xref: /freebsd/sys/net/bpf_ifnet.c (revision fe53a8a82c8185e332deb8e1926f0e137aeb2548)

/*-
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Copyright (c) 1990, 1991, 1993
 *	The Regents of the University of California.  All rights reserved.
 * Copyright (c) 2019 Andrey V. Elsukov <ae@FreeBSD.org>
 * Copyright (c) 2025 Gleb Smirnoff <glebius@FreeBSD.org>
 *
 * This code is derived from the Stanford/CMU enet packet filter,
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
 * Berkeley Laboratory.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/mbuf.h>
#include <sys/socket.h>
#include <net/bpf.h>
#include <net/bpfdesc.h>
#include <net/if.h>
#include <net/if_var.h>
#include <net/if_private.h>
#include <net/if_types.h>
#include <net/route.h>

/* We need to know all the ifnets we support. */
#include <net/if_dl.h>
#include <net/ethernet.h>
#include <net/firewire.h>
#include <net/if_pflog.h>
#include <net/if_pfsync.h>

#include <security/mac/mac_framework.h>

static int
bpf_ifnet_write(void *arg, struct mbuf *m, struct mbuf *mc, int flags)
{
	struct ifnet *ifp = arg;
	struct route ro = {};
	struct sockaddr dst = {
		.sa_family = AF_UNSPEC,
	};
	u_int hlen;
	int error;

	NET_EPOCH_ASSERT();

	if (__predict_false((ifp->if_flags & IFF_UP) == 0)) {
		m_freem(m);
		m_freem(mc);
		return (ENETDOWN);
	}

	switch (ifp->if_type) {
	/* DLT_RAW */
	case IFT_MBIM:		/* umb(4) */
	case IFT_OTHER:		/* uhso(4), usie */
		hlen = 0;
		break;

	/* DLT_ENC */
	case IFT_ENC:
		hlen = 12; /* XXXGL: sizeof(struct enchdr); */
		break;

	/* DLT_EN10MB */
	case IFT_ETHER:		/* if_ethersubr.c */
	case IFT_L2VLAN:	/* vlan(4) */
	case IFT_BRIDGE:	/* if_bridge(4) */
	case IFT_IEEE8023ADLAG:	/* lagg(4) */
	case IFT_INFINIBAND:	/* if_infiniband.c */
	{
		struct ether_header *eh;

		eh = mtod(m, struct ether_header *);
		if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
			if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
			    ETHER_ADDR_LEN) == 0)
				m->m_flags |= M_BCAST;
			else
				m->m_flags |= M_MCAST;
		}
		if (!(flags & BPFD_HDRCMPLT)) {
			memcpy(eh->ether_shost, IF_LLADDR(ifp),
			    sizeof(eh->ether_shost));
		}
		hlen = ETHER_HDR_LEN;
		break;
	}
	/* DLT_APPLE_IP_OVER_IEEE1394 */
	case IFT_IEEE1394:	/* fwip(4) */
		hlen = sizeof(struct fw_hwaddr);
		break;

	/* DLT_NULL */
	case IFT_GIF:		/* gif(4) */
	case IFT_LOOP:		/* lo(4), disc(4) */
	case IFT_PARA:		/* plip(4), iic */
	case IFT_PPP:		/* tun(4) */
	case IFT_PROPVIRTUAL:	/* ng_iface(4) */
	case IFT_WIREGUARD:	/* wg(4) */
	case IFT_STF:		/* stf(4) */
	case IFT_TUNNEL:	/* ipsec(4), me(4), gre(4), ovpn(4) */
		hlen = sizeof(uint32_t);
		break;

	/* DLT_PFLOG */
	case IFT_PFLOG:
		hlen = PFLOG_HDRLEN;
		break;

	/* DLT_PFSYNC */
	case IFT_PFSYNC:
		hlen = PFSYNC_HDRLEN;
		break;

	default:
		hlen = 0;	/* pacify compiler */
		KASSERT(0, ("%s: ifp %p type %u not supported", __func__,
		    ifp, ifp->if_type));
	}

	if (__predict_false(hlen > m->m_len)) {
		m_freem(m);
		m_freem(mc);
		return (EMSGSIZE);
	};

	if (hlen != 0) {
		bcopy(mtod(m, const void *), &dst.sa_data, hlen);
		ro.ro_prepend = (char *)&dst.sa_data;
		ro.ro_plen = hlen;
		ro.ro_flags = RT_HAS_HEADER;
		m->m_pkthdr.len -= hlen;
		m->m_len -= hlen;
		m->m_data += hlen;
	};

	CURVNET_SET(ifp->if_vnet);
	error = ifp->if_output(ifp, m, &dst, &ro);
	if (error != 0) {
		m_freem(mc);
	} else if (mc != NULL) {
		mc->m_pkthdr.rcvif = ifp;
		(void)ifp->if_input(ifp, mc);
	}
	CURVNET_RESTORE();

	return (error);
}

static bool
bpf_ifnet_chkdir(void *arg, const struct mbuf *m, int dir)
{
	struct ifnet *ifp = arg;
	struct ifnet *rcvif = m_rcvif(m);

	return ((dir == BPF_D_IN && ifp != rcvif) ||
	    (dir == BPF_D_OUT && ifp == rcvif));
}

uint32_t
bpf_ifnet_wrsize(void *arg)
{
	struct ifnet *ifp = arg;

	return (ifp->if_mtu);
}

int
bpf_ifnet_promisc(void *arg, bool on)
{
	struct ifnet *ifp = arg;
	int error;

	CURVNET_SET(ifp->if_vnet);
	if ((error = ifpromisc(ifp, on ? 1 : 0)) != 0)
		if_printf(ifp, "%s: ifpromisc failed (%d)\n", __func__, error);
	CURVNET_RESTORE();

	return (error);
}

#ifdef MAC
static int
bpf_ifnet_mac_check_receive(void *arg, struct bpf_d *d)
{
	struct ifnet *ifp = arg;

	return (mac_bpfdesc_check_receive(d, ifp));
}
#endif

static const struct bif_methods bpf_ifnet_methods = {
	.bif_chkdir = bpf_ifnet_chkdir,
	.bif_promisc = bpf_ifnet_promisc,
	.bif_wrsize = bpf_ifnet_wrsize,
	.bif_write = bpf_ifnet_write,
#ifdef MAC
	.bif_mac_check_receive = bpf_ifnet_mac_check_receive,
#endif
};

/*
 * Attach an interface to bpf.  dlt is the link layer type; hdrlen is the
 * fixed size of the link header (variable length headers not yet supported).
 * Legacy KPI to be obsoleted soon.
 */
void
bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
{

	ifp->if_bpf = bpf_attach(ifp->if_xname, dlt, hdrlen,
	    &bpf_ifnet_methods, ifp);
	if_ref(ifp);
	if (bootverbose && IS_DEFAULT_VNET(curvnet))
		if_printf(ifp, "bpf attached\n");
}

/*
 * The dead_bpf_if is an ugly plug against races at ifnet destroy time that
 * still exist and are not properly covered by epoch(9).
 * Legacy KPI to be obsoleted soon.
 */
void
bpfdetach(struct ifnet *ifp)
{
	static const struct bpfd_list dead_bpf_if = CK_LIST_HEAD_INITIALIZER();
	struct bpf_if *bif;

	bif = ifp->if_bpf;
	ifp->if_bpf = __DECONST(struct bpf_if *, &dead_bpf_if);
	bpf_detach(bif);
	if_rele(ifp);
}