1 /* 2 * Copyright (c) 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 39 * 40 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.12 2002/04/14 21:41:48 luigi Exp $ 41 * $DragonFly: src/sys/net/bpf.c,v 1.32 2006/07/30 09:39:27 sephe Exp $ 42 */ 43 44 #include "use_bpf.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/conf.h> 49 #include <sys/device.h> 50 #include <sys/malloc.h> 51 #include <sys/mbuf.h> 52 #include <sys/time.h> 53 #include <sys/proc.h> 54 #include <sys/signalvar.h> 55 #include <sys/filio.h> 56 #include <sys/sockio.h> 57 #include <sys/ttycom.h> 58 #include <sys/filedesc.h> 59 60 #include <sys/poll.h> 61 62 #include <sys/socket.h> 63 #include <sys/vnode.h> 64 65 #include <sys/thread2.h> 66 67 #include <net/if.h> 68 #include <net/bpf.h> 69 #include <net/bpfdesc.h> 70 71 #include <netinet/in.h> 72 #include <netinet/if_ether.h> 73 #include <sys/kernel.h> 74 #include <sys/sysctl.h> 75 76 MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 77 78 #if NBPF > 0 79 80 /* 81 * The default read buffer size is patchable. 82 */ 83 static int bpf_bufsize = BPF_DEFAULTBUFSIZE; 84 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW, 85 &bpf_bufsize, 0, ""); 86 static int bpf_maxbufsize = BPF_MAXBUFSIZE; 87 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW, 88 &bpf_maxbufsize, 0, ""); 89 90 /* 91 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 92 */ 93 static struct bpf_if *bpf_iflist; 94 95 static int bpf_allocbufs(struct bpf_d *); 96 static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp); 97 static void bpf_detachd(struct bpf_d *d); 98 static void bpf_freed(struct bpf_d *); 99 static void bpf_mcopy(const void *, void *, size_t); 100 static int bpf_movein(struct uio *, int, struct mbuf **, 101 struct sockaddr *, int *); 102 static int bpf_setif(struct bpf_d *, struct ifreq *); 103 static void bpf_timed_out(void *); 104 static void bpf_wakeup(struct bpf_d *); 105 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 106 void (*)(const void *, void *, size_t), 107 const struct timeval *); 108 static void reset_d(struct bpf_d *); 109 static int bpf_setf(struct bpf_d *, struct bpf_program *); 110 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 111 static int bpf_setdlt(struct bpf_d *, u_int); 112 static void bpf_drvinit(void *unused); 113 114 static d_open_t bpfopen; 115 static d_close_t bpfclose; 116 static d_read_t bpfread; 117 static d_write_t bpfwrite; 118 static d_ioctl_t bpfioctl; 119 static d_poll_t bpfpoll; 120 121 #define CDEV_MAJOR 23 122 static struct dev_ops bpf_ops = { 123 { "bpf", CDEV_MAJOR, 0 }, 124 .d_open = bpfopen, 125 .d_close = bpfclose, 126 .d_read = bpfread, 127 .d_write = bpfwrite, 128 .d_ioctl = bpfioctl, 129 .d_poll = bpfpoll, 130 }; 131 132 133 static int 134 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, 135 struct sockaddr *sockp, int *datlen) 136 { 137 struct mbuf *m; 138 int error; 139 int len; 140 int hlen; 141 142 /* 143 * Build a sockaddr based on the data link layer type. 144 * We do this at this level because the ethernet header 145 * is copied directly into the data field of the sockaddr. 146 * In the case of SLIP, there is no header and the packet 147 * is forwarded as is. 148 * Also, we are careful to leave room at the front of the mbuf 149 * for the link level header. 150 */ 151 switch (linktype) { 152 153 case DLT_SLIP: 154 sockp->sa_family = AF_INET; 155 hlen = 0; 156 break; 157 158 case DLT_EN10MB: 159 sockp->sa_family = AF_UNSPEC; 160 /* XXX Would MAXLINKHDR be better? */ 161 hlen = sizeof(struct ether_header); 162 break; 163 164 case DLT_FDDI: 165 sockp->sa_family = AF_IMPLINK; 166 hlen = 0; 167 break; 168 169 case DLT_RAW: 170 case DLT_NULL: 171 sockp->sa_family = AF_UNSPEC; 172 hlen = 0; 173 break; 174 175 case DLT_ATM_RFC1483: 176 /* 177 * en atm driver requires 4-byte atm pseudo header. 178 * though it isn't standard, vpi:vci needs to be 179 * specified anyway. 180 */ 181 sockp->sa_family = AF_UNSPEC; 182 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 183 break; 184 185 case DLT_PPP: 186 sockp->sa_family = AF_UNSPEC; 187 hlen = 4; /* This should match PPP_HDRLEN */ 188 break; 189 190 default: 191 return(EIO); 192 } 193 194 len = uio->uio_resid; 195 *datlen = len - hlen; 196 if ((unsigned)len > MCLBYTES) 197 return(EIO); 198 199 MGETHDR(m, MB_WAIT, MT_DATA); 200 if (m == NULL) 201 return(ENOBUFS); 202 if (len > MHLEN) { 203 MCLGET(m, MB_WAIT); 204 if (!(m->m_flags & M_EXT)) { 205 error = ENOBUFS; 206 goto bad; 207 } 208 } 209 m->m_pkthdr.len = m->m_len = len; 210 m->m_pkthdr.rcvif = NULL; 211 *mp = m; 212 /* 213 * Make room for link header. 214 */ 215 if (hlen != 0) { 216 m->m_pkthdr.len -= hlen; 217 m->m_len -= hlen; 218 m->m_data += hlen; /* XXX */ 219 error = uiomove(sockp->sa_data, hlen, uio); 220 if (error) 221 goto bad; 222 } 223 error = uiomove(mtod(m, caddr_t), len - hlen, uio); 224 if (!error) 225 return(0); 226 bad: 227 m_freem(m); 228 return(error); 229 } 230 231 /* 232 * Attach file to the bpf interface, i.e. make d listen on bp. 233 * Must be called at splimp. 234 */ 235 static void 236 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 237 { 238 /* 239 * Point d at bp, and add d to the interface's list of listeners. 240 * Finally, point the driver's bpf cookie at the interface so 241 * it will divert packets to bpf. 242 */ 243 d->bd_bif = bp; 244 SLIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 245 *bp->bif_driverp = bp; 246 } 247 248 /* 249 * Detach a file from its interface. 250 */ 251 static void 252 bpf_detachd(struct bpf_d *d) 253 { 254 int error; 255 struct bpf_if *bp; 256 struct ifnet *ifp; 257 258 bp = d->bd_bif; 259 ifp = bp->bif_ifp; 260 261 /* Remove d from the interface's descriptor list. */ 262 SLIST_REMOVE(&bp->bif_dlist, d, bpf_d, bd_next); 263 264 if (SLIST_EMPTY(&bp->bif_dlist)) { 265 /* 266 * Let the driver know that there are no more listeners. 267 */ 268 *bp->bif_driverp = NULL; 269 } 270 d->bd_bif = NULL; 271 /* 272 * Check if this descriptor had requested promiscuous mode. 273 * If so, turn it off. 274 */ 275 if (d->bd_promisc) { 276 d->bd_promisc = 0; 277 error = ifpromisc(ifp, 0); 278 if (error != 0 && error != ENXIO) { 279 /* 280 * ENXIO can happen if a pccard is unplugged, 281 * Something is really wrong if we were able to put 282 * the driver into promiscuous mode, but can't 283 * take it out. 284 */ 285 if_printf(ifp, "bpf_detach: ifpromisc failed(%d)\n", 286 error); 287 } 288 } 289 } 290 291 /* 292 * Open ethernet device. Returns ENXIO for illegal minor device number, 293 * EBUSY if file is open by another process. 294 */ 295 /* ARGSUSED */ 296 static int 297 bpfopen(struct dev_open_args *ap) 298 { 299 dev_t dev = ap->a_head.a_dev; 300 struct bpf_d *d; 301 302 if (ap->a_cred->cr_prison) 303 return(EPERM); 304 305 d = dev->si_drv1; 306 /* 307 * Each minor can be opened by only one process. If the requested 308 * minor is in use, return EBUSY. 309 */ 310 if (d != NULL) 311 return(EBUSY); 312 make_dev(&bpf_ops, minor(dev), 0, 0, 0600, "bpf%d", lminor(dev)); 313 MALLOC(d, struct bpf_d *, sizeof *d, M_BPF, M_WAITOK | M_ZERO); 314 dev->si_drv1 = d; 315 d->bd_bufsize = bpf_bufsize; 316 d->bd_sig = SIGIO; 317 d->bd_seesent = 1; 318 callout_init(&d->bd_callout); 319 return(0); 320 } 321 322 /* 323 * Close the descriptor by detaching it from its interface, 324 * deallocating its buffers, and marking it free. 325 */ 326 /* ARGSUSED */ 327 static int 328 bpfclose(struct dev_close_args *ap) 329 { 330 dev_t dev = ap->a_head.a_dev; 331 struct bpf_d *d = dev->si_drv1; 332 333 funsetown(d->bd_sigio); 334 crit_enter(); 335 if (d->bd_state == BPF_WAITING) 336 callout_stop(&d->bd_callout); 337 d->bd_state = BPF_IDLE; 338 if (d->bd_bif != NULL) 339 bpf_detachd(d); 340 crit_exit(); 341 bpf_freed(d); 342 dev->si_drv1 = NULL; 343 free(d, M_BPF); 344 345 return(0); 346 } 347 348 /* 349 * Rotate the packet buffers in descriptor d. Move the store buffer 350 * into the hold slot, and the free buffer into the store slot. 351 * Zero the length of the new store buffer. 352 */ 353 #define ROTATE_BUFFERS(d) \ 354 (d)->bd_hbuf = (d)->bd_sbuf; \ 355 (d)->bd_hlen = (d)->bd_slen; \ 356 (d)->bd_sbuf = (d)->bd_fbuf; \ 357 (d)->bd_slen = 0; \ 358 (d)->bd_fbuf = NULL; 359 /* 360 * bpfread - read next chunk of packets from buffers 361 */ 362 static int 363 bpfread(struct dev_read_args *ap) 364 { 365 dev_t dev = ap->a_head.a_dev; 366 struct bpf_d *d = dev->si_drv1; 367 int timed_out; 368 int error; 369 370 /* 371 * Restrict application to use a buffer the same size as 372 * as kernel buffers. 373 */ 374 if (ap->a_uio->uio_resid != d->bd_bufsize) 375 return(EINVAL); 376 377 crit_enter(); 378 if (d->bd_state == BPF_WAITING) 379 callout_stop(&d->bd_callout); 380 timed_out = (d->bd_state == BPF_TIMED_OUT); 381 d->bd_state = BPF_IDLE; 382 /* 383 * If the hold buffer is empty, then do a timed sleep, which 384 * ends when the timeout expires or when enough packets 385 * have arrived to fill the store buffer. 386 */ 387 while (d->bd_hbuf == NULL) { 388 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 389 /* 390 * A packet(s) either arrived since the previous 391 * read or arrived while we were asleep. 392 * Rotate the buffers and return what's here. 393 */ 394 ROTATE_BUFFERS(d); 395 break; 396 } 397 398 /* 399 * No data is available, check to see if the bpf device 400 * is still pointed at a real interface. If not, return 401 * ENXIO so that the userland process knows to rebind 402 * it before using it again. 403 */ 404 if (d->bd_bif == NULL) { 405 crit_exit(); 406 return(ENXIO); 407 } 408 409 if (ap->a_ioflag & IO_NDELAY) { 410 crit_exit(); 411 return(EWOULDBLOCK); 412 } 413 error = tsleep(d, PCATCH, "bpf", d->bd_rtout); 414 if (error == EINTR || error == ERESTART) { 415 crit_exit(); 416 return(error); 417 } 418 if (error == EWOULDBLOCK) { 419 /* 420 * On a timeout, return what's in the buffer, 421 * which may be nothing. If there is something 422 * in the store buffer, we can rotate the buffers. 423 */ 424 if (d->bd_hbuf) 425 /* 426 * We filled up the buffer in between 427 * getting the timeout and arriving 428 * here, so we don't need to rotate. 429 */ 430 break; 431 432 if (d->bd_slen == 0) { 433 crit_exit(); 434 return(0); 435 } 436 ROTATE_BUFFERS(d); 437 break; 438 } 439 } 440 /* 441 * At this point, we know we have something in the hold slot. 442 */ 443 crit_exit(); 444 445 /* 446 * Move data from hold buffer into user space. 447 * We know the entire buffer is transferred since 448 * we checked above that the read buffer is bpf_bufsize bytes. 449 */ 450 error = uiomove(d->bd_hbuf, d->bd_hlen, ap->a_uio); 451 452 crit_enter(); 453 d->bd_fbuf = d->bd_hbuf; 454 d->bd_hbuf = NULL; 455 d->bd_hlen = 0; 456 crit_exit(); 457 458 return(error); 459 } 460 461 462 /* 463 * If there are processes sleeping on this descriptor, wake them up. 464 */ 465 static void 466 bpf_wakeup(struct bpf_d *d) 467 { 468 if (d->bd_state == BPF_WAITING) { 469 callout_stop(&d->bd_callout); 470 d->bd_state = BPF_IDLE; 471 } 472 wakeup(d); 473 if (d->bd_async && d->bd_sig && d->bd_sigio) 474 pgsigio(d->bd_sigio, d->bd_sig, 0); 475 476 get_mplock(); 477 selwakeup(&d->bd_sel); 478 rel_mplock(); 479 /* XXX */ 480 d->bd_sel.si_pid = 0; 481 } 482 483 static void 484 bpf_timed_out(void *arg) 485 { 486 struct bpf_d *d = (struct bpf_d *)arg; 487 488 crit_enter(); 489 if (d->bd_state == BPF_WAITING) { 490 d->bd_state = BPF_TIMED_OUT; 491 if (d->bd_slen != 0) 492 bpf_wakeup(d); 493 } 494 crit_exit(); 495 } 496 497 static int 498 bpfwrite(struct dev_write_args *ap) 499 { 500 dev_t dev = ap->a_head.a_dev; 501 struct bpf_d *d = dev->si_drv1; 502 struct ifnet *ifp; 503 struct mbuf *m; 504 int error; 505 static struct sockaddr dst; 506 int datlen; 507 508 if (d->bd_bif == NULL) 509 return(ENXIO); 510 511 ifp = d->bd_bif->bif_ifp; 512 513 if (ap->a_uio->uio_resid == 0) 514 return(0); 515 516 error = bpf_movein(ap->a_uio, (int)d->bd_bif->bif_dlt, &m, 517 &dst, &datlen); 518 if (error) 519 return(error); 520 521 if (datlen > ifp->if_mtu) { 522 m_freem(m); 523 return(EMSGSIZE); 524 } 525 526 if (d->bd_hdrcmplt) 527 dst.sa_family = pseudo_AF_HDRCMPLT; 528 529 crit_enter(); 530 lwkt_serialize_enter(ifp->if_serializer); 531 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)NULL); 532 lwkt_serialize_exit(ifp->if_serializer); 533 crit_exit(); 534 /* 535 * The driver frees the mbuf. 536 */ 537 return(error); 538 } 539 540 /* 541 * Reset a descriptor by flushing its packet buffer and clearing the 542 * receive and drop counts. Should be called at splimp. 543 */ 544 static void 545 reset_d(struct bpf_d *d) 546 { 547 if (d->bd_hbuf) { 548 /* Free the hold buffer. */ 549 d->bd_fbuf = d->bd_hbuf; 550 d->bd_hbuf = NULL; 551 } 552 d->bd_slen = 0; 553 d->bd_hlen = 0; 554 d->bd_rcount = 0; 555 d->bd_dcount = 0; 556 } 557 558 /* 559 * FIONREAD Check for read packet available. 560 * SIOCGIFADDR Get interface address - convenient hook to driver. 561 * BIOCGBLEN Get buffer len [for read()]. 562 * BIOCSETF Set ethernet read filter. 563 * BIOCFLUSH Flush read packet buffer. 564 * BIOCPROMISC Put interface into promiscuous mode. 565 * BIOCGDLT Get link layer type. 566 * BIOCGETIF Get interface name. 567 * BIOCSETIF Set interface. 568 * BIOCSRTIMEOUT Set read timeout. 569 * BIOCGRTIMEOUT Get read timeout. 570 * BIOCGSTATS Get packet stats. 571 * BIOCIMMEDIATE Set immediate mode. 572 * BIOCVERSION Get filter language version. 573 * BIOCGHDRCMPLT Get "header already complete" flag 574 * BIOCSHDRCMPLT Set "header already complete" flag 575 * BIOCGSEESENT Get "see packets sent" flag 576 * BIOCSSEESENT Set "see packets sent" flag 577 */ 578 /* ARGSUSED */ 579 static int 580 bpfioctl(struct dev_ioctl_args *ap) 581 { 582 dev_t dev = ap->a_head.a_dev; 583 struct bpf_d *d = dev->si_drv1; 584 int error = 0; 585 586 crit_enter(); 587 if (d->bd_state == BPF_WAITING) 588 callout_stop(&d->bd_callout); 589 d->bd_state = BPF_IDLE; 590 crit_exit(); 591 592 switch (ap->a_cmd) { 593 default: 594 error = EINVAL; 595 break; 596 597 /* 598 * Check for read packet available. 599 */ 600 case FIONREAD: 601 { 602 int n; 603 604 crit_enter(); 605 n = d->bd_slen; 606 if (d->bd_hbuf) 607 n += d->bd_hlen; 608 crit_exit(); 609 610 *(int *)ap->a_data = n; 611 break; 612 } 613 614 case SIOCGIFADDR: 615 { 616 struct ifnet *ifp; 617 618 if (d->bd_bif == NULL) 619 error = EINVAL; 620 else { 621 ifp = d->bd_bif->bif_ifp; 622 lwkt_serialize_enter(ifp->if_serializer); 623 error = ifp->if_ioctl(ifp, ap->a_cmd, 624 ap->a_data, ap->a_cred); 625 lwkt_serialize_exit(ifp->if_serializer); 626 } 627 break; 628 } 629 630 /* 631 * Get buffer len [for read()]. 632 */ 633 case BIOCGBLEN: 634 *(u_int *)ap->a_data = d->bd_bufsize; 635 break; 636 637 /* 638 * Set buffer length. 639 */ 640 case BIOCSBLEN: 641 if (d->bd_bif != 0) 642 error = EINVAL; 643 else { 644 u_int size = *(u_int *)ap->a_data; 645 646 if (size > bpf_maxbufsize) 647 *(u_int *)ap->a_data = size = bpf_maxbufsize; 648 else if (size < BPF_MINBUFSIZE) 649 *(u_int *)ap->a_data = size = BPF_MINBUFSIZE; 650 d->bd_bufsize = size; 651 } 652 break; 653 654 /* 655 * Set link layer read filter. 656 */ 657 case BIOCSETF: 658 error = bpf_setf(d, (struct bpf_program *)ap->a_data); 659 break; 660 661 /* 662 * Flush read packet buffer. 663 */ 664 case BIOCFLUSH: 665 crit_enter(); 666 reset_d(d); 667 crit_exit(); 668 break; 669 670 /* 671 * Put interface into promiscuous mode. 672 */ 673 case BIOCPROMISC: 674 if (d->bd_bif == NULL) { 675 /* 676 * No interface attached yet. 677 */ 678 error = EINVAL; 679 break; 680 } 681 crit_enter(); 682 if (d->bd_promisc == 0) { 683 error = ifpromisc(d->bd_bif->bif_ifp, 1); 684 if (error == 0) 685 d->bd_promisc = 1; 686 } 687 crit_exit(); 688 break; 689 690 /* 691 * Get device parameters. 692 */ 693 case BIOCGDLT: 694 if (d->bd_bif == NULL) 695 error = EINVAL; 696 else 697 *(u_int *)ap->a_data = d->bd_bif->bif_dlt; 698 break; 699 700 /* 701 * Get a list of supported data link types. 702 */ 703 case BIOCGDLTLIST: 704 if (d->bd_bif == NULL) 705 error = EINVAL; 706 else 707 error = bpf_getdltlist(d, (struct bpf_dltlist *)ap->a_data); 708 break; 709 710 /* 711 * Set data link type. 712 */ 713 case BIOCSDLT: 714 if (d->bd_bif == NULL) 715 error = EINVAL; 716 else 717 error = bpf_setdlt(d, *(u_int *)ap->a_data); 718 break; 719 720 /* 721 * Get interface name. 722 */ 723 case BIOCGETIF: 724 if (d->bd_bif == NULL) { 725 error = EINVAL; 726 } else { 727 struct ifnet *const ifp = d->bd_bif->bif_ifp; 728 struct ifreq *const ifr = (struct ifreq *)ap->a_data; 729 730 strlcpy(ifr->ifr_name, ifp->if_xname, 731 sizeof ifr->ifr_name); 732 } 733 break; 734 735 /* 736 * Set interface. 737 */ 738 case BIOCSETIF: 739 error = bpf_setif(d, (struct ifreq *)ap->a_data); 740 break; 741 742 /* 743 * Set read timeout. 744 */ 745 case BIOCSRTIMEOUT: 746 { 747 struct timeval *tv = (struct timeval *)ap->a_data; 748 749 /* 750 * Subtract 1 tick from tvtohz() since this isn't 751 * a one-shot timer. 752 */ 753 if ((error = itimerfix(tv)) == 0) 754 d->bd_rtout = tvtohz_low(tv); 755 break; 756 } 757 758 /* 759 * Get read timeout. 760 */ 761 case BIOCGRTIMEOUT: 762 { 763 struct timeval *tv = (struct timeval *)ap->a_data; 764 765 tv->tv_sec = d->bd_rtout / hz; 766 tv->tv_usec = (d->bd_rtout % hz) * tick; 767 break; 768 } 769 770 /* 771 * Get packet stats. 772 */ 773 case BIOCGSTATS: 774 { 775 struct bpf_stat *bs = (struct bpf_stat *)ap->a_data; 776 777 bs->bs_recv = d->bd_rcount; 778 bs->bs_drop = d->bd_dcount; 779 break; 780 } 781 782 /* 783 * Set immediate mode. 784 */ 785 case BIOCIMMEDIATE: 786 d->bd_immediate = *(u_int *)ap->a_data; 787 break; 788 789 case BIOCVERSION: 790 { 791 struct bpf_version *bv = (struct bpf_version *)ap->a_data; 792 793 bv->bv_major = BPF_MAJOR_VERSION; 794 bv->bv_minor = BPF_MINOR_VERSION; 795 break; 796 } 797 798 /* 799 * Get "header already complete" flag 800 */ 801 case BIOCGHDRCMPLT: 802 *(u_int *)ap->a_data = d->bd_hdrcmplt; 803 break; 804 805 /* 806 * Set "header already complete" flag 807 */ 808 case BIOCSHDRCMPLT: 809 d->bd_hdrcmplt = *(u_int *)ap->a_data ? 1 : 0; 810 break; 811 812 /* 813 * Get "see sent packets" flag 814 */ 815 case BIOCGSEESENT: 816 *(u_int *)ap->a_data = d->bd_seesent; 817 break; 818 819 /* 820 * Set "see sent packets" flag 821 */ 822 case BIOCSSEESENT: 823 d->bd_seesent = *(u_int *)ap->a_data; 824 break; 825 826 case FIOASYNC: /* Send signal on receive packets */ 827 d->bd_async = *(int *)ap->a_data; 828 break; 829 830 case FIOSETOWN: 831 error = fsetown(*(int *)ap->a_data, &d->bd_sigio); 832 break; 833 834 case FIOGETOWN: 835 *(int *)ap->a_data = fgetown(d->bd_sigio); 836 break; 837 838 /* This is deprecated, FIOSETOWN should be used instead. */ 839 case TIOCSPGRP: 840 error = fsetown(-(*(int *)ap->a_data), &d->bd_sigio); 841 break; 842 843 /* This is deprecated, FIOGETOWN should be used instead. */ 844 case TIOCGPGRP: 845 *(int *)ap->a_data = -fgetown(d->bd_sigio); 846 break; 847 848 case BIOCSRSIG: /* Set receive signal */ 849 { 850 u_int sig; 851 852 sig = *(u_int *)ap->a_data; 853 854 if (sig >= NSIG) 855 error = EINVAL; 856 else 857 d->bd_sig = sig; 858 break; 859 } 860 case BIOCGRSIG: 861 *(u_int *)ap->a_data = d->bd_sig; 862 break; 863 } 864 return(error); 865 } 866 867 /* 868 * Set d's packet filter program to fp. If this file already has a filter, 869 * free it and replace it. Returns EINVAL for bogus requests. 870 */ 871 static int 872 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 873 { 874 struct bpf_insn *fcode, *old; 875 u_int flen, size; 876 877 old = d->bd_filter; 878 if (fp->bf_insns == NULL) { 879 if (fp->bf_len != 0) 880 return(EINVAL); 881 crit_enter(); 882 d->bd_filter = NULL; 883 reset_d(d); 884 crit_exit(); 885 if (old != 0) 886 free(old, M_BPF); 887 return(0); 888 } 889 flen = fp->bf_len; 890 if (flen > BPF_MAXINSNS) 891 return(EINVAL); 892 893 size = flen * sizeof *fp->bf_insns; 894 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK); 895 if (copyin(fp->bf_insns, fcode, size) == 0 && 896 bpf_validate(fcode, (int)flen)) { 897 crit_enter(); 898 d->bd_filter = fcode; 899 reset_d(d); 900 crit_exit(); 901 if (old != 0) 902 free(old, M_BPF); 903 904 return(0); 905 } 906 free(fcode, M_BPF); 907 return(EINVAL); 908 } 909 910 /* 911 * Detach a file from its current interface (if attached at all) and attach 912 * to the interface indicated by the name stored in ifr. 913 * Return an errno or 0. 914 */ 915 static int 916 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 917 { 918 struct bpf_if *bp; 919 int error; 920 struct ifnet *theywant; 921 922 theywant = ifunit(ifr->ifr_name); 923 if (theywant == NULL) 924 return(ENXIO); 925 926 /* 927 * Look through attached interfaces for the named one. 928 */ 929 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 930 struct ifnet *ifp = bp->bif_ifp; 931 932 if (ifp == NULL || ifp != theywant) 933 continue; 934 /* skip additional entry */ 935 if (bp->bif_driverp != &ifp->if_bpf) 936 continue; 937 /* 938 * We found the requested interface. 939 * If it's not up, return an error. 940 * Allocate the packet buffers if we need to. 941 * If we're already attached to requested interface, 942 * just flush the buffer. 943 */ 944 if (!(ifp->if_flags & IFF_UP)) 945 return(ENETDOWN); 946 947 if (d->bd_sbuf == NULL) { 948 error = bpf_allocbufs(d); 949 if (error != 0) 950 return(error); 951 } 952 crit_enter(); 953 if (bp != d->bd_bif) { 954 if (d->bd_bif != NULL) { 955 /* 956 * Detach if attached to something else. 957 */ 958 bpf_detachd(d); 959 } 960 961 bpf_attachd(d, bp); 962 } 963 reset_d(d); 964 crit_exit(); 965 return(0); 966 } 967 968 /* Not found. */ 969 return(ENXIO); 970 } 971 972 /* 973 * Support for select() and poll() system calls 974 * 975 * Return true iff the specific operation will not block indefinitely. 976 * Otherwise, return false but make a note that a selwakeup() must be done. 977 */ 978 int 979 bpfpoll(struct dev_poll_args *ap) 980 { 981 dev_t dev = ap->a_head.a_dev; 982 struct bpf_d *d; 983 int revents; 984 985 d = dev->si_drv1; 986 if (d->bd_bif == NULL) 987 return(ENXIO); 988 989 revents = ap->a_events & (POLLOUT | POLLWRNORM); 990 crit_enter(); 991 if (ap->a_events & (POLLIN | POLLRDNORM)) { 992 /* 993 * An imitation of the FIONREAD ioctl code. 994 * XXX not quite. An exact imitation: 995 * if (d->b_slen != 0 || 996 * (d->bd_hbuf != NULL && d->bd_hlen != 0) 997 */ 998 if (d->bd_hlen != 0 || 999 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1000 d->bd_slen != 0)) 1001 revents |= ap->a_events & (POLLIN | POLLRDNORM); 1002 else { 1003 selrecord(curthread, &d->bd_sel); 1004 /* Start the read timeout if necessary. */ 1005 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1006 callout_reset(&d->bd_callout, d->bd_rtout, 1007 bpf_timed_out, d); 1008 d->bd_state = BPF_WAITING; 1009 } 1010 } 1011 } 1012 crit_exit(); 1013 ap->a_events = revents; 1014 return(0); 1015 } 1016 1017 /* 1018 * Process the packet pkt of length pktlen. The packet is parsed 1019 * by each listener's filter, and if accepted, stashed into the 1020 * corresponding buffer. 1021 */ 1022 void 1023 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1024 { 1025 struct bpf_d *d; 1026 struct timeval tv; 1027 int gottime = 0; 1028 u_int slen; 1029 1030 /* 1031 * Note that the ipl does not have to be raised at this point. 1032 * The only problem that could arise here is that if two different 1033 * interfaces shared any data. This is not the case. 1034 */ 1035 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1036 ++d->bd_rcount; 1037 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1038 if (slen != 0) { 1039 if (!gottime) { 1040 microtime(&tv); 1041 gottime = 1; 1042 } 1043 catchpacket(d, pkt, pktlen, slen, ovbcopy, &tv); 1044 } 1045 } 1046 } 1047 1048 /* 1049 * Copy data from an mbuf chain into a buffer. This code is derived 1050 * from m_copydata in sys/uipc_mbuf.c. 1051 */ 1052 static void 1053 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) 1054 { 1055 const struct mbuf *m; 1056 u_int count; 1057 u_char *dst; 1058 1059 m = src_arg; 1060 dst = dst_arg; 1061 while (len > 0) { 1062 if (m == NULL) 1063 panic("bpf_mcopy"); 1064 count = min(m->m_len, len); 1065 bcopy(mtod(m, void *), dst, count); 1066 m = m->m_next; 1067 dst += count; 1068 len -= count; 1069 } 1070 } 1071 1072 /* 1073 * Process the packet in the mbuf chain m. The packet is parsed by each 1074 * listener's filter, and if accepted, stashed into the corresponding 1075 * buffer. 1076 */ 1077 void 1078 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1079 { 1080 struct bpf_d *d; 1081 u_int pktlen, slen; 1082 struct mbuf *m0; 1083 struct timeval tv; 1084 int gottime = 0; 1085 1086 /* Don't compute pktlen, if no descriptor is attached. */ 1087 if (SLIST_EMPTY(&bp->bif_dlist)) 1088 return; 1089 1090 pktlen = 0; 1091 for (m0 = m; m0 != NULL; m0 = m0->m_next) 1092 pktlen += m0->m_len; 1093 1094 SLIST_FOREACH(d, &bp->bif_dlist, bd_next) { 1095 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) 1096 continue; 1097 ++d->bd_rcount; 1098 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1099 if (slen != 0) { 1100 if (!gottime) { 1101 microtime(&tv); 1102 gottime = 1; 1103 } 1104 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy, 1105 &tv); 1106 } 1107 } 1108 } 1109 1110 void 1111 bpf_mtap_family(struct bpf_if *bp, struct mbuf *m, sa_family_t family) 1112 { 1113 u_int family4; 1114 1115 KKASSERT(family != AF_UNSPEC); 1116 1117 family4 = (u_int)family; 1118 bpf_ptap(bp, m, &family4, sizeof(family4)); 1119 } 1120 1121 /* 1122 * Process the packet in the mbuf chain m with the header in m prepended. 1123 * The packet is parsed by each listener's filter, and if accepted, 1124 * stashed into the corresponding buffer. 1125 */ 1126 void 1127 bpf_ptap(struct bpf_if *bp, struct mbuf *m, const void *data, u_int dlen) 1128 { 1129 struct mbuf mb; 1130 1131 /* 1132 * Craft on-stack mbuf suitable for passing to bpf_mtap. 1133 * Note that we cut corners here; we only setup what's 1134 * absolutely needed--this mbuf should never go anywhere else. 1135 */ 1136 mb.m_next = m; 1137 mb.m_data = __DECONST(void *, data); /* LINTED */ 1138 mb.m_len = dlen; 1139 1140 bpf_mtap(bp, &mb); 1141 } 1142 1143 /* 1144 * Move the packet data from interface memory (pkt) into the 1145 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1146 * otherwise 0. "copy" is the routine called to do the actual data 1147 * transfer. bcopy is passed in to copy contiguous chunks, while 1148 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1149 * pkt is really an mbuf. 1150 */ 1151 static void 1152 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1153 void (*cpfn)(const void *, void *, size_t), 1154 const struct timeval *tv) 1155 { 1156 struct bpf_hdr *hp; 1157 int totlen, curlen; 1158 int hdrlen = d->bd_bif->bif_hdrlen; 1159 /* 1160 * Figure out how many bytes to move. If the packet is 1161 * greater or equal to the snapshot length, transfer that 1162 * much. Otherwise, transfer the whole packet (unless 1163 * we hit the buffer size limit). 1164 */ 1165 totlen = hdrlen + min(snaplen, pktlen); 1166 if (totlen > d->bd_bufsize) 1167 totlen = d->bd_bufsize; 1168 1169 /* 1170 * Round up the end of the previous packet to the next longword. 1171 */ 1172 curlen = BPF_WORDALIGN(d->bd_slen); 1173 if (curlen + totlen > d->bd_bufsize) { 1174 /* 1175 * This packet will overflow the storage buffer. 1176 * Rotate the buffers if we can, then wakeup any 1177 * pending reads. 1178 */ 1179 if (d->bd_fbuf == NULL) { 1180 /* 1181 * We haven't completed the previous read yet, 1182 * so drop the packet. 1183 */ 1184 ++d->bd_dcount; 1185 return; 1186 } 1187 ROTATE_BUFFERS(d); 1188 bpf_wakeup(d); 1189 curlen = 0; 1190 } 1191 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) 1192 /* 1193 * Immediate mode is set, or the read timeout has 1194 * already expired during a select call. A packet 1195 * arrived, so the reader should be woken up. 1196 */ 1197 bpf_wakeup(d); 1198 1199 /* 1200 * Append the bpf header. 1201 */ 1202 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1203 hp->bh_tstamp = *tv; 1204 hp->bh_datalen = pktlen; 1205 hp->bh_hdrlen = hdrlen; 1206 /* 1207 * Copy the packet data into the store buffer and update its length. 1208 */ 1209 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1210 d->bd_slen = curlen + totlen; 1211 } 1212 1213 /* 1214 * Initialize all nonzero fields of a descriptor. 1215 */ 1216 static int 1217 bpf_allocbufs(struct bpf_d *d) 1218 { 1219 d->bd_fbuf = malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1220 if (d->bd_fbuf == NULL) 1221 return(ENOBUFS); 1222 1223 d->bd_sbuf = malloc(d->bd_bufsize, M_BPF, M_WAITOK); 1224 if (d->bd_sbuf == NULL) { 1225 free(d->bd_fbuf, M_BPF); 1226 return(ENOBUFS); 1227 } 1228 d->bd_slen = 0; 1229 d->bd_hlen = 0; 1230 return(0); 1231 } 1232 1233 /* 1234 * Free buffers currently in use by a descriptor. 1235 * Called on close. 1236 */ 1237 static void 1238 bpf_freed(struct bpf_d *d) 1239 { 1240 /* 1241 * We don't need to lock out interrupts since this descriptor has 1242 * been detached from its interface and it yet hasn't been marked 1243 * free. 1244 */ 1245 if (d->bd_sbuf != NULL) { 1246 free(d->bd_sbuf, M_BPF); 1247 if (d->bd_hbuf != NULL) 1248 free(d->bd_hbuf, M_BPF); 1249 if (d->bd_fbuf != NULL) 1250 free(d->bd_fbuf, M_BPF); 1251 } 1252 if (d->bd_filter) 1253 free(d->bd_filter, M_BPF); 1254 } 1255 1256 /* 1257 * Attach an interface to bpf. ifp is a pointer to the structure 1258 * defining the interface to be attached, dlt is the link layer type, 1259 * and hdrlen is the fixed size of the link header (variable length 1260 * headers are not yet supported). 1261 */ 1262 void 1263 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1264 { 1265 bpfattach_dlt(ifp, dlt, hdrlen, &ifp->if_bpf); 1266 } 1267 1268 void 1269 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1270 { 1271 struct bpf_if *bp; 1272 1273 bp = malloc(sizeof *bp, M_BPF, M_WAITOK | M_ZERO); 1274 1275 SLIST_INIT(&bp->bif_dlist); 1276 bp->bif_ifp = ifp; 1277 bp->bif_dlt = dlt; 1278 bp->bif_driverp = driverp; 1279 *bp->bif_driverp = NULL; 1280 1281 bp->bif_next = bpf_iflist; 1282 bpf_iflist = bp; 1283 1284 /* 1285 * Compute the length of the bpf header. This is not necessarily 1286 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1287 * that the network layer header begins on a longword boundary (for 1288 * performance reasons and to alleviate alignment restrictions). 1289 */ 1290 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1291 1292 if (bootverbose) 1293 if_printf(ifp, "bpf attached\n"); 1294 } 1295 1296 /* 1297 * Detach bpf from an interface. This involves detaching each descriptor 1298 * associated with the interface, and leaving bd_bif NULL. Notify each 1299 * descriptor as it's detached so that any sleepers wake up and get 1300 * ENXIO. 1301 */ 1302 void 1303 bpfdetach(struct ifnet *ifp) 1304 { 1305 struct bpf_if *bp, *bp_prev; 1306 struct bpf_d *d; 1307 1308 crit_enter(); 1309 1310 /* Locate BPF interface information */ 1311 bp_prev = NULL; 1312 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1313 if (ifp == bp->bif_ifp) 1314 break; 1315 bp_prev = bp; 1316 } 1317 1318 /* Interface wasn't attached */ 1319 if (bp->bif_ifp == NULL) { 1320 crit_exit(); 1321 printf("bpfdetach: %s was not attached\n", ifp->if_xname); 1322 return; 1323 } 1324 1325 while ((d = SLIST_FIRST(&bp->bif_dlist)) != NULL) { 1326 bpf_detachd(d); 1327 bpf_wakeup(d); 1328 } 1329 1330 if (bp_prev != NULL) 1331 bp_prev->bif_next = bp->bif_next; 1332 else 1333 bpf_iflist = bp->bif_next; 1334 1335 free(bp, M_BPF); 1336 1337 crit_exit(); 1338 } 1339 1340 /* 1341 * Get a list of available data link type of the interface. 1342 */ 1343 static int 1344 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1345 { 1346 int n, error; 1347 struct ifnet *ifp; 1348 struct bpf_if *bp; 1349 1350 ifp = d->bd_bif->bif_ifp; 1351 n = 0; 1352 error = 0; 1353 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1354 if (bp->bif_ifp != ifp) 1355 continue; 1356 if (bfl->bfl_list != NULL) { 1357 if (n >= bfl->bfl_len) { 1358 return (ENOMEM); 1359 } 1360 error = copyout(&bp->bif_dlt, 1361 bfl->bfl_list + n, sizeof(u_int)); 1362 } 1363 n++; 1364 } 1365 bfl->bfl_len = n; 1366 return(error); 1367 } 1368 1369 /* 1370 * Set the data link type of a BPF instance. 1371 */ 1372 static int 1373 bpf_setdlt(struct bpf_d *d, u_int dlt) 1374 { 1375 int error, opromisc; 1376 struct ifnet *ifp; 1377 struct bpf_if *bp; 1378 1379 if (d->bd_bif->bif_dlt == dlt) 1380 return (0); 1381 ifp = d->bd_bif->bif_ifp; 1382 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1383 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1384 break; 1385 } 1386 if (bp != NULL) { 1387 opromisc = d->bd_promisc; 1388 crit_enter(); 1389 bpf_detachd(d); 1390 bpf_attachd(d, bp); 1391 reset_d(d); 1392 if (opromisc) { 1393 error = ifpromisc(bp->bif_ifp, 1); 1394 if (error) 1395 if_printf(bp->bif_ifp, 1396 "bpf_setdlt: ifpromisc failed (%d)\n", 1397 error); 1398 else 1399 d->bd_promisc = 1; 1400 } 1401 crit_exit(); 1402 } 1403 return(bp == NULL ? EINVAL : 0); 1404 } 1405 1406 static void 1407 bpf_drvinit(void *unused) 1408 { 1409 dev_ops_add(&bpf_ops, 0, 0); 1410 } 1411 1412 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL) 1413 1414 #else /* !BPF */ 1415 /* 1416 * NOP stubs to allow bpf-using drivers to load and function. 1417 * 1418 * A 'better' implementation would allow the core bpf functionality 1419 * to be loaded at runtime. 1420 */ 1421 1422 void 1423 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1424 { 1425 } 1426 1427 void 1428 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1429 { 1430 } 1431 1432 void 1433 bpf_ptap(struct bpf_if *bp, struct mbuf *m, const void *data, u_int dlen) 1434 { 1435 } 1436 1437 void 1438 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1439 { 1440 } 1441 1442 void 1443 bpfattach_dlt(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1444 { 1445 } 1446 1447 void 1448 bpfdetach(struct ifnet *ifp) 1449 { 1450 } 1451 1452 u_int 1453 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 1454 { 1455 return -1; /* "no filter" behaviour */ 1456 } 1457 1458 #endif /* !BPF */ 1459