysctl, "bpf statistics portal"); 137 138 static d_open_t bpfopen; 139 static d_close_t bpfclose; 140 static d_read_t bpfread; 141 static d_write_t bpfwrite; 142 static d_ioctl_t bpfioctl; 143 static d_poll_t bpfpoll; 144 static d_kqfilter_t bpfkqfilter; 145 146 static struct cdevsw bpf_cdevsw = { 147 .d_version = D_VERSION, 148 .d_flags = D_NEEDGIANT, 149 .d_open = bpfopen, 150 .d_close = bpfclose, 151 .d_read = bpfread, 152 .d_write = bpfwrite, 153 .d_ioctl = bpfioctl, 154 .d_poll = bpfpoll, 155 .d_name = "bpf", 156 .d_kqfilter = bpfkqfilter, 157 }; 158 159 static struct filterops bpfread_filtops = 160 { 1, NULL, filt_bpfdetach, filt_bpfread }; 161 162 static int 163 bpf_movein(struct uio *uio, int linktype, int mtu, struct mbuf **mp, 164 struct sockaddr *sockp, struct bpf_insn *wfilter) 165 { 166 const struct ieee80211_bpf_params *p; 167 struct mbuf *m; 168 int error; 169 int len; 170 int hlen; 171 int slen; 172 173 /* 174 * Build a sockaddr based on the data link layer type. 175 * We do this at this level because the ethernet header 176 * is copied directly into the data field of the sockaddr. 177 * In the case of SLIP, there is no header and the packet 178 * is forwarded as is. 179 * Also, we are careful to leave room at the front of the mbuf 180 * for the link level header. 181 */ 182 switch (linktype) { 183 184 case DLT_SLIP: 185 sockp->sa_family = AF_INET; 186 hlen = 0; 187 break; 188 189 case DLT_EN10MB: 190 sockp->sa_family = AF_UNSPEC; 191 /* XXX Would MAXLINKHDR be better? */ 192 hlen = ETHER_HDR_LEN; 193 break; 194 195 case DLT_FDDI: 196 sockp->sa_family = AF_IMPLINK; 197 hlen = 0; 198 break; 199 200 case DLT_RAW: 201 sockp->sa_family = AF_UNSPEC; 202 hlen = 0; 203 break; 204 205 case DLT_NULL: 206 /* 207 * null interface types require a 4 byte pseudo header which 208 * corresponds to the address family of the packet. 209 */ 210 sockp->sa_family = AF_UNSPEC; 211 hlen = 4; 212 break; 213 214 case DLT_ATM_RFC1483: 215 /* 216 * en atm driver requires 4-byte atm pseudo header. 217 * though it isn't standard, vpi:vci needs to be 218 * specified anyway. 219 */ 220 sockp->sa_family = AF_UNSPEC; 221 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 222 break; 223 224 case DLT_PPP: 225 sockp->sa_family = AF_UNSPEC; 226 hlen = 4; /* This should match PPP_HDRLEN */ 227 break; 228 229 case DLT_IEEE802_11: /* IEEE 802.11 wireless */ 230 sockp->sa_family = AF_IEEE80211; 231 hlen = 0; 232 break; 233 234 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */ 235 sockp->sa_family = AF_IEEE80211; 236 sockp->sa_len = 12; /* XXX != 0 */ 237 hlen = sizeof(struct ieee80211_bpf_params); 238 break; 239 240 default: 241 return (EIO); 242 } 243 244 len = uio->uio_resid; 245 246 if (len - hlen > mtu) 247 return (EMSGSIZE); 248 249 if ((unsigned)len > MCLBYTES) 250 return (EIO); 251 252 if (len > MHLEN) { 253 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR); 254 } else { 255 MGETHDR(m, M_TRYWAIT, MT_DATA); 256 } 257 if (m == NULL) 258 return (ENOBUFS); 259 m->m_pkthdr.len = m->m_len = len; 260 m->m_pkthdr.rcvif = NULL; 261 *mp = m; 262 263 if (m->m_len < hlen) { 264 error = EPERM; 265 goto bad; 266 } 267 268 error = uiomove(mtod(m, u_char *), len, uio); 269 if (error) 270 goto bad; 271 272 slen = bpf_filter(wfilter, mtod(m, u_char *), len, len); 273 if (slen == 0) { 274 error = EPERM; 275 goto bad; 276 } 277 278 /* 279 * Make room for link header, and copy it to sockaddr 280 */ 281 if (hlen != 0) { 282 if (sockp->sa_family == AF_IEEE80211) { 283 /* 284 * Collect true length from the parameter header 285 * NB: sockp is known to be zero'd so if we do a 286 * short copy unspecified parameters will be 287 * zero. 288 * NB: packet may not be aligned after stripping 289 * bpf params 290 * XXX check ibp_vers 291 */ 292 p = mtod(m, const struct ieee80211_bpf_params *); 293 hlen = p->ibp_len; 294 if (hlen > sizeof(sockp->sa_data)) { 295 error = EINVAL; 296 goto bad; 297 } 298 } 299 bcopy(m->m_data, sockp->sa_data, hlen); 300 m->m_pkthdr.len -= hlen; 301 m->m_len -= hlen; 302 #if BSD >= 199103 303 m->m_data += hlen; /* XXX */ 304 #else 305 m->m_off += hlen; 306 #endif 307 } 308 309 return (0); 310 bad: 311 m_freem(m); 312 return (error); 313 } 314 315 /* 316 * Attach file to the bpf interface, i.e. make d listen on bp. 317 */ 318 static void 319 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 320 { 321 /* 322 * Point d at bp, and add d to the interface's list of listeners. 323 * Finally, point the driver's bpf cookie at the interface so 324 * it will divert packets to bpf. 325 */ 326 BPFIF_LOCK(bp); 327 d->bd_bif = bp; 328 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 329 330 bpf_bpfd_cnt++; 331 BPFIF_UNLOCK(bp); 332 } 333 334 /* 335 * Detach a file from its interface. 336 */ 337 static void 338 bpf_detachd(struct bpf_d *d) 339 { 340 int error; 341 struct bpf_if *bp; 342 struct ifnet *ifp; 343 344 bp = d->bd_bif; 345 BPFIF_LOCK(bp); 346 BPFD_LOCK(d); 347 ifp = d->bd_bif->bif_ifp; 348 349 /* 350 * Remove d from the interface's descriptor list. 351 */ 352 LIST_REMOVE(d, bd_next); 353 354 bpf_bpfd_cnt--; 355 d->bd_bif = NULL; 356 BPFD_UNLOCK(d); 357 BPFIF_UNLOCK(bp); 358 359 /* 360 * Check if this descriptor had requested promiscuous mode. 361 * If so, turn it off. 362 */ 363 if (d->bd_promisc) { 364 d->bd_promisc = 0; 365 error = ifpromisc(ifp, 0); 366 if (error != 0 && error != ENXIO) { 367 /* 368 * ENXIO can happen if a pccard is unplugged 369 * Something is really wrong if we were able to put 370 * the driver into promiscuous mode, but can't 371 * take it out. 372 */ 373 if_printf(bp->bif_ifp, 374 "bpf_detach: ifpromisc failed (%d)\n", error); 375 } 376 } 377 } 378 379 /* 380 * Open ethernet device. Returns ENXIO for illegal minor device number, 381 * EBUSY if file is open by another process. 382 */ 383 /* ARGSUSED */ 384 static int 385 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td) 386 { 387 struct bpf_d *d; 388 389 mtx_lock(&bpf_mtx); 390 d = dev->si_drv1; 391 /* 392 * Each minor can be opened by only one process. If the requested 393 * minor is in use, return EBUSY. 394 */ 395 if (d != NULL) { 396 mtx_unlock(&bpf_mtx); 397 return (EBUSY); 398 } 399 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */ 400 mtx_unlock(&bpf_mtx); 401 402 if ((dev->si_flags & SI_NAMED) == 0) 403 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 404 "bpf%d", dev2unit(dev)); 405 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 406 dev->si_drv1 = d; 407 d->bd_bufsize = bpf_bufsize; 408 d->bd_sig = SIGIO; 409 d->bd_seesent = 1; 410 d->bd_pid = td->td_proc->p_pid; 411 #ifdef MAC 412 mac_init_bpfdesc(d); 413 mac_create_bpfdesc(td->td_ucred, d); 414 #endif 415 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF); 416 callout_init(&d->bd_callout, NET_CALLOUT_MPSAFE); 417 knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL); 418 419 return (0); 420 } 421 422 /* 423 * Close the descriptor by detaching it from its interface, 424 * deallocating its buffers, and marking it free. 425 */ 426 /* ARGSUSED */ 427 static int 428 bpfclose(struct cdev *dev, int flags, int fmt, struct thread *td) 429 { 430 struct bpf_d *d = dev->si_drv1; 431 432 BPFD_LOCK(d); 433 if (d->bd_state == BPF_WAITING) 434 callout_stop(&d->bd_callout); 435 d->bd_state = BPF_IDLE; 436 BPFD_UNLOCK(d); 437 funsetown(&d->bd_sigio); 438 mtx_lock(&bpf_mtx); 439 if (d->bd_bif) 440 bpf_detachd(d); 441 mtx_unlock(&bpf_mtx); 442 selwakeuppri(&d->bd_sel, PRINET); 443 #ifdef MAC 444 mac_destroy_bpfdesc(d); 445 #endif /* MAC */ 446 knlist_destroy(&d->bd_sel.si_note); 447 bpf_freed(d); 448 dev->si_drv1 = NULL; 449 free(d, M_BPF); 450 451 return (0); 452 } 453 454 455 /* 456 * Rotate the packet buffers in descriptor d. Move the store buffer 457 * into the hold slot, and the free buffer into the store slot. 458 * Zero the length of the new store buffer. 459 */ 460 #define ROTATE_BUFFERS(d) \ 461 (d)->bd_hbuf = (d)->bd_sbuf; \ 462 (d)->bd_hlen = (d)->bd_slen; \ 463 (d)->bd_sbuf = (d)->bd_fbuf; \ 464 (d)->bd_slen = 0; \ 465 (d)->bd_fbuf = NULL; 466 /* 467 * bpfread - read next chunk of packets from buffers 468 */ 469 static int 470 bpfread(struct cdev *dev, struct uio *uio, int ioflag) 471 { 472 struct bpf_d *d = dev->si_drv1; 473 int timed_out; 474 int error; 475 476 /* 477 * Restrict application to use a buffer the same size as 478 * as kernel buffers. 479 */ 480 if (uio->uio_resid != d->bd_bufsize) 481 return (EINVAL); 482 483 BPFD_LOCK(d); 484 if (d->bd_state == BPF_WAITING) 485 callout_stop(&d->bd_callout); 486 timed_out = (d->bd_state == BPF_TIMED_OUT); 487 d->bd_state = BPF_IDLE; 488 /* 489 * If the hold buffer is empty, then do a timed sleep, which 490 * ends when the timeout expires or when enough packets 491 * have arrived to fill the store buffer. 492 */ 493 while (d->bd_hbuf == NULL) { 494 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 495 /* 496 * A packet(s) either arrived since the previous 497 * read or arrived while we were asleep. 498 * Rotate the buffers and return what's here. 499 */ 500 ROTATE_BUFFERS(d); 501 break; 502 } 503 504 /* 505 * No data is available, check to see if the bpf device 506 * is still pointed at a real interface. If not, return 507 * ENXIO so that the userland process knows to rebind 508 * it before using it again. 509 */ 510 if (d->bd_bif == NULL) { 511 BPFD_UNLOCK(d); 512 return (ENXIO); 513 } 514 515 if (ioflag & O_NONBLOCK) { 516 BPFD_UNLOCK(d); 517 return (EWOULDBLOCK); 518 } 519 error = msleep(d, &d->bd_mtx, PRINET|PCATCH, 520 "bpf", d->bd_rtout); 521 if (error == EINTR || error == ERESTART) { 522 BPFD_UNLOCK(d); 523 return (error); 524 } 525 if (error == EWOULDBLOCK) { 526 /* 527 * On a timeout, return what's in the buffer, 528 * which may be nothing. If there is something 529 * in the store buffer, we can rotate the buffers. 530 */ 531 if (d->bd_hbuf) 532 /* 533 * We filled up the buffer in between 534 * getting the timeout and arriving 535 * here, so we don't need to rotate. 536 */ 537 break; 538 539 if (d->bd_slen == 0) { 540 BPFD_UNLOCK(d); 541 return (0); 542 } 543 ROTATE_BUFFERS(d); 544 break; 545 } 546 } 547 /* 548 * At this point, we know we have something in the hold slot. 549 */ 550 BPFD_UNLOCK(d); 551 552 /* 553 * Move data from hold buffer into user space. 554 * We know the entire buffer is transferred since 555 * we checked above that the read buffer is bpf_bufsize bytes. 556 */ 557 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 558 559 BPFD_LOCK(d); 560 d->bd_fbuf = d->bd_hbuf; 561 d->bd_hbuf = NULL; 562 d->bd_hlen = 0; 563 BPFD_UNLOCK(d); 564 565 return (error); 566 } 567 568 569 /* 570 * If there are processes sleeping on this descriptor, wake them up. 571 */ 572 static __inline void 573 bpf_wakeup(struct bpf_d *d) 574 { 575 576 BPFD_LOCK_ASSERT(d); 577 if (d->bd_state == BPF_WAITING) { 578 callout_stop(&d->bd_callout); 579 d->bd_state = BPF_IDLE; 580 } 581 wakeup(d); 582 if (d->bd_async && d->bd_sig && d->bd_sigio) 583 pgsigio(&d->bd_sigio, d->bd_sig, 0); 584 585 selwakeuppri(&d->bd_sel, PRINET); 586 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 587 } 588 589 static void 590 bpf_timed_out(void *arg) 591 { 592 struct bpf_d *d = (struct bpf_d *)arg; 593 594 BPFD_LOCK(d); 595 if (d->bd_state == BPF_WAITING) { 596 d->bd_state = BPF_TIMED_OUT; 597 if (d->bd_slen != 0) 598 bpf_wakeup(d); 599 } 600 BPFD_UNLOCK(d); 601 } 602 603 static int 604 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag) 605 { 606 struct bpf_d *d = dev->si_drv1; 607 struct ifnet *ifp; 608 struct mbuf *m; 609 int error; 610 struct sockaddr dst; 611 612 if (d->bd_bif == NULL) 613 return (ENXIO); 614 615 ifp = d->bd_bif->bif_ifp; 616 617 if ((ifp->if_flags & IFF_UP) == 0) 618 return (ENETDOWN); 619 620 if (uio->uio_resid == 0) 621 return (0); 622 623 bzero(&dst, sizeof(dst)); 624 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, 625 &m, &dst, d->bd_wfilter); 626 if (error) 627 return (error); 628 629 if (d->bd_hdrcmplt) 630 dst.sa_family = pseudo_AF_HDRCMPLT; 631 632 #ifdef MAC 633 BPFD_LOCK(d); 634 mac_create_mbuf_from_bpfdesc(d, m); 635 BPFD_UNLOCK(d); 636 #endif 637 NET_LOCK_GIANT(); 638 error = (*ifp->if_output)(ifp, m, &dst, NULL); 639 NET_UNLOCK_GIANT(); 640 /* 641 * The driver frees the mbuf. 642 */ 643 return (error); 644 } 645 646 /* 647 * Reset a descriptor by flushing its packet buffer and clearing the 648 * receive and drop counts. 649 */ 650 static void 651 reset_d(struct bpf_d *d) 652 { 653 654 mtx_assert(&d->bd_mtx, MA_OWNED); 655 if (d->bd_hbuf) { 656 /* Free the hold buffer. */ 657 d->bd_fbuf = d->bd_hbuf; 658 d->bd_hbuf = NULL; 659 } 660 d->bd_slen = 0; 661 d->bd_hlen = 0; 662 d->bd_rcount = 0; 663 d->bd_dcount = 0; 664 d->bd_fcount = 0; 665 } 666 667 /* 668 * FIONREAD Check for read packet available. 669 * SIOCGIFADDR Get interface address - convenient hook to driver. 670 * BIOCGBLEN Get buffer len [for read()]. 671 * BIOCSETF Set ethernet read filter. 672 * BIOCSETWF Set ethernet write filter. 673 * BIOCFLUSH Flush read packet buffer. 674 * BIOCPROMISC Put interface into promiscuous mode. 675 * BIOCGDLT Get link layer type. 676 * BIOCGETIF Get interface name. 677 * BIOCSETIF Set interface. 678 * BIOCSRTIMEOUT Set read timeout. 679 * BIOCGRTIMEOUT Get read timeout. 680 * BIOCGSTATS Get packet stats. 681 * BIOCIMMEDIATE Set immediate mode. 682 * BIOCVERSION Get filter language version. 683 * BIOCGHDRCMPLT Get "header already complete" flag 684 * BIOCSHDRCMPLT Set "header already complete" flag 685 * BIOCGSEESENT Get "see packets sent" flag 686 * BIOCSSEESENT Set "see packets sent" flag 687 * BIOCLOCK Set "locked" flag 688 */ 689 /* ARGSUSED */ 690 static int 691 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, 692 struct thread *td) 693 { 694 struct bpf_d *d = dev->si_drv1; 695 int error = 0; 696 697 /* 698 * Refresh PID associated with this descriptor. 699 */ 700 BPFD_LOCK(d); 701 d->bd_pid = td->td_proc->p_pid; 702 if (d->bd_state == BPF_WAITING) 703 callout_stop(&d->bd_callout); 704 d->bd_state = BPF_IDLE; 705 BPFD_UNLOCK(d); 706 707 if (d->bd_locked == 1) { 708 switch (cmd) { 709 case BIOCGBLEN: 710 case BIOCFLUSH: 711 case BIOCGDLT: 712 case BIOCGDLTLIST: 713 case BIOCGETIF: 714 case BIOCGRTIMEOUT: 715 case BIOCGSTATS: 716 case BIOCVERSION: 717 case BIOCGRSIG: 718 case BIOCGHDRCMPLT: 719 case FIONREAD: 720 case BIOCLOCK: 721 case BIOCSRTIMEOUT: 722 case BIOCIMMEDIATE: 723 case TIOCGPGRP: 724 break; 725 default: 726 return (EPERM); 727 } 728 } 729 switch (cmd) { 730 731 default: 732 error = EINVAL; 733 break; 734 735 /* 736 * Check for read packet available. 737 */ 738 case FIONREAD: 739 { 740 int n; 741 742 BPFD_LOCK(d); 743 n = d->bd_slen; 744 if (d->bd_hbuf) 745 n += d->bd_hlen; 746 BPFD_UNLOCK(d); 747 748 *(int *)addr = n; 749 break; 750 } 751 752 case SIOCGIFADDR: 753 { 754 struct ifnet *ifp; 755 756 if (d->bd_bif == NULL) 757 error = EINVAL; 758 else { 759 ifp = d->bd_bif->bif_ifp; 760 error = (*ifp->if_ioctl)(ifp, cmd, addr); 761 } 762 break; 763 } 764 765 /* 766 * Get buffer len [for read()]. 767 */ 768 case BIOCGBLEN: 769 *(u_int *)addr = d->bd_bufsize; 770 break; 771 772 /* 773 * Set buffer length. 774 */ 775 case BIOCSBLEN: 776 if (d->bd_bif != NULL) 777 error = EINVAL; 778 else { 779 u_int size = *(u_int *)addr; 780 781 if (size > bpf_maxbufsize) 782 *(u_int *)addr = size = bpf_maxbufsize; 783 else if (size < BPF_MINBUFSIZE) 784 *(u_int *)addr = size = BPF_MINBUFSIZE; 785 d->bd_bufsize = size; 786 } 787 break; 788 789 /* 790 * Set link layer read filter. 791 */ 792 case BIOCSETF: 793 case BIOCSETWF: 794 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 795 break; 796 797 /* 798 * Flush read packet buffer. 799 */ 800 case BIOCFLUSH: 801 BPFD_LOCK(d); 802 reset_d(d); 803 BPFD_UNLOCK(d); 804 break; 805 806 /* 807 * Put interface into promiscuous mode. 808 */ 809 case BIOCPROMISC: 810 if (d->bd_bif == NULL) { 811 /* 812 * No interface attached yet. 813 */ 814 error = EINVAL; 815 break; 816 } 817 if (d->bd_promisc == 0) { 818 mtx_lock(&Giant); 819 error = ifpromisc(d->bd_bif->bif_ifp, 1); 820 mtx_unlock(&Giant); 821 if (error == 0) 822 d->bd_promisc = 1; 823 } 824 break; 825 826 /* 827 * Get current data link type. 828 */ 829 case BIOCGDLT: 830 if (d->bd_bif == NULL) 831 error = EINVAL; 832 else 833 *(u_int *)addr = d->bd_bif->bif_dlt; 834 break; 835 836 /* 837 * Get a list of supported data link types. 838 */ 839 case BIOCGDLTLIST: 840 if (d->bd_bif == NULL) 841 error = EINVAL; 842 else 843 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 844 break; 845 846 /* 847 * Set data link type. 848 */ 849 case BIOCSDLT: 850 if (d->bd_bif == NULL) 851 error = EINVAL; 852 else 853 error = bpf_setdlt(d, *(u_int *)addr); 854 break; 855 856 /* 857 * Get interface name. 858 */ 859 case BIOCGETIF: 860 if (d->bd_bif == NULL) 861 error = EINVAL; 862 else { 863 struct ifnet *const ifp = d->bd_bif->bif_ifp; 864 struct ifreq *const ifr = (struct ifreq *)addr; 865 866 strlcpy(ifr->ifr_name, ifp->if_xname, 867 sizeof(ifr->ifr_name)); 868 } 869 break; 870 871 /* 872 * Set interface. 873 */ 874 case BIOCSETIF: 875 error = bpf_setif(d, (struct ifreq *)addr); 876 break; 877 878 /* 879 * Set read timeout. 880 */ 881 case BIOCSRTIMEOUT: 882 { 883 struct timeval *tv = (struct timeval *)addr; 884 885 /* 886 * Subtract 1 tick from tvtohz() since this isn't 887 * a one-shot timer. 888 */ 889 if ((error = itimerfix(tv)) == 0) 890 d->bd_rtout = tvtohz(tv) - 1; 891 break; 892 } 893 894 /* 895 * Get read timeout. 896 */ 897 case BIOCGRTIMEOUT: 898 { 899 struct timeval *tv = (struct timeval *)addr; 900 901 tv->tv_sec = d->bd_rtout / hz; 902 tv->tv_usec = (d->bd_rtout % hz) * tick; 903 break; 904 } 905 906 /* 907 * Get packet stats. 908 */ 909 case BIOCGSTATS: 910 { 911 struct bpf_stat *bs = (struct bpf_stat *)addr; 912 913 bs->bs_recv = d->bd_rcount; 914 bs->bs_drop = d->bd_dcount; 915 break; 916 } 917 918 /* 919 * Set immediate mode. 920 */ 921 case BIOCIMMEDIATE: 922 d->bd_immediate = *(u_int *)addr; 923 break; 924 925 case BIOCVERSION: 926 { 927 struct bpf_version *bv = (struct bpf_version *)addr; 928 929 bv->bv_major = BPF_MAJOR_VERSION; 930 bv->bv_minor = BPF_MINOR_VERSION; 931 break; 932 } 933 934 /* 935 * Get "header already complete" flag 936 */ 937 case BIOCGHDRCMPLT: 938 *(u_int *)addr = d->bd_hdrcmplt; 939 break; 940 941 case BIOCLOCK: 942 d->bd_locked = 1; 943 break; 944 /* 945 * Set "header already complete" flag 946 */ 947 case BIOCSHDRCMPLT: 948 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 949 break; 950 951 /* 952 * Get "see sent packets" flag 953 */ 954 case BIOCGSEESENT: 955 *(u_int *)addr = d->bd_seesent; 956 break; 957 958 /* 959 * Set "see sent packets" flag 960 */ 961 case BIOCSSEESENT: 962 d->bd_seesent = *(u_int *)addr; 963 break; 964 965 case FIONBIO: /* Non-blocking I/O */ 966 break; 967 968 case FIOASYNC: /* Send signal on receive packets */ 969 d->bd_async = *(int *)addr; 970 break; 971 972 case FIOSETOWN: 973 error = fsetown(*(int *)addr, &d->bd_sigio); 974 break; 975 976 case FIOGETOWN: 977 *(int *)addr = fgetown(&d->bd_sigio); 978 break; 979 980 /* This is deprecated, FIOSETOWN should be used instead. */ 981 case TIOCSPGRP: 982 error = fsetown(-(*(int *)addr), &d->bd_sigio); 983 break; 984 985 /* This is deprecated, FIOGETOWN should be used instead. */ 986 case TIOCGPGRP: 987 *(int *)addr = -fgetown(&d->bd_sigio); 988 break; 989 990 case BIOCSRSIG: /* Set receive signal */ 991 { 992 u_int sig; 993 994 sig = *(u_int *)addr; 995 996 if (sig >= NSIG) 997 error = EINVAL; 998 else 999 d->bd_sig = sig; 1000 break; 1001 } 1002 case BIOCGRSIG: 1003 *(u_int *)addr = d->bd_sig; 1004 break; 1005 } 1006 return (error); 1007 } 1008 1009 /* 1010 * Set d's packet filter program to fp. If this file already has a filter, 1011 * free it and replace it. Returns EINVAL for bogus requests. 1012 */ 1013 static int 1014 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd) 1015 { 1016 struct bpf_insn *fcode, *old; 1017 u_int wfilter, flen, size; 1018 #ifdef BPF_JITTER 1019 bpf_jit_filter *ofunc; 1020 #endif 1021 1022 if (cmd == BIOCSETWF) { 1023 old = d->bd_wfilter; 1024 wfilter = 1; 1025 #ifdef BPF_JITTER 1026 ofunc = NULL; 1027 #endif 1028 } else { 1029 wfilter = 0; 1030 old = d->bd_rfilter; 1031 #ifdef BPF_JITTER 1032 ofunc = d->bd_bfilter; 1033 #endif 1034 } 1035 if (fp->bf_insns == NULL) { 1036 if (fp->bf_len != 0) 1037 return (EINVAL); 1038 BPFD_LOCK(d); 1039 if (wfilter) 1040 d->bd_wfilter = NULL; 1041 else { 1042 d->bd_rfilter = NULL; 1043 #ifdef BPF_JITTER 1044 d->bd_bfilter = NULL; 1045 #endif 1046 } 1047 reset_d(d); 1048 BPFD_UNLOCK(d); 1049 if (old != NULL) 1050 free((caddr_t)old, M_BPF); 1051 #ifdef BPF_JITTER 1052 if (ofunc != NULL) 1053 bpf_destroy_jit_filter(ofunc); 1054 #endif 1055 return (0); 1056 } 1057 flen = fp->bf_len; 1058 if (flen > bpf_maxinsns) 1059 return (EINVAL); 1060 1061 size = flen * sizeof(*fp->bf_insns); 1062 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 1063 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 1064 bpf_validate(fcode, (int)flen)) { 1065 BPFD_LOCK(d); 1066 if (wfilter) 1067 d->bd_wfilter = fcode; 1068 else { 1069 d->bd_rfilter = fcode; 1070 #ifdef BPF_JITTER 1071 d->bd_bfilter = bpf_jitter(fcode, flen); 1072 #endif 1073 } 1074 reset_d(d); 1075 BPFD_UNLOCK(d); 1076 if (old != NULL) 1077 free((caddr_t)old, M_BPF); 1078 #ifdef BPF_JITTER 1079 if (ofunc != NULL) 1080 bpf_destroy_jit_filter(ofunc); 1081 #endif 1082 1083 return (0); 1084 } 1085 free((caddr_t)fcode, M_BPF); 1086 return (EINVAL); 1087 } 1088 1089 /* 1090 * Detach a file from its current interface (if attached at all) and attach 1091 * to the interface indicated by the name stored in ifr. 1092 * Return an errno or 0. 1093 */ 1094 static int 1095 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1096 { 1097 struct bpf_if *bp; 1098 struct ifnet *theywant; 1099 1100 theywant = ifunit(ifr->ifr_name); 1101 if (theywant == NULL || theywant->if_bpf == NULL) 1102 return (ENXIO); 1103 1104 bp = theywant->if_bpf; 1105 /* 1106 * Allocate the packet buffers if we need to. 1107 * If we're already attached to requested interface, 1108 * just flush the buffer. 1109 */ 1110 if (d->bd_sbuf == NULL) 1111 bpf_allocbufs(d); 1112 if (bp != d->bd_bif) { 1113 if (d->bd_bif) 1114 /* 1115 * Detach if attached to something else. 1116 */ 1117 bpf_detachd(d); 1118 1119 bpf_attachd(d, bp); 1120 } 1121 BPFD_LOCK(d); 1122 reset_d(d); 1123 BPFD_UNLOCK(d); 1124 return (0); 1125 } 1126 1127 /* 1128 * Support for select() and poll() system calls 1129 * 1130 * Return true iff the specific operation will not block indefinitely. 1131 * Otherwise, return false but make a note that a selwakeup() must be done. 1132 */ 1133 static int 1134 bpfpoll(struct cdev *dev, int events, struct thread *td) 1135 { 1136 struct bpf_d *d; 1137 int revents; 1138 1139 d = dev->si_drv1; 1140 if (d->bd_bif == NULL) 1141 return (ENXIO); 1142 1143 /* 1144 * Refresh PID associated with this descriptor. 1145 */ 1146 revents = events & (POLLOUT | POLLWRNORM); 1147 BPFD_LOCK(d); 1148 d->bd_pid = td->td_proc->p_pid; 1149 if (events & (POLLIN | POLLRDNORM)) { 1150 if (bpf_ready(d)) 1151 revents |= events & (POLLIN | POLLRDNORM); 1152 else { 1153 selrecord(td, &d->bd_sel); 1154 /* Start the read timeout if necessary. */ 1155 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1156 callout_reset(&d->bd_callout, d->bd_rtout, 1157 bpf_timed_out, d); 1158 d->bd_state = BPF_WAITING; 1159 } 1160 } 1161 } 1162 BPFD_UNLOCK(d); 1163 return (revents); 1164 } 1165 1166 /* 1167 * Support for kevent() system call. Register EVFILT_READ filters and 1168 * reject all others. 1169 */ 1170 int 1171 bpfkqfilter(struct cdev *dev, struct knote *kn) 1172 { 1173 struct bpf_d *d = (struct bpf_d *)dev->si_drv1; 1174 1175 if (kn->kn_filter != EVFILT_READ) 1176 return (1); 1177 1178 /* 1179 * Refresh PID associated with this descriptor. 1180 */ 1181 BPFD_LOCK(d); 1182 d->bd_pid = curthread->td_proc->p_pid; 1183 kn->kn_fop = &bpfread_filtops; 1184 kn->kn_hook = d; 1185 knlist_add(&d->bd_sel.si_note, kn, 1); 1186 BPFD_UNLOCK(d); 1187 1188 return (0); 1189 } 1190 1191 static void 1192 filt_bpfdetach(struct knote *kn) 1193 { 1194 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1195 1196 knlist_remove(&d->bd_sel.si_note, kn, 0); 1197 } 1198 1199 static int 1200 filt_bpfread(struct knote *kn, long hint) 1201 { 1202 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 1203 int ready; 1204 1205 BPFD_LOCK_ASSERT(d); 1206 ready = bpf_ready(d); 1207 if (ready) { 1208 kn->kn_data = d->bd_slen; 1209 if (d->bd_hbuf) 1210 kn->kn_data += d->bd_hlen; 1211 } 1212 else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1213 callout_reset(&d->bd_callout, d->bd_rtout, 1214 bpf_timed_out, d); 1215 d->bd_state = BPF_WAITING; 1216 } 1217 1218 return (ready); 1219 } 1220 1221 /* 1222 * Incoming linkage from device drivers. Process the packet pkt, of length 1223 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1224 * by each process' filter, and if accepted, stashed into the corresponding 1225 * buffer. 1226 */ 1227 void 1228 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1229 { 1230 struct bpf_d *d; 1231 u_int slen; 1232 int gottime; 1233 struct timeval tv; 1234 1235 gottime = 0; 1236 BPFIF_LOCK(bp); 1237 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1238 BPFD_LOCK(d); 1239 ++d->bd_rcount; 1240 #ifdef BPF_JITTER 1241 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL) 1242 slen = (*(d->bd_bfilter->func))(pkt, pktlen, pktlen); 1243 else 1244 #endif 1245 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 1246 if (slen != 0) { 1247 d->bd_fcount++; 1248 if (!gottime) { 1249 microtime(&tv); 1250 gottime = 1; 1251 } 1252 #ifdef MAC 1253 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1254 #endif 1255 catchpacket(d, pkt, pktlen, slen, bcopy, &tv); 1256 } 1257 BPFD_UNLOCK(d); 1258 } 1259 BPFIF_UNLOCK(bp); 1260 } 1261 1262 /* 1263 * Copy data from an mbuf chain into a buffer. This code is derived 1264 * from m_copydata in sys/uipc_mbuf.c. 1265 */ 1266 static void 1267 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1268 { 1269 const struct mbuf *m; 1270 u_int count; 1271 u_char *dst; 1272 1273 m = src_arg; 1274 dst = dst_arg; 1275 while (len > 0) { 1276 if (m == NULL) 1277 panic("bpf_mcopy"); 1278 count = min(m->m_len, len); 1279 bcopy(mtod(m, void *), dst, count); 1280 m = m->m_next; 1281 dst += count; 1282 len -= count; 1283 } 1284 } 1285 1286 /* 1287 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1288 */ 1289 void 1290 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1291 { 1292 struct bpf_d *d; 1293 u_int pktlen, slen; 1294 int gottime; 1295 struct timeval tv; 1296 1297 gottime = 0; 1298 1299 pktlen = m_length(m, NULL); 1300 1301 BPFIF_LOCK(bp); 1302 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1303 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1304 continue; 1305 BPFD_LOCK(d); 1306 ++d->bd_rcount; 1307 #ifdef BPF_JITTER 1308 /* XXX We cannot handle multiple mbufs. */ 1309 if (bpf_jitter_enable != 0 && d->bd_bfilter != NULL && 1310 m->m_next == NULL) 1311 slen = (*(d->bd_bfilter->func))(mtod(m, u_char *), 1312 pktlen, pktlen); 1313 else 1314 #endif 1315 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 1316 if (slen != 0) { 1317 d->bd_fcount++; 1318 if (!gottime) { 1319 microtime(&tv); 1320 gottime = 1; 1321 } 1322 #ifdef MAC 1323 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1324 #endif 1325 catchpacket(d, (u_char *)m, pktlen, slen, 1326 bpf_mcopy, &tv); 1327 } 1328 BPFD_UNLOCK(d); 1329 } 1330 BPFIF_UNLOCK(bp); 1331 } 1332 1333 /* 1334 * Incoming linkage from device drivers, when packet is in 1335 * an mbuf chain and to be prepended by a contiguous header. 1336 */ 1337 void 1338 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 1339 { 1340 struct mbuf mb; 1341 struct bpf_d *d; 1342 u_int pktlen, slen; 1343 int gottime; 1344 struct timeval tv; 1345 1346 gottime = 0; 1347 1348 pktlen = m_length(m, NULL); 1349 /* 1350 * Craft on-stack mbuf suitable for passing to bpf_filter. 1351 * Note that we cut corners here; we only setup what's 1352 * absolutely needed--this mbuf should never go anywhere else. 1353 */ 1354 mb.m_next = m; 1355 mb.m_data = data; 1356 mb.m_len = dlen; 1357 pktlen += dlen; 1358 1359 BPFIF_LOCK(bp); 1360 LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1361 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1362 continue; 1363 BPFD_LOCK(d); 1364 ++d->bd_rcount; 1365 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 1366 if (slen != 0) { 1367 d->bd_fcount++; 1368 if (!gottime) { 1369 microtime(&tv); 1370 gottime = 1; 1371 } 1372 #ifdef MAC 1373 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0) 1374 #endif 1375 catchpacket(d, (u_char *)&mb, pktlen, slen, 1376 bpf_mcopy, &tv); 1377 } 1378 BPFD_UNLOCK(d); 1379 } 1380 BPFIF_UNLOCK(bp); 1381 } 1382 1383 /* 1384 * Move the packet data from interface memory (pkt) into the 1385 * store buffer. "cpfn" is the routine called to do the actual data 1386 * transfer. bcopy is passed in to copy contiguous chunks, while 1387 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1388 * pkt is really an mbuf. 1389 */ 1390 static void 1391 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1392 void (*cpfn)(const void *, void *, size_t), struct timeval *tv) 1393 { 1394 struct bpf_hdr *hp; 1395 int totlen, curlen; 1396 int hdrlen = d->bd_bif->bif_hdrlen; 1397 int do_wakeup = 0; 1398 1399 BPFD_LOCK_ASSERT(d); 1400 /* 1401 * Figure out how many bytes to move. If the packet is 1402 * greater or equal to the snapshot length, transfer that 1403 * much. Otherwise, transfer the whole packet (unless 1404 * we hit the buffer size limit). 1405 */ 1406 totlen = hdrlen + min(snaplen, pktlen); 1407 if (totlen > d->bd_bufsize) 1408 totlen = d->bd_bufsize; 1409 1410 /* 1411 * Round up the end of the previous packet to the next longword. 1412 */ 1413 curlen = BPF_WORDALIGN(d->bd_slen); 1414 if (curlen + totlen > d->bd_bufsize) { 1415 /* 1416 * This packet will overflow the storage buffer. 1417 * Rotate the buffers if we can, then wakeup any 1418 * pending reads. 1419 */ 1420 if (d->bd_fbuf == NULL) { 1421 /* 1422 * We haven't completed the previous read yet, 1423 * so drop the packet. 1424 */ 1425 ++d->bd_dcount; 1426 return; 1427 } 1428 ROTATE_BUFFERS(d); 1429 do_wakeup = 1; 1430 curlen = 0; 1431 } 1432 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1433 /* 1434 * Immediate mode is set, or the read timeout has 1435 * already expired during a select call. A packet 1436 * arrived, so the reader should be woken up. 1437 */ 1438 do_wakeup = 1; 1439 1440 /* 1441 * Append the bpf header. 1442 */ 1443 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1444 hp->bh_tstamp = *tv; 1445 hp->bh_datalen = pktlen; 1446 hp->bh_hdrlen = hdrlen; 1447 /* 1448 * Copy the packet data into the store buffer and update its length. 1449 */ 1450 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1451 d->bd_slen = curlen + totlen; 1452 1453 if (do_wakeup) 1454 bpf_wakeup(d); 1455 } 1456 1457 /* 1458 * Initialize all nonzero fields of a descriptor. 1459 */ 1460 static void 1461 bpf_allocbufs(struct bpf_d *d) 1462 { 1463 1464 KASSERT(d->bd_fbuf == NULL, ("bpf_allocbufs: bd_fbuf != NULL")); 1465 KASSERT(d->bd_sbuf == NULL, ("bpf_allocbufs: bd_sbuf != NULL")); 1466 KASSERT(d->bd_hbuf == NULL, ("bpf_allocbufs: bd_hbuf != NULL")); 1467 1468 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1469 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1470 d->bd_slen = 0; 1471 d->bd_hlen = 0; 1472 } 1473 1474 /* 1475 * Free buffers currently in use by a descriptor. 1476 * Called on close. 1477 */ 1478 static void 1479 bpf_freed(struct bpf_d *d) 1480 { 1481 /* 1482 * We don't need to lock out interrupts since this descriptor has 1483 * been detached from its interface and it yet hasn't been marked 1484 * free. 1485 */ 1486 if (d->bd_sbuf != NULL) { 1487 free(d->bd_sbuf, M_BPF); 1488 if (d->bd_hbuf != NULL) 1489 free(d->bd_hbuf, M_BPF); 1490 if (d->bd_fbuf != NULL) 1491 free(d->bd_fbuf, M_BPF); 1492 } 1493 if (d->bd_rfilter) { 1494 free((caddr_t)d->bd_rfilter, M_BPF); 1495 #ifdef BPF_JITTER 1496 bpf_destroy_jit_filter(d->bd_bfilter); 1497 #endif 1498 } 1499 if (d->bd_wfilter) 1500 free((caddr_t)d->bd_wfilter, M_BPF); 1501 mtx_destroy(&d->bd_mtx); 1502 } 1503 1504 /* 1505 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1506 * fixed size of the link header (variable length headers not yet supported). 1507 */ 1508 void 1509 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1510 { 1511 1512 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1513 } 1514 1515 /* 1516 * Attach an interface to bpf. ifp is a pointer to the structure 1517 * defining the interface to be attached, dlt is the link layer type, 1518 * and hdrlen is the fixed size of the link header (variable length 1519 * headers are not yet supporrted). 1520 */ 1521 void 1522 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1523 { 1524 struct bpf_if *bp; 1525 1526 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO); 1527 if (bp == NULL) 1528 panic("bpfattach"); 1529 1530 LIST_INIT(&bp->bif_dlist); 1531 bp->bif_ifp = ifp; 1532 bp->bif_dlt = dlt; 1533 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF); 1534 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized")); 1535 *driverp = bp; 1536 1537 mtx_lock(&bpf_mtx); 1538 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 1539 mtx_unlock(&bpf_mtx); 1540 1541 /* 1542 * Compute the length of the bpf header. This is not necessarily 1543 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1544 * that the network layer header begins on a longword boundary (for 1545 * performance reasons and to alleviate alignment restrictions). 1546 */ 1547 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1548 1549 if (bootverbose) 1550 if_printf(ifp, "bpf attached\n"); 1551 } 1552 1553 /* 1554 * Detach bpf from an interface. This involves detaching each descriptor 1555 * associated with the interface, and leaving bd_bif NULL. Notify each 1556 * descriptor as it's detached so that any sleepers wake up and get 1557 * ENXIO. 1558 */ 1559 void 1560 bpfdetach(struct ifnet *ifp) 1561 { 1562 struct bpf_if *bp; 1563 struct bpf_d *d; 1564 1565 /* Locate BPF interface information */ 1566 mtx_lock(&bpf_mtx); 1567 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1568 if (ifp == bp->bif_ifp) 1569 break; 1570 } 1571 1572 /* Interface wasn't attached */ 1573 if ((bp == NULL) || (bp->bif_ifp == NULL)) { 1574 mtx_unlock(&bpf_mtx); 1575 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1576 return; 1577 } 1578 1579 LIST_REMOVE(bp, bif_next); 1580 mtx_unlock(&bpf_mtx); 1581 1582 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) { 1583 bpf_detachd(d); 1584 BPFD_LOCK(d); 1585 bpf_wakeup(d); 1586 BPFD_UNLOCK(d); 1587 } 1588 1589 mtx_destroy(&bp->bif_mtx); 1590 free(bp, M_BPF); 1591 } 1592 1593 /* 1594 * Get a list of available data link type of the interface. 1595 */ 1596 static int 1597 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1598 { 1599 int n, error; 1600 struct ifnet *ifp; 1601 struct bpf_if *bp; 1602 1603 ifp = d->bd_bif->bif_ifp; 1604 n = 0; 1605 error = 0; 1606 mtx_lock(&bpf_mtx); 1607 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1608 if (bp->bif_ifp != ifp) 1609 continue; 1610 if (bfl->bfl_list != NULL) { 1611 if (n >= bfl->bfl_len) { 1612 mtx_unlock(&bpf_mtx); 1613 return (ENOMEM); 1614 } 1615 error = copyout(&bp->bif_dlt, 1616 bfl->bfl_list + n, sizeof(u_int)); 1617 } 1618 n++; 1619 } 1620 mtx_unlock(&bpf_mtx); 1621 bfl->bfl_len = n; 1622 return (error); 1623 } 1624 1625 /* 1626 * Set the data link type of a BPF instance. 1627 */ 1628 static int 1629 bpf_setdlt(struct bpf_d *d, u_int dlt) 1630 { 1631 int error, opromisc; 1632 struct ifnet *ifp; 1633 struct bpf_if *bp; 1634 1635 if (d->bd_bif->bif_dlt == dlt) 1636 return (0); 1637 ifp = d->bd_bif->bif_ifp; 1638 mtx_lock(&bpf_mtx); 1639 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1640 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1641 break; 1642 } 1643 mtx_unlock(&bpf_mtx); 1644 if (bp != NULL) { 1645 opromisc = d->bd_promisc; 1646 bpf_detachd(d); 1647 bpf_attachd(d, bp); 1648 BPFD_LOCK(d); 1649 reset_d(d); 1650 BPFD_UNLOCK(d); 1651 if (opromisc) { 1652 error = ifpromisc(bp->bif_ifp, 1); 1653 if (error) 1654 if_printf(bp->bif_ifp, 1655 "bpf_setdlt: ifpromisc failed (%d)\n", 1656 error); 1657 else 1658 d->bd_promisc = 1; 1659 } 1660 } 1661 return (bp == NULL ? EINVAL : 0); 1662 } 1663 1664 static void 1665 bpf_clone(void *arg, struct ucred *cred, char *name, int namelen, 1666 struct cdev **dev) 1667 { 1668 int u; 1669 1670 if (*dev != NULL) 1671 return; 1672 if (dev_stdclone(name, NULL, "bpf", &u) != 1) 1673 return; 1674 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600, 1675 "bpf%d", u); 1676 dev_ref(*dev); 1677 (*dev)->si_flags |= SI_CHEAPCLONE; 1678 return; 1679 } 1680 1681 static void 1682 bpf_drvinit(void *unused) 1683 { 1684 1685 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF); 1686 LIST_INIT(&bpf_iflist); 1687 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000); 1688 } 1689 1690 static void 1691 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 1692 { 1693 1694 bzero(d, sizeof(*d)); 1695 BPFD_LOCK_ASSERT(bd); 1696 d->bd_immediate = bd->bd_immediate; 1697 d->bd_promisc = bd->bd_promisc; 1698 d->bd_hdrcmplt = bd->bd_hdrcmplt; 1699 d->bd_seesent = bd->bd_seesent; 1700 d->bd_async = bd->bd_async; 1701 d->bd_rcount = bd->bd_rcount; 1702 d->bd_dcount = bd->bd_dcount; 1703 d->bd_fcount = bd->bd_fcount; 1704 d->bd_sig = bd->bd_sig; 1705 d->bd_slen = bd->bd_slen; 1706 d->bd_hlen = bd->bd_hlen; 1707 d->bd_bufsize = bd->bd_bufsize; 1708 d->bd_pid = bd->bd_pid; 1709 strlcpy(d->bd_ifname, 1710 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 1711 d->bd_locked = bd->bd_locked; 1712 } 1713 1714 static int 1715 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 1716 { 1717 struct xbpf_d *xbdbuf, *xbd; 1718 int index, error; 1719 struct bpf_if *bp; 1720 struct bpf_d *bd; 1721 1722 /* 1723 * XXX This is not technically correct. It is possible for non 1724 * privileged users to open bpf devices. It would make sense 1725 * if the users who opened the devices were able to retrieve 1726 * the statistics for them, too. 1727 */ 1728 error = priv_check(req->td, PRIV_NET_BPF); 1729 if (error) 1730 return (error); 1731 if (req->oldptr == NULL) 1732 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 1733 if (bpf_bpfd_cnt == 0) 1734 return (SYSCTL_OUT(req, 0, 0)); 1735 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 1736 mtx_lock(&bpf_mtx); 1737 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 1738 mtx_unlock(&bpf_mtx); 1739 free(xbdbuf, M_BPF); 1740 return (ENOMEM); 1741 } 1742 index = 0; 1743 LIST_FOREACH(bp, &bpf_iflist, bif_next) { 1744 BPFIF_LOCK(bp); 1745 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 1746 xbd = &xbdbuf[index++]; 1747 BPFD_LOCK(bd); 1748 bpfstats_fill_xbpf(xbd, bd); 1749 BPFD_UNLOCK(bd); 1750 } 1751 BPFIF_UNLOCK(bp); 1752 } 1753 mtx_unlock(&bpf_mtx); 1754 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 1755 free(xbdbuf, M_BPF); 1756 return (error); 1757 } 1758 1759 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL) 1760 1761 #else /* !DEV_BPF && !NETGRAPH_BPF */ 1762 /* 1763 * NOP stubs to allow bpf-using drivers to load and function. 1764 * 1765 * A 'better' implementation would allow the core bpf functionality 1766 * to be loaded at runtime. 1767 */ 1768 static struct bpf_if bp_null; 1769 1770 void 1771 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1772 { 1773 } 1774 1775 void 1776 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1777 { 1778 } 1779 1780 void 1781 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m) 1782 { 1783 } 1784 1785 void 1786 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1787 { 1788 1789 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 1790 } 1791 1792 void 1793 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1794 { 1795 1796 *driverp = &bp_null; 1797 } 1798 1799 void 1800 bpfdetach(struct ifnet *ifp) 1801 { 1802 } 1803 1804 u_int 1805 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1806 { 1807 return -1; /* "no filter" behaviour */ 1808 } 1809 1810 int 1811 bpf_validate(const struct bpf_insn *f, int len) 1812 { 1813 return 0; /* false */ 1814 } 1815 1816 #endif /* !DEV_BPF && !NETGRAPH_BPF */ 1817