1 /* $NetBSD: bpf.h,v 1.55 2010/04/05 07:22:22 joerg Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.h 8.2 (Berkeley) 1/9/95 37 * @(#) Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp (LBL) 38 */ 39 40 #ifndef _NET_BPF_H_ 41 #define _NET_BPF_H_ 42 43 #include <sys/time.h> 44 45 /* BSD style release date */ 46 #define BPF_RELEASE 199606 47 48 typedef int bpf_int32; 49 typedef u_int bpf_u_int32; 50 51 /* 52 * Alignment macros. BPF_WORDALIGN rounds up to the next 53 * even multiple of BPF_ALIGNMENT. 54 */ 55 #define BPF_ALIGNMENT sizeof(long) 56 #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 57 58 #define BPF_MAXINSNS 512 59 #define BPF_DFLTBUFSIZE (1024*1024) /* default static upper limit */ 60 #define BPF_MAXBUFSIZE (1024*1024*16) /* hard limit on sysctl'able value */ 61 #define BPF_MINBUFSIZE 32 62 63 /* 64 * Structure for BIOCSETF. 65 */ 66 struct bpf_program { 67 u_int bf_len; 68 struct bpf_insn *bf_insns; 69 }; 70 71 /* 72 * Struct returned by BIOCGSTATS and net.bpf.stats sysctl. 73 */ 74 struct bpf_stat { 75 uint64_t bs_recv; /* number of packets received */ 76 uint64_t bs_drop; /* number of packets dropped */ 77 uint64_t bs_capt; /* number of packets captured */ 78 uint64_t bs_padding[13]; 79 }; 80 81 /* 82 * Struct returned by BIOCGSTATSOLD. 83 */ 84 struct bpf_stat_old { 85 u_int bs_recv; /* number of packets received */ 86 u_int bs_drop; /* number of packets dropped */ 87 }; 88 89 /* 90 * Struct return by BIOCVERSION. This represents the version number of 91 * the filter language described by the instruction encodings below. 92 * bpf understands a program iff kernel_major == filter_major && 93 * kernel_minor >= filter_minor, that is, if the value returned by the 94 * running kernel has the same major number and a minor number equal 95 * equal to or less than the filter being downloaded. Otherwise, the 96 * results are undefined, meaning an error may be returned or packets 97 * may be accepted haphazardly. 98 * It has nothing to do with the source code version. 99 */ 100 struct bpf_version { 101 u_short bv_major; 102 u_short bv_minor; 103 }; 104 /* Current version number of filter architecture. */ 105 #define BPF_MAJOR_VERSION 1 106 #define BPF_MINOR_VERSION 1 107 108 /* 109 * BPF ioctls 110 * 111 * The first set is for compatibility with Sun's pcc style 112 * header files. If your using gcc, we assume that you 113 * have run fixincludes so the latter set should work. 114 */ 115 #define BIOCGBLEN _IOR('B',102, u_int) 116 #define BIOCSBLEN _IOWR('B',102, u_int) 117 #define BIOCSETF _IOW('B',103, struct bpf_program) 118 #define BIOCFLUSH _IO('B',104) 119 #define BIOCPROMISC _IO('B',105) 120 #define BIOCGDLT _IOR('B',106, u_int) 121 #define BIOCGETIF _IOR('B',107, struct ifreq) 122 #define BIOCSETIF _IOW('B',108, struct ifreq) 123 #ifdef COMPAT_50 124 #include <compat/sys/time.h> 125 #define BIOCSORTIMEOUT _IOW('B',109, struct timeval50) 126 #define BIOCGORTIMEOUT _IOR('B',110, struct timeval50) 127 #endif 128 #define BIOCGSTATS _IOR('B',111, struct bpf_stat) 129 #define BIOCGSTATSOLD _IOR('B',111, struct bpf_stat_old) 130 #define BIOCIMMEDIATE _IOW('B',112, u_int) 131 #define BIOCVERSION _IOR('B',113, struct bpf_version) 132 #define BIOCSTCPF _IOW('B',114, struct bpf_program) 133 #define BIOCSUDPF _IOW('B',115, struct bpf_program) 134 #define BIOCGHDRCMPLT _IOR('B',116, u_int) 135 #define BIOCSHDRCMPLT _IOW('B',117, u_int) 136 #define BIOCSDLT _IOW('B',118, u_int) 137 #define BIOCGDLTLIST _IOWR('B',119, struct bpf_dltlist) 138 #define BIOCGSEESENT _IOR('B',120, u_int) 139 #define BIOCSSEESENT _IOW('B',121, u_int) 140 #define BIOCSRTIMEOUT _IOW('B',122, struct timeval) 141 #define BIOCGRTIMEOUT _IOR('B',123, struct timeval) 142 #define BIOCGFEEDBACK _IOR('B',124, u_int) 143 #define BIOCSFEEDBACK _IOW('B',125, u_int) 144 #define BIOCFEEDBACK BIOCSFEEDBACK /* FreeBSD name */ 145 146 /* 147 * Structure prepended to each packet. This is "wire" format, so we 148 * cannot change it unfortunately to 64 bit times on 32 bit systems [yet]. 149 */ 150 struct bpf_timeval { 151 long tv_sec; 152 long tv_usec; 153 }; 154 155 struct bpf_hdr { 156 struct bpf_timeval bh_tstamp; /* time stamp */ 157 uint32_t bh_caplen; /* length of captured portion */ 158 uint32_t bh_datalen; /* original length of packet */ 159 uint16_t bh_hdrlen; /* length of bpf header (this struct 160 plus alignment padding) */ 161 }; 162 /* 163 * Because the structure above is not a multiple of 4 bytes, some compilers 164 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. 165 * Only the kernel needs to know about it; applications use bh_hdrlen. 166 * XXX To save a few bytes on 32-bit machines, we avoid end-of-struct 167 * XXX padding by using the size of the header data elements. This is 168 * XXX fail-safe: on new machines, we just use the 'safe' sizeof. 169 */ 170 #ifdef _KERNEL 171 #if defined(__arm32__) || defined(__i386__) || defined(__m68k__) || \ 172 defined(__mips__) || defined(__ns32k__) || defined(__vax__) || \ 173 defined(__sh__) || (defined(__sparc__) && !defined(__sparc64__)) 174 #define SIZEOF_BPF_HDR 18 175 #else 176 #define SIZEOF_BPF_HDR sizeof(struct bpf_hdr) 177 #endif 178 #endif 179 180 /* Pull in data-link level type codes. */ 181 #include <net/dlt.h> 182 183 /* 184 * The instruction encodings. 185 */ 186 /* instruction classes */ 187 #define BPF_CLASS(code) ((code) & 0x07) 188 #define BPF_LD 0x00 189 #define BPF_LDX 0x01 190 #define BPF_ST 0x02 191 #define BPF_STX 0x03 192 #define BPF_ALU 0x04 193 #define BPF_JMP 0x05 194 #define BPF_RET 0x06 195 #define BPF_MISC 0x07 196 197 /* ld/ldx fields */ 198 #define BPF_SIZE(code) ((code) & 0x18) 199 #define BPF_W 0x00 200 #define BPF_H 0x08 201 #define BPF_B 0x10 202 #define BPF_MODE(code) ((code) & 0xe0) 203 #define BPF_IMM 0x00 204 #define BPF_ABS 0x20 205 #define BPF_IND 0x40 206 #define BPF_MEM 0x60 207 #define BPF_LEN 0x80 208 #define BPF_MSH 0xa0 209 210 /* alu/jmp fields */ 211 #define BPF_OP(code) ((code) & 0xf0) 212 #define BPF_ADD 0x00 213 #define BPF_SUB 0x10 214 #define BPF_MUL 0x20 215 #define BPF_DIV 0x30 216 #define BPF_OR 0x40 217 #define BPF_AND 0x50 218 #define BPF_LSH 0x60 219 #define BPF_RSH 0x70 220 #define BPF_NEG 0x80 221 #define BPF_JA 0x00 222 #define BPF_JEQ 0x10 223 #define BPF_JGT 0x20 224 #define BPF_JGE 0x30 225 #define BPF_JSET 0x40 226 #define BPF_SRC(code) ((code) & 0x08) 227 #define BPF_K 0x00 228 #define BPF_X 0x08 229 230 /* ret - BPF_K and BPF_X also apply */ 231 #define BPF_RVAL(code) ((code) & 0x18) 232 #define BPF_A 0x10 233 234 /* misc */ 235 #define BPF_MISCOP(code) ((code) & 0xf8) 236 #define BPF_TAX 0x00 237 #define BPF_TXA 0x80 238 239 /* 240 * The instruction data structure. 241 */ 242 struct bpf_insn { 243 uint16_t code; 244 u_char jt; 245 u_char jf; 246 uint32_t k; 247 }; 248 249 /* 250 * Macros for insn array initializers. 251 */ 252 #define BPF_STMT(code, k) { (uint16_t)(code), 0, 0, k } 253 #define BPF_JUMP(code, k, jt, jf) { (uint16_t)(code), jt, jf, k } 254 255 /* 256 * Structure to retrieve available DLTs for the interface. 257 */ 258 struct bpf_dltlist { 259 u_int bfl_len; /* number of bfd_list array */ 260 u_int *bfl_list; /* array of DLTs */ 261 }; 262 263 #ifdef _KERNEL 264 #include <net/if.h> 265 struct bpf_if; 266 267 struct bpf_ops { 268 void (*bpf_attach)(struct ifnet *, u_int, u_int, struct bpf_if **); 269 void (*bpf_detach)(struct ifnet *); 270 void (*bpf_change_type)(struct ifnet *, u_int, u_int); 271 272 void (*bpf_tap)(struct bpf_if *, u_char *, u_int); 273 void (*bpf_mtap)(struct bpf_if *, struct mbuf *); 274 void (*bpf_mtap2)(struct bpf_if *, void *, u_int, struct mbuf *); 275 void (*bpf_mtap_af)(struct bpf_if *, uint32_t, struct mbuf *); 276 void (*bpf_mtap_sl_in)(struct bpf_if *, u_char *, struct mbuf **); 277 void (*bpf_mtap_sl_out)(struct bpf_if *, u_char *, struct mbuf *); 278 }; 279 280 extern struct bpf_ops *bpf_ops; 281 282 static inline void 283 bpf_attach(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 284 { 285 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, &_ifp->if_bpf); 286 } 287 288 static inline void 289 bpf_attach2(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen, struct bpf_if **_dp) 290 { 291 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, _dp); 292 } 293 294 static inline void 295 bpf_tap(struct ifnet *_ifp, u_char *_pkt, u_int _len) 296 { 297 if (_ifp->if_bpf) 298 bpf_ops->bpf_tap(_ifp->if_bpf, _pkt, _len); 299 } 300 301 static inline void 302 bpf_mtap(struct ifnet *_ifp, struct mbuf *_m) 303 { 304 if (_ifp->if_bpf) 305 bpf_ops->bpf_mtap(_ifp->if_bpf, _m); 306 } 307 308 static inline void 309 bpf_mtap2(struct bpf_if *_bpf, void *_data, u_int _dlen, struct mbuf *_m) 310 { 311 bpf_ops->bpf_mtap2(_bpf, _data, _dlen, _m); 312 } 313 314 static inline void 315 bpf_mtap3(struct bpf_if *_bpf, struct mbuf *_m) 316 { 317 if (_bpf) 318 bpf_ops->bpf_mtap(_bpf, _m); 319 } 320 321 static inline void 322 bpf_mtap_af(struct ifnet *_ifp, uint32_t _af, struct mbuf *_m) 323 { 324 if (_ifp->if_bpf) 325 bpf_ops->bpf_mtap_af(_ifp->if_bpf, _af, _m); 326 } 327 328 static inline void 329 bpf_change_type(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen) 330 { 331 bpf_ops->bpf_change_type(_ifp, _dlt, _hdrlen); 332 } 333 334 static inline void 335 bpf_detach(struct ifnet *_ifp) 336 { 337 bpf_ops->bpf_detach(_ifp); 338 } 339 340 static inline void 341 bpf_mtap_sl_in(struct ifnet *_ifp, u_char *_hdr, struct mbuf **_m) 342 { 343 bpf_ops->bpf_mtap_sl_in(_ifp->if_bpf, _hdr, _m); 344 } 345 346 static inline void 347 bpf_mtap_sl_out(struct ifnet *_ifp, u_char *_hdr, struct mbuf *_m) 348 { 349 if (_ifp->if_bpf) 350 bpf_ops->bpf_mtap_sl_out(_ifp->if_bpf, _hdr, _m); 351 } 352 353 354 void bpf_setops(void); 355 356 void bpf_ops_handover_enter(struct bpf_ops *); 357 void bpf_ops_handover_exit(void); 358 359 void bpfilterattach(int); 360 361 int bpf_validate(struct bpf_insn *, int); 362 #endif 363 364 u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); 365 366 /* 367 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 368 */ 369 #define BPF_MEMWORDS 16 370 371 #endif /* !_NET_BPF_H_ */ 372