1 /* 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 39 * 40 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.12 2002/04/14 21:41:48 luigi Exp $ 41 * $DragonFly: src/sys/net/bpf.c,v 1.23 2005/01/26 16:15:06 joerg Exp $ 42 */ 43 44 #include "use_bpf.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/conf.h> 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 #include <sys/time.h> 52 #include <sys/proc.h> 53 #include <sys/signalvar.h> 54 #include <sys/filio.h> 55 #include <sys/sockio.h> 56 #include <sys/ttycom.h> 57 #include <sys/filedesc.h> 58 59 #include <sys/poll.h> 60 61 #include <sys/socket.h> 62 #include <sys/vnode.h> 63 64 #include <net/if.h> 65 #include <net/bpf.h> 66 #include <net/bpfdesc.h> 67 68 #include <netinet/in.h> 69 #include <netinet/if_ether.h> 70 #include <sys/kernel.h> 71 #include <sys/sysctl.h> 72 73 MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 74 75 #if NBPF > 0 76 77 /* 78 * The default read buffer size is patchable. 79 */ 80 static int bpf_bufsize = BPF_DEFAULTBUFSIZE; 81 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW, 82 &bpf_bufsize, 0, ""); 83 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 84 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW, 85 &bpf_maxbufsize, 0, ""); 86 87 /* 88 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 89 */ 90 static struct bpf_if *bpf_iflist; 91 92 static int bpf_allocbufs(struct bpf_d *); 93 static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp); 94 static void bpf_detachd(struct bpf_d *d); 95 static void bpf_freed(struct bpf_d *); 96 static void bpf_mcopy(const void *, void *, size_t); 97 static int bpf_movein(struct uio *, int, struct mbuf **, 98 struct sockaddr *, int *); 99 static int bpf_setif(struct bpf_d *, struct ifreq *); 100 static void bpf_timed_out(void *); 101 static void bpf_wakeup(struct bpf_d *); 102 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 103 void (*)(const void *, void *, size_t)); 104 static void reset_d(struct bpf_d *); 105 static int bpf_setf(struct bpf_d *, struct bpf_program *); 106 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 107 static int bpf_setdlt(struct bpf_d *, u_int); 108 static void bpf_drvinit(void *unused); 109 110 static d_open_t bpfopen; 111 static d_close_t bpfclose; 112 static d_read_t bpfread; 113 static d_write_t bpfwrite; 114 static d_ioctl_t bpfioctl; 115 static d_poll_t bpfpoll; 116 117 #define CDEV_MAJOR 23 118 static struct cdevsw bpf_cdevsw = { 119 /* name */ "bpf", 120 /* maj */ CDEV_MAJOR, 121 /* flags */ 0, 122 /* port */ NULL, 123 /* clone */ NULL, 124 125 /* open */ bpfopen, 126 /* close */ bpfclose, 127 /* read */ bpfread, 128 /* write */ bpfwrite, 129 /* ioctl */ bpfioctl, 130 /* poll */ bpfpoll, 131 /* mmap */ nommap, 132 /* strategy */ nostrategy, 133 /* dump */ nodump, 134 /* psize */ nopsize 135 }; 136 137 138 static int 139 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, 140 struct sockaddr *sockp, int *datlen) 141 { 142 struct mbuf *m; 143 int error; 144 int len; 145 int hlen; 146 147 /* 148 * Build a sockaddr based on the data link layer type. 149 * We do this at this level because the ethernet header 150 * is copied directly into the data field of the sockaddr. 151 * In the case of SLIP, there is no header and the packet 152 * is forwarded as is. 153 * Also, we are careful to leave room at the front of the mbuf 154 * for the link level header. 155 */ 156 switch (linktype) { 157 158 case DLT_SLIP: 159 sockp->sa_family = AF_INET; 160 hlen = 0; 161 break; 162 163 case DLT_EN10MB: 164 sockp->sa_family = AF_UNSPEC; 165 /* XXX Would MAXLINKHDR be better? */ 166 hlen = sizeof(struct ether_header); 167 break; 168 169 case DLT_FDDI: 170 sockp->sa_family = AF_IMPLINK; 171 hlen = 0; 172 break; 173 174 case DLT_RAW: 175 case DLT_NULL: 176 sockp->sa_family = AF_UNSPEC; 177 hlen = 0; 178 break; 179 180 case DLT_ATM_RFC1483: 181 /* 182 * en atm driver requires 4-byte atm pseudo header. 183 * though it isn't standard, vpi:vci needs to be 184 * specified anyway. 185 */ 186 sockp->sa_family = AF_UNSPEC; 187 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 188 break; 189 190 case DLT_PPP: 191 sockp->sa_family = AF_UNSPEC; 192 hlen = 4; /* This should match PPP_HDRLEN */ 193 break; 194 195 default: 196 return(EIO); 197 } 198 199 len = uio->uio_resid; 200 *datlen = len - hlen; 201 if ((unsigned)len > MCLBYTES) 202 return(EIO); 203 204 MGETHDR(m, MB_WAIT, MT_DATA); 205 if (m == NULL) 206 return(ENOBUFS); 207 if (len > MHLEN) { 208 MCLGET(m, MB_WAIT); 209 if (!(m->m_flags & M_EXT)) { 210 error = ENOBUFS; 211 goto bad; 212 } 213 } 214 m->m_pkthdr.len = m->m_len = len; 215 m->m_pkthdr.rcvif = NULL; 216 *mp = m; 217 /* 218 * Make room for link header. 219 */ 220 if (hlen != 0) { 221 m->m_pkthdr.len -= hlen; 222 m->m_len -= hlen; 223 m->m_data += hlen; /* XXX */ 224 error = uiomove(sockp->sa_data, hlen, uio); 225 if (error) 226 goto bad; 227 } 228 error = uiomove(mtod(m, caddr_t), len - hlen, uio); 229 if (!error) 230 return(0); 231 bad: 232 m_freem(m); 233 return(error); 234 } 235 236 /* 237 * Attach file to the bpf interface, i.e. make d listen on bp. 238 * Must be called at splimp. 239 */ 240 static void 241 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 242 { 243 /* 244 * Point d at bp, and add d to the interface's list of listeners. 245 * Finally, point the driver's bpf cookie at the interface so 246 * it will divert packets to bpf. 247 */ 248 d->bd_bif = bp; 249 SLIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 250 *bp->bif_driverp = bp; 251 } 252 253 /* 254 * Detach a file from its interface. 255 */ 256 static void 257 bpf_detachd(struct bpf_d *d) 258 { 259 int error; 260 struct bpf_if *bp; 261 struct ifnet *ifp; 262 263 bp = d->bd_bif; 264 ifp = bp->bif_ifp; 265 266 /* Remove d from the interface's descriptor list. */ 267 SLIST_REMOVE(&bp->bif_dlist, d, bpf_d, bd_next); 268 269 if (SLIST_EMPTY(&bp->bif_dlist)) { 270 /* 271 * Let the driver know that there are no more listeners. 272 */ 273 *bp->bif_driverp = NULL; 274 } 275 d->bd_bif = NULL; 276 /* 277 * Check if this descriptor had requested promiscuous mode. 278 * If so, turn it off. 279 */ 280 if (d->bd_promisc) { 281 d->bd_promisc = 0; 282 error = ifpromisc(ifp, 0); 283 if (error != 0 && error != ENXIO) { 284 /* 285 * ENXIO can happen if a pccard is unplugged, 286 * Something is really wrong if we were able to put 287 * the driver into promiscuous mode, but can't 288 * take it out. 289 */ 290 if_printf(ifp, "bpf_detach: ifpromisc failed(%d)\n", 291 error); 292 } 293 } 294 } 295 296 /* 297 * Open ethernet device. Returns ENXIO for illegal minor device number, 298 * EBUSY if file is open by another process. 299 */ 300 /* ARGSUSED */ 301 static int 302 bpfopen(dev_t dev, int flags, int fmt, struct thread *td) 303 { 304 struct bpf_d *d; 305 struct proc *p = td->td_proc; 306 307 KKASSERT(p != NULL); 308 309 if (p->p_ucred->cr_prison) 310 return(EPERM); 311 312 d = dev->si_drv1; 313 /* 314 * Each minor can be opened by only one process. If the requested 315 * minor is in use, return EBUSY. 316 */ 317 if (d != NULL) 318 return(EBUSY); 319 make_dev(&bpf_cdevsw, minor(dev), 0, 0, 0600, "bpf%d", lminor(dev)); 320 MALLOC(d, struct bpf_d *, sizeof *d, M_BPF, M_WAITOK | M_ZERO); 321 dev->si_drv1 = d; 322 d->bd_bufsize = bpf_bufsize; 323 d->bd_sig = SIGIO; 324 d->bd_seesent = 1; 325 callout_init(&d->bd_callout); 326 return(0); 327 } 328 329 /* 330 * Close the descriptor by detaching it from its interface, 331 * deallocating its buffers, and marking it free. 332 */ 333 /* ARGSUSED */ 334 static int 335 bpfclose(dev_t dev, int flags, int fmt, struct thread *td) 336 { 337 struct bpf_d *d = dev->si_drv1; 338 int s; 339 340 funsetown(d->bd_sigio); 341 s = splimp(); 342 if (d->bd_state == BPF_WAITING) 343 callout_stop(&d->bd_callout); 344 d->bd_state = BPF_IDLE; 345 if (d->bd_bif != NULL) 346 bpf_detachd(d); 347 splx(s); 348 bpf_freed(d); 349 dev->si_drv1 = NULL; 350 free(d, M_BPF); 351 352 return(0); 353 } 354 355 /* 356 * Rotate the packet buffers in descriptor d. Move the store buffer 357 * into the hold slot, and the free buffer into the store slot. 358 * Zero the length of the new store buffer. 359 */ 360 #define ROTATE_BUFFERS(d) \ 361 (d)->bd_hbuf = (d)->bd_sbuf; \ 362 (d)->bd_hlen = (d)->bd_slen; \ 363 (d)->bd_sbuf = (d)->bd_fbuf; \ 364 (d)->bd_slen = 0; \ 365 (d)->bd_fbuf = NULL; 366 /* 367 * bpfread - read next chunk of packets from buffers 368 */ 369 static int 370 bpfread(dev_t dev, struct uio *uio, int ioflag) 371 { 372 struct bpf_d *d = dev->si_drv1; 373 int timed_out; 374 int error; 375 int s; 376 377 /* 378 * Restrict application to use a buffer the same size as 379 * as kernel buffers. 380 */ 381 if (uio->uio_resid != d->bd_bufsize) 382 return(EINVAL); 383 384 s = splimp(); 385 if (d->bd_state == BPF_WAITING) 386 callout_stop(&d->bd_callout); 387 timed_out = (d->bd_state == BPF_TIMED_OUT); 388 d->bd_state = BPF_IDLE; 389 /* 390 * If the hold buffer is empty, then do a timed sleep, which 391 * ends when the timeout expires or when enough packets 392 * have arrived to fill the store buffer. 393 */ 394 while (d->bd_hbuf == NULL) { 395 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 396 /* 397 * A packet(s) either arrived since the previous 398 * read or arrived while we were asleep. 399 * Rotate the buffers and return what's here. 400 */ 401 ROTATE_BUFFERS(d); 402 break; 403 } 404 405 /* 406 * No data is available, check to see if the bpf device 407 * is still pointed at a real interface. If not, return 408 * ENXIO so that the userland process knows to rebind 409 * it before using it again. 410 */ 411 if (d->bd_bif == NULL) { 412 splx(s); 413 return(ENXIO); 414 } 415 416 if (ioflag & IO_NDELAY) { 417 splx(s); 418 return(EWOULDBLOCK); 419 } 420 error = tsleep(d, PCATCH, "bpf", d->bd_rtout); 421 if (error == EINTR || error == ERESTART) { 422 splx(s); 423 return(error); 424 } 425 if (error == EWOULDBLOCK) { 426 /* 427 * On a timeout, return what's in the buffer, 428 * which may be nothing. If there is something 429 * in the store buffer, we can rotate the buffers. 430 */ 431 if (d->bd_hbuf) 432 /* 433 * We filled up the buffer in between 434 * getting the timeout and arriving 435 * here, so we don't need to rotate. 436 */ 437 break; 438 439 if (d->bd_slen == 0) { 440 splx(s); 441 return(0); 442 } 443 ROTATE_BUFFERS(d); 444 break; 445 } 446 } 447 /* 448 * At this point, we know we have something in the hold slot. 449 */ 450 splx(s); 451 452 /* 453 * Move data from hold buffer into user space. 454 * We know the entire buffer is transferred since 455 * we checked above that the read buffer is bpf_bufsize bytes. 456 */ 457 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 458 459 s = splimp(); 460 d->bd_fbuf = d->bd_hbuf; 461 d->bd_hbuf = NULL; 462 d->bd_hlen = 0; 463 splx(s); 464 465 return(error); 466 } 467 468 469 /* 470 * If there are processes sleeping on this descriptor, wake them up. 471 */ 472 static void 473 bpf_wakeup(struct bpf_d *d) 474 { 475 if (d->bd_state == BPF_WAITING) { 476 callout_stop(&d->bd_callout); 477 d->bd_state = BPF_IDLE; 478 } 479 wakeup(d); 480 if (d->bd_async && d->bd_sig && d->bd_sigio) 481 pgsigio(d->bd_sigio, d->bd_sig, 0); 482 483 selwakeup(&d->bd_sel); 484 /* XXX */ 485 d->bd_sel.si_pid = 0; 486 } 487 488 static void 489 bpf_timed_out(void *arg) 490 { 491 struct bpf_d *d = (struct bpf_d *)arg; 492 int s; 493 494 s = splimp(); 495 if (d->bd_state == BPF_WAITING) { 496 d->bd_state = BPF_TIMED_OUT; 497 if (d->bd_slen != 0) 498 bpf_wakeup(d); 499 } 500 splx(s); 501 } 502 503 static int 504 bpfwrite(dev_t dev, struct uio *uio, int ioflag) 505 { 506 struct bpf_d *d = dev->si_drv1; 507 struct ifnet *ifp; 508 struct mbuf *m; 509 int error, s; 510 static struct sockaddr dst; 511 int datlen; 512 513 if (d->bd_bif == NULL) 514 return(ENXIO); 515 516 ifp = d->bd_bif->bif_ifp; 517 518 if (uio->uio_resid == 0) 519 return(0); 520 521 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen); 522 if (error) 523 return(error); 524 525 if (datlen > ifp->if_mtu) 526 return(EMSGSIZE); 527 528 if (d->bd_hdrcmplt) 529 dst.sa_family = pseudo_AF_HDRCMPLT; 530 531 s = splnet(); 532 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)NULL); 533 splx(s); 534 /* 535 * The driver frees the mbuf. 536 */ 537 return(error); 538 } 539 540 /* 541 * Reset a descriptor by flushing its packet buffer and clearing the 542 * receive and drop counts. Should be called at splimp. 543 */ 544 static void 545 reset_d(struct bpf_d *d) 546 { 547 if (d->bd_hbuf) { 548 /* Free the hold buffer. */ 549 d->bd_fbuf = d->bd_hbuf; 550 d->bd_hbuf = NULL; 551 } 552 d->bd_slen = 0; 553 d->bd_hlen = 0; 554 d->bd_rcount = 0; 555 d->bd_dcount = 0; 556 } 557 558 /* 559 * FIONREAD Check for read packet available. 560 * SIOCGIFADDR Get interface address - convenient hook to driver. 561 * BIOCGBLEN Get buffer len [for read()]. 562 * BIOCSETF Set ethernet read filter. 563 * BIOCFLUSH Flush read packet buffer. 564 * BIOCPROMISC Put interface into promiscuous mode. 565 * BIOCGDLT Get link layer type. 566 * BIOCGETIF Get interface name. 567 * BIOCSETIF Set interface. 568 * BIOCSRTIMEOUT Set read timeout. 569 * BIOCGRTIMEOUT Get read timeout. 570 * BIOCGSTATS Get packet stats. 571 * BIOCIMMEDIATE Set immediate mode. 572 * BIOCVERSION Get filter language version. 573 * BIOCGHDRCMPLT Get "header already complete" flag 574 * BIOCSHDRCMPLT Set "header already complete" flag 575 * BIOCGSEESENT Get "see packets sent" flag 576 * BIOCSSEESENT Set "see packets sent" flag 577 */ 578 /* ARGSUSED */ 579 static int 580 bpfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct thread *td) 581 { 582 struct bpf_d *d = dev->si_drv1; 583 int s, error = 0; 584 585 s = splimp(); 586 if (d->bd_state == BPF_WAITING) 587 callout_stop(&d->bd_callout); 588 d->bd_state = BPF_IDLE; 589 splx(s); 590 591 switch (cmd) { 592 593 default: 594 error = EINVAL; 595 break; 596 597 /* 598 * Check for read packet available. 599 */ 600 case FIONREAD: 601 { 602 int n; 603 604 s = splimp(); 605 n = d->bd_slen; 606 if (d->bd_hbuf) 607 n += d->bd_hlen; 608 splx(s); 609 610 *(int *)addr = n; 611 break; 612 } 613 614 case SIOCGIFADDR: 615 { 616 struct ifnet *ifp; 617 618 if (d->bd_bif == NULL) 619 error = EINVAL; 620 else { 621 ifp = d->bd_bif->bif_ifp; 622 error = (*ifp->if_ioctl)(ifp, cmd, addr, 623 td->td_proc->p_ucred); 624 } 625 break; 626 } 627 628 /* 629 * Get buffer len [for read()]. 630 */ 631 case BIOCGBLEN: 632 *(u_int *)addr = d->bd_bufsize; 633 break; 634 635 /* 636 * Set buffer length. 637 */ 638 case BIOCSBLEN: 639 if (d->bd_bif != 0) 640 error = EINVAL; 641 else { 642 u_int size = *(u_int *)addr; 643 644 if (size > bpf_maxbufsize) 645 *(u_int *)addr = size = bpf_maxbufsize; 646 else if (size < BPF_MINBUFSIZE) 647 *(u_int *)addr = size = BPF_MINBUFSIZE; 648 d->bd_bufsize = size; 649 } 650 break; 651 652 /* 653 * Set link layer read filter. 654 */ 655 case BIOCSETF: 656 error = bpf_setf(d, (struct bpf_program *)addr); 657 break; 658 659 /* 660 * Flush read packet buffer. 661 */ 662 case BIOCFLUSH: 663 s = splimp(); 664 reset_d(d); 665 splx(s); 666 break; 667 668 /* 669 * Put interface into promiscuous mode. 670 */ 671 case BIOCPROMISC: 672 if (d->bd_bif == NULL) { 673 /* 674 * No interface attached yet. 675 */ 676 error = EINVAL; 677 break; 678 } 679 s = splimp(); 680 if (d->bd_promisc == 0) { 681 error = ifpromisc(d->bd_bif->bif_ifp, 1); 682 if (error == 0) 683 d->bd_promisc = 1; 684 } 685 splx(s); 686 break; 687 688 /* 689 * Get device parameters. 690 */ 691 case BIOCGDLT: 692 if (d->bd_bif == NULL) 693 error = EINVAL; 694 else 695 *(u_int *)addr = d->bd_bif->bif_dlt; 696 break; 697 698 /* 699 * Get a list of supported data link types. 700 */ 701 case BIOCGDLTLIST: 702 if (d->bd_bif == NULL) 703 error = EINVAL; 704 else 705 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 706 break; 707 708 /* 709 * Set data link type. 710 */ 711 case BIOCSDLT: 712 if (d->bd_bif == NULL) 713 error = EINVAL; 714 else 715 error = bpf_setdlt(d, *(u_int *)addr); 716 break; 717 718 /* 719 * Get interface name. 720 */ 721 case BIOCGETIF: 722 if (d->bd_bif == NULL) { 723 error = EINVAL; 724 } else { 725 struct ifnet *const ifp = d->bd_bif->bif_ifp; 726 struct ifreq *const ifr = (struct ifreq *)addr; 727 728 strlcpy(ifr->ifr_name, ifp->if_xname, 729 sizeof ifr->ifr_name); 730 } 731 break; 732 733 /* 734 * Set interface. 735 */ 736 case BIOCSETIF: 737 error = bpf_setif(d, (struct ifreq *)addr); 738 break; 739 740 /* 741 * Set read timeout. 742 */ 743 case BIOCSRTIMEOUT: 744 { 745 struct timeval *tv = (struct timeval *)addr; 746 747 /* 748 * Subtract 1 tick from tvtohz() since this isn't 749 * a one-shot timer. 750 */ 751 if ((error = itimerfix(tv)) == 0) 752 d->bd_rtout = tvtohz_low(tv); 753 break; 754 } 755 756 /* 757 * Get read timeout. 758 */ 759 case BIOCGRTIMEOUT: 760 { 761 struct timeval *tv = (struct timeval *)addr; 762 763 tv->tv_sec = d->bd_rtout / hz; 764 tv->tv_usec = (d->bd_rtout % hz) * tick; 765 break; 766 } 767 768 /* 769 * Get packet stats. 770 */ 771 case BIOCGSTATS: 772 { 773 struct bpf_stat *bs = (struct bpf_stat *)addr; 774 775 bs->bs_recv = d->bd_rcount; 776 bs->bs_drop = d->bd_dcount; 777 break; 778 } 779 780 /* 781 * Set immediate mode. 782 */ 783 case BIOCIMMEDIATE: 784 d->bd_immediate = *(u_int *)addr; 785 break; 786 787 case BIOCVERSION: 788 { 789 struct bpf_version *bv = (struct bpf_version *)addr; 790 791 bv->bv_major = BPF_MAJOR_VERSION; 792 bv->bv_minor = BPF_MINOR_VERSION; 793 break; 794 } 795 796 /* 797 * Get "header already complete" flag 798 */ 799 case BIOCGHDRCMPLT: 800 *(u_int *)addr = d->bd_hdrcmplt; 801 break; 802 803 /* 804 * Set "header already complete" flag 805 */ 806 case BIOCSHDRCMPLT: 807 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 808 break; 809 810 /* 811 * Get "see sent packets" flag 812 */ 813 case BIOCGSEESENT: 814 *(u_int *)addr = d->bd_seesent; 815 break; 816 817 /* 818 * Set "see sent packets" flag 819 */ 820 case BIOCSSEESENT: 821 d->bd_seesent = *(u_int *)addr; 822 break; 823 824 case FIONBIO: /* Non-blocking I/O */ 825 break; 826 827 case FIOASYNC: /* Send signal on receive packets */ 828 d->bd_async = *(int *)addr; 829 break; 830 831 case FIOSETOWN: 832 error = fsetown(*(int *)addr, &d->bd_sigio); 833 break; 834 835 case FIOGETOWN: 836 *(int *)addr = fgetown(d->bd_sigio); 837 break; 838 839 /* This is deprecated, FIOSETOWN should be used instead. */ 840 case TIOCSPGRP: 841 error = fsetown(-(*(int *)addr), &d->bd_sigio); 842 break; 843 844 /* This is deprecated, FIOGETOWN should be used instead. */ 845 case TIOCGPGRP: 846 *(int *)addr = -fgetown(d->bd_sigio); 847 break; 848 849 case BIOCSRSIG: /* Set receive signal */ 850 { 851 u_int sig; 852 853 sig = *(u_int *)addr; 854 855 if (sig >= NSIG) 856 error = EINVAL; 857 else 858 d->bd_sig = sig; 859 break; 860 } 861 case BIOCGRSIG: 862 *(u_int *)addr = d->bd_sig; 863 break; 864 } 865 return(error); 866 } 867 868 /* 869 * Set d's packet filter program to fp. If this file already has a filter, 870 * free it and replace it. Returns EINVAL for bogus requests. 871 */ 872 static int 873 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 874 { 875 struct bpf_insn *fcode, *old; 876 u_int flen, size; 877 int s; 878 879 old = d->bd_filter; 880 if (fp->bf_insns == NULL) { 881 if (fp->bf_len != 0) 882 return(EINVAL); 883 s = splimp(); 884 d->bd_filter = NULL; 885 reset_d(d); 886 splx(s); 887 if (old != 0) 888 free(old, M_BPF); 889 return(0); 890 } 891 flen = fp->bf_len; 892 if (flen > BPF_MAXINSNS) 893 return(EINVAL); 894 895 size = flen * sizeof *fp->bf_insns; 896 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 897 if (copyin(fp->bf_insns, fcode, size) == 0 && 898 bpf_validate(fcode, (int)flen)) { 899 s = splimp(); 900 d->bd_filter = fcode; 901 reset_d(d); 902 splx(s); 903 if (old != 0) 904 free(old, M_BPF); 905 906 return(0); 907 } 908 free(fcode, M_BPF); 909 return(EINVAL); 910 } 911 912 /* 913 * Detach a file from its current interface (if attached at all) and attach 914 * to the interface indicated by the name stored in ifr. 915 * Return an errno or 0. 916 */ 917 static int 918 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 919 { 920 struct bpf_if *bp; 921 int s, error; 922 struct ifnet *theywant; 923 924 theywant = ifunit(ifr->ifr_name); 925 if (theywant == NULL) 926 return(ENXIO); 927 928 /* 929 * Look through attached interfaces for the named one. 930 */ 931 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 932 struct ifnet *ifp = bp->bif_ifp; 933 934 if (ifp == NULL || ifp != theywant) 935 continue; 936 /* skip additional entry */ 937 if (bp->bif_driverp != &ifp->if_bpf) 938 continue; 939 /* 940 * We found the requested interface. 941 * If it's not up, return an error. 942 * Allocate the packet buffers if we need to. 943 * If we're already attached to requested interface, 944 * just flush the buffer. 945 */ 946 if (!(ifp->if_flags & IFF_UP)) 947 return(ENETDOWN); 948 949 if (d->bd_sbuf == NULL) { 950 error = bpf_allocbufs(d); 951 if (error != 0) 952 return(error); 953 } 954 s = splimp(); 955 if (bp != d->bd_bif) { 956 if (d->bd_bif != NULL) { 957 /* 958 * Detach if attached to something else. 959 */ 960 bpf_detachd(d); 961 } 962 963 bpf_attachd(d, bp); 964 } 965 reset_d(d); 966 splx(s); 967 return(0); 968 } 969 970 /* Not found. */ 971 return(ENXIO); 972 } 973 974 /* 975 * Support for select() and poll() system calls 976 * 977 * Return true iff the specific operation will not block indefinitely. 978 * Otherwise, return false but make a note that a selwakeup() must be done. 979 */ 980 int 981 bpfpoll(dev_t dev, int events, struct thread *td) 982 { 983 struct bpf_d *d; 984 int s; 985 int revents; 986 987 d = dev->si_drv1; 988 if (d->bd_bif == NULL) 989 return(ENXIO); 990 991 revents = events & (POLLOUT | POLLWRNORM); 992 s = splimp(); 993 if (events & (POLLIN | POLLRDNORM)) { 994 /* 995 * An imitation of the FIONREAD ioctl code. 996 * XXX not quite. An exact imitation: 997 * if (d->b_slen != 0 || 998 * (d->bd_hbuf != NULL && d->bd_hlen != 0) 999 */ 1000 if (d->bd_hlen != 0 || 1001 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1002 d->bd_slen != 0)) 1003 revents |= events & (POLLIN | POLLRDNORM); 1004 else { 1005 selrecord(td, &d->bd_sel); 1006 /* Start the read timeout if necessary. */ 1007 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1008 callout_reset(&d->bd_callout, d->bd_rtout, 1009 bpf_timed_out, d); 1010 d->bd_state = BPF_WAITING; 1011 } 1012 } 1013 } 1014 splx(s); 1015 return(revents); 1016 } 1017 1018 /* 1019 * Process the packet pkt of length pktlen. The packet is parsed 1020 * by each listener's filter, and if accepted, stashed into the 1021 * corresponding buffer. 1022 */ 1023 void 1024 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1025 { 1026 struct bpf_d *d; 1027 u_int slen; 1028 1029 /* 1030 * Note that the ipl does not have to be raised at this point. 1031 * The only problem that could arise here is that if two different 1032 * interfaces shared any data. This is not the case. 1033 */ 1034 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1035 ++d->bd_rcount; 1036 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1037 if (slen != 0) 1038 catchpacket(d, pkt, pktlen, slen, ovbcopy); 1039 } 1040 } 1041 1042 /* 1043 * Copy data from an mbuf chain into a buffer. This code is derived 1044 * from m_copydata in sys/uipc_mbuf.c. 1045 */ 1046 static void 1047 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1048 { 1049 const struct mbuf *m; 1050 u_int count; 1051 u_char *dst; 1052 1053 m = src_arg; 1054 dst = dst_arg; 1055 while (len > 0) { 1056 if (m == NULL) 1057 panic("bpf_mcopy"); 1058 count = min(m->m_len, len); 1059 bcopy(mtod(m, void *), dst, count); 1060 m = m->m_next; 1061 dst += count; 1062 len -= count; 1063 } 1064 } 1065 1066 /* 1067 * Process the packet in the mbuf chain m. The packet is parsed by each 1068 * listener's filter, and if accepted, stashed into the corresponding 1069 * buffer. 1070 */ 1071 void 1072 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1073 { 1074 struct bpf_d *d; 1075 u_int pktlen, slen; 1076 struct mbuf *m0; 1077 1078 /* Don't compute pktlen, if no descriptor is attached. */ 1079 if (SLIST_EMPTY(&bp->bif_dlist)) 1080 return; 1081 1082 pktlen = 0; 1083 for (m0 = m; m0 != NULL; m0 = m0->m_next) 1084 pktlen += m0->m_len; 1085 1086 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1087 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1088 continue; 1089 ++d->bd_rcount; 1090 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1091 if (slen != 0) 1092 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); 1093 } 1094 } 1095 1096 /* 1097 * Process the packet in the mbuf chain m with the header in m prepended. 1098 * The packet is parsed by each listener's filter, and if accepted, 1099 * stashed into the corresponding buffer. 1100 */ 1101 void 1102 bpf_ptap(struct bpf_if *bp, struct mbuf *m, const void *data, u_int dlen) 1103 { 1104 struct mbuf mb; 1105 1106 /* 1107 * Craft on-stack mbuf suitable for passing to bpf_mtap. 1108 * Note that we cut corners here; we only setup what's 1109 * absolutely needed--this mbuf should never go anywhere else. 1110 */ 1111 mb.m_next = m; 1112 mb.m_data = __DECONST(void *, data); /* LINTED */ 1113 mb.m_len = dlen; 1114 1115 bpf_mtap(bp, &mb); 1116 } 1117 1118 /* 1119 * Move the packet data from interface memory (pkt) into the 1120 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1121 * otherwise 0. "copy" is the routine called to do the actual data 1122 * transfer. bcopy is passed in to copy contiguous chunks, while 1123 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1124 * pkt is really an mbuf. 1125 */ 1126 static void 1127 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1128 void (*cpfn)(const void *, void *, size_t)) 1129 { 1130 struct bpf_hdr *hp; 1131 int totlen, curlen; 1132 int hdrlen = d->bd_bif->bif_hdrlen; 1133 /* 1134 * Figure out how many bytes to move. If the packet is 1135 * greater or equal to the snapshot length, transfer that 1136 * much. Otherwise, transfer the whole packet (unless 1137 * we hit the buffer size limit). 1138 */ 1139 totlen = hdrlen + min(snaplen, pktlen); 1140 if (totlen > d->bd_bufsize) 1141 totlen = d->bd_bufsize; 1142 1143 /* 1144 * Round up the end of the previous packet to the next longword. 1145 */ 1146 curlen = BPF_WORDALIGN(d->bd_slen); 1147 if (curlen + totlen > d->bd_bufsize) { 1148 /* 1149 * This packet will overflow the storage buffer. 1150 * Rotate the buffers if we can, then wakeup any 1151 * pending reads. 1152 */ 1153 if (d->bd_fbuf == NULL) { 1154 /* 1155 * We haven't completed the previous read yet, 1156 * so drop the packet. 1157 */ 1158 ++d->bd_dcount; 1159 return; 1160 } 1161 ROTATE_BUFFERS(d); 1162 bpf_wakeup(d); 1163 curlen = 0; 1164 } 1165 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1166 /* 1167 * Immediate mode is set, or the read timeout has 1168 * already expired during a select call. A packet 1169 * arrived, so the reader should be woken up. 1170 */ 1171 bpf_wakeup(d); 1172 1173 /* 1174 * Append the bpf header. 1175 */ 1176 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1177 microtime(&hp->bh_tstamp); 1178 hp->bh_datalen = pktlen; 1179 hp->bh_hdrlen = hdrlen; 1180 /* 1181 * Copy the packet data into the store buffer and update its length. 1182 */ 1183 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1184 d->bd_slen = curlen + totlen; 1185 } 1186 1187 /* 1188 * Initialize all nonzero fields of a descriptor. 1189 */ 1190 static int 1191 bpf_allocbufs(struct bpf_d *d) 1192 { 1193 d->bd_fbuf = malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1194 if (d->bd_fbuf == NULL) 1195 return(ENOBUFS); 1196 1197 d->bd_sbuf = malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1198 if (d->bd_sbuf == NULL) { 1199 free(d->bd_fbuf, M_BPF); 1200 return(ENOBUFS); 1201 } 1202 d->bd_slen = 0; 1203 d->bd_hlen = 0; 1204 return(0); 1205 } 1206 1207 /* 1208 * Free buffers currently in use by a descriptor. 1209 * Called on close. 1210 */ 1211 static void 1212 bpf_freed(struct bpf_d *d) 1213 { 1214 /* 1215 * We don't need to lock out interrupts since this descriptor has 1216 * been detached from its interface and it yet hasn't been marked 1217 * free. 1218 */ 1219 if (d->bd_sbuf != NULL) { 1220 free(d->bd_sbuf, M_BPF); 1221 if (d->bd_hbuf != NULL) 1222 free(d->bd_hbuf, M_BPF); 1223 if (d->bd_fbuf != NULL) 1224 free(d->bd_fbuf, M_BPF); 1225 } 1226 if (d->bd_filter) 1227 free(d->bd_filter, M_BPF); 1228 } 1229 1230 /* 1231 * Attach an interface to bpf. ifp is a pointer to the structure 1232 * defining the interface to be attached, dlt is the link layer type, 1233 * and hdrlen is the fixed size of the link header (variable length 1234 * headers are not yet supported). 1235 */ 1236 void 1237 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1238 { 1239 bpfattach_dlt(ifp, dlt, hdrlen, &ifp->if_bpf); 1240 } 1241 1242 void 1243 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1244 { 1245 struct bpf_if *bp; 1246 1247 bp = malloc(sizeof *bp, M_BPF, M_WAITOK | M_ZERO); 1248 1249 SLIST_INIT(&bp->bif_dlist); 1250 bp->bif_ifp = ifp; 1251 bp->bif_dlt = dlt; 1252 bp->bif_driverp = driverp; 1253 *bp->bif_driverp = NULL; 1254 1255 bp->bif_next = bpf_iflist; 1256 bpf_iflist = bp; 1257 1258 /* 1259 * Compute the length of the bpf header. This is not necessarily 1260 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1261 * that the network layer header begins on a longword boundary (for 1262 * performance reasons and to alleviate alignment restrictions). 1263 */ 1264 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1265 1266 if (bootverbose) 1267 if_printf(ifp, "bpf attached\n"); 1268 } 1269 1270 /* 1271 * Detach bpf from an interface. This involves detaching each descriptor 1272 * associated with the interface, and leaving bd_bif NULL. Notify each 1273 * descriptor as it's detached so that any sleepers wake up and get 1274 * ENXIO. 1275 */ 1276 void 1277 bpfdetach(struct ifnet *ifp) 1278 { 1279 struct bpf_if *bp, *bp_prev; 1280 struct bpf_d *d; 1281 int s; 1282 1283 s = splimp(); 1284 1285 /* Locate BPF interface information */ 1286 bp_prev = NULL; 1287 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1288 if (ifp == bp->bif_ifp) 1289 break; 1290 bp_prev = bp; 1291 } 1292 1293 /* Interface wasn't attached */ 1294 if (bp->bif_ifp == NULL) { 1295 splx(s); 1296 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1297 return; 1298 } 1299 1300 while ((d = SLIST_FIRST(&bp->bif_dlist)) != NULL) { 1301 bpf_detachd(d); 1302 bpf_wakeup(d); 1303 } 1304 1305 if (bp_prev != NULL) 1306 bp_prev->bif_next = bp->bif_next; 1307 else 1308 bpf_iflist = bp->bif_next; 1309 1310 free(bp, M_BPF); 1311 1312 splx(s); 1313 } 1314 1315 /* 1316 * Get a list of available data link type of the interface. 1317 */ 1318 static int 1319 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1320 { 1321 int n, error; 1322 struct ifnet *ifp; 1323 struct bpf_if *bp; 1324 1325 ifp = d->bd_bif->bif_ifp; 1326 n = 0; 1327 error = 0; 1328 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1329 if (bp->bif_ifp != ifp) 1330 continue; 1331 if (bfl->bfl_list != NULL) { 1332 if (n >= bfl->bfl_len) { 1333 return (ENOMEM); 1334 } 1335 error = copyout(&bp->bif_dlt, 1336 bfl->bfl_list + n, sizeof(u_int)); 1337 } 1338 n++; 1339 } 1340 bfl->bfl_len = n; 1341 return(error); 1342 } 1343 1344 /* 1345 * Set the data link type of a BPF instance. 1346 */ 1347 static int 1348 bpf_setdlt(struct bpf_d *d, u_int dlt) 1349 { 1350 int error, opromisc; 1351 struct ifnet *ifp; 1352 struct bpf_if *bp; 1353 int s; 1354 1355 if (d->bd_bif->bif_dlt == dlt) 1356 return (0); 1357 ifp = d->bd_bif->bif_ifp; 1358 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1359 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1360 break; 1361 } 1362 if (bp != NULL) { 1363 opromisc = d->bd_promisc; 1364 s = splimp(); 1365 bpf_detachd(d); 1366 bpf_attachd(d, bp); 1367 reset_d(d); 1368 if (opromisc) { 1369 error = ifpromisc(bp->bif_ifp, 1); 1370 if (error) 1371 if_printf(bp->bif_ifp, 1372 "bpf_setdlt: ifpromisc failed (%d)\n", 1373 error); 1374 else 1375 d->bd_promisc = 1; 1376 } 1377 splx(s); 1378 } 1379 return(bp == NULL ? EINVAL : 0); 1380 } 1381 1382 static void 1383 bpf_drvinit(void *unused) 1384 { 1385 cdevsw_add(&bpf_cdevsw, 0, 0); 1386 } 1387 1388 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL) 1389 1390 #else /* !BPF */ 1391 /* 1392 * NOP stubs to allow bpf-using drivers to load and function. 1393 * 1394 * A 'better' implementation would allow the core bpf functionality 1395 * to be loaded at runtime. 1396 */ 1397 1398 void 1399 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1400 { 1401 } 1402 1403 void 1404 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1405 { 1406 } 1407 1408 void 1409 bpf_ptap(struct bpf_if *bp, struct mbuf *, void *data, u_int dlen) 1410 { 1411 } 1412 1413 void 1414 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1415 { 1416 } 1417 1418 void 1419 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1420 { 1421 } 1422 1423 void 1424 bpfdetach(struct ifnet *ifp) 1425 { 1426 } 1427 1428 u_int 1429 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1430 { 1431 return -1; /* "no filter" behaviour */ 1432 } 1433 1434 #endif /* !BPF */ 1435