1 /* $OpenBSD: bpf.c,v 1.12 1997/09/30 02:31:04 millert Exp $ */ 2 /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ 3 4 /* 5 * Copyright (c) 1990, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * This code is derived from the Stanford/CMU enet packet filter, 9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 11 * Berkeley Laboratory. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by the University of 24 * California, Berkeley and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * @(#)bpf.c 8.2 (Berkeley) 3/28/94 42 */ 43 44 #include "bpfilter.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/mbuf.h> 49 #include <sys/buf.h> 50 #include <sys/time.h> 51 #include <sys/proc.h> 52 #include <sys/user.h> 53 #include <sys/ioctl.h> 54 #include <sys/map.h> 55 #include <sys/conf.h> 56 57 #include <sys/file.h> 58 #if defined(sparc) && BSD < 199103 59 #include <sys/stream.h> 60 #endif 61 #include <sys/tty.h> 62 #include <sys/uio.h> 63 64 #include <sys/protosw.h> 65 #include <sys/socket.h> 66 #include <sys/errno.h> 67 #include <sys/kernel.h> 68 69 #include <net/if.h> 70 71 #include <net/bpf.h> 72 #include <net/bpfdesc.h> 73 74 #include <netinet/in.h> 75 #include <netinet/if_arc.h> 76 #include <netinet/if_ether.h> 77 78 /* 79 * Older BSDs don't have kernel malloc. 80 */ 81 #if BSD < 199103 82 extern bcopy(); 83 caddr_t bpf_alloc(); 84 #include <net/bpf_compat.h> 85 #define BPF_BUFSIZE (MCLBYTES-8) 86 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio) 87 #else 88 #define BPF_BUFSIZE 4096 89 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio) 90 #endif 91 92 #define PRINET 26 /* interruptible */ 93 94 /* 95 * The default read buffer size is patchable. 96 */ 97 int bpf_bufsize = BPF_BUFSIZE; 98 99 /* 100 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 101 * bpf_dtab holds the descriptors, indexed by minor device # 102 */ 103 struct bpf_if *bpf_iflist; 104 struct bpf_d bpf_dtab[NBPFILTER]; 105 106 int bpf_allocbufs __P((struct bpf_d *)); 107 void bpf_freed __P((struct bpf_d *)); 108 void bpf_ifname __P((struct ifnet *, struct ifreq *)); 109 void bpf_mcopy __P((const void *, void *, size_t)); 110 int bpf_movein __P((struct uio *, int, struct mbuf **, struct sockaddr *)); 111 void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 112 void bpf_detachd __P((struct bpf_d *)); 113 int bpf_setif __P((struct bpf_d *, struct ifreq *)); 114 #if BSD >= 199103 115 int bpfselect __P((dev_t, int, struct proc *)); 116 #endif 117 static __inline void bpf_wakeup __P((struct bpf_d *)); 118 void bpf_catchpacket __P((struct bpf_d *, u_char *, size_t, size_t, 119 void (*)(const void *, void *, size_t))); 120 void bpf_reset_d __P((struct bpf_d *)); 121 122 int 123 bpf_movein(uio, linktype, mp, sockp) 124 register struct uio *uio; 125 int linktype; 126 register struct mbuf **mp; 127 register struct sockaddr *sockp; 128 { 129 struct mbuf *m; 130 int error; 131 int len; 132 int hlen; 133 134 /* 135 * Build a sockaddr based on the data link layer type. 136 * We do this at this level because the ethernet header 137 * is copied directly into the data field of the sockaddr. 138 * In the case of SLIP, there is no header and the packet 139 * is forwarded as is. 140 * Also, we are careful to leave room at the front of the mbuf 141 * for the link level header. 142 */ 143 switch (linktype) { 144 145 case DLT_SLIP: 146 sockp->sa_family = AF_INET; 147 hlen = 0; 148 break; 149 150 case DLT_PPP: 151 sockp->sa_family = AF_UNSPEC; 152 hlen = 0; 153 break; 154 155 case DLT_EN10MB: 156 sockp->sa_family = AF_UNSPEC; 157 /* XXX Would MAXLINKHDR be better? */ 158 hlen = sizeof(struct ether_header); 159 break; 160 161 case DLT_ARCNET: 162 sockp->sa_family = AF_UNSPEC; 163 hlen = ARC_HDRLEN; 164 break; 165 166 case DLT_FDDI: 167 sockp->sa_family = AF_UNSPEC; 168 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */ 169 hlen = 24; 170 break; 171 172 case DLT_NULL: 173 sockp->sa_family = AF_UNSPEC; 174 hlen = 0; 175 break; 176 177 default: 178 return (EIO); 179 } 180 181 len = uio->uio_resid; 182 if ((unsigned)len > MCLBYTES) 183 return (EIO); 184 185 MGETHDR(m, M_WAIT, MT_DATA); 186 if (m == 0) 187 return (ENOBUFS); 188 m->m_pkthdr.rcvif = 0; 189 m->m_pkthdr.len = len - hlen; 190 191 if (len > MHLEN) { 192 #if BSD >= 199103 193 MCLGET(m, M_WAIT); 194 if ((m->m_flags & M_EXT) == 0) { 195 #else 196 MCLGET(m); 197 if (m->m_len != MCLBYTES) { 198 #endif 199 error = ENOBUFS; 200 goto bad; 201 } 202 } 203 m->m_len = len; 204 *mp = m; 205 /* 206 * Make room for link header. 207 */ 208 if (hlen != 0) { 209 m->m_len -= hlen; 210 #if BSD >= 199103 211 m->m_data += hlen; /* XXX */ 212 #else 213 m->m_off += hlen; 214 #endif 215 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio); 216 if (error) 217 goto bad; 218 } 219 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio); 220 if (!error) 221 return (0); 222 bad: 223 m_freem(m); 224 return (error); 225 } 226 227 /* 228 * Attach file to the bpf interface, i.e. make d listen on bp. 229 * Must be called at splimp. 230 */ 231 void 232 bpf_attachd(d, bp) 233 struct bpf_d *d; 234 struct bpf_if *bp; 235 { 236 /* 237 * Point d at bp, and add d to the interface's list of listeners. 238 * Finally, point the driver's bpf cookie at the interface so 239 * it will divert packets to bpf. 240 */ 241 d->bd_bif = bp; 242 d->bd_next = bp->bif_dlist; 243 bp->bif_dlist = d; 244 245 *bp->bif_driverp = bp; 246 } 247 248 /* 249 * Detach a file from its interface. 250 */ 251 void 252 bpf_detachd(d) 253 struct bpf_d *d; 254 { 255 struct bpf_d **p; 256 struct bpf_if *bp; 257 258 bp = d->bd_bif; 259 /* 260 * Check if this descriptor had requested promiscuous mode. 261 * If so, turn it off. 262 */ 263 if (d->bd_promisc) { 264 int error; 265 266 d->bd_promisc = 0; 267 error = ifpromisc(bp->bif_ifp, 0); 268 if (error && error != EINVAL) 269 /* 270 * Something is really wrong if we were able to put 271 * the driver into promiscuous mode, but can't 272 * take it out. 273 */ 274 panic("bpf: ifpromisc failed"); 275 } 276 /* Remove d from the interface's descriptor list. */ 277 p = &bp->bif_dlist; 278 while (*p != d) { 279 p = &(*p)->bd_next; 280 if (*p == 0) 281 panic("bpf_detachd: descriptor not in list"); 282 } 283 *p = (*p)->bd_next; 284 if (bp->bif_dlist == 0) 285 /* 286 * Let the driver know that there are no more listeners. 287 */ 288 *d->bd_bif->bif_driverp = 0; 289 d->bd_bif = 0; 290 } 291 292 293 /* 294 * Mark a descriptor free by making it point to itself. 295 * This is probably cheaper than marking with a constant since 296 * the address should be in a register anyway. 297 */ 298 #define D_ISFREE(d) ((d) == (d)->bd_next) 299 #define D_MARKFREE(d) ((d)->bd_next = (d)) 300 #define D_MARKUSED(d) ((d)->bd_next = 0) 301 302 #if BSD >= 199207 || NetBSD0_9 >= 2 303 /* 304 * bpfilterattach() is called at boot time in new systems. We do 305 * nothing here since old systems will not call this. 306 */ 307 /* ARGSUSED */ 308 void 309 bpfilterattach(n) 310 int n; 311 { 312 int i; 313 314 /* 315 * Mark all the descriptors free if this hasn't been done. 316 */ 317 if (!D_ISFREE(&bpf_dtab[0])) 318 for (i = 0; i < NBPFILTER; ++i) 319 D_MARKFREE(&bpf_dtab[i]); 320 } 321 #endif 322 323 /* 324 * Open ethernet device. Returns ENXIO for illegal minor device number, 325 * EBUSY if file is open by another process. 326 */ 327 /* ARGSUSED */ 328 int 329 bpfopen(dev, flag, mode, p) 330 dev_t dev; 331 int flag; 332 int mode; 333 struct proc *p; 334 { 335 register struct bpf_d *d; 336 337 if (minor(dev) >= NBPFILTER) 338 return (ENXIO); 339 /* 340 * Each minor can be opened by only one process. If the requested 341 * minor is in use, return EBUSY. 342 */ 343 d = &bpf_dtab[minor(dev)]; 344 if (!D_ISFREE(d)) 345 return (EBUSY); 346 347 /* Mark "free" and do most initialization. */ 348 bzero((char *)d, sizeof(*d)); 349 d->bd_bufsize = bpf_bufsize; 350 d->bd_sig = SIGIO; 351 352 return (0); 353 } 354 355 /* 356 * Close the descriptor by detaching it from its interface, 357 * deallocating its buffers, and marking it free. 358 */ 359 /* ARGSUSED */ 360 int 361 bpfclose(dev, flag, mode, p) 362 dev_t dev; 363 int flag; 364 int mode; 365 struct proc *p; 366 { 367 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 368 register int s; 369 370 s = splimp(); 371 if (d->bd_bif) 372 bpf_detachd(d); 373 splx(s); 374 bpf_freed(d); 375 376 return (0); 377 } 378 379 /* 380 * Support for SunOS, which does not have tsleep. 381 */ 382 #if BSD < 199103 383 int 384 bpf_timeout(arg) 385 caddr_t arg; 386 { 387 struct bpf_d *d = (struct bpf_d *)arg; 388 d->bd_timedout = 1; 389 wakeup(arg); 390 } 391 392 #define BPF_SLEEP(chan, pri, s, t) bpf_sleep((struct bpf_d *)chan) 393 394 int 395 bpf_sleep(d) 396 register struct bpf_d *d; 397 { 398 register int rto = d->bd_rtout; 399 register int st; 400 401 if (rto != 0) { 402 d->bd_timedout = 0; 403 timeout(bpf_timeout, (caddr_t)d, rto); 404 } 405 st = sleep((caddr_t)d, PRINET|PCATCH); 406 if (rto != 0) { 407 if (d->bd_timedout == 0) 408 untimeout(bpf_timeout, (caddr_t)d); 409 else if (st == 0) 410 return EWOULDBLOCK; 411 } 412 return (st != 0) ? EINTR : 0; 413 } 414 #else 415 #define BPF_SLEEP tsleep 416 #endif 417 418 /* 419 * Rotate the packet buffers in descriptor d. Move the store buffer 420 * into the hold slot, and the free buffer into the store slot. 421 * Zero the length of the new store buffer. 422 */ 423 #define ROTATE_BUFFERS(d) \ 424 (d)->bd_hbuf = (d)->bd_sbuf; \ 425 (d)->bd_hlen = (d)->bd_slen; \ 426 (d)->bd_sbuf = (d)->bd_fbuf; \ 427 (d)->bd_slen = 0; \ 428 (d)->bd_fbuf = 0; 429 /* 430 * bpfread - read next chunk of packets from buffers 431 */ 432 int 433 bpfread(dev, uio, ioflag) 434 dev_t dev; 435 register struct uio *uio; 436 int ioflag; 437 { 438 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 439 int error; 440 int s; 441 442 if (d->bd_bif == 0) 443 return (ENXIO); 444 445 /* 446 * Restrict application to use a buffer the same size as 447 * as kernel buffers. 448 */ 449 if (uio->uio_resid != d->bd_bufsize) 450 return (EINVAL); 451 452 s = splimp(); 453 /* 454 * If the hold buffer is empty, then do a timed sleep, which 455 * ends when the timeout expires or when enough packets 456 * have arrived to fill the store buffer. 457 */ 458 while (d->bd_hbuf == 0) { 459 if (d->bd_immediate && d->bd_slen != 0) { 460 /* 461 * A packet(s) either arrived since the previous 462 * read or arrived while we were asleep. 463 * Rotate the buffers and return what's here. 464 */ 465 ROTATE_BUFFERS(d); 466 break; 467 } 468 if (d->bd_rtout != -1) 469 error = BPF_SLEEP((caddr_t)d, PRINET|PCATCH, "bpf", 470 d->bd_rtout); 471 else 472 error = EWOULDBLOCK; /* User requested non-blocking I/O */ 473 if (error == EINTR || error == ERESTART) { 474 splx(s); 475 return (error); 476 } 477 if (error == EWOULDBLOCK) { 478 /* 479 * On a timeout, return what's in the buffer, 480 * which may be nothing. If there is something 481 * in the store buffer, we can rotate the buffers. 482 */ 483 if (d->bd_hbuf) 484 /* 485 * We filled up the buffer in between 486 * getting the timeout and arriving 487 * here, so we don't need to rotate. 488 */ 489 break; 490 491 if (d->bd_slen == 0) { 492 splx(s); 493 return (0); 494 } 495 ROTATE_BUFFERS(d); 496 break; 497 } 498 } 499 /* 500 * At this point, we know we have something in the hold slot. 501 */ 502 splx(s); 503 504 /* 505 * Move data from hold buffer into user space. 506 * We know the entire buffer is transferred since 507 * we checked above that the read buffer is bpf_bufsize bytes. 508 */ 509 error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio); 510 511 s = splimp(); 512 d->bd_fbuf = d->bd_hbuf; 513 d->bd_hbuf = 0; 514 d->bd_hlen = 0; 515 splx(s); 516 517 return (error); 518 } 519 520 521 /* 522 * If there are processes sleeping on this descriptor, wake them up. 523 */ 524 static __inline void 525 bpf_wakeup(d) 526 register struct bpf_d *d; 527 { 528 wakeup((caddr_t)d); 529 if (d->bd_async && d->bd_sig) 530 csignal(d->bd_pgid, d->bd_sig, 531 d->bd_siguid, d->bd_sigeuid); 532 533 #if BSD >= 199103 534 selwakeup(&d->bd_sel); 535 /* XXX */ 536 d->bd_sel.si_selpid = 0; 537 #else 538 if (d->bd_selproc) { 539 selwakeup(d->bd_selproc, (int)d->bd_selcoll); 540 d->bd_selcoll = 0; 541 d->bd_selproc = 0; 542 } 543 #endif 544 } 545 546 int 547 bpfwrite(dev, uio, ioflag) 548 dev_t dev; 549 struct uio *uio; 550 int ioflag; 551 { 552 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 553 struct ifnet *ifp; 554 struct mbuf *m; 555 int error, s; 556 struct sockaddr dst; 557 558 if (d->bd_bif == 0) 559 return (ENXIO); 560 561 ifp = d->bd_bif->bif_ifp; 562 563 if (uio->uio_resid == 0) 564 return (0); 565 566 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst); 567 if (error) 568 return (error); 569 570 if (m->m_pkthdr.len > ifp->if_mtu) { 571 m_freem(m); 572 return (EMSGSIZE); 573 } 574 575 s = splsoftnet(); 576 #if BSD >= 199103 577 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0); 578 #else 579 error = (*ifp->if_output)(ifp, m, &dst); 580 #endif 581 splx(s); 582 /* 583 * The driver frees the mbuf. 584 */ 585 return (error); 586 } 587 588 /* 589 * Reset a descriptor by flushing its packet buffer and clearing the 590 * receive and drop counts. Should be called at splimp. 591 */ 592 void 593 bpf_reset_d(d) 594 struct bpf_d *d; 595 { 596 if (d->bd_hbuf) { 597 /* Free the hold buffer. */ 598 d->bd_fbuf = d->bd_hbuf; 599 d->bd_hbuf = 0; 600 } 601 d->bd_slen = 0; 602 d->bd_hlen = 0; 603 d->bd_rcount = 0; 604 d->bd_dcount = 0; 605 } 606 607 /* 608 * FIONREAD Check for read packet available. 609 * BIOCGBLEN Get buffer len [for read()]. 610 * BIOCSETF Set ethernet read filter. 611 * BIOCFLUSH Flush read packet buffer. 612 * BIOCPROMISC Put interface into promiscuous mode. 613 * BIOCGDLT Get link layer type. 614 * BIOCGETIF Get interface name. 615 * BIOCSETIF Set interface. 616 * BIOCSRTIMEOUT Set read timeout. 617 * BIOCGRTIMEOUT Get read timeout. 618 * BIOCGSTATS Get packet stats. 619 * BIOCIMMEDIATE Set immediate mode. 620 * BIOCVERSION Get filter language version. 621 */ 622 /* ARGSUSED */ 623 int 624 bpfioctl(dev, cmd, addr, flag, p) 625 dev_t dev; 626 u_long cmd; 627 caddr_t addr; 628 int flag; 629 struct proc *p; 630 { 631 register struct bpf_d *d = &bpf_dtab[minor(dev)]; 632 int s, error = 0; 633 634 switch (cmd) { 635 636 default: 637 error = EINVAL; 638 break; 639 640 /* 641 * Check for read packet available. 642 */ 643 case FIONREAD: 644 { 645 int n; 646 647 s = splimp(); 648 n = d->bd_slen; 649 if (d->bd_hbuf) 650 n += d->bd_hlen; 651 splx(s); 652 653 *(int *)addr = n; 654 break; 655 } 656 657 /* 658 * Get buffer len [for read()]. 659 */ 660 case BIOCGBLEN: 661 *(u_int *)addr = d->bd_bufsize; 662 break; 663 664 /* 665 * Set buffer length. 666 */ 667 case BIOCSBLEN: 668 #if BSD < 199103 669 error = EINVAL; 670 #else 671 if (d->bd_bif != 0) 672 error = EINVAL; 673 else { 674 register u_int size = *(u_int *)addr; 675 676 if (size > BPF_MAXBUFSIZE) 677 *(u_int *)addr = size = BPF_MAXBUFSIZE; 678 else if (size < BPF_MINBUFSIZE) 679 *(u_int *)addr = size = BPF_MINBUFSIZE; 680 d->bd_bufsize = size; 681 } 682 #endif 683 break; 684 685 /* 686 * Set link layer read filter. 687 */ 688 case BIOCSETF: 689 error = bpf_setf(d, (struct bpf_program *)addr); 690 break; 691 692 /* 693 * Flush read packet buffer. 694 */ 695 case BIOCFLUSH: 696 s = splimp(); 697 bpf_reset_d(d); 698 splx(s); 699 break; 700 701 /* 702 * Put interface into promiscuous mode. 703 */ 704 case BIOCPROMISC: 705 if (d->bd_bif == 0) { 706 /* 707 * No interface attached yet. 708 */ 709 error = EINVAL; 710 break; 711 } 712 s = splimp(); 713 if (d->bd_promisc == 0) { 714 error = ifpromisc(d->bd_bif->bif_ifp, 1); 715 if (error == 0) 716 d->bd_promisc = 1; 717 } 718 splx(s); 719 break; 720 721 /* 722 * Get device parameters. 723 */ 724 case BIOCGDLT: 725 if (d->bd_bif == 0) 726 error = EINVAL; 727 else 728 *(u_int *)addr = d->bd_bif->bif_dlt; 729 break; 730 731 /* 732 * Set interface name. 733 */ 734 case BIOCGETIF: 735 if (d->bd_bif == 0) 736 error = EINVAL; 737 else 738 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 739 break; 740 741 /* 742 * Set interface. 743 */ 744 case BIOCSETIF: 745 error = bpf_setif(d, (struct ifreq *)addr); 746 break; 747 748 /* 749 * Set read timeout. 750 */ 751 case BIOCSRTIMEOUT: 752 { 753 struct timeval *tv = (struct timeval *)addr; 754 755 /* Compute number of ticks. */ 756 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 757 if (d->bd_rtout == 0 && tv->tv_usec != 0) 758 d->bd_rtout = 1; 759 break; 760 } 761 762 /* 763 * Get read timeout. 764 */ 765 case BIOCGRTIMEOUT: 766 { 767 struct timeval *tv = (struct timeval *)addr; 768 769 tv->tv_sec = d->bd_rtout / hz; 770 tv->tv_usec = (d->bd_rtout % hz) * tick; 771 break; 772 } 773 774 /* 775 * Get packet stats. 776 */ 777 case BIOCGSTATS: 778 { 779 struct bpf_stat *bs = (struct bpf_stat *)addr; 780 781 bs->bs_recv = d->bd_rcount; 782 bs->bs_drop = d->bd_dcount; 783 break; 784 } 785 786 /* 787 * Set immediate mode. 788 */ 789 case BIOCIMMEDIATE: 790 d->bd_immediate = *(u_int *)addr; 791 break; 792 793 case BIOCVERSION: 794 { 795 struct bpf_version *bv = (struct bpf_version *)addr; 796 797 bv->bv_major = BPF_MAJOR_VERSION; 798 bv->bv_minor = BPF_MINOR_VERSION; 799 break; 800 } 801 802 803 case FIONBIO: /* Non-blocking I/O */ 804 if (*(int *)addr) 805 d->bd_rtout = -1; 806 else 807 d->bd_rtout = 0; 808 break; 809 810 case FIOASYNC: /* Send signal on receive packets */ 811 d->bd_async = *(int *)addr; 812 break; 813 814 /* 815 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 816 * the equivalent of a TIOCSPGRP and hence end up here. *However* 817 * TIOCSPGRP's arg is a process group if it's positive and a process 818 * id if it's negative. This is exactly the opposite of what the 819 * other two functions want! Therefore there is code in ioctl and 820 * fcntl to negate the arg before calling here. 821 */ 822 case TIOCSPGRP: /* Process or group to send signals to */ 823 d->bd_pgid = *(int *)addr; 824 d->bd_siguid = p->p_cred->p_ruid; 825 d->bd_sigeuid = p->p_ucred->cr_uid; 826 break; 827 828 case TIOCGPGRP: 829 *(int *)addr = d->bd_pgid; 830 break; 831 832 case BIOCSRSIG: /* Set receive signal */ 833 { 834 u_int sig; 835 836 sig = *(u_int *)addr; 837 838 if (sig >= NSIG) 839 error = EINVAL; 840 else 841 d->bd_sig = sig; 842 break; 843 } 844 case BIOCGRSIG: 845 *(u_int *)addr = d->bd_sig; 846 break; 847 } 848 return (error); 849 } 850 851 /* 852 * Set d's packet filter program to fp. If this file already has a filter, 853 * free it and replace it. Returns EINVAL for bogus requests. 854 */ 855 int 856 bpf_setf(d, fp) 857 struct bpf_d *d; 858 struct bpf_program *fp; 859 { 860 struct bpf_insn *fcode, *old; 861 u_int flen, size; 862 int s; 863 864 old = d->bd_filter; 865 if (fp->bf_insns == 0) { 866 if (fp->bf_len != 0) 867 return (EINVAL); 868 s = splimp(); 869 d->bd_filter = 0; 870 bpf_reset_d(d); 871 splx(s); 872 if (old != 0) 873 free((caddr_t)old, M_DEVBUF); 874 return (0); 875 } 876 flen = fp->bf_len; 877 if (flen > BPF_MAXINSNS) 878 return (EINVAL); 879 880 size = flen * sizeof(*fp->bf_insns); 881 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 882 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 883 bpf_validate(fcode, (int)flen)) { 884 s = splimp(); 885 d->bd_filter = fcode; 886 bpf_reset_d(d); 887 splx(s); 888 if (old != 0) 889 free((caddr_t)old, M_DEVBUF); 890 891 return (0); 892 } 893 free((caddr_t)fcode, M_DEVBUF); 894 return (EINVAL); 895 } 896 897 /* 898 * Detach a file from its current interface (if attached at all) and attach 899 * to the interface indicated by the name stored in ifr. 900 * Return an errno or 0. 901 */ 902 int 903 bpf_setif(d, ifr) 904 struct bpf_d *d; 905 struct ifreq *ifr; 906 { 907 struct bpf_if *bp; 908 char *cp; 909 int unit_seen, i, s, error; 910 911 /* 912 * Make sure the provided name has a unit number, and default 913 * it to '0' if not specified. 914 * XXX This is ugly ... do this differently? 915 */ 916 unit_seen = 0; 917 cp = ifr->ifr_name; 918 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 919 while (*cp++) 920 if (*cp >= '0' && *cp <= '9') 921 unit_seen = 1; 922 if (!unit_seen) { 923 /* Make sure to leave room for the '\0'. */ 924 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 925 if ((ifr->ifr_name[i] >= 'a' && 926 ifr->ifr_name[i] <= 'z') || 927 (ifr->ifr_name[i] >= 'A' && 928 ifr->ifr_name[i] <= 'Z')) 929 continue; 930 ifr->ifr_name[i] = '0'; 931 } 932 } 933 934 /* 935 * Look through attached interfaces for the named one. 936 */ 937 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 938 struct ifnet *ifp = bp->bif_ifp; 939 940 if (ifp == 0 || 941 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 942 continue; 943 /* 944 * We found the requested interface. 945 * If it's not up, return an error. 946 * Allocate the packet buffers if we need to. 947 * If we're already attached to requested interface, 948 * just flush the buffer. 949 */ 950 if ((ifp->if_flags & IFF_UP) == 0) 951 return (ENETDOWN); 952 953 if (d->bd_sbuf == 0) { 954 error = bpf_allocbufs(d); 955 if (error != 0) 956 return (error); 957 } 958 s = splimp(); 959 if (bp != d->bd_bif) { 960 if (d->bd_bif) 961 /* 962 * Detach if attached to something else. 963 */ 964 bpf_detachd(d); 965 966 bpf_attachd(d, bp); 967 } 968 bpf_reset_d(d); 969 splx(s); 970 return (0); 971 } 972 /* Not found. */ 973 return (ENXIO); 974 } 975 976 /* 977 * Copy the interface name to the ifreq. 978 */ 979 void 980 bpf_ifname(ifp, ifr) 981 struct ifnet *ifp; 982 struct ifreq *ifr; 983 { 984 bcopy(ifp->if_xname, ifr->ifr_name, IFNAMSIZ); 985 } 986 987 /* 988 * The new select interface passes down the proc pointer; the old select 989 * stubs had to grab it out of the user struct. This glue allows either case. 990 */ 991 #if BSD >= 199103 992 #define bpf_select bpfselect 993 #else 994 int 995 bpfselect(dev, rw) 996 register dev_t dev; 997 int rw; 998 { 999 return (bpf_select(dev, rw, u.u_procp)); 1000 } 1001 #endif 1002 1003 /* 1004 * Support for select() system call 1005 * 1006 * Return true iff the specific operation will not block indefinitely. 1007 * Otherwise, return false but make a note that a selwakeup() must be done. 1008 */ 1009 int 1010 bpf_select(dev, rw, p) 1011 register dev_t dev; 1012 int rw; 1013 struct proc *p; 1014 { 1015 register struct bpf_d *d; 1016 register int s; 1017 1018 if (rw != FREAD) 1019 return (0); 1020 /* 1021 * An imitation of the FIONREAD ioctl code. 1022 */ 1023 d = &bpf_dtab[minor(dev)]; 1024 1025 s = splimp(); 1026 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) { 1027 /* 1028 * There is data waiting. 1029 */ 1030 splx(s); 1031 return (1); 1032 } 1033 #if BSD >= 199103 1034 selrecord(p, &d->bd_sel); 1035 #else 1036 /* 1037 * No data ready. If there's already a select() waiting on this 1038 * minor device then this is a collision. This shouldn't happen 1039 * because minors really should not be shared, but if a process 1040 * forks while one of these is open, it is possible that both 1041 * processes could select on the same descriptor. 1042 */ 1043 if (d->bd_selproc && d->bd_selproc->p_wchan == (caddr_t)&selwait) 1044 d->bd_selcoll = 1; 1045 else 1046 d->bd_selproc = p; 1047 #endif 1048 splx(s); 1049 return (0); 1050 } 1051 1052 /* 1053 * Incoming linkage from device drivers. Process the packet pkt, of length 1054 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1055 * by each process' filter, and if accepted, stashed into the corresponding 1056 * buffer. 1057 */ 1058 void 1059 bpf_tap(arg, pkt, pktlen) 1060 caddr_t arg; 1061 register u_char *pkt; 1062 register u_int pktlen; 1063 { 1064 struct bpf_if *bp; 1065 register struct bpf_d *d; 1066 register size_t slen; 1067 /* 1068 * Note that the ipl does not have to be raised at this point. 1069 * The only problem that could arise here is that if two different 1070 * interfaces shared any data. This is not the case. 1071 */ 1072 bp = (struct bpf_if *)arg; 1073 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1074 ++d->bd_rcount; 1075 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1076 if (slen != 0) 1077 bpf_catchpacket(d, pkt, pktlen, slen, bcopy); 1078 } 1079 } 1080 1081 /* 1082 * Copy data from an mbuf chain into a buffer. This code is derived 1083 * from m_copydata in sys/uipc_mbuf.c. 1084 */ 1085 void 1086 bpf_mcopy(src_arg, dst_arg, len) 1087 const void *src_arg; 1088 void *dst_arg; 1089 register size_t len; 1090 { 1091 register const struct mbuf *m; 1092 register u_int count; 1093 u_char *dst; 1094 1095 m = src_arg; 1096 dst = dst_arg; 1097 while (len > 0) { 1098 if (m == 0) 1099 panic("bpf_mcopy"); 1100 count = min(m->m_len, len); 1101 bcopy(mtod(m, caddr_t), (caddr_t)dst, count); 1102 m = m->m_next; 1103 dst += count; 1104 len -= count; 1105 } 1106 } 1107 1108 /* 1109 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1110 */ 1111 void 1112 bpf_mtap(arg, m) 1113 caddr_t arg; 1114 struct mbuf *m; 1115 { 1116 struct bpf_if *bp = (struct bpf_if *)arg; 1117 struct bpf_d *d; 1118 size_t pktlen, slen; 1119 struct mbuf *m0; 1120 1121 if (m == NULL) 1122 return; 1123 1124 pktlen = 0; 1125 for (m0 = m; m0 != 0; m0 = m0->m_next) 1126 pktlen += m0->m_len; 1127 1128 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1129 ++d->bd_rcount; 1130 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1131 if (slen != 0) 1132 bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); 1133 } 1134 } 1135 1136 /* 1137 * Move the packet data from interface memory (pkt) into the 1138 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1139 * otherwise 0. "copy" is the routine called to do the actual data 1140 * transfer. bcopy is passed in to copy contiguous chunks, while 1141 * bpf_mcopy is passed in to copy mbuf chains. In the latter case, 1142 * pkt is really an mbuf. 1143 */ 1144 void 1145 bpf_catchpacket(d, pkt, pktlen, snaplen, cpfn) 1146 register struct bpf_d *d; 1147 register u_char *pkt; 1148 register size_t pktlen, snaplen; 1149 register void (*cpfn) __P((const void *, void *, size_t)); 1150 { 1151 register struct bpf_hdr *hp; 1152 register int totlen, curlen; 1153 register int hdrlen = d->bd_bif->bif_hdrlen; 1154 /* 1155 * Figure out how many bytes to move. If the packet is 1156 * greater or equal to the snapshot length, transfer that 1157 * much. Otherwise, transfer the whole packet (unless 1158 * we hit the buffer size limit). 1159 */ 1160 totlen = hdrlen + min(snaplen, pktlen); 1161 if (totlen > d->bd_bufsize) 1162 totlen = d->bd_bufsize; 1163 1164 /* 1165 * Round up the end of the previous packet to the next longword. 1166 */ 1167 curlen = BPF_WORDALIGN(d->bd_slen); 1168 if (curlen + totlen > d->bd_bufsize) { 1169 /* 1170 * This packet will overflow the storage buffer. 1171 * Rotate the buffers if we can, then wakeup any 1172 * pending reads. 1173 */ 1174 if (d->bd_fbuf == 0) { 1175 /* 1176 * We haven't completed the previous read yet, 1177 * so drop the packet. 1178 */ 1179 ++d->bd_dcount; 1180 return; 1181 } 1182 ROTATE_BUFFERS(d); 1183 bpf_wakeup(d); 1184 curlen = 0; 1185 } 1186 else if (d->bd_immediate) 1187 /* 1188 * Immediate mode is set. A packet arrived so any 1189 * reads should be woken up. 1190 */ 1191 bpf_wakeup(d); 1192 1193 /* 1194 * Append the bpf header. 1195 */ 1196 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1197 #if BSD >= 199103 1198 microtime(&hp->bh_tstamp); 1199 #elif defined(sun) 1200 uniqtime(&hp->bh_tstamp); 1201 #else 1202 hp->bh_tstamp = time; 1203 #endif 1204 hp->bh_datalen = pktlen; 1205 hp->bh_hdrlen = hdrlen; 1206 /* 1207 * Copy the packet data into the store buffer and update its length. 1208 */ 1209 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen)); 1210 d->bd_slen = curlen + totlen; 1211 } 1212 1213 /* 1214 * Initialize all nonzero fields of a descriptor. 1215 */ 1216 int 1217 bpf_allocbufs(d) 1218 register struct bpf_d *d; 1219 { 1220 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1221 if (d->bd_fbuf == 0) 1222 return (ENOBUFS); 1223 1224 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1225 if (d->bd_sbuf == 0) { 1226 free(d->bd_fbuf, M_DEVBUF); 1227 return (ENOBUFS); 1228 } 1229 d->bd_slen = 0; 1230 d->bd_hlen = 0; 1231 return (0); 1232 } 1233 1234 /* 1235 * Free buffers currently in use by a descriptor. 1236 * Called on close. 1237 */ 1238 void 1239 bpf_freed(d) 1240 register struct bpf_d *d; 1241 { 1242 /* 1243 * We don't need to lock out interrupts since this descriptor has 1244 * been detached from its interface and it yet hasn't been marked 1245 * free. 1246 */ 1247 if (d->bd_sbuf != 0) { 1248 free(d->bd_sbuf, M_DEVBUF); 1249 if (d->bd_hbuf != 0) 1250 free(d->bd_hbuf, M_DEVBUF); 1251 if (d->bd_fbuf != 0) 1252 free(d->bd_fbuf, M_DEVBUF); 1253 } 1254 if (d->bd_filter) 1255 free((caddr_t)d->bd_filter, M_DEVBUF); 1256 1257 D_MARKFREE(d); 1258 } 1259 1260 /* 1261 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *) 1262 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed 1263 * size of the link header (variable length headers not yet supported). 1264 */ 1265 void 1266 bpfattach(driverp, ifp, dlt, hdrlen) 1267 caddr_t *driverp; 1268 struct ifnet *ifp; 1269 u_int dlt, hdrlen; 1270 { 1271 struct bpf_if *bp; 1272 #if BSD < 199103 1273 static struct bpf_if bpf_ifs[NBPFILTER]; 1274 static int bpfifno; 1275 1276 bp = (bpfifno < NBPFILTER) ? &bpf_ifs[bpfifno++] : 0; 1277 #else 1278 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1279 #endif 1280 if (bp == 0) 1281 panic("bpfattach"); 1282 1283 bp->bif_dlist = 0; 1284 bp->bif_driverp = (struct bpf_if **)driverp; 1285 bp->bif_ifp = ifp; 1286 bp->bif_dlt = dlt; 1287 1288 bp->bif_next = bpf_iflist; 1289 bpf_iflist = bp; 1290 1291 *bp->bif_driverp = 0; 1292 1293 /* 1294 * Compute the length of the bpf header. This is not necessarily 1295 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1296 * that the network layer header begins on a longword boundary (for 1297 * performance reasons and to alleviate alignment restrictions). 1298 */ 1299 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1300 1301 #if 0 1302 printf("bpf: %s attached\n", ifp->if_xname); 1303 #endif 1304 } 1305 1306 #if BSD >= 199103 1307 /* XXX This routine belongs in net/if.c. */ 1308 /* 1309 * Set/clear promiscuous mode on interface ifp based on the truth value 1310 * of pswitch. The calls are reference counted so that only the first 1311 * "on" request actually has an effect, as does the final "off" request. 1312 * Results are undefined if the "off" and "on" requests are not matched. 1313 */ 1314 int 1315 ifpromisc(ifp, pswitch) 1316 struct ifnet *ifp; 1317 int pswitch; 1318 { 1319 struct ifreq ifr; 1320 1321 if (pswitch) { 1322 /* 1323 * If the device is not configured up, we cannot put it in 1324 * promiscuous mode. 1325 */ 1326 if ((ifp->if_flags & IFF_UP) == 0) 1327 return (ENETDOWN); 1328 if (ifp->if_pcount++ != 0) 1329 return (0); 1330 ifp->if_flags |= IFF_PROMISC; 1331 } else { 1332 if (--ifp->if_pcount > 0) 1333 return (0); 1334 ifp->if_flags &= ~IFF_PROMISC; 1335 /* 1336 * If the device is not configured up, we should not need to 1337 * turn off promiscuous mode (device should have turned it 1338 * off when interface went down; and will look at IFF_PROMISC 1339 * again next time interface comes up). 1340 */ 1341 if ((ifp->if_flags & IFF_UP) == 0) 1342 return (0); 1343 } 1344 ifr.ifr_flags = ifp->if_flags; 1345 return ((*ifp->if_ioctl)(ifp, SIOCSIFFLAGS, (caddr_t)&ifr)); 1346 } 1347 #endif 1348 1349 #if BSD < 199103 1350 /* 1351 * Allocate some memory for bpf. This is temporary SunOS support, and 1352 * is admittedly a hack. 1353 * If resources unavaiable, return 0. 1354 */ 1355 caddr_t 1356 bpf_alloc(size, canwait) 1357 register int size; 1358 register int canwait; 1359 { 1360 register struct mbuf *m; 1361 1362 if ((unsigned)size > (MCLBYTES-8)) 1363 return 0; 1364 1365 MGET(m, canwait, MT_DATA); 1366 if (m == 0) 1367 return 0; 1368 if ((unsigned)size > (MLEN-8)) { 1369 MCLGET(m); 1370 if (m->m_len != MCLBYTES) { 1371 m_freem(m); 1372 return 0; 1373 } 1374 } 1375 *mtod(m, struct mbuf **) = m; 1376 return mtod(m, caddr_t) + 8; 1377 } 1378 #endif 1379