Some platforms have rules for retrieving the MAC address for an interface
beyond what properties exist. For example, a local address maybe be
present in a device tree property, but a system-wide property may indicate
that it should not be used (in favor of e.g. a singular system MAC addres -
LOOKIN' AT YOU, SUNW!).

So, the ether-get-mac-address device call is introduced to handle this
situation. Consult it before the standard properites, and if it succeeds,
use its result.

Garbage-collect the remaining vestiges of netisr.

Add a new link-aggregation pseudo interface named lagg(4)

- FreeBSD's lagg(4) based implementation
- MP-safe and MP-scalable

branches: 1.44.6; 1.44.8;
Implement address agnostic Neighbor Detection.

This is heavily based on IPv6 Neighbor Detection and allows per protocol
timers which also facilitate Neighor Unreachability Detection.

[ozaki-r] Changes to the kernel core for wireguard

Add support for MP-safe network interface statistics by maintaining them
in per-cpu storage, and collecting them for export in an if_data structure
when user-space wants them.

The new if_stat API is structured to make a gradual transition to the
new way in network drivers possible, and per-cpu stats are currently
disabled (thus there is no kernel ABI change). Once all drivers have
been converted, the old ABI will be removed, and per-cpu stats will be
enabled universally.

Remove FDDI support.

Remove Token Ring support.

Remove HIPPI support and the esh(4) driver that uses it. There have not
been any users of HIPPI for some time, and it is unlikely to be resurrected.

branches: 1.38.6;
Remove the network ATM code.

Retire EtherIP, we have L2TP instead.

branches: 1.36.2; 1.36.4;
Currently, it is not necessary to install rss_config.h. Pointed out by msaitoh@n.o.

Introduce very simple Receive Side Scaling (RSS) utility.

ok by msaitoh@n.o.

add ipsec(4) interface, which is used for route-based VPN.

man and ATF are added later, please see man for details.

reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html

branches: 1.33.6;
add l2tp(4) L2TPv3 interface.

originally implemented by IIJ SEIL team.

branches: 1.32.14; 1.32.18; 1.32.22;
Add bpfjit and enable it for amd64.

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.30.2;
Export <net/bpf_jit.h> and add to the set lists.

branches: 1.29.8;
Import NPF - a packet filter. Some features:

- Designed to be fully MP-safe and highly efficient.

- Tables/IP sets (hash or red-black tree) for high performance lookups.

- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).

- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.

- Convenient userland utility npfctl(8) with npf.conf(8).

NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.

Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@

Add MPLS support, proposed on tech-net@ a couple of days ago

Welcome to 5.99.33

branches: 1.27.2; 1.27.4;
No need to include bsd.subdir.mk as bsd.kinc.mk already includes it.

Install agr ioctl header and stop putting our hand under the sys skirt
in ifconfig.

branches: 1.25.14;
Back out previous. It broke the build.

Don't install sys/net/zlib.h.

branches: 1.23.2;
Add subroutines to support collating per-cpu-gathered network statistics.

branches: 1.22.36; 1.22.40; 1.22.42;
Install <net/if_pflog.h>.

Hook srt into the rest of the kernel build machinery, so it works to
just uncomment the pseudo-device line (which arguably should go into
other ports' GENERICs too, and at some point may).

OKed by perry.

branches: 1.20.2; 1.20.4;
New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld.
Notable changes:
* Fixes PR 34268.
* Separates the code from gif(4) (which is more cleaner).
* Allows the usage of STP (Spanning Tree Protocol).
* Removed EtherIP implementation from gif(4)/tap(4).

Some input from Christos.

branches: 1.19.4; 1.19.6;
Do not instal net/if_pppvar.h, net/if_slvar.h and net/if_stripvar.h.
The former two are no longer necessary as slstats is no more
and pppstats now uses an ioctl instead of rummaging through kmem.
The latter has nothign interesting for the userland, but uses
struct bintime that I'm about to hide under #ifdef _KERNEL.

A bunch of remaining <net/if_*.h> headers is pretty useless to the
userland too, but ... someone else's yag to shave...

branches: 1.18.4; 1.18.8; 1.18.14; 1.18.16;
merge ktrace-lwp.

branches: 1.17.8; 1.17.10;
Install net/if_tap.h.

fix "includes" for pfvar.h

foundation for PF

Complete replacement of the old 802.11 layer with the new.

branches: 1.13.6;
Remove KDIR=, since SYS_INCLUDE=symlinks and KDIR are not supported any more.

Install net/ieee1394.h the same way we install all the other
link-layer-specific headers.

branches: 1.11.2;
Install if_bridgevar.h.

branches: 1.10.2;
Add an in-kernel PPPoE (ppp over ethernet, RFC 2516) implementation,
based on the existing net/if_spppsubr.c stuff.

While there are completely userland (bpf based) implementations available,
those have a vastly larger per packet overhead thus causing major CPU
overhead and higher latency. On an i386 base router, running a 486DX at 50MHz
my line (768kBit/s downstream) was limited to something (varying) between 10
and 20 kByte/s effective download rate. With this implementation I get full
bandwidth (~85kByte/s).

This is client side only. Arguably the right way to add full PPPoE support
(including server side) would be a variation of the ppp line discipline and
appropriate modifications to pppd. I promise every help I can give to anyone
doing that - but I needed this realy fast. Besids, on low memory NAT boxes
with typically a single PPPoE connection, this implementation is more
lightweight than a pppd based one, which nicely fits my needs.

branches: 1.9.2;
Put the BPF DLT_* constants into their own header file so that things
that reference them don't have to slurp in all of the BPF headers.

Define a new generic RAWAF type that is like DLT_RAW, but isn't specific
to IP (the macro takes an AF_* constant as an argument to generate the
actual type).

Install if_vlanvar.h.

branches: 1.7.4;
add net/if_stf.h and netinet/ip_encap.h (almost noone will include them though)

Add beginnings of ieee 802.11 generic stuff

branches: 1.5.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

Install if_sppp.h in include/net/

branches: 1.3.2;
Add if_token.h to INCS.

branches: 1.2.4;
Also install if_gre.h in /usr/include/net/

Rework the way kernel include files are installed. In the new method,
as with user-land programs, include files are installed by each directory
in the tree that has includes to install. (This allows more flexibility
as to what gets installed, makes 'partial installs' easier, and gives us
more options as to which machines' includes get installed at any given
time.) The old SYS_INCLUDES={symlinks,copies} behaviours are _both_
still supported, though at least one bug in the 'symlinks' case is
fixed by this change. Include files can't be build before installation,
so directories that have includes as targets (e.g. dev/pci) have to move
those targets into a different Makefile.

Clean up deleted files.

Deprecate af.h.

Canonicalize all #includes.

add include of select.h if necessary for protos, or delete if extraneous

make kernel select interface be one-stop shopping & clean it all up.

branches: 1.1.1;
Initial revision

Clean up deleted files.

add rcs ids to everything, and clean up headers

Add consistent multiple-inclusion protection.

branches: 1.1.1;
Initial revision

MBUFTRACE

bpf: protect selnotify and selrecord with bd_buf_mtx

We have to make updates and checks of buffers and calls of
selnotify/selrecord atomic to satisfy constraints of sel* API.

Also, bd_state and bd_cv are protected by bd_buf_mtx now.

Fix issue #3 of PR#58596

Part of the fix is inspired by riastradh's patch.

bpf: restore wakeup softint

This change fixes the issue that fownsignal which can take an
adaptive mutex is called inside a pserialize read section in
bpf_deliver.

Fix issue #4 (only the latter of two) in PR#58596

bpf(4): KNF whitespace fixes. No functional change intended.

Preparation for:

kern/58596: bpf(4) MP-safety issues

bpf(4): Sort includes. No functional change intended.

Preparation for:

kern/58596: bpf(4) MP-safety issues

bpf: Mark bpfread_filtops FILTEROP_MPSAFE

Fix deadlock for non-NET_MPSAFE kernel, reported as
PR kern/58531 (thanks manu@ for test).

I've confirmed that there is no new regression for ATF with
any combination of -HEAD/netbsd-10 and default/NET_MPSAFE
rump kernels (aarch64).

Although, some problems have been reported on MP-safety for
bpf(4), PR kern/58596. But, it should take some time to fix.
At the moment, commit this part in advance.

OK ozaki-r@

branches: 1.252.6;
Don't call versioned stuff "old". Follow the naming convention for versioning
and name them after the last version of the OS they appeared on.

bpf.c: support loopback writes when BIOCSHDRCMPLT is set

Following changes in r. 1.249 "bpf: support sending packets on loopback
interfaces", also allow for this to succeed when the "header complete"
flag is set, which is the practice of some tools, e.g., tcpreplay and
Scapy. With this change, both of those example tools now work, e.g.,
Scapy passes "L3bpfSocket - send and sniff on loopback" in its test
suite.

There are several ways of addressing this issue; this commit is
intended to be the most conservative and consistent with the previous
changes. (E.g., FreeBSD instead has special handling of this condition
in its if_loop.c.)

bpf.c: fix a few typos and grammatical issues in comments

branches: 1.249.2;
bpf: support sending packets on loopback interfaces

Previously sending packets on a loopback interface via bpf failed
because the packets are treated as AF_UNSPEC by bpf and the loopback
interface couldn't handle such packets.

This fix enables user programs to prepend a protocol family (AF_INET or
AF_INET6) to a payload. bpf interprets it and treats a packet as so,
not just AF_UNSPEC. The protocol family is encoded as 4 bytes, host byte
order as per DLT_NULL in the specification(*).

(*) https://www.tcpdump.org/linktypes.html

Proposed on tech-net and tech-kern

bpf: refresh bd_pid in a few more places as well

This made "netstat -B" show hostapd and wpa_supplicant for me.

kingcrab# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
433 urtwn0 102 0 2 I-RSH 524288 hostapd
211 urtwn0 102 0 4 I-RS- 32768 dhcpd
670 bwfm0 295 0 2 I-RSH 524288 wpa_supplicant
kingcrab#

bpf(4): Reject bogus timeout values before arithmetic overflows.

Reported-by: syzbot+fbd86bdf579944b64a98@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=60d46fd4863952897cbf67c6b1bcc8b20ec7bde6

XXX pullup-8
XXX pullup-9

bpf(4): Handle null bf_insn on free.

This is not guaranteed by bpf_setf to be nonnull.

Reported-by: syzbot+de1ec9471dfc2f283dda@syzkaller.appspotmail.com

bpf(4): Nix KM_NOSLEEP and prune dead branch.

https://syzkaller.appspot.com/bug?id=0fa7029d5565d9670a24c364d44bd116c76d7e7f

bpf(4): Clamp read timeout to INT_MAX ticks to avoid overflow.

Reported-by: syzbot+c543d35064d3492b9091@syzkaller.appspotmail.com

Change the kqueue filterops::f_isfd field to filterops::f_flags, and
define a flag FILTEROP_ISFD that has the meaning of the prior f_isfd.
Field and flag name aligned with OpenBSD.

This does not constitute a functional or ABI change, as the field location
and size, and the value placed in that field, are the same as the previous
code, but we're bumping __NetBSD_Version__ so 3rd-party module source code
can adapt, as needed.

NetBSD 9.99.89

fix typos in word "successful".

unset IFF_PROMISC at bpf_detach()

Doing "d->bd_promisc = 0" is that bpf_detach() does not call
ifpromisc(ifp, 0). Currently, there is no reason for
this behavior so that it is removed.
In addition to the change, the workaround for it in vlan(4)
is also removed.

Add a bpf_register_track_event() function (and deregister equivalent)
that allows a driver to track listeners attaching/detaching from tap
points.

This is usefull for drivers that would have to do extra work for some
taps and can not easily decide (at the driver level) if the work would
be needed further up the stack.

An example is providing radiotap headers for IEEE 802.11 frames.

branches: 1.239.4;
Use sel{record,remove}_knote().

branches: 1.238.2;
Use a more informative panic message.

bpf(4): Add ioctls BIOCSETWF and BIOCLOCK

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.

Taken from OpenBSD.

Use the module subsystem's ability to process SYSCTL_SETUP() entries to
automate installation of sysctl nodes.

Note that there are still a number of device and pseudo-device modules
that create entries tied to individual device units, rather than to the
module itself. These are not changed.

Use percpu_foreach_xcall() to gather volatile per-cpu counters. These
must be serialized against the interrupts / soft-interrupts in which
they're manipulated, as well as protected from non-atomic 64-bit memory
loads on 32-bit platforms.

Fix wrong memory order and switch bpf to atomic_load/store_*.

Stop including strip.h (it's no longer generated).

branches: 1.232.2;
bpf can send a packet greater than MCLBYTES (JumboFrame) using multiple mbuf.

As I suspected, the KASSERT I added yesterday can fire if we try to process
zero-sized packets. Skip them to prevent a type confusion that can trigger
random page faults later.

Reported-by: syzbot+3e447ebdcb2bcfa402ac@syzkaller.appspotmail.com

Add KASSERT to catch bugs. Something tells me it could easily fire.

branches: 1.229.2;
Fix info leak: use kmem_zalloc, because we align the buffers, and the
otherwise uninitialized padding bytes get copied to userland in bpf_read().

Rename min/max -> uimin/uimax for better honesty.

These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER! Some subsystems have

#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)

Initialize some members in a mbuf which is on stack.

branches: 1.226.2;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.

Removal of bpf_tap().

Protect packet input routines with KERNEL_LOCK and splsoftnet

if_input, i.e, ether_input and friends, now runs in softint without any
protections. It's ok for ether_input itself because it's already MP-safe,
however, subsequent routines called from it such as carp_input and agr_input
aren't safe because they're not MP-safe. Protect if_input with KERNEL_LOCK.

if_input can be called from a normal LWP context. In that case we need to
prevent interrupts (softint) from running by splsoftnet to protect non-MP-safe
codes (e.g., carp_input and agr_input).

Pointed out by mlelstv@

branches: 1.223.2;
Abandon unnecessary softint

The softint was introduced to defer fownsignal that was called in bpf_wakeup to
softint at v1.139, but now bpf_wakeup always runs in softint so we don't need
the softint anymore.

Make softint and callout MP-safe

Fix panic in callout_halt (fix typo)

Reported by wiz@

add fo_name so we can identify the fileops in a simple way.

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

Use C99 initializer for filterops

Mostly done with spatch with touchups for indentation

@@
expression a;
identifier b,c,d;
identifier p;
@@
const struct filterops p =
- { a, b, c, d
+ {
+ .f_isfd = a,
+ .f_attach = b,
+ .f_detach = c,
+ .f_event = d,
};

Turn on D_MPSAFE flag of bpf_cdevsw that is already MP-safe

Pointed out by k-goda@IIJ

branches: 1.216.4; 1.216.6;
Reinit a pslist entry before inserting it to a pslist again

Fix PR kern/51984
Tested by nonaka@

typo

Update comments to reflect bpf MP-ification

Make bpf MP-safe

By the change, bpf_mtap can run without any locks as long as its bpf filter
doesn't match a target packet. Pushing data to a bpf buffer still needs
a lock. Removing the lock requires big changes and it's a future work.

Another known issue is that we need to remain some obsolete variables to
avoid breaking kvm(3) users such as netstat and fstat. One problem for
MP-ification is that in order to keep statistic counters of bpf_d we need
to use atomic operations for them. Once we retire the kvm(3) users, we
should make the counters per-CPU and remove the atomic operations.

Reduce return points

Kill tsleep/wakeup and use cv

Make bpf_gstats percpu

Use pslist(9) instead of queue(9) for psz/psref

As usual some member variables of struct bpf_d and bpf_if remain to avoid
breaking kvm(3) users (netstat and fstat).

Use kmem(9) instead of malloc/free

Make global variables static

Use bpf_ops for bpf_mtap_softint

By doing so we don't need to care whether a kernel enables bpfilter or not.

Defer bpf_mtap in Rx interrupt context to softint

bpf_mtap of some drivers is still called in hardware interrupt context.
We want to run them in softint as well as bpf_mtap of most drivers
(see if_percpuq_softint and if_input).

To this end, bpf_mtap_softint mechanism is implemented; it defers
bpf_mtap processing to a dedicated softint for a target driver.
By using the machanism, we can move bpf_mtap processing to softint
without changing target drivers much while it adds some overhead
on CPU and memory. Once target drivers are changed to softint-based,
we should return to normal bpf_mtap.

Proposed on tech-kern and tech-net

Make bpf_setf static

branches: 1.203.2;
Fix regression introduced in tests/net/bpf and tests/net/bpfilter

The rump code needs to call devsw_attach() in order to assign a dev_major
for bpf; it then uses this to create rumps /dev/bpf node. Unfortunately,
this leaves the devsw attached, so when the bpf module tries to initialize
itself, it gets an EEXIST error and fails.

So, once rump has figured what the dev_major should be, call devsw_detach()
to remove the devsw. Then, when the module initialization code calls
devsw_attach() it will succeed.

Now that we're only calling devsw_attach() in the modular driver, it
is not ok for the driver/module to already exist. So don't ignore
EEXIST.

Don't initialize variables that no longer exist in built-in module.

Don't try to call devsw_attach() for built-in driver code.

branches: 1.199.2;
apply if_output_lock() to L3 callers which call ifp->if_output() of L2(or L3 tunneling).

Avoid storing a pointer of an interface in a mbuf

Having a pointer of an interface in a mbuf isn't safe if we remove big
kernel locks; an interface object (ifnet) can be destroyed anytime in any
packet processing and accessing such object via a pointer is racy. Instead
we have to get an object from the interface collection (ifindex2ifnet) via
an interface index (if_index) that is stored to a mbuf instead of an
pointer.

The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9)
for sleep-able critical sections and m_{get,put}_rcvif that use
pserialize(9) for other critical sections. The change also adds another
API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition
moratorium, i.e., it is intended to be used for places where are not
planned to be MP-ified soon.

The change adds some overhead due to psref to performance sensitive paths,
however the overhead is not serious, 2% down at worst.

Proposed on tech-kern and tech-net.

Introduce m_set_rcvif and m_reset_rcvif

The API is used to set (or reset) a received interface of a mbuf.
They are counterpart of m_get_rcvif, which will come in another
commit, hide internal of rcvif operation, and reduce the diff of
the upcoming change.

No functional change.

Create separate modules for i2c_bitbang and bpf_filter so these files
can be included in kernels which need them without also duplicating
them in other modules. Removes the duplicate symbols I found which
prevented loading i2c and bpf modules after having fixed PR 45125.

Introduce softint-based if_input

This change intends to run the whole network stack in softint context
(or normal LWP), not hardware interrupt context. Note that the work is
still incomplete by this change; to that end, we also have to softint-ify
if_link_state_change (and bpf) which can still run in hardware interrupt.

This change softint-ifies at ifp->if_input that is called from
each device driver (and ieee80211_input) to ensure Layer 2 runs
in softint (e.g., ether_input and bridge_input). To this end,
we provide a framework (called percpuq) that utlizes softint(9)
and percpu ifqueues. With this patch, rxintr of most drivers just
queues received packets and schedules a softint, and the softint
dequeues packets and does rest packet processing.

To minimize changes to each driver, percpuq is allocated in struct
ifnet for now and that is initialized by default (in if_attach).
We probably have to move percpuq to softc of each driver, but it's
future work. At this point, only wm(4) has percpuq in its softc
as a reference implementation.

Additional information including performance numbers can be found
in the thread at tech-kern@ and tech-net@:
http://mail-index.netbsd.org/tech-kern/2016/01/14/msg019997.html

Acknowledgment: riastradh@ greatly helped this work.
Thank you very much!

Do less work under the kernel lock, otherwise dhcpcd aborting causes us
to deadlock.

don't free mbuf twice.
XXX: pullup 7.

PR/49386: Ryota Ozaki: Add a mutex for bpf creation/removal to avoid races.
Add M_CANFAIL to malloc.

Improve wording.

Remove unnecessary variable bc

branches: 1.189.2;
PR/49190: bpf_deliver: set scratch memory store in bpf_args_t.

Try not to use f_data, use f_{vnode,socket,pipe,mqueue,kqueue,ksem} to get
a correctly typed pointer.

branches: 1.187.2;
Use NULL instead of 0 for pointers

Enable net.bpf.jit only if MODULAR and BPFJIT. Tweak a warning about postponed
jit activation.

Add d_discard to all struct cdevsw instances I could find.

All have been set to "nodiscard"; some should get a real implementation.

initialize args the same way we do in filter.

Implement copfuncs and external memory in bpfjit.

branches: 1.182.2;
Change (mostly mechanically) every cdevsw/bdevsw I can find to use
designated initializers.

I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.

Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.

It is silly to kill the system when an interface failed to clear promiscuous
mode. Some return EINVAL when they are dying, but others like USB return EIO.
Downgrade to a DIAGNOSTIC printf. Same should be done for the malloc/NOWAIT,
but this is rarely hit.

bpf_deliver: convert to bpf_filter_ext().

- Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.

Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was
originally to preserve compatibility. Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.

PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf
buffer size.
XXX: Pullup -6

bpf_filter: add a custom argument which can be passed to coprocessor routine.

Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC)
which add a capability to call external functions in a predetermined way.

It can be thought as a BPF "coprocessor" -- a generic mechanism to offload
more complex packet inspection operations. There is no default coprocessor
and this functionality is not targeted to the /dev/bpf. This is primarily
targeted to the kernel subsystems, therefore there is no way to set a custom
coprocessor at the userlevel.

Discussed on: tech-net@
OK: core@

branches: 1.173.2;
Add bpfjit and enable it for amd64.

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.171.2;
Fix two bugs introduced by recent commit.

- When handling contiguous buffer in _bpf_tap(), pass its real size
rather than 0 to avoid reading packet data as mbuf struct on
out-of-bounds loads.
- Correctly pass pktlen and buflen arguments from bpf_deliver() to
bpf_filter() to avoid reading mbuf struct as packet data.
JIT case is still broken.

Also, test pointers againts NULL.

Build fix for some ports.

Add BPF JIT compiler, currently supporting amd64 and i386. Code obtained
from FreeBSD. Also, make few BPF fixes and simplifications while here.
Note that bpf_jit_enable is false for now.

OK dyoung@, some feedback from matt@

branches: 1.168.2; 1.168.6; 1.168.8;
make comment reflect reality

don't leak mbufs.

branches: 1.166.2; 1.166.6;
Provide netbsd32 compat for bpf. Beside the ioctls, the structure
returned to userland by read(2) also needs to be converted.
For this, the bpf descriptor is flagged as compat32 (or not) in the
open and ioctl functions (where the user process's pid is also updated
in the descriptor). When the bpf buffer is filled in, the 32bits or native
header is used depending on the information stored in the descriptor.

This won't work if a 64bit binary does the open and ioctls, and then
exec a 32bit program which will do the read. But this is very
unlikely to happen in real life ...

Tested on i386 and loongson; with these changes my loongson can run
dhclient and tcpdump with a n32 userland.

setting things once is enough.

branches: 1.164.2;
lib/44807: something broken in stat(2), return that we are a character
device in st_mode.

Allocate buffers with (M_WAITOK | M_CANFAIL) instead of M_NOWAIT.
M_NOWAIT cause dhcpd on a low-memory server with lots of interfaces to
occasionally fail to start with ENOBUFS; (M_WAITOK | M_CANFAIL) seems to
fix this.
Tested on 3 different dhcp servers.

undo previous. Read the diff wrong.

fix comment

branches: 1.160.2; 1.160.4;
kern/44310: Alexander Nasonov: write to /dev/bpf truncates size_t to int

linkset no more

Add a little comment on how bpf can be made unloadable, per pointer from ad.

Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf
check into the inline functions as well the fourth argument for
bpf_attach.

branches: 1.156.2;
add BIOC{G,S}FEEDBACK which allows one to receive injected outgoing packets
via bpf.

branches: 1.155.2;
Include sys/atomic.h now that it's used but gets stealth-included
only on some archs.

Make bpf dynamically loadable.

Redefine bpf linkage through an always present op vector, i.e.
#if NBPFILTER is no longer required in the client. This change
doesn't yet add support for loading bpf as a module, since drivers
can register before bpf is attached. However, callers of bpf can
now be modularized.

Dynamically loadable bpf could probably be done fairly easily with
coordination from the stub driver and the real driver by registering
attachments in the stub before the real driver is loaded and doing
a handoff. ... and I'm not going to ponder the depths of unload
here.

Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.

Forward declare struct bpf_if and use that as the type for bpf_if
instead of "void *". Buys us oo times the type-safety for 0 times
the price.
(no functional change)

* remove just-for-kicks locking
* KNF
* remove outdated comment (quite a funny one to read in 2010, though)

If a multithreaded app closes an fd while another thread is blocked in
read/write/accept, then the expectation is that the blocked thread will
exit and the close complete.
Since only one fd is affected, but many fd can refer to the same file,
the close code can only request the fs code unblock with ERESTART.
Fixed for pipes and sockets, ERESTART will only be generated after such
a close - so there should be no change for other programs.
Also rename fo_abort() to fo_restart() (this used to be fo_drain()).
Fixes PR/26567

Rename fo_drain() to fo_abort(), 'drain' is used to mean 'wait for output
do drain' in many places, whereas fo_drain() was called in order to force
blocking read()/write() etc calls to return to userspace so that a close()
call from a different thread can complete.
In the sockets code comment out the broken code in the inner function,
it was being called from compat code.

Remove some unecessary includes sys/user.h header.

add the error from ifpromisc to the panic.

Fix locking as Andy explained. Also fill in uid and gid like sys_pipe did.

Fix PR/37878 and PR/37550: Provide stat(2) for all devices and don't use
fbadop_stat.

Add fileops::fo_drain(), to be called from fd_close() when there is more
than one active reference to a file descriptor. It should dislodge threads
sleeping while holding a reference to the descriptor. Implemented only for
sockets but should be extended to pipes, fifos, etc.

Fixes the case of a multithreaded process doing something like the
following, which would have hung until the process got a signal.

thr0 accept(fd, ...)
thr1 close(fd)

like KERN_FILE2: *do* update "needed" when there is no count. we want
userland to know what sort of size to provide..

while here, slightly normalise the previous to init_sysctl.c.

branches: 1.142.2;
merge christos-time_t

branches: 1.141.4; 1.141.6;
- add if_alloc (ours just mallocs), and if_initname and use them (from FreeBSD)
- kill memsets where M_ZERO can be used.

branches: 1.140.2;
Acquire kernel_lock in the bpf fileops.

branches: 1.139.2; 1.139.4;
Network protocol interrupts can now block on locks, so merge the globals
proclist_mutex and proclist_lock into a single adaptive mutex (proc_lock).
Implications:

- Inspecting process state requires thread context, so signals can no longer
be sent from a hardware interrupt handler. Signal activity must be
deferred to a soft interrupt or kthread.

- As the proc state locking is simplified, it's now safe to take exit()
and wait() out from under kernel_lock.

- The system spends less time at IPL_SCHED, and there is less lock activity.

Pull in a couple of fixes from FreeBSD, the first of which addresses a
failure of wpa_supplicant(8) to re-key promptly, as reported in
http://mail-index.netbsd.org/tech-net/2008/04/18/msg000459.html

- Make bpf's read timeout work more correctly with select/poll.

- A fix for catchpacket() which delays calling bpf_wakeup() until
the state has been updated.

branches: 1.137.2; 1.137.4;
- put const back, no reason to modify the prototype.
1. Please don't cast function pointers to (void *), use the full function
prototype cast; this is for archs where a function pointer is not a regular
pointer.
2. Compare pointers to NULL not 0.

merge yamt-lazymbuf branch.

Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.

Welcome to 4.99.55:

- Add a lot of missing selinit() and seldestroy() calls.

- Merge selwakeup() and selnotify() calls into a single selnotify().

- Add an additional 'events' argument to selnotify() call. It will
indicate which event (POLL_IN, POLL_OUT, etc) happen. If unknown,
zero may be used.

Note: please pass appropriate value of 'events' where possible.
Proposed on: <tech-kern>

branches: 1.133.2; 1.133.6;
s/u_\(int[0-9]*_t\)/u\1/g
(change u_int*_t to uint*_t)

Use LIST_FOREACH().

branches: 1.131.4;
Do not "return 1" from kqfilter for errors. That value is passed
directly to the userland caller and results in a mysterious EPERM.
Instead, return EINVAL or something else sensible depending on the
case.

branches: 1.130.6; 1.130.8; 1.130.14; 1.130.16;
Replace a simple lock with a mutex and make it static (as it's only used
on this file). Ok by ad@.

Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements

Move the nasty ifdefs in one place. Requested by ad and dyoung.

Add a sockaddr_storage member to "struct ifreq" maintaining backwards
compatibility with the older ioctls. This avoids stack smashing and
abuse of "struct sockaddr" when ioctls placed "struct sockaddr_foo's" that
were longer than "struct sockaddr".
XXX: Some of the emulations might be broken; I tried to add code for
them but I did not test them.

branches: 1.126.2; 1.126.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.125.4;
__unused removal on arguments; approved by core.

Kill some KAUTH_GENERIC_ISSUSER uses.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.122.2; 1.122.4;
add missing initializer

Fix typo in comment

Patch from Dheeraj S, inspired by the following FreeBSD change:

Rather than calling mircotime() in catchpacket(), make catchpacket()
take a timeval indicating when the packet was captured. Move
microtime() to the calling functions and grab the timestamp as soon
as we know that we're going to call catchpacket at least once.

This means that we call microtime() once per matched packet, as
opposed to once per matched packet per bpf listener. It also means
that we return the same timestamp to all bpf listeners, rather than
slightly different ones.

It would be more accurate to call microtime() even earlier for all
packets, as you have to grab (1+#listener) locks before you can
determine if the packet will be logged. You could always grab a
timestamp before the locks, but microtime() can be costly, so this
didn't seem like a good idea.

(I guess most ethernet interfaces will have a bpf listener these
days because of dhclient. That means that we could be doing two bpf
locks on most packets going through the interface.)

Use the LWP cached credentials where sane.

Make this build with GCC 4.x.

branches: 1.117.4;
integrate kauth.

quell GCC 4.1 uninitialised variable warnings.

XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..

branches: 1.115.4; 1.115.6; 1.115.8; 1.115.10; 1.115.12;
Kill BPF_KERN_FILTER. Seems like it died with the new pppd import.
No replies from tech-kern@, but who introduced this option 8 years ago
(Christos) said it's ok to remove it.

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Correct typo in comments.

merge ktrace-lwp.

Use ANSI function declarations everywhere and a consistent indentation on
them.

Implemented the kernel part of BPF statistics and BPF peers, net.bpf.stats
and net.bpf.peers sysctls respectively.

A new structure was added to describe the external (user viewable)
representation of a BPF file; a new entry was added to the bpf_d
structure to store the PID of the calling process; a simple_lock was added
to protect the insert/removal from the net.bpf.peers sysctl handler.

This idea came from FreeBSD (Christian S.J. Peron) but while it is
implemented with sysctl's it differs a bit.

Reviewed by: christos@ and atatat@ (who gave me the tip for the net.bpf.peers
sysctl helper function).

branches: 1.109.2;
Missing m_freem() in bpf_write. PR/29138.

Change the rest of the sysctl subsystem to use const consistently.
The __UNCONST macro is now used only where necessary and the RW macros
are gone. Most of the changes here are consumers of the
sysctl_createv(9) interface that now takes a pair of const pointers
which used not to be.

nuke trailing whitespace

pass the flag to fdclone.

branches: 1.105.4; 1.105.6;
Clonify bpf. I am not changing /dev/bpfX -> /dev/bpf until all userland
programs have been fixed.

Factor out the hand-crafting of mbufs from the interface files. Reviewed by
gimpy. XXX: I could have used bpf_mtap2 on some of the new functions, but I
chose not to, because I just wanted to do what amounts to a code move.

- ansify
- remove unnecessary casts
- change caddr_t to void *
- no functional change.

Don't refuse to attach an interface even if it is down so that one can
capture the very first packet when an interface is up.

Per Matt Thomas' and Darren Reed's suggestions:

Add bpf_deliver prototype.

Rename bpf_measure to m_length and move it to sys/sys/mbuf.h. I
make m_length an inline function in the header file to preserve
its performance characteristics, for better or for worse.

Optimize m_length: use the length in m_pkthdr.len, if M_PKTHDR.

In bpf_deliver, zero the on-stack mbuf before we do anything else
with it.

back out previous change - these diffs aren't what I'd tested.

add mmap(2) interface to bpf(4) devices, along with BIOCMMAPINFO ioctl call
for applications to interact with the bpf device for the purpose of using
mmap to examinen captured data.

Sysctl descriptions under net subtree (net.key not done)

reapply a change that got undone with more recent changes to bpf to wakeup
any sleepers _after_ the device info has been updated, not before.

Add bpf_mtap2, which taps a packet whose head is in a void *buffer
and whose tail is in an mbuf chain.

If we timeout waiting for data on the bpf device, allow data in the current
storage buffer (bd_sbuf) to indicate that there is data present.

Add a count of the number of packets that match the bpf filter applied to a
particule device. In doing this, make a new the bpf_stat structure with
members that are u_long rather than u_int, matching the counters in the bpf_d.
the original bpf_stat is now bpf_stat_old and so to the original ioctl
is preserved as BIOCGSTATSOLD.

* from bpf 1.2a1, use the IO_NDELAY flag in bpfread() to indicate whether or
not a read operation should be allowed to sleep. This allows the use of
bd_rtout with a value of "-1" to be eliminated (signed comparison and
assignment to an unsigned long.)
* in 1.91, a change was introduced that had bpfpoll() returning POLLRDNORM
set when the timeout expired. This impacted poorly on performance as well
as causing select to return an fd available for reading when it wasn't.
Change the behaviour here to only allow the possibility of POLLIN being
returned as active in the event of a timeout.

from freebsd's kern/36219, the if expression in deciding whether or not
to return something check the value of bd_state in the wrong place.

Fix bpf so that select will return for a timeout (from FreeBSD.)

Fix the behaviour of BIOCIMMEDIATE (fix from LBL BPF code via FreeBSD.)

In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf (based on
similar change FreeBSD but fixes BIOC*SEESENT issue with that.)

Copy the implementation of BIOCSSEESENT, BIOCGSEESENT by FreeBSD.

Review Assistance: Guy Harris

PRs: kern/8674, kern/12170

branches: 1.90.2;
Tango on sysctl_createv() and flags. The flags have all been renamed,
and sysctl_createv() now uses more arguments.

Make bpf_maxbufsize writable via sysctl, as written by Andrew Brown.

Fix an Emacs finger-glitch (missing semicolon#).

Update bpf buffer parameters, as per recent discussion on tech-net.

Increase the default bpf buffer size used by naive apps that don't do
BIOCSBLEN, from 8k to 32k. The former value of 8192 is too small to
hold a normal jumbo Ethernet frame (circa 9k), 16k is a little small
for Large-jumbo (~16k) frames supported by newer gigabit
Ethernet/10Gbe, so (somewhat arbitrarily) increase the default to 32k.

Increase the upper limit to which BIOSBLEN can raise bpf buffer-size
drastically, to 1 Mbyte. State-of-the-art for packet capture circa
1999 was around 256k; savvy NetBSD developers now use 1 Mbyte.
Note that libpcap has been updated to do binary-search on BIOCSBLEN
values up to 1 Mbyte.

Work is in progress to make both values sysctl'able. Source comments
note that consensus on tech-net is that we should find some heuristic
to set the boot-time default values dynamically, based on system memory.

- pass signo to fownsignal [ok by jd]
- make urg signal handling use fownsignal
- remove out of band detection in sowakeup

cleanup & uniform descriptor owner handling:
* introduce fsetown(), fgetown(), fownsignal() - this sets/retrieves/signals
the owner of descriptor, according to appropriate sematics
of TIOCSPGRP/FIOSETOWN/SIOCSPGRP/TIOCGPGRP/FIOGETOWN/SIOCGPGRP ioctl; use
these routines instead of custom code where appropriate
* make every place handling TIOCSPGRP/TIOCGPGRP handle also FIOSETOWN/FIOGETOWN
properly, and remove the translation of FIO[SG]OWN to TIOC[SG]PGRP
in sys_ioctl() & sys_fcntl()
* also remove the socket-specific hack in sys_ioctl()/sys_fcntl() and
pass the ioctls down to soo_ioctl() as any other ioctl

change discussed on tech-kern@

Include correct file for defopt.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.82.2;
Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.

From OpenBSD 1.33-1.34:
When using bpf(4) in immediate mode, and using kevent(2) to receive
notification of packet arrival, the usermode application isn't notified
until a second packet arrives.

This is because KNOTE() calls filt_bpfread() before bd_slen has been
updated with the newly arrived packet length, so it looks like there
is no data there.

Moving the bpf_wakeup() call for immediate mode to after bd_slen is set
fixes it.

From: wayne@epipe.com.au in pr 3175

Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V

avoid panic in malloc() under extremely low memory situation.
OpenBSD problem report 2235, 2236, 2640. fix by Otto Moerbeek.

Check that the process/process group id passed to TIOCSPRP is in the session
of the current process.

Add MBUFTRACE kernel option.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.

si_ -> sel_

merge kqueue branch into -current

kqueue provides a stateful and efficient event notification framework
currently supported events include socket, file, directory, fifo,
pipe, tty and device changes, and monitoring of processes and signals

kqueue is supported by all writable filesystems in NetBSD tree
(with exception of Coda) and all device drivers supporting poll(2)

based on work done by Jonathan Lemon for FreeBSD
initial NetBSD port done by Luke Mewburn and Jason Thorpe

Don't include <sys/map.h>.

backout recent changes, for PR 18392.
bpf_mtap() gets called with not-well-initialized mbuf, so we need to go through
it without touching m->m_pkthdr.len and such. it's part of our bpf_mtap() API
(at least today).

Add a missing semi-colon.

For the trivial case where the packet is only in one mbuf, call bpf_tap()
(idea from FreeBSD) - alternative to changing bpf_filter() to be aware of
kernel calling convetion where 0 is passed as the length for mbufs.

If M_PKTHDR is set we can use m_pkthdr.len instead of the for loop.

In bpf_setdlt(), preserve the promiscuous mode setting of the
descriptor.

From David Young <dyoung@ojctech.com>, slight change by me.

KNF - return is not a function.

Merge the gehenna-devsw branch into the trunk.

This merge changes the device switch tables from static array to
dynamically generated by config(8).

- All device switches is defined as a constant structure in device drivers.

- The new grammer ``device-major'' is introduced to ``files''.

device-major <prefix> char <num> [block <num>] [<rules>]

- All device major numbers must be listed up in port dependent majors.<arch>
by using this grammer.

- Added the new naming convention.
The name of the device switch must be <prefix>_[bc]devsw for auto-generation
of device switch tables.

- The backward compatibility of loading block/character device
switch by LKM framework is broken. This is necessary to convert
from block/character device major to device name in runtime and vice versa.

- The restriction to assign device major by LKM is completely removed.
We don't need to reserve LKM entries for dynamic loading of device switch.

- In compile time, device major numbers list is packed into the kernel and
the LKM framework will refer it to assign device major number dynamically.

Define new kernel interface bpfattach2() to register another data link
type for the driver, which will be used for 802.11 drivers.
Also add 2 APIs to get a list of available DLTs and use one for them.
BIOCGDLTLIST (struct bpf_dltlist)
BIOCSDLT (u_int)

defparam BPF_BUFSIZE

branches: 1.64.2;
If someone is poll'ing to write to bpf, assume that it can always be done
and include POLLOUT and POLLWRNORM in the returned events flag set.
Derived from FreeBSD.

add RCSIDs

Add MI Econet support. This is lacking any interfaces to higher-layer
protocols, and lacking any timeouts, but it basically works, doing four-way
handshakes in both directions and incoming Machine Peek operations.

Oh, and Econet is Acorn's ancient, proprietary 500kbit/s networking
technology.

branches: 1.61.2; 1.61.4;
Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.

branches: 1.60.2;
Fix non-blocking BPF reads, from Guy Harris, kern/11836.

Use <net/dlt.h> to get the DLT_* constants. Also change bpfattach()
and bpf_change_type() to take just a pointer to the ifnet, rather than
a pointer to the ifnet and a pointer to a member of the ifnet (the bpf
pointer).

We'll let this ride on the Dec 12 1.5N version bump.

Move ifpromimsc() to if.c

branches: 1.57.2;
Ensure that all callers of pfind() can deal with pfind(0) returning
a real procp* rather than NULL.

Fix bpf output on fddi to actually work. Make it compatible with ULTRIX
and Tru64.

branches: 1.55.2;
Make BPF_BUFSIZE overridable: 8192 is smaller than MTU of some devices.
TODO: defopt, or make sysctl'able (c.f. FreeBSD).

remove support for sunos and ancient BSDs.

Kill some more register declarations.

Fix doubled 'the's in comments.

Revoke bpf device on detach.

Since we are allowed to wait, no need to check the return value.

Remove duplicated forward declarations.

Implement bpfdetach().

branches: 1.47.2;
* Add the ability to change the data link type on the fly.
* Define two more data link types: NetBSD PPP-over-serial and NetBSD
PPP-over-Ethernet. (Different PPP encaps have different header formats!)

branches: 1.46.2; 1.46.6;
Init the decriptors at boot time rather than at interface attach time.
Now that we have pcmcia hot-plug, it's not the same. Fixes kern/3189.

Increase compiled-in default bpf buffer size from 4096 to 8192.
(the libpcap API provides no way to resize the inkernel buffe,r and
4096 is too small to capture maximum-sized FDDI frames.)

Add some braces to make egcs happy (ambiguous else warning).

Sigh. "consts in prototypes can be quite a drag..."
fix last two fixes one more time, this time dealing with ugly
prototype issues, including the fact that the bcopy returns nothing,
but memcpy returns a void *. Never mind that we don't use it...

Fix botched prototype decl in last fix.

Convert bcopy,bzero to memcpy,memset
This was semi-nontrivial, since a function pointer to bcopy gets used
in this file.
Note #1: The catchpacket routine, which takes a function pointer to
bpf_mcpy or memcpy, should probably be converted to take a
flag that just says which is used, so memcpy can be inlined.
Note #2: The code is heavily #ifdef'ed to run on older operating
systems. We probably want to clean that cruft out, unless
someone is planning a new release of the code at LBL (doubtful.)

Implement two new BPF ioctls: BPFGHDRCMPLT and BPFSHDRCMPLT, to get/set
the "header already complete" flag. This allows BPF writers to spoof
layer 2 source addresses (providing the layer 2 in use supports it) in
applications where this is necessary. From Greg Smith <greg@nas.nasa.gov>.

Merge with Lite2 + local changes

Do *not* free the mbuf chain we just created.

GC bd_sig

Sync with bpf-1.2a1
- whitespace
- add rcsid; our sccsid is newer than the one on 1.2a1.
- change prototype to add mtu
- change size_t to u_int for consistency.
- add alignment stuff in bpf_movein
- add more consistency checks bpf_movein
- use one uiomove and then bcopy the data in bpf_movein
- update the comment for the panic when ifpromisc fails.
- separate the case when we have non blocking I/O and
no data and return EWOULDBLOCK
- check for other errors and return them
- pass the mtu to bpf_movein
- Add the BPF_KERN_FILTER junk, just so that we keep up with the code
- remove BIOCSRSIG, BIOCGRSIG; SIGIO does this well.
- don't add the SIOCGIFADDR stuff (it is bogus)
- Check for malloc return for consistency.
- comment should say poll
- change formatting to match the current code.
- save and restore the pcount and flags in case we fail to set the
interface into promiscuous mode.
- fix spelling typo.

branches: 1.35.4;
if_arc.h is in net, not netinet.

New ARP system, supports IPv4 over any hardware link.

Some of the stuff (e.g., rarpd, bootpd, dhcpd etc., libsa) still will
only support Ethernet. Tcpdump itself should be ok, but libpcap needs
lot of work.

For the detailed change history, look at the commit log entries for
the is-newarp branch.

Don't let the read timeout get inadvertently rounded down to 0.
From John Hawkinson <jhawk@mit.edu>, PR #2531.

branches: 1.32.4;
backout previous kprintf change

- printf -> kprintf, sprintf -> ksprintf

Implement poll(2).

avoid unnecessary checks of m_get/MGET/etc.'s return values. When
they're called with M_WAIT, they are defined to never return NULL.

Remove duplicate definition of bpf_setif().

Kill a couple of unnecessary calls to strlen().

Changed struct ifnet to have a pointer to the softc of the underlying
device and a printable "external name" (name + unit number), thus eliminating
if_name and if_unit. Updated interface to (*if_watchdog)() and (*if_reset)()
to take a struct ifnet *, rather than a unit number.

Eliminate need for and remove net_conf.h

Net prototypes

Enhancements to the bpf from Stu Grossman <grossman@cygnus.com>:
* grok FIONBIO, FIOASYNC, and TIOC{G,S}PGRP
* add BIOC{G,S}RSIG; get/set the signal to be delivered
to the process or process group upon packet reception.
Defaults to SIGIO.

Don't pass through SIOCGIFADDR, per Steve McCanne.

splnet --> splsoftnet

For outgoing packets, always allocate a header mbuf and fill it in.

copy routines should take size_t lengths for prototype consistency.
don't assume that tick is >= 1000; loses badly on alpha (div. by zero)
only try unaligned copies if NetBSD's UNALIGNED_ACCESS symbol is defined.
various misc type size cleanups, mostly short -> int16_t.

Fix panic when an interface in promiscuous mode goes down and the BPF user
tries to turn off promiscuous mode. From Lon Willett.

preliminary arcnet support. uses lame but RFC address resolution

be more careful with types, also pull in headers where necessary.

don't use inline, use __inline, like cdefs intends (so it can kill it if nongcc

branches: 1.14.2;
this is what cdefs.h is for

New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'

Update to 4.4-Lite networking code, with a few local changes.

new from mccanne. be afraid.

Get the pkthdr.len calculation right.

writing out of bpf; use a hdr mbuf and set the pkthdr.len as well.
(rarpd now works with if_ep.c!)

Canonicalize all #includes.

defines change

add bpfilterattach(), as in magnum

branches: 1.5.4;
make kernel select interface be one-stop shopping & clean it all up.

fixes stupid piece of bpf code that duplicates cdefs.h's handling of
'inline' in such a way as to cause stupid warnings.

selwakeup() takes a "pid_t" rather than "struct proc *" now.

added BPF support, as provided by David Greenman (davidg@implode.rain.com)

branches: 1.1.1;
Initial revision

bpf: Fix SIZEOF_BPF_HDR (for LP64 userland) on mips64

It cannot fit within 18 bytes, of course ;)

As we had never provided working bpf(4) implementation for LP64
userland on mips, just use natural structure size here.

add new for libpcap.

put back compat names, should be removed from the sanitizers

Don't call versioned stuff "old". Follow the naming convention for versioning
and name them after the last version of the OS they appeared on.

branches: 1.78.4;
bpf(4): added support for VLAN hardware offloading of ethernet devices

Add a bpf_register_track_event() function (and deregister equivalent)
that allows a driver to track listeners attaching/detaching from tap
points.

This is usefull for drivers that would have to do extra work for some
taps and can not easily decide (at the driver level) if the work would
be needed further up the stack.

An example is providing radiotap headers for IEEE 802.11 frames.

Add a (FreeBSD compatible) bpf_peers_present() predicate to allow
testing for active listeners on a tap.

branches: 1.75.6;
bpf(4): Add ioctls BIOCSETWF and BIOCLOCK

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.

Taken from OpenBSD.

Whitespace change.

Add definitions from libpcap-1.9.0

branches: 1.72.2;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.

Removal of bpf_tap().

s/static inline/static __inline/g for consistency.

branches: 1.69.12;
Use bpf_ops for bpf_mtap_softint

By doing so we don't need to care whether a kernel enables bpfilter or not.

Defer bpf_mtap in Rx interrupt context to softint

bpf_mtap of some drivers is still called in hardware interrupt context.
We want to run them in softint as well as bpf_mtap of most drivers
(see if_percpuq_softint and if_input).

To this end, bpf_mtap_softint mechanism is implemented; it defers
bpf_mtap processing to a dedicated softint for a target driver.
By using the machanism, we can move bpf_mtap processing to softint
without changing target drivers much while it adds some overhead
on CPU and memory. Once target drivers are changed to softint-based,
we should return to normal bpf_mtap.

Proposed on tech-kern and tech-net

branches: 1.67.2; 1.67.4;
Uses _IOR/_IOW/etc. and thus needs sys/ioccom.h. PR 41200

branches: 1.66.2;
Add BPF_MOD/BPF_XOR, sync DLT entries and document unused bpf instructions.
From libpcap-1.6.2

- Improve the comments in bpf.h and KNF a little.
- Rename bpf_ctx_t member noinit to preinited (reflects the meaning better).

Implement copfuncs and external memory in bpfjit.

branches: 1.63.2;
- Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.

Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was
originally to preserve compatibility. Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.

bpf_filter: add a custom argument which can be passed to coprocessor routine.

Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC)
which add a capability to call external functions in a predetermined way.

It can be thought as a BPF "coprocessor" -- a generic mechanism to offload
more complex packet inspection operations. There is no default coprocessor
and this functionality is not targeted to the /dev/bpf. This is primarily
targeted to the kernel subsystems, therefore there is no way to set a custom
coprocessor at the userlevel.

Discussed on: tech-net@
OK: core@

branches: 1.59.2; 1.59.4;
add {__BEGIN,__END}_DECLS

branches: 1.58.2; 1.58.6; 1.58.8;
Provide netbsd32 compat for bpf. Beside the ioctls, the structure
returned to userland by read(2) also needs to be converted.
For this, the bpf descriptor is flagged as compat32 (or not) in the
open and ioctl functions (where the user process's pid is also updated
in the descriptor). When the bpf buffer is filled in, the 32bits or native
header is used depending on the information stored in the descriptor.

This won't work if a 64bit binary does the open and ioctls, and then
exec a 32bit program which will do the read. But this is very
unlikely to happen in real life ...

Tested on i386 and loongson; with these changes my loongson can run
dhclient and tcpdump with a n32 userland.

make bpf_validate available in userland.

constify

Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf
check into the inline functions as well the fourth argument for
bpf_attach.

branches: 1.54.2;
add BIOC{G,S}FEEDBACK which allows one to receive injected outgoing packets
via bpf.

branches: 1.53.2;
Make bpf dynamically loadable.

Redefine bpf linkage through an always present op vector, i.e.
#if NBPFILTER is no longer required in the client. This change
doesn't yet add support for loading bpf as a module, since drivers
can register before bpf is attached. However, callers of bpf can
now be modularized.

Dynamically loadable bpf could probably be done fairly easily with
coordination from the stub driver and the real driver by registering
attachments in the stub before the real driver is loaded and doing
a handoff. ... and I'm not going to ponder the depths of unload
here.

Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.

Forward declare struct bpf_if and use that as the type for bpf_if
instead of "void *". Buys us oo times the type-safety for 0 times
the price.
(no functional change)

restore binary compatibility on 64 bit systems.

merge christos-time_t

branches: 1.48.70; 1.48.72; 1.48.76; 1.48.86;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

Make the bpf_maxbufsize a constant when bpfilter pseudo-device is not
present in the kernel config, thus fixing the build. Problem reported
by Havard Eidnes. Solution proposed by Christos, thanks.

PR 32198: bpf_validate() needs to do more checks, from Otto Moerbeek/OpenBSD
via Guy Harris.
Problems like out-of-bounds read/write in filter machine operations
were fixed.

Replace u_intXX_t by their C99 counterparts.

Fix typo in comment found by Guy Harris (PR 32198).

Implemented the kernel part of BPF statistics and BPF peers, net.bpf.stats
and net.bpf.peers sysctls respectively.

A new structure was added to describe the external (user viewable)
representation of a BPF file; a new entry was added to the bpf_d
structure to store the PID of the calling process; a simple_lock was added
to protect the insert/removal from the net.bpf.peers sysctl handler.

This idea came from FreeBSD (Christian S.J. Peron) but while it is
implemented with sysctl's it differs a bit.

Reviewed by: christos@ and atatat@ (who gave me the tip for the net.bpf.peers
sysctl helper function).

branches: 1.42.4;
nuke trailing whitespace

branches: 1.41.4; 1.41.6;
Factor out the hand-crafting of mbufs from the interface files. Reviewed by
gimpy. XXX: I could have used bpf_mtap2 on some of the new functions, but I
chose not to, because I just wanted to do what amounts to a code move.

- ansify
- remove unnecessary casts
- change caddr_t to void *
- no functional change.

back out previous change - these diffs aren't what I'd tested.

add mmap(2) interface to bpf(4) devices, along with BIOCMMAPINFO ioctl call
for applications to interact with the bpf device for the purpose of using
mmap to examinen captured data.

Add bpf_mtap2, which taps a packet whose head is in a void *buffer
and whose tail is in an mbuf chain.

don't use u_long in an ioctl, rather, u_int64_t so there are no long 32/64
bit compatibility problems. bump kernel version like it should have been.

Add a count of the number of packets that match the bpf filter applied to a
particule device. In doing this, make a new the bpf_stat structure with
members that are u_long rather than u_int, matching the counters in the bpf_d.
the original bpf_stat is now bpf_stat_old and so to the original ioctl
is preserved as BIOCGSTATSOLD.

Fix bpf so that select will return for a timeout (from FreeBSD.)

Fix the behaviour of BIOCIMMEDIATE (fix from LBL BPF code via FreeBSD.)

In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf (based on
similar change FreeBSD but fixes BIOC*SEESENT issue with that.)

Copy the implementation of BIOCSSEESENT, BIOCGSEESENT by FreeBSD.

Review Assistance: Guy Harris

PRs: kern/8674, kern/12170

branches: 1.33.2;
Make bpf_maxbufsize writable via sysctl, as written by Andrew Brown.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.31.6;
Nuke the old SunOS-style ioctl defns.

Define new kernel interface bpfattach2() to register another data link
type for the driver, which will be used for 802.11 drivers.
Also add 2 APIs to get a list of available DLTs and use one for them.
BIOCGDLTLIST (struct bpf_dltlist)
BIOCSDLT (u_int)

branches: 1.29.8;
Use __sh__ instead of __sh3__.

branches: 1.28.2; 1.28.4;
Use <net/dlt.h> to get the DLT_* constants. Also change bpfattach()
and bpf_change_type() to take just a pointer to the ifnet, rather than
a pointer to the ifnet and a pointer to a member of the ifnet (the bpf
pointer).

We'll let this ride on the Dec 12 1.5N version bump.

Pull in <sys/time.h>, since we use timevals here.

Fix sparc64 LP64 issues.

branches: 1.25.4;
Implement bpfdetach().

branches: 1.24.2;
Merge in NetBSD/sh3 from cvs.kame.net repository.

Tree structure:
- sys/arch/sh3: sh3 generic code
As commented, in-chip device drivers are put into sys/arch/sh3/dev.
- sys/arch/evbsh3: sh3 evaluation boards (pure sh3 CPU, no fancy external HW)
- sys/arch/mmeye: Brains mmEye, www.brains.co.jp
MI source code includes couple of #ifdef for sh3-coff support.
(sh3 uses coff or elf)

Needs some more improvements, especialy in sys/arch/sh3/conf/files.sh3,
to compile the tree (due to last minute tree structure change).

* Add the ability to change the data link type on the fly.
* Define two more data link types: NetBSD PPP-over-serial and NetBSD
PPP-over-Ethernet. (Different PPP encaps have different header formats!)

branches: 1.22.10;
define DLT_HDLC

Driver for Essential Communications' RoadRunner HIPPI (800 Mb/sec network)
card. With some modification, this could probably also work for their
Gigabit Ethernet card based on the same chipset...

Implement two new BPF ioctls: BPFGHDRCMPLT and BPFSHDRCMPLT, to get/set
the "header already complete" flag. This allows BPF writers to spoof
layer 2 source addresses (providing the layer 2 in use supports it) in
applications where this is necessary. From Greg Smith <greg@nas.nasa.gov>.

Merge with Lite2 + local changes

Add definitions for bpf_int and bpf_u_int; these are not used in the kernel,
but libpcap expects them if we advertize our current BPF_VERSION.

sync with bpf-1.2a1
- fix whitespace
- add rcsid
- add BPF_RELEASE define
- add BIOCSTCPF BIOCSUDPF

- Add some new data link types from libpcap-0.4a3
- bpf_filter() does exist in userland

branches: 1.15.10;
add ATM data-link type; reqd. for libpcap.

On new architectures and on the alpha, define SIZEOF_BPF_HDR to be
sizeof(struct bpf_hdr). On machines that we currently support that
can use the old definition (which just covers the size of the data in
struct bpf_hdr), use it even though it's a hack. (This was changed
for the 'new architectures' case so as to be fail-safe; BPF may
waste a few bytes of space per captured packet on new architectures,
but now at least it's more likely to work.)

Net prototypes

Enhancements to the bpf from Stu Grossman <grossman@cygnus.com>:
* grok FIONBIO, FIOASYNC, and TIOC{G,S}PGRP
* add BIOC{G,S}RSIG; get/set the signal to be delivered
to the process or process group upon packet reception.
Defaults to SIGIO.

copy routines should take size_t lengths for prototype consistency.
don't assume that tick is >= 1000; loses badly on alpha (div. by zero)
only try unaligned copies if NetBSD's UNALIGNED_ACCESS symbol is defined.
various misc type size cleanups, mostly short -> int16_t.

KERNEL -> _KERNEL

Make this more type-safe for the Alpha. From the libpcap 0.0 distribution.
(Needs more work.)

Protect from multiple inclusion with _NET_BPF_H_, for PR #679.

be more careful with types, also pull in headers where necessary.

New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'

Update to 4.4-Lite networking code, with a few local changes.

add rcs ids to everything, and clean up headers

Add consistent multiple-inclusion protection.

added BPF support, as provided by David Greenman (davidg@implode.rain.com)

branches: 1.1.1;
Initial revision

Remove extraneous files from Lite2 merge.

branches: 1.1.1;
Initial revision

merge changes from libpcap-1.10.5

branches: 1.72.6;
define symbols that new libpcap needs

Create separate modules for i2c_bitbang and bpf_filter so these files
can be included in kernels which need them without also duplicating
them in other modules. Removes the duplicate symbols I found which
prevented loading i2c and bpf modules after having fixed PR 45125.

Fix the build.

It's not enough to check that a class of the last instruction is BPF_RET.
The opcodes in bpf_validate() must match opcodes understood by bpf_filter().

Found by afl-fuzz http://lcamtuf.coredump.cx/afl/.

branches: 1.68.2;
Add BPF_MOD/BPF_XOR, sync DLT entries and document unused bpf instructions.
From libpcap-1.6.2

Arithmetic overflow when calculating variable offsets (BPF_LD+BPF_IND
instructions) should be handled uniformly for contiguous buffers and mbufs.

Implement error checking in m_xbyte() and check for errors after m_xbyte() call.
Reuse (len - k) expression in m_xword() and m_xhalf() to give an optimization
hint to a compiler.

When m_xbyte() didn't exist, bpf_filter() handled out-of-bounds BPF_B loads
correctly because "return 0" inside MINDEX() was aborting filter programs.
After the change that added m_xbyte() zero values were passed to A or X
registers instead of aborting a filter program.

Check "preinited" argument of bpf_set_extmem().

- bpf_validate_ext: fix memword validation in BPF_ST/BPF_STX case.
- bpf_set_extmem: check the number of words against BPF_MAX_MEMWORDS.

- Improve the comments in bpf.h and KNF a little.
- Rename bpf_ctx_t member noinit to preinited (reflects the meaning better).

Implement copfuncs and external memory in bpfjit.

branches: 1.61.2;
- Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.

bpf_filter: re-use some code. No functional change intended.

bpf_validate_ext: allow COP to modify the memstore.

Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was
originally to preserve compatibility. Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.

bpf_filter: add a custom argument which can be passed to coprocessor routine.

Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC)
which add a capability to call external functions in a predetermined way.

It can be thought as a BPF "coprocessor" -- a generic mechanism to offload
more complex packet inspection operations. There is no default coprocessor
and this functionality is not targeted to the /dev/bpf. This is primarily
targeted to the kernel subsystems, therefore there is no way to set a custom
coprocessor at the userlevel.

Discussed on: tech-net@
OK: core@

branches: 1.55.2;
Add bpfjit and enable it for amd64.

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.53.2;
MINDEX() macro has 'return 0;' statement. It doesn't set *err to
1 before return when invoked from m_xword() and m_xhalf() functions.
The caller doesn't set it to 1 either. So, set *err to 1 before
invoking MINDEX().

bpf_filter: remove unnecessary memset(), add a comment.

Add BPF JIT compiler, currently supporting amd64 and i386. Code obtained
from FreeBSD. Also, make few BPF fixes and simplifications while here.
Note that bpf_jit_enable is false for now.

OK dyoung@, some feedback from matt@

Apply same bounds checks for BPF_LD|BPF_B|BPF_IND as for
BPF_LD|BPF_H|BPF_IND and BPF_LD|BPF_W|BPF_IND.

From FreeBSD r48548, the original r45574 had a typo.

PR/45751: Alexander Nasonov: No overflow check in BPF_LD|BPF_ABS

branches: 1.48.2; 1.48.6;
back out previous - this should be unnecessary on NetBSD due to
the extra validation introduced in rev.1.42 (and pulled up to netbsd-5)

clear the packet filter's scratch memory before running the filter
program, otherwise kernel memory can be leaked, from Guy Harris
per PR kern/45142

delint.

Fix userland build.

Use kmem instead of malloc. Requested by rmind.

Use __CTASSERT

Avoid stack memory disclosure by keeping track during filter validation time
of initialized memory. Idea taken from linux.

branches: 1.41.2; 1.41.4;
revert another part of bpf_filter 1.38 that broke the check for divide
by zero while validating the bpf program.

originally spotted by skrll@, and broke atf the month-old atf test for
this exact problem: net_bpf_t_div-by-zero_div_by_zero.

consider BPF_ABS, BPF_IND and BPF_MSH as they used to be in rev 1.37.

this fixes dhclient, and i'm told dhcpcd as well.


this patch from skrll@netbsd.org, tested by me.

apply the smallest hack to allow this to build without warnings again.

make bpf_validate available in userland.

constify

the correct check for BPF_K is with BPF_SRC for BPF_ALU ops, from
Guy Harris per PR kern/43185
fixes possible division-by-zero crashes by evil filter expressions
like "len / 0 = 1"
pullup candidate

branches: 1.35.4; 1.35.10; 1.35.12; 1.35.14; 1.35.16;
As the scratch memory is only ever copied to or from A and X, make it
unsigned as well.

branches: 1.34.6; 1.34.10; 1.34.12; 1.34.16;
PR/37663: Guy Harris: bpf_validate rejects valid programs that use the multiply instruction

branches: 1.33.20; 1.33.26; 1.33.32;
Use be16dec() and be32dec() instead of reimplementing them.

branches: 1.32.2; 1.32.4;
It is not sufficient for MINDEX to just 'return 0' if the MINDEX macro
is going to be used from within m_xhalf() and m_xword(). In using
MINDEX in those cases, we must set *err to '1' *before* calling MINDEX
just in case MINDEX does decide to 'return', and causes the function
to return 0 with an un-set err value. A consequence of this fix is
that we can cleanup a couple of (now) unneeded goto's. Problem found
by inspection whilst searching for the cause of a different panic.

Also: pavel@ noted the following:
if (merr != 0)
return 0;
was missing from after a call to m_xhalf(), so fix that too.

src/regress/sys/net/bpf/out-of-bounds now passes the regression test.

Ok'ed by pavel@.

branches: 1.31.8; 1.31.10;
XXX: GCC uninitialized.

branches: 1.30.2; 1.30.6;
fix bpf_validate():
a missing "break" caused any bpf filter containing
a division to be rejected

Add a /* CONSTCOND */ for lint.

branches: 1.28.2; 1.28.4; 1.28.6;
Fix previous commit: ABS, IND and MSH are valid codes.

In bpf_validate(), get rid of bpf_maxbufsize test as there are other
clients of bpf_filter(), like if_ppp, that are not limited by
bpf_maxbufsize. The same check is done at the run time, so there is no
problem created.

Noticed by Guy Harris in private email.

Oops, the previous revision had a wrong pre-processor #if clause.

Make the bpf_maxbufsize a constant when bpfilter pseudo-device is not
present in the kernel config, thus fixing the build. Problem reported
by Havard Eidnes. Solution proposed by Christos, thanks.

PR 32198: bpf_validate() needs to do more checks, from Otto Moerbeek/OpenBSD
via Guy Harris.
Problems like out-of-bounds read/write in filter machine operations
were fixed.

More KNF. C99 uintXX_t types.

KNF. ANSYfy. de-P().

branches: 1.21.2; 1.21.4; 1.21.12;
nuke trailing whitespace

branches: 1.20.8; 1.20.10;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.19.16;
don't need <sys/types.h> when including <sys/param.h>

add RCSIDs

branches: 1.17.2; 1.17.4;
Add a missing include when using this in user space.

remove sunos stuff.

Kill some more register declarations.

branches: 1.14.16;
bpf_filter.c:
- update copyright
- add their rcsid
- initialize some variables later later for consistency
with the current code.
- change char to u_char to match the current code.

branches: 1.13.2;
Provide better filter validation. PR 3366.

Net prototypes

copy routines should take size_t lengths for prototype consistency.
don't assume that tick is >= 1000; loses badly on alpha (div. by zero)
only try unaligned copies if NetBSD's UNALIGNED_ACCESS symbol is defined.
various misc type size cleanups, mostly short -> int16_t.

Fix bogus buffer indexing when a value is split across a mbuf boundary,
as suggested by Greg Ansley. Also, redefine MINDEX() slightly to avoid
duplicating code.

KERNEL -> _KERNEL

Undo an #include ordering change.

Make this more type-safe for the Alpha. From the libpcap 0.0 distribution.
(Needs more work.)

New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'

Update to 4.4-Lite networking code, with a few local changes.

Canonicalize all #includes.

add rcs ids to everything, and clean up headers

added BPF support, as provided by David Greenman (davidg@implode.rain.com)

branches: 1.1.1;
Initial revision

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.1.2;
Add BPF JIT compiler, currently supporting amd64 and i386. Code obtained
from FreeBSD. Also, make few BPF fixes and simplifications while here.
Note that bpf_jit_enable is false for now.

OK dyoung@, some feedback from matt@

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.2.2;
Add struct bpf_insn tag.

Add BPF JIT compiler, currently supporting amd64 and i386. Code obtained
from FreeBSD. Also, make few BPF fixes and simplifications while here.
Note that bpf_jit_enable is false for now.

OK dyoung@, some feedback from matt@

Removal of bpf_tap().

branches: 1.7.12;
Use bpf_ops for bpf_mtap_softint

By doing so we don't need to care whether a kernel enables bpfilter or not.

branches: 1.6.6; 1.6.24; 1.6.28; 1.6.32;
Use proper ANSI prototypes for foo() -> foo(void)
Caught when compiling with -Wold-style-definition

branches: 1.5.8; 1.5.12;
Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf
check into the inline functions as well the fourth argument for
bpf_attach.

branches: 1.4.2; 1.4.4; 1.4.6;
Make bpf dynamically loadable.

fix pasto in previous

slap dis wit summah dat RCSId

Redefine bpf linkage through an always present op vector, i.e.
#if NBPFILTER is no longer required in the client. This change
doesn't yet add support for loading bpf as a module, since drivers
can register before bpf is attached. However, callers of bpf can
now be modularized.

Dynamically loadable bpf could probably be done fairly easily with
coordination from the stub driver and the real driver by registering
attachments in the stub before the real driver is loaded and doing
a handoff. ... and I'm not going to ponder the depths of unload
here.

Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.

bpf: protect selnotify and selrecord with bd_buf_mtx

We have to make updates and checks of buffers and calls of
selnotify/selrecord atomic to satisfy constraints of sel* API.

Also, bd_state and bd_cv are protected by bd_buf_mtx now.

Fix issue #3 of PR#58596

Part of the fix is inspired by riastradh's patch.

bpf: restore wakeup softint

This change fixes the issue that fownsignal which can take an
adaptive mutex is called inside a pserialize read section in
bpf_deliver.

Fix issue #4 (only the latter of two) in PR#58596

branches: 1.48.10; 1.48.16;
Add a bpf_register_track_event() function (and deregister equivalent)
that allows a driver to track listeners attaching/detaching from tap
points.

This is usefull for drivers that would have to do extra work for some
taps and can not easily decide (at the driver level) if the work would
be needed further up the stack.

An example is providing radiotap headers for IEEE 802.11 frames.

branches: 1.47.6;
bpf(4): Add ioctls BIOCSETWF and BIOCLOCK

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.

Taken from OpenBSD.

branches: 1.46.6;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.

branches: 1.45.2;
Abandon unnecessary softint

The softint was introduced to defer fownsignal that was called in bpf_wakeup to
softint at v1.139, but now bpf_wakeup always runs in softint so we don't need
the softint anymore.

branches: 1.44.6;
Make bpf MP-safe

By the change, bpf_mtap can run without any locks as long as its bpf filter
doesn't match a target packet. Pushing data to a bpf buffer still needs
a lock. Removing the lock requires big changes and it's a future work.

Another known issue is that we need to remain some obsolete variables to
avoid breaking kvm(3) users such as netstat and fstat. One problem for
MP-ification is that in order to keep statistic counters of bpf_d we need
to use atomic operations for them. Once we retire the kvm(3) users, we
should make the counters per-CPU and remove the atomic operations.

Kill tsleep/wakeup and use cv

Use pslist(9) instead of queue(9) for psz/psref

As usual some member variables of struct bpf_d and bpf_if remain to avoid
breaking kvm(3) users (netstat and fstat).

Use kmem(9) instead of malloc/free

Defer bpf_mtap in Rx interrupt context to softint

bpf_mtap of some drivers is still called in hardware interrupt context.
We want to run them in softint as well as bpf_mtap of most drivers
(see if_percpuq_softint and if_input).

To this end, bpf_mtap_softint mechanism is implemented; it defers
bpf_mtap processing to a dedicated softint for a target driver.
By using the machanism, we can move bpf_mtap processing to softint
without changing target drivers much while it adds some overhead
on CPU and memory. Once target drivers are changed to softint-based,
we should return to normal bpf_mtap.

Proposed on tech-kern and tech-net

Make bpf_setf static

branches: 1.38.6; 1.38.10; 1.38.14;
- Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.

branches: 1.37.2;
Comment bd_jitcode member.

Add bpfjit and enable it for amd64.

Remove bpf_jit which was ported from FreeBSD recently.

It will soon be replaced with the new bpfjit kernel module.

branches: 1.34.2;
Add BPF JIT compiler, currently supporting amd64 and i386. Code obtained
from FreeBSD. Also, make few BPF fixes and simplifications while here.
Note that bpf_jit_enable is false for now.

OK dyoung@, some feedback from matt@

branches: 1.33.2;
Provide netbsd32 compat for bpf. Beside the ioctls, the structure
returned to userland by read(2) also needs to be converted.
For this, the bpf descriptor is flagged as compat32 (or not) in the
open and ioctl functions (where the user process's pid is also updated
in the descriptor). When the bpf buffer is filled in, the 32bits or native
header is used depending on the information stored in the descriptor.

This won't work if a 64bit binary does the open and ioctls, and then
exec a 32bit program which will do the read. But this is very
unlikely to happen in real life ...

Tested on i386 and loongson; with these changes my loongson can run
dhclient and tcpdump with a n32 userland.

add BIOC{G,S}FEEDBACK which allows one to receive injected outgoing packets
via bpf.

branches: 1.31.2;
Spelling fix: correspoding -> corresponding.

Fix PR/37878 and PR/37550: Provide stat(2) for all devices and don't use
fbadop_stat.

Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.28.2; 1.28.10; 1.28.16;
Network protocol interrupts can now block on locks, so merge the globals
proclist_mutex and proclist_lock into a single adaptive mutex (proc_lock).
Implications:

- Inspecting process state requires thread context, so signals can no longer
be sent from a hardware interrupt handler. Signal activity must be
deferred to a soft interrupt or kthread.

- As the proc state locking is simplified, it's now safe to take exit()
and wait() out from under kernel_lock.

- The system spends less time at IPL_SCHED, and there is less lock activity.

branches: 1.27.6; 1.27.8;
s/u_\(int[0-9]*_t\)/u\1/g
(change u_int*_t to uint*_t)

branches: 1.26.8;
Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements

branches: 1.25.2; 1.25.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.24.26;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

Implemented the kernel part of BPF statistics and BPF peers, net.bpf.stats
and net.bpf.peers sysctls respectively.

A new structure was added to describe the external (user viewable)
representation of a BPF file; a new entry was added to the bpf_d
structure to store the PID of the calling process; a simple_lock was added
to protect the insert/removal from the net.bpf.peers sysctl handler.

This idea came from FreeBSD (Christian S.J. Peron) but while it is
implemented with sysctl's it differs a bit.

Reviewed by: christos@ and atatat@ (who gave me the tip for the net.bpf.peers
sysctl helper function).

branches: 1.22.2;
A couple of <sys/select.h>-related changes:
* Factor out struct selinfo and its header dependencies into its own header,
<sys/selinfo.h>, to avoid namespace pollution.
* Include <sys/selinfo.h> in user-visible headers where necessary.

branches: 1.21.4; 1.21.6;
Clonify bpf. I am not changing /dev/bpfX -> /dev/bpf until all userland
programs have been fixed.

back out previous change - these diffs aren't what I'd tested.

add mmap(2) interface to bpf(4) devices, along with BIOCMMAPINFO ioctl call
for applications to interact with the bpf device for the purpose of using
mmap to examinen captured data.

Add a count of the number of packets that match the bpf filter applied to a
particule device. In doing this, make a new the bpf_stat structure with
members that are u_long rather than u_int, matching the counters in the bpf_d.
the original bpf_stat is now bpf_stat_old and so to the original ioctl
is preserved as BIOCGSTATSOLD.

Fix bpf so that select will return for a timeout (from FreeBSD.)

Fix the behaviour of BIOCIMMEDIATE (fix from LBL BPF code via FreeBSD.)

In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf (based on
similar change FreeBSD but fixes BIOC*SEESENT issue with that.)

Copy the implementation of BIOCSSEESENT, BIOCGSEESENT by FreeBSD.

Review Assistance: Guy Harris

PRs: kern/8674, kern/12170

branches: 1.16.2;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.15.48;
Implement two new BPF ioctls: BPFGHDRCMPLT and BPFSHDRCMPLT, to get/set
the "header already complete" flag. This allows BPF writers to spoof
layer 2 source addresses (providing the layer 2 in use supports it) in
applications where this is necessary. From Greg Smith <greg@nas.nasa.gov>.

add multiple inclusion protection (and cleanup).

GC bd_sig

- add their rcsid
- add ifdef to match current code

branches: 1.11.14;
Enhancements to the bpf from Stu Grossman <grossman@cygnus.com>:
* grok FIONBIO, FIOASYNC, and TIOC{G,S}PGRP
* add BIOC{G,S}RSIG; get/set the signal to be delivered
to the process or process group upon packet reception.
Defaults to SIGIO.

KERNEL -> _KERNEL

New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'

Update to 4.4-Lite networking code, with a few local changes.

defines change

branches: 1.6.2;
added include of select.h to bpfdesc.h because it now has a reference to
struct selinfo.

make kernel select interface be one-stop shopping & clean it all up.

Add consistent multiple-inclusion protection.

commit damnit!

added BPF support, as provided by David Greenman (davidg@implode.rain.com)

branches: 1.1.1;
Initial revision

Fix wrong memory order and switch bpf to atomic_load/store_*.

branches: 1.47.6;
Add missing include.

branches: 1.46.14; 1.46.16;
Don't trigger BJ_ASSERT(false) on invalid BPF_Jxxx opcode in jmp_to_op().

This change helps survive AFL fuzzing without calling bpf_validate() first.

Also change alu_to_op() function to have a similar interface.

branches: 1.45.2;
Adapt to the new version of sljit@r313.

Replace the nsaveds() function with #define NSAVEDS 3. No functional change.

Patch from Michael McConville.

Copyright year.

In some implementations pc->k is signed. Cast it to uint32_t before comparing.

Properly track initialisation of registers for BPF_JMP instructions.

Don't emit wrapped-around reads. They're dead code but dead code elimination
logic isn't smart enough to figure it out.

Found by afl fuzzer http://lcamtuf.coredump.cx/afl/.

Fix bugs found by afl fuzzer http://lcamtuf.coredump.cx/afl/.

rename variable to avoid conflict with "div"

Help gcc by initialising variable