1 /*- 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)bpf.h 8.1 (Berkeley) 6/10/93 35 * @(#)bpf.h 1.34 (LBL) 6/16/96 36 * 37 * $FreeBSD$ 38 */ 39 40 #ifndef _NET_BPF_H_ 41 #define _NET_BPF_H_ 42 43 /* BSD style release date */ 44 #define BPF_RELEASE 199606 45 46 typedef int32_t bpf_int32; 47 typedef u_int32_t bpf_u_int32; 48 49 /* 50 * Alignment macros. BPF_WORDALIGN rounds up to the next 51 * even multiple of BPF_ALIGNMENT. 52 */ 53 #define BPF_ALIGNMENT sizeof(long) 54 #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 55 56 #define BPF_MAXINSNS 512 57 #define BPF_MAXBUFSIZE 0x80000 58 #define BPF_MINBUFSIZE 32 59 60 /* 61 * Structure for BIOCSETF. 62 */ 63 struct bpf_program { 64 u_int bf_len; 65 struct bpf_insn *bf_insns; 66 }; 67 68 /* 69 * Struct returned by BIOCGSTATS. 70 */ 71 struct bpf_stat { 72 u_int bs_recv; /* number of packets received */ 73 u_int bs_drop; /* number of packets dropped */ 74 }; 75 76 /* 77 * Struct return by BIOCVERSION. This represents the version number of 78 * the filter language described by the instruction encodings below. 79 * bpf understands a program iff kernel_major == filter_major && 80 * kernel_minor >= filter_minor, that is, if the value returned by the 81 * running kernel has the same major number and a minor number equal 82 * equal to or less than the filter being downloaded. Otherwise, the 83 * results are undefined, meaning an error may be returned or packets 84 * may be accepted haphazardly. 85 * It has nothing to do with the source code version. 86 */ 87 struct bpf_version { 88 u_short bv_major; 89 u_short bv_minor; 90 }; 91 /* Current version number of filter architecture. */ 92 #define BPF_MAJOR_VERSION 1 93 #define BPF_MINOR_VERSION 1 94 95 /* 96 * Historically, BPF has supported a single buffering model, first using mbuf 97 * clusters in kernel, and later using malloc(9) buffers in kernel. We now 98 * support multiple buffering modes, which may be queried and set using 99 * BIOCGETBUFMODE and BIOCSETBUFMODE. So as to avoid handling the complexity 100 * of changing modes while sniffing packets, the mode becomes fixed once an 101 * interface has been attached to the BPF descriptor. 102 */ 103 #define BPF_BUFMODE_BUFFER 1 /* Kernel buffers with read(). */ 104 #define BPF_BUFMODE_ZBUF 2 /* Zero-copy buffers. */ 105 106 /*- 107 * Struct used by BIOCSETZBUF, BIOCROTZBUF: describes up to two zero-copy 108 * buffer as used by BPF. 109 */ 110 struct bpf_zbuf { 111 void *bz_bufa; /* Location of 'a' zero-copy buffer. */ 112 void *bz_bufb; /* Location of 'b' zero-copy buffer. */ 113 size_t bz_buflen; /* Size of zero-copy buffers. */ 114 }; 115 116 #define BIOCGBLEN _IOR('B',102, u_int) 117 #define BIOCSBLEN _IOWR('B',102, u_int) 118 #define BIOCSETF _IOW('B',103, struct bpf_program) 119 #define BIOCFLUSH _IO('B',104) 120 #define BIOCPROMISC _IO('B',105) 121 #define BIOCGDLT _IOR('B',106, u_int) 122 #define BIOCGETIF _IOR('B',107, struct ifreq) 123 #define BIOCSETIF _IOW('B',108, struct ifreq) 124 #define BIOCSRTIMEOUT _IOW('B',109, struct timeval) 125 #define BIOCGRTIMEOUT _IOR('B',110, struct timeval) 126 #define BIOCGSTATS _IOR('B',111, struct bpf_stat) 127 #define BIOCIMMEDIATE _IOW('B',112, u_int) 128 #define BIOCVERSION _IOR('B',113, struct bpf_version) 129 #define BIOCGRSIG _IOR('B',114, u_int) 130 #define BIOCSRSIG _IOW('B',115, u_int) 131 #define BIOCGHDRCMPLT _IOR('B',116, u_int) 132 #define BIOCSHDRCMPLT _IOW('B',117, u_int) 133 #define BIOCGDIRECTION _IOR('B',118, u_int) 134 #define BIOCSDIRECTION _IOW('B',119, u_int) 135 #define BIOCSDLT _IOW('B',120, u_int) 136 #define BIOCGDLTLIST _IOWR('B',121, struct bpf_dltlist) 137 #define BIOCLOCK _IO('B', 122) 138 #define BIOCSETWF _IOW('B',123, struct bpf_program) 139 #define BIOCFEEDBACK _IOW('B',124, u_int) 140 #define BIOCGETBUFMODE _IOR('B',125, u_int) 141 #define BIOCSETBUFMODE _IOW('B',126, u_int) 142 #define BIOCGETZMAX _IOR('B',127, size_t) 143 #define BIOCROTZBUF _IOR('B',128, struct bpf_zbuf) 144 #define BIOCSETZBUF _IOW('B',129, struct bpf_zbuf) 145 146 /* Obsolete */ 147 #define BIOCGSEESENT BIOCGDIRECTION 148 #define BIOCSSEESENT BIOCSDIRECTION 149 150 /* Packet directions */ 151 enum bpf_direction { 152 BPF_D_IN, /* See incoming packets */ 153 BPF_D_INOUT, /* See incoming and outgoing packets */ 154 BPF_D_OUT /* See outgoing packets */ 155 }; 156 157 /* 158 * Structure prepended to each packet. 159 */ 160 struct bpf_hdr { 161 struct timeval bh_tstamp; /* time stamp */ 162 bpf_u_int32 bh_caplen; /* length of captured portion */ 163 bpf_u_int32 bh_datalen; /* original length of packet */ 164 u_short bh_hdrlen; /* length of bpf header (this struct 165 plus alignment padding) */ 166 }; 167 /* 168 * Because the structure above is not a multiple of 4 bytes, some compilers 169 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. 170 * Only the kernel needs to know about it; applications use bh_hdrlen. 171 */ 172 #ifdef _KERNEL 173 #define SIZEOF_BPF_HDR (sizeof(struct bpf_hdr) <= 20 ? 18 : \ 174 sizeof(struct bpf_hdr)) 175 #endif 176 177 /* 178 * When using zero-copy BPF buffers, a shared memory header is present 179 * allowing the kernel BPF implementation and user process to synchronize 180 * without using system calls. This structure defines that header. When 181 * accessing these fields, appropriate atomic operation and memory barriers 182 * are required in order not to see stale or out-of-order data; see bpf(4) 183 * for reference code to access these fields from userspace. 184 * 185 * The layout of this structure is critical, and must not be changed; if must 186 * fit in a single page on all architectures. 187 */ 188 struct bpf_zbuf_header { 189 volatile u_int bzh_kernel_gen; /* Kernel generation number. */ 190 volatile u_int bzh_kernel_len; /* Length of data in the buffer. */ 191 volatile u_int bzh_user_gen; /* User generation number. */ 192 u_int _bzh_pad[5]; 193 }; 194 195 /* 196 * Data-link level type codes. 197 */ 198 #define DLT_NULL 0 /* BSD loopback encapsulation */ 199 #define DLT_EN10MB 1 /* Ethernet (10Mb) */ 200 #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ 201 #define DLT_AX25 3 /* Amateur Radio AX.25 */ 202 #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ 203 #define DLT_CHAOS 5 /* Chaos */ 204 #define DLT_IEEE802 6 /* IEEE 802 Networks */ 205 #define DLT_ARCNET 7 /* ARCNET */ 206 #define DLT_SLIP 8 /* Serial Line IP */ 207 #define DLT_PPP 9 /* Point-to-point Protocol */ 208 #define DLT_FDDI 10 /* FDDI */ 209 #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ 210 #define DLT_RAW 12 /* raw IP */ 211 212 /* 213 * These are values from BSD/OS's "bpf.h". 214 * These are not the same as the values from the traditional libpcap 215 * "bpf.h"; however, these values shouldn't be generated by any 216 * OS other than BSD/OS, so the correct values to use here are the 217 * BSD/OS values. 218 * 219 * Platforms that have already assigned these values to other 220 * DLT_ codes, however, should give these codes the values 221 * from that platform, so that programs that use these codes will 222 * continue to compile - even though they won't correctly read 223 * files of these types. 224 */ 225 #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ 226 #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ 227 228 #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ 229 230 /* 231 * These values are defined by NetBSD; other platforms should refrain from 232 * using them for other purposes, so that NetBSD savefiles with link 233 * types of 50 or 51 can be read as this type on all platforms. 234 */ 235 #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ 236 #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ 237 238 /* 239 * Reserved for the Symantec Enterprise Firewall. 240 */ 241 #define DLT_SYMANTEC_FIREWALL 99 242 243 244 /* 245 * This value was defined by libpcap 0.5; platforms that have defined 246 * it with a different value should define it here with that value - 247 * a link type of 104 in a save file will be mapped to DLT_C_HDLC, 248 * whatever value that happens to be, so programs will correctly 249 * handle files with that link type regardless of the value of 250 * DLT_C_HDLC. 251 * 252 * The name DLT_C_HDLC was used by BSD/OS; we use that name for source 253 * compatibility with programs written for BSD/OS. 254 * 255 * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, 256 * for source compatibility with programs written for libpcap 0.5. 257 */ 258 #define DLT_C_HDLC 104 /* Cisco HDLC */ 259 #define DLT_CHDLC DLT_C_HDLC 260 261 #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ 262 263 /* 264 * Values between 106 and 107 are used in capture file headers as 265 * link-layer types corresponding to DLT_ types that might differ 266 * between platforms; don't use those values for new DLT_ new types. 267 */ 268 269 /* 270 * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides 271 * with other values. 272 * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header 273 * (DLCI, etc.). 274 */ 275 #define DLT_FRELAY 107 276 277 /* 278 * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except 279 * that the AF_ type in the link-layer header is in network byte order. 280 * 281 * OpenBSD defines it as 12, but that collides with DLT_RAW, so we 282 * define it as 108 here. If OpenBSD picks up this file, it should 283 * define DLT_LOOP as 12 in its version, as per the comment above - 284 * and should not use 108 as a DLT_ value. 285 */ 286 #define DLT_LOOP 108 287 288 /* 289 * Values between 109 and 112 are used in capture file headers as 290 * link-layer types corresponding to DLT_ types that might differ 291 * between platforms; don't use those values for new DLT_ new types. 292 */ 293 294 /* 295 * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's 296 * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other 297 * than OpenBSD. 298 */ 299 #define DLT_ENC 109 300 301 /* 302 * This is for Linux cooked sockets. 303 */ 304 #define DLT_LINUX_SLL 113 305 306 /* 307 * Apple LocalTalk hardware. 308 */ 309 #define DLT_LTALK 114 310 311 /* 312 * Acorn Econet. 313 */ 314 #define DLT_ECONET 115 315 316 /* 317 * Reserved for use with OpenBSD ipfilter. 318 */ 319 #define DLT_IPFILTER 116 320 321 /* 322 * Reserved for use in capture-file headers as a link-layer type 323 * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, 324 * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it 325 * in capture-file headers. 326 */ 327 #define DLT_PFLOG 117 328 329 /* 330 * Registered for Cisco-internal use. 331 */ 332 #define DLT_CISCO_IOS 118 333 334 /* 335 * Reserved for 802.11 cards using the Prism II chips, with a link-layer 336 * header including Prism monitor mode information plus an 802.11 337 * header. 338 */ 339 #define DLT_PRISM_HEADER 119 340 341 /* 342 * Reserved for Aironet 802.11 cards, with an Aironet link-layer header 343 * (see Doug Ambrisko's FreeBSD patches). 344 */ 345 #define DLT_AIRONET_HEADER 120 346 347 /* 348 * Reserved for use by OpenBSD's pfsync device. 349 */ 350 #define DLT_PFSYNC 121 351 352 /* 353 * Reserved for Siemens HiPath HDLC. XXX 354 */ 355 #define DLT_HHDLC 121 356 357 /* 358 * Reserved for RFC 2625 IP-over-Fibre Channel. 359 */ 360 #define DLT_IP_OVER_FC 122 361 362 /* 363 * Reserved for Full Frontal ATM on Solaris. 364 */ 365 #define DLT_SUNATM 123 366 367 /* 368 * Reserved as per request from Kent Dahlgren <kent@praesum.com> 369 * for private use. 370 */ 371 #define DLT_RIO 124 /* RapidIO */ 372 #define DLT_PCI_EXP 125 /* PCI Express */ 373 #define DLT_AURORA 126 /* Xilinx Aurora link layer */ 374 375 /* 376 * BSD header for 802.11 plus a number of bits of link-layer information 377 * including radio information. 378 */ 379 #ifndef DLT_IEEE802_11_RADIO 380 #define DLT_IEEE802_11_RADIO 127 381 #endif 382 383 /* 384 * Reserved for TZSP encapsulation. 385 */ 386 #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ 387 388 /* 389 * Reserved for Linux ARCNET. 390 */ 391 #define DLT_ARCNET_LINUX 129 392 393 /* 394 * Juniper-private data link types. 395 */ 396 #define DLT_JUNIPER_MLPPP 130 397 #define DLT_JUNIPER_MLFR 131 398 #define DLT_JUNIPER_ES 132 399 #define DLT_JUNIPER_GGSN 133 400 #define DLT_JUNIPER_MFR 134 401 #define DLT_JUNIPER_ATM2 135 402 #define DLT_JUNIPER_SERVICES 136 403 #define DLT_JUNIPER_ATM1 137 404 405 /* 406 * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund 407 * <dieter@apple.com>. The header that's presented is an Ethernet-like 408 * header: 409 * 410 * #define FIREWIRE_EUI64_LEN 8 411 * struct firewire_header { 412 * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; 413 * u_char firewire_shost[FIREWIRE_EUI64_LEN]; 414 * u_short firewire_type; 415 * }; 416 * 417 * with "firewire_type" being an Ethernet type value, rather than, 418 * for example, raw GASP frames being handed up. 419 */ 420 #define DLT_APPLE_IP_OVER_IEEE1394 138 421 422 /* 423 * Various SS7 encapsulations, as per a request from Jeff Morriss 424 * <jeff.morriss[AT]ulticom.com> and subsequent discussions. 425 */ 426 #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ 427 #define DLT_MTP2 140 /* MTP2, without pseudo-header */ 428 #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ 429 #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ 430 431 /* 432 * Reserved for DOCSIS. 433 */ 434 #define DLT_DOCSIS 143 435 436 /* 437 * Reserved for Linux IrDA. 438 */ 439 #define DLT_LINUX_IRDA 144 440 441 /* 442 * Reserved for IBM SP switch and IBM Next Federation switch. 443 */ 444 #define DLT_IBM_SP 145 445 #define DLT_IBM_SN 146 446 447 /* 448 * Reserved for private use. If you have some link-layer header type 449 * that you want to use within your organization, with the capture files 450 * using that link-layer header type not ever be sent outside your 451 * organization, you can use these values. 452 * 453 * No libpcap release will use these for any purpose, nor will any 454 * tcpdump release use them, either. 455 * 456 * Do *NOT* use these in capture files that you expect anybody not using 457 * your private versions of capture-file-reading tools to read; in 458 * particular, do *NOT* use them in products, otherwise you may find that 459 * people won't be able to use tcpdump, or snort, or Ethereal, or... to 460 * read capture files from your firewall/intrusion detection/traffic 461 * monitoring/etc. appliance, or whatever product uses that DLT_ value, 462 * and you may also find that the developers of those applications will 463 * not accept patches to let them read those files. 464 * 465 * Also, do not use them if somebody might send you a capture using them 466 * for *their* private type and tools using them for *your* private type 467 * would have to read them. 468 * 469 * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value, 470 * as per the comment above, and use the type you're given. 471 */ 472 #define DLT_USER0 147 473 #define DLT_USER1 148 474 #define DLT_USER2 149 475 #define DLT_USER3 150 476 #define DLT_USER4 151 477 #define DLT_USER5 152 478 #define DLT_USER6 153 479 #define DLT_USER7 154 480 #define DLT_USER8 155 481 #define DLT_USER9 156 482 #define DLT_USER10 157 483 #define DLT_USER11 158 484 #define DLT_USER12 159 485 #define DLT_USER13 160 486 #define DLT_USER14 161 487 #define DLT_USER15 162 488 489 /* 490 * For future use with 802.11 captures - defined by AbsoluteValue 491 * Systems to store a number of bits of link-layer information 492 * including radio information: 493 * 494 * http://www.shaftnet.org/~pizza/software/capturefrm.txt 495 * 496 * but it might be used by some non-AVS drivers now or in the 497 * future. 498 */ 499 #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ 500 501 /* 502 * Juniper-private data link type, as per request from 503 * Hannes Gredler <hannes@juniper.net>. The DLT_s are used 504 * for passing on chassis-internal metainformation such as 505 * QOS profiles, etc.. 506 */ 507 #define DLT_JUNIPER_MONITOR 164 508 509 /* 510 * Reserved for BACnet MS/TP. 511 */ 512 #define DLT_BACNET_MS_TP 165 513 514 /* 515 * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>. 516 * 517 * This is used in some OSes to allow a kernel socket filter to distinguish 518 * between incoming and outgoing packets, on a socket intended to 519 * supply pppd with outgoing packets so it can do dial-on-demand and 520 * hangup-on-lack-of-demand; incoming packets are filtered out so they 521 * don't cause pppd to hold the connection up (you don't want random 522 * input packets such as port scans, packets from old lost connections, 523 * etc. to force the connection to stay up). 524 * 525 * The first byte of the PPP header (0xff03) is modified to accomodate 526 * the direction - 0x00 = IN, 0x01 = OUT. 527 */ 528 #define DLT_PPP_PPPD 166 529 530 /* 531 * Names for backwards compatibility with older versions of some PPP 532 * software; new software should use DLT_PPP_PPPD. 533 */ 534 #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD 535 #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD 536 537 /* 538 * Juniper-private data link type, as per request from 539 * Hannes Gredler <hannes@juniper.net>. The DLT_s are used 540 * for passing on chassis-internal metainformation such as 541 * QOS profiles, cookies, etc.. 542 */ 543 #define DLT_JUNIPER_PPPOE 167 544 #define DLT_JUNIPER_PPPOE_ATM 168 545 546 #define DLT_GPRS_LLC 169 /* GPRS LLC */ 547 #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ 548 #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ 549 550 /* 551 * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line 552 * monitoring equipment. 553 */ 554 #define DLT_GCOM_T1E1 172 555 #define DLT_GCOM_SERIAL 173 556 557 /* 558 * Juniper-private data link type, as per request from 559 * Hannes Gredler <hannes@juniper.net>. The DLT_ is used 560 * for internal communication to Physical Interface Cards (PIC) 561 */ 562 #define DLT_JUNIPER_PIC_PEER 174 563 564 /* 565 * Link types requested by Gregor Maier <gregor@endace.com> of Endace 566 * Measurement Systems. They add an ERF header (see 567 * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of 568 * the link-layer header. 569 */ 570 #define DLT_ERF_ETH 175 /* Ethernet */ 571 #define DLT_ERF_POS 176 /* Packet-over-SONET */ 572 573 /* 574 * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD 575 * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header 576 * includes additional information before the LAPD header, so it's 577 * not necessarily a generic LAPD header. 578 */ 579 #define DLT_LINUX_LAPD 177 580 581 /* 582 * Juniper-private data link type, as per request from 583 * Hannes Gredler <hannes@juniper.net>. 584 * The DLT_ are used for prepending meta-information 585 * like interface index, interface name 586 * before standard Ethernet, PPP, Frelay & C-HDLC Frames 587 */ 588 #define DLT_JUNIPER_ETHER 178 589 #define DLT_JUNIPER_PPP 179 590 #define DLT_JUNIPER_FRELAY 180 591 #define DLT_JUNIPER_CHDLC 181 592 593 /* 594 * Multi Link Frame Relay (FRF.16) 595 */ 596 #define DLT_MFR 182 597 598 /* 599 * Juniper-private data link type, as per request from 600 * Hannes Gredler <hannes@juniper.net>. 601 * The DLT_ is used for internal communication with a 602 * voice Adapter Card (PIC) 603 */ 604 #define DLT_JUNIPER_VP 183 605 606 /* 607 * Arinc 429 frames. 608 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 609 * Every frame contains a 32bit A429 label. 610 * More documentation on Arinc 429 can be found at 611 * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf 612 */ 613 #define DLT_A429 184 614 615 /* 616 * Arinc 653 Interpartition Communication messages. 617 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 618 * Please refer to the A653-1 standard for more information. 619 */ 620 #define DLT_A653_ICM 185 621 622 /* 623 * USB packets, beginning with a USB setup header; requested by 624 * Paolo Abeni <paolo.abeni@email.it>. 625 */ 626 #define DLT_USB 186 627 628 /* 629 * Bluetooth HCI UART transport layer (part H:4); requested by 630 * Paolo Abeni. 631 */ 632 #define DLT_BLUETOOTH_HCI_H4 187 633 634 /* 635 * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz 636 * <cruz_petagay@bah.com>. 637 */ 638 #define DLT_IEEE802_16_MAC_CPS 188 639 640 /* 641 * USB packets, beginning with a Linux USB header; requested by 642 * Paolo Abeni <paolo.abeni@email.it>. 643 */ 644 #define DLT_USB_LINUX 189 645 646 /* 647 * Controller Area Network (CAN) v. 2.0B packets. 648 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 649 * Used to dump CAN packets coming from a CAN Vector board. 650 * More documentation on the CAN v2.0B frames can be found at 651 * http://www.can-cia.org/downloads/?269 652 */ 653 #define DLT_CAN20B 190 654 655 /* 656 * IEEE 802.15.4, with address fields padded, as is done by Linux 657 * drivers; requested by Juergen Schimmer. 658 */ 659 #define DLT_IEEE802_15_4_LINUX 191 660 661 /* 662 * Per Packet Information encapsulated packets. 663 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 664 */ 665 #define DLT_PPI 192 666 667 /* 668 * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; 669 * requested by Charles Clancy. 670 */ 671 #define DLT_IEEE802_16_MAC_CPS_RADIO 193 672 673 /* 674 * Juniper-private data link type, as per request from 675 * Hannes Gredler <hannes@juniper.net>. 676 * The DLT_ is used for internal communication with a 677 * integrated service module (ISM). 678 */ 679 #define DLT_JUNIPER_ISM 194 680 681 /* 682 * IEEE 802.15.4, exactly as it appears in the spec (no padding, no 683 * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>. 684 */ 685 #define DLT_IEEE802_15_4 195 686 687 /* 688 * Various link-layer types, with a pseudo-header, for SITA 689 * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). 690 */ 691 #define DLT_SITA 196 692 693 /* 694 * Various link-layer types, with a pseudo-header, for Endace DAG cards; 695 * encapsulates Endace ERF records. Requested by Stephen Donnelly 696 * <stephen@endace.com>. 697 */ 698 #define DLT_ERF 197 699 700 /* 701 * Special header prepended to Ethernet packets when capturing from a 702 * u10 Networks board. Requested by Phil Mulholland 703 * <phil@u10networks.com>. 704 */ 705 #define DLT_RAIF1 198 706 707 /* 708 * IPMB packet for IPMI, beginning with the I2C slave address, followed 709 * by the netFn and LUN, etc.. Requested by Chanthy Toeung 710 * <chanthy.toeung@ca.kontron.com>. 711 */ 712 #define DLT_IPMB 199 713 714 /* 715 * Juniper-private data link type, as per request from 716 * Hannes Gredler <hannes@juniper.net>. 717 * The DLT_ is used for capturing data on a secure tunnel interface. 718 */ 719 #define DLT_JUNIPER_ST 200 720 721 /* 722 * Bluetooth HCI UART transport layer (part H:4), with pseudo-header 723 * that includes direction information; requested by Paolo Abeni. 724 */ 725 #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 726 727 /* 728 * The instruction encodings. 729 */ 730 /* instruction classes */ 731 #define BPF_CLASS(code) ((code) & 0x07) 732 #define BPF_LD 0x00 733 #define BPF_LDX 0x01 734 #define BPF_ST 0x02 735 #define BPF_STX 0x03 736 #define BPF_ALU 0x04 737 #define BPF_JMP 0x05 738 #define BPF_RET 0x06 739 #define BPF_MISC 0x07 740 741 /* ld/ldx fields */ 742 #define BPF_SIZE(code) ((code) & 0x18) 743 #define BPF_W 0x00 744 #define BPF_H 0x08 745 #define BPF_B 0x10 746 #define BPF_MODE(code) ((code) & 0xe0) 747 #define BPF_IMM 0x00 748 #define BPF_ABS 0x20 749 #define BPF_IND 0x40 750 #define BPF_MEM 0x60 751 #define BPF_LEN 0x80 752 #define BPF_MSH 0xa0 753 754 /* alu/jmp fields */ 755 #define BPF_OP(code) ((code) & 0xf0) 756 #define BPF_ADD 0x00 757 #define BPF_SUB 0x10 758 #define BPF_MUL 0x20 759 #define BPF_DIV 0x30 760 #define BPF_OR 0x40 761 #define BPF_AND 0x50 762 #define BPF_LSH 0x60 763 #define BPF_RSH 0x70 764 #define BPF_NEG 0x80 765 #define BPF_JA 0x00 766 #define BPF_JEQ 0x10 767 #define BPF_JGT 0x20 768 #define BPF_JGE 0x30 769 #define BPF_JSET 0x40 770 #define BPF_SRC(code) ((code) & 0x08) 771 #define BPF_K 0x00 772 #define BPF_X 0x08 773 774 /* ret - BPF_K and BPF_X also apply */ 775 #define BPF_RVAL(code) ((code) & 0x18) 776 #define BPF_A 0x10 777 778 /* misc */ 779 #define BPF_MISCOP(code) ((code) & 0xf8) 780 #define BPF_TAX 0x00 781 #define BPF_TXA 0x80 782 783 /* 784 * The instruction data structure. 785 */ 786 struct bpf_insn { 787 u_short code; 788 u_char jt; 789 u_char jf; 790 bpf_u_int32 k; 791 }; 792 793 /* 794 * Macros for insn array initializers. 795 */ 796 #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } 797 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } 798 799 /* 800 * Structure to retrieve available DLTs for the interface. 801 */ 802 struct bpf_dltlist { 803 u_int bfl_len; /* number of bfd_list array */ 804 u_int *bfl_list; /* array of DLTs */ 805 }; 806 807 #ifdef _KERNEL 808 #ifdef MALLOC_DECLARE 809 MALLOC_DECLARE(M_BPF); 810 #endif 811 #ifdef SYSCTL_DECL 812 SYSCTL_DECL(_net_bpf); 813 #endif 814 815 /* 816 * Rotate the packet buffers in descriptor d. Move the store buffer into the 817 * hold slot, and the free buffer ino the store slot. Zero the length of the 818 * new store buffer. Descriptor lock should be held. 819 */ 820 #define ROTATE_BUFFERS(d) do { \ 821 (d)->bd_hbuf = (d)->bd_sbuf; \ 822 (d)->bd_hlen = (d)->bd_slen; \ 823 (d)->bd_sbuf = (d)->bd_fbuf; \ 824 (d)->bd_slen = 0; \ 825 (d)->bd_fbuf = NULL; \ 826 bpf_bufheld(d); \ 827 } while (0) 828 829 /* 830 * Descriptor associated with each attached hardware interface. 831 */ 832 struct bpf_if { 833 LIST_ENTRY(bpf_if) bif_next; /* list of all interfaces */ 834 LIST_HEAD(, bpf_d) bif_dlist; /* descriptor list */ 835 u_int bif_dlt; /* link layer type */ 836 u_int bif_hdrlen; /* length of header (with padding) */ 837 struct ifnet *bif_ifp; /* corresponding interface */ 838 struct mtx bif_mtx; /* mutex for interface */ 839 }; 840 841 void bpf_bufheld(struct bpf_d *d); 842 int bpf_validate(const struct bpf_insn *, int); 843 void bpf_tap(struct bpf_if *, u_char *, u_int); 844 void bpf_mtap(struct bpf_if *, struct mbuf *); 845 void bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *); 846 void bpfattach(struct ifnet *, u_int, u_int); 847 void bpfattach2(struct ifnet *, u_int, u_int, struct bpf_if **); 848 void bpfdetach(struct ifnet *); 849 850 void bpfilterattach(int); 851 u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int); 852 853 static __inline int 854 bpf_peers_present(struct bpf_if *bpf) 855 { 856 857 if (!LIST_EMPTY(&bpf->bif_dlist)) 858 return (1); 859 return (0); 860 } 861 862 #define BPF_TAP(_ifp,_pkt,_pktlen) do { \ 863 if (bpf_peers_present((_ifp)->if_bpf)) \ 864 bpf_tap((_ifp)->if_bpf, (_pkt), (_pktlen)); \ 865 } while (0) 866 #define BPF_MTAP(_ifp,_m) do { \ 867 if (bpf_peers_present((_ifp)->if_bpf)) { \ 868 M_ASSERTVALID(_m); \ 869 bpf_mtap((_ifp)->if_bpf, (_m)); \ 870 } \ 871 } while (0) 872 #define BPF_MTAP2(_ifp,_data,_dlen,_m) do { \ 873 if (bpf_peers_present((_ifp)->if_bpf)) { \ 874 M_ASSERTVALID(_m); \ 875 bpf_mtap2((_ifp)->if_bpf,(_data),(_dlen),(_m)); \ 876 } \ 877 } while (0) 878 #endif 879 880 /* 881 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 882 */ 883 #define BPF_MEMWORDS 16 884 885 #endif /* _NET_BPF_H_ */ 886