xref: /illumos-gate/usr/src/uts/common/io/pfmod.c (revision 9e88c82d66b3fb22f1b1f25cbc4632977358de62)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * STREAMS Packet Filter Module
28  *
29  * This module applies a filter to messages arriving on its read
30  * queue, passing on messages that the filter accepts adn discarding
31  * the others.  It supports ioctls for setting the filter.
32  *
33  * On the write side, the module simply passes everything through
34  * unchanged.
35  *
36  * Based on SunOS 4.x version.  This version has minor changes:
37  *	- general SVR4 porting stuff
38  *	- change name and prefixes from "nit" buffer to streams buffer
39  *	- multithreading assumes configured as D_MTQPAIR
40  */
41 
42 #include <sys/types.h>
43 #include <sys/sysmacros.h>
44 #include <sys/errno.h>
45 #include <sys/debug.h>
46 #include <sys/time.h>
47 #include <sys/stropts.h>
48 #include <sys/stream.h>
49 #include <sys/conf.h>
50 #include <sys/ddi.h>
51 #include <sys/sunddi.h>
52 #include <sys/kmem.h>
53 #include <sys/strsun.h>
54 #include <sys/pfmod.h>
55 #include <sys/modctl.h>
56 
57 /*
58  * Expanded version of the Packetfilt structure that includes
59  * some additional fields that aid filter execution efficiency.
60  */
61 struct epacketfilt {
62 	struct Pf_ext_packetfilt	pf;
63 #define	pf_Priority	pf.Pf_Priority
64 #define	pf_FilterLen	pf.Pf_FilterLen
65 #define	pf_Filter	pf.Pf_Filter
66 	/* pointer to word immediately past end of filter */
67 	ushort_t		*pf_FilterEnd;
68 	/* length in bytes of packet prefix the filter examines */
69 	ushort_t		pf_PByteLen;
70 };
71 
72 /*
73  * (Internal) packet descriptor for FilterPacket
74  */
75 struct packdesc {
76 	ushort_t	*pd_hdr;	/* header starting address */
77 	uint_t		pd_hdrlen;	/* header length in shorts */
78 	ushort_t	*pd_body;	/* body starting address */
79 	uint_t		pd_bodylen;	/* body length in shorts */
80 };
81 
82 
83 /*
84  * Function prototypes.
85  */
86 static	int	pfopen(queue_t *, dev_t *, int, int, cred_t *);
87 static	int	pfclose(queue_t *, int, cred_t *);
88 static void	pfioctl(queue_t *wq, mblk_t *mp);
89 static	int	FilterPacket(struct packdesc *, struct epacketfilt *);
90 static int	pfwput(queue_t *, mblk_t *);
91 static int	pfrput(queue_t *, mblk_t *);
92 
93 static struct module_info pf_minfo = {
94 	22,		/* mi_idnum */
95 	"pfmod",	/* mi_idname */
96 	0,		/* mi_minpsz */
97 	INFPSZ,		/* mi_maxpsz */
98 	0,		/* mi_hiwat */
99 	0		/* mi_lowat */
100 };
101 
102 static struct qinit pf_rinit = {
103 	pfrput,			/* qi_putp */
104 	NULL,
105 	pfopen,			/* qi_qopen */
106 	pfclose,		/* qi_qclose */
107 	NULL,			/* qi_qadmin */
108 	&pf_minfo,		/* qi_minfo */
109 	NULL			/* qi_mstat */
110 };
111 
112 static struct qinit pf_winit = {
113 	pfwput,			/* qi_putp */
114 	NULL,			/* qi_srvp */
115 	NULL,			/* qi_qopen */
116 	NULL,			/* qi_qclose */
117 	NULL,			/* qi_qadmin */
118 	&pf_minfo,		/* qi_minfo */
119 	NULL			/* qi_mstat */
120 };
121 
122 static struct streamtab pf_info = {
123 	&pf_rinit,	/* st_rdinit */
124 	&pf_winit,	/* st_wrinit */
125 	NULL,		/* st_muxrinit */
126 	NULL		/* st_muxwinit */
127 };
128 
129 static struct fmodsw fsw = {
130 	"pfmod",
131 	&pf_info,
132 	D_MTQPAIR | D_MP
133 };
134 
135 static struct modlstrmod modlstrmod = {
136 	&mod_strmodops, "streams packet filter module", &fsw
137 };
138 
139 static struct modlinkage modlinkage = {
140 	MODREV_1, &modlstrmod, NULL
141 };
142 
143 int
144 _init(void)
145 {
146 	return (mod_install(&modlinkage));
147 }
148 
149 int
150 _fini(void)
151 {
152 	return (mod_remove(&modlinkage));
153 }
154 
155 int
156 _info(struct modinfo *modinfop)
157 {
158 	return (mod_info(&modlinkage, modinfop));
159 }
160 
161 /*ARGSUSED*/
162 static int
163 pfopen(queue_t *rq, dev_t *dev, int oflag, int sflag, cred_t *crp)
164 {
165 	struct epacketfilt	*pfp;
166 
167 	ASSERT(rq);
168 
169 	if (sflag != MODOPEN)
170 		return (EINVAL);
171 
172 	if (rq->q_ptr)
173 		return (0);
174 
175 	/*
176 	 * Allocate and initialize per-Stream structure.
177 	 */
178 	pfp = kmem_alloc(sizeof (struct epacketfilt), KM_SLEEP);
179 	rq->q_ptr = WR(rq)->q_ptr = (char *)pfp;
180 
181 	qprocson(rq);
182 
183 	return (0);
184 }
185 
186 /* ARGSUSED */
187 static int
188 pfclose(queue_t	*rq, int flags __unused, cred_t *credp __unused)
189 {
190 	struct	epacketfilt	*pfp = (struct epacketfilt *)rq->q_ptr;
191 
192 	ASSERT(pfp);
193 
194 	qprocsoff(rq);
195 
196 	kmem_free(pfp, sizeof (struct epacketfilt));
197 	rq->q_ptr = WR(rq)->q_ptr = NULL;
198 
199 	return (0);
200 }
201 
202 /*
203  * Write-side put procedure.  Its main task is to detect ioctls.
204  * Other message types are passed on through.
205  */
206 static int
207 pfwput(queue_t *wq, mblk_t *mp)
208 {
209 	switch (mp->b_datap->db_type) {
210 	case M_IOCTL:
211 		pfioctl(wq, mp);
212 		break;
213 
214 	default:
215 		putnext(wq, mp);
216 		break;
217 	}
218 	return (0);
219 }
220 
221 /*
222  * Read-side put procedure.  It's responsible for applying the
223  * packet filter and passing upstream message on or discarding it
224  * depending upon the results.
225  *
226  * Upstream messages can start with zero or more M_PROTO mblks
227  * which are skipped over before executing the packet filter
228  * on any remaining M_DATA mblks.
229  */
230 static int
231 pfrput(queue_t *rq, mblk_t *mp)
232 {
233 	struct	epacketfilt	*pfp = (struct epacketfilt *)rq->q_ptr;
234 	mblk_t	*mbp, *mpp;
235 	struct	packdesc	pd;
236 	int	need;
237 
238 	ASSERT(pfp);
239 
240 	switch (DB_TYPE(mp)) {
241 	case M_PROTO:
242 	case M_DATA:
243 		/*
244 		 * Skip over protocol information and find the start
245 		 * of the message body, saving the overall message
246 		 * start in mpp.
247 		 */
248 		for (mpp = mp; mp && (DB_TYPE(mp) == M_PROTO); mp = mp->b_cont)
249 			;
250 
251 		/*
252 		 * Null body (exclusive of M_PROTO blocks) ==> accept.
253 		 * Note that a null body is not the same as an empty body.
254 		 */
255 		if (mp == NULL) {
256 			putnext(rq, mpp);
257 			break;
258 		}
259 
260 		/*
261 		 * Pull the packet up to the length required by
262 		 * the filter.  Note that doing so destroys sharing
263 		 * relationships, which is unfortunate, since the
264 		 * results of pulling up here are likely to be useful
265 		 * for shared messages applied to a filter on a sibling
266 		 * stream.
267 		 *
268 		 * Most packet sources will provide the packet in two
269 		 * logical pieces: an initial header in a single mblk,
270 		 * and a body in a sequence of mblks hooked to the
271 		 * header.  We're prepared to deal with variant forms,
272 		 * but in any case, the pullup applies only to the body
273 		 * part.
274 		 */
275 		mbp = mp->b_cont;
276 		need = pfp->pf_PByteLen;
277 		if (mbp && (MBLKL(mbp) < need)) {
278 			int len = msgdsize(mbp);
279 
280 			/* XXX discard silently on pullupmsg failure */
281 			if (pullupmsg(mbp, MIN(need, len)) == 0) {
282 				freemsg(mpp);
283 				break;
284 			}
285 		}
286 
287 		/*
288 		 * Misalignment (not on short boundary) ==> reject.
289 		 */
290 		if (((uintptr_t)mp->b_rptr & (sizeof (ushort_t) - 1)) ||
291 		    (mbp != NULL &&
292 		    ((uintptr_t)mbp->b_rptr & (sizeof (ushort_t) - 1)))) {
293 			freemsg(mpp);
294 			break;
295 		}
296 
297 		/*
298 		 * These assignments are distasteful, but necessary,
299 		 * since the packet filter wants to work in terms of
300 		 * shorts.  Odd bytes at the end of header or data can't
301 		 * participate in the filtering operation.
302 		 */
303 		pd.pd_hdr = (ushort_t *)mp->b_rptr;
304 		pd.pd_hdrlen = (mp->b_wptr - mp->b_rptr) / sizeof (ushort_t);
305 		if (mbp) {
306 			pd.pd_body = (ushort_t *)mbp->b_rptr;
307 			pd.pd_bodylen = (mbp->b_wptr - mbp->b_rptr) /
308 			    sizeof (ushort_t);
309 		} else {
310 			pd.pd_body = NULL;
311 			pd.pd_bodylen = 0;
312 		}
313 
314 		/*
315 		 * Apply the filter.
316 		 */
317 		if (FilterPacket(&pd, pfp))
318 			putnext(rq, mpp);
319 		else
320 			freemsg(mpp);
321 
322 		break;
323 
324 	default:
325 		putnext(rq, mp);
326 		break;
327 	}
328 	return (0);
329 }
330 
331 /*
332  * Handle write-side M_IOCTL messages.
333  */
334 static void
335 pfioctl(queue_t *wq, mblk_t *mp)
336 {
337 	struct	epacketfilt	*pfp = (struct epacketfilt *)wq->q_ptr;
338 	struct	Pf_ext_packetfilt	*upfp;
339 	struct	packetfilt	*opfp;
340 	ushort_t	*fwp;
341 	int	arg;
342 	int	maxoff = 0;
343 	int	maxoffreg = 0;
344 	struct iocblk	*iocp = (struct iocblk *)mp->b_rptr;
345 	int	error;
346 
347 	switch (iocp->ioc_cmd) {
348 	case PFIOCSETF:
349 		/*
350 		 * Verify argument length. Since the size of packet filter
351 		 * got increased (ENMAXFILTERS was bumped up to 2047), to
352 		 * maintain backwards binary compatibility, we need to
353 		 * check for both possible sizes.
354 		 */
355 		switch (iocp->ioc_count) {
356 		case sizeof (struct Pf_ext_packetfilt):
357 			error = miocpullup(mp,
358 			    sizeof (struct Pf_ext_packetfilt));
359 			if (error != 0) {
360 				miocnak(wq, mp, 0, error);
361 				return;
362 			}
363 			upfp = (struct Pf_ext_packetfilt *)mp->b_cont->b_rptr;
364 			if (upfp->Pf_FilterLen > PF_MAXFILTERS) {
365 				miocnak(wq, mp, 0, EINVAL);
366 				return;
367 			}
368 
369 			bcopy(upfp, pfp, sizeof (struct Pf_ext_packetfilt));
370 			pfp->pf_FilterEnd = &pfp->pf_Filter[pfp->pf_FilterLen];
371 			break;
372 
373 		case sizeof (struct packetfilt):
374 			error = miocpullup(mp, sizeof (struct packetfilt));
375 			if (error != 0) {
376 				miocnak(wq, mp, 0, error);
377 				return;
378 			}
379 			opfp = (struct packetfilt *)mp->b_cont->b_rptr;
380 			/* this strange comparison keeps gcc from complaining */
381 			if (opfp->Pf_FilterLen - 1 >= ENMAXFILTERS) {
382 				miocnak(wq, mp, 0, EINVAL);
383 				return;
384 			}
385 
386 			pfp->pf.Pf_Priority = opfp->Pf_Priority;
387 			pfp->pf.Pf_FilterLen = (unsigned int)opfp->Pf_FilterLen;
388 
389 			bcopy(opfp->Pf_Filter, pfp->pf.Pf_Filter,
390 			    sizeof (opfp->Pf_Filter));
391 			pfp->pf_FilterEnd = &pfp->pf_Filter[pfp->pf_FilterLen];
392 			break;
393 
394 		default:
395 			miocnak(wq, mp, 0, EINVAL);
396 			return;
397 		}
398 
399 		/*
400 		 * Find and record maximum byte offset that the
401 		 * filter users.  We use this when executing the
402 		 * filter to determine how much of the packet
403 		 * body to pull up.  This code depends on the
404 		 * filter encoding.
405 		 */
406 		for (fwp = pfp->pf_Filter; fwp < pfp->pf_FilterEnd; fwp++) {
407 			arg = *fwp & ((1 << ENF_NBPA) - 1);
408 			switch (arg) {
409 			default:
410 				if ((arg -= ENF_PUSHWORD) > maxoff)
411 					maxoff = arg;
412 				break;
413 
414 			case ENF_LOAD_OFFSET:
415 				/* Point to the offset */
416 				fwp++;
417 				if (*fwp > maxoffreg)
418 					maxoffreg = *fwp;
419 				break;
420 
421 			case ENF_PUSHLIT:
422 			case ENF_BRTR:
423 			case ENF_BRFL:
424 				/* Skip over the literal. */
425 				fwp++;
426 				break;
427 
428 			case ENF_PUSHZERO:
429 			case ENF_PUSHONE:
430 			case ENF_PUSHFFFF:
431 			case ENF_PUSHFF00:
432 			case ENF_PUSH00FF:
433 			case ENF_NOPUSH:
434 			case ENF_POP:
435 				break;
436 			}
437 		}
438 
439 		/*
440 		 * Convert word offset to length in bytes.
441 		 */
442 		pfp->pf_PByteLen = (maxoff + maxoffreg + 1) * sizeof (ushort_t);
443 		miocack(wq, mp, 0, 0);
444 		break;
445 
446 	default:
447 		putnext(wq, mp);
448 		break;
449 	}
450 }
451 
452 /* #define	DEBUG	1 */
453 /* #define	INNERDEBUG	1 */
454 
455 #ifdef	INNERDEBUG
456 #define	enprintf(a)	printf a
457 #else
458 #define	enprintf(a)
459 #endif
460 
461 /*
462  * Apply the packet filter given by pfp to the packet given by
463  * pp.  Return nonzero iff the filter accepts the packet.
464  *
465  * The packet comes in two pieces, a header and a body, since
466  * that's the most convenient form for our caller.  The header
467  * is in contiguous memory, whereas the body is in a mbuf.
468  * Our caller will have adjusted the mbuf chain so that its first
469  * min(MLEN, length(body)) bytes are guaranteed contiguous.  For
470  * the sake of efficiency (and some laziness) the filter is prepared
471  * to examine only these two contiguous pieces.  Furthermore, it
472  * assumes that the header length is even, so that there's no need
473  * to glue the last byte of header to the first byte of data.
474  */
475 
476 #define	opx(i)	((i) >> ENF_NBPA)
477 
478 static int
479 FilterPacket(struct packdesc *pp, struct epacketfilt *pfp)
480 {
481 	int		maxhdr = pp->pd_hdrlen;
482 	int		maxword = maxhdr + pp->pd_bodylen;
483 	ushort_t	*sp;
484 	ushort_t	*fp;
485 	ushort_t	*fpe;
486 	unsigned	op;
487 	unsigned	arg;
488 	unsigned	offreg = 0;
489 	ushort_t	stack[ENMAXFILTERS+1];
490 
491 	fp = &pfp->pf_Filter[0];
492 	fpe = pfp->pf_FilterEnd;
493 
494 	enprintf(("FilterPacket(%p, %p, %p, %p):\n", pp, pfp, fp, fpe));
495 
496 	/*
497 	 * Push TRUE on stack to start.  The stack size is chosen such
498 	 * that overflow can't occur -- each operation can push at most
499 	 * one item on the stack, and the stack size equals the maximum
500 	 * program length.
501 	 */
502 	sp = &stack[ENMAXFILTERS];
503 	*sp = 1;
504 
505 	while (fp < fpe) {
506 	op = *fp >> ENF_NBPA;
507 	arg = *fp & ((1 << ENF_NBPA) - 1);
508 	fp++;
509 
510 	switch (arg) {
511 	default:
512 		arg -= ENF_PUSHWORD;
513 		/*
514 		 * Since arg is unsigned,
515 		 * if it were less than ENF_PUSHWORD before,
516 		 * it would now be huge.
517 		 */
518 		if (arg + offreg < maxhdr)
519 			*--sp = pp->pd_hdr[arg + offreg];
520 		else if (arg + offreg < maxword)
521 			*--sp = pp->pd_body[arg - maxhdr + offreg];
522 		else {
523 			enprintf(("=>0(len)\n"));
524 			return (0);
525 		}
526 		break;
527 	case ENF_PUSHLIT:
528 		*--sp = *fp++;
529 		break;
530 	case ENF_PUSHZERO:
531 		*--sp = 0;
532 		break;
533 	case ENF_PUSHONE:
534 		*--sp = 1;
535 		break;
536 	case ENF_PUSHFFFF:
537 		*--sp = 0xffff;
538 		break;
539 	case ENF_PUSHFF00:
540 		*--sp = 0xff00;
541 		break;
542 	case ENF_PUSH00FF:
543 		*--sp = 0x00ff;
544 		break;
545 	case ENF_LOAD_OFFSET:
546 		offreg = *fp++;
547 		break;
548 	case ENF_BRTR:
549 		if (*sp != 0)
550 			fp += *fp;
551 		else
552 			fp++;
553 		if (fp >= fpe) {
554 			enprintf(("BRTR: fp>=fpe\n"));
555 			return (0);
556 		}
557 		break;
558 	case ENF_BRFL:
559 		if (*sp == 0)
560 			fp += *fp;
561 		else
562 			fp++;
563 		if (fp >= fpe) {
564 			enprintf(("BRFL: fp>=fpe\n"));
565 			return (0);
566 		}
567 		break;
568 	case ENF_POP:
569 		++sp;
570 		if (sp > &stack[ENMAXFILTERS]) {
571 			enprintf(("stack underflow\n"));
572 			return (0);
573 		}
574 		break;
575 	case ENF_NOPUSH:
576 		break;
577 	}
578 
579 	if (sp < &stack[2]) {	/* check stack overflow: small yellow zone */
580 		enprintf(("=>0(--sp)\n"));
581 		return (0);
582 	}
583 
584 	if (op == ENF_NOP)
585 		continue;
586 
587 	/*
588 	 * all non-NOP operators binary, must have at least two operands
589 	 * on stack to evaluate.
590 	 */
591 	if (sp > &stack[ENMAXFILTERS-2]) {
592 		enprintf(("=>0(sp++)\n"));
593 		return (0);
594 	}
595 
596 	arg = *sp++;
597 	switch (op) {
598 	default:
599 		enprintf(("=>0(def)\n"));
600 		return (0);
601 	case opx(ENF_AND):
602 		*sp &= arg;
603 		break;
604 	case opx(ENF_OR):
605 		*sp |= arg;
606 		break;
607 	case opx(ENF_XOR):
608 		*sp ^= arg;
609 		break;
610 	case opx(ENF_EQ):
611 		*sp = (*sp == arg);
612 		break;
613 	case opx(ENF_NEQ):
614 		*sp = (*sp != arg);
615 		break;
616 	case opx(ENF_LT):
617 		*sp = (*sp < arg);
618 		break;
619 	case opx(ENF_LE):
620 		*sp = (*sp <= arg);
621 		break;
622 	case opx(ENF_GT):
623 		*sp = (*sp > arg);
624 		break;
625 	case opx(ENF_GE):
626 		*sp = (*sp >= arg);
627 		break;
628 
629 	/* short-circuit operators */
630 
631 	case opx(ENF_COR):
632 		if (*sp++ == arg) {
633 			enprintf(("=>COR %x\n", *sp));
634 			return (1);
635 		}
636 		break;
637 	case opx(ENF_CAND):
638 		if (*sp++ != arg) {
639 			enprintf(("=>CAND %x\n", *sp));
640 			return (0);
641 		}
642 		break;
643 	case opx(ENF_CNOR):
644 		if (*sp++ == arg) {
645 			enprintf(("=>COR %x\n", *sp));
646 			return (0);
647 		}
648 		break;
649 	case opx(ENF_CNAND):
650 		if (*sp++ != arg) {
651 			enprintf(("=>CNAND %x\n", *sp));
652 			return (1);
653 		}
654 		break;
655 	}
656 	}
657 	enprintf(("=>%x\n", *sp));
658 	return (*sp);
659 }
660