Home | History | Annotate | Download | only in net
History log of /src/sys/net/bpf.h
RevisionDateAuthorComments
 1.82  23-Aug-2023  rin bpf: Fix SIZEOF_BPF_HDR (for LP64 userland) on mips64

It cannot fit within 18 bytes, of course ;)

As we had never provided working bpf(4) implementation for LP64
userland on mips, just use natural structure size here.
 1.81  17-Aug-2023  christos add new for libpcap.
 1.80  31-Jul-2023  christos put back compat names, should be removed from the sanitizers
 1.79  31-Jul-2023  christos Don't call versioned stuff "old". Follow the naming convention for versioning
and name them after the last version of the OS they appeared on.
 1.78  20-Jun-2022  yamaguchi branches: 1.78.4;
bpf(4): added support for VLAN hardware offloading of ethernet devices
 1.77  09-Jun-2021  martin Add a bpf_register_track_event() function (and deregister equivalent)
that allows a driver to track listeners attaching/detaching from tap
points.

This is usefull for drivers that would have to do extra work for some
taps and can not easily decide (at the driver level) if the work would
be needed further up the stack.

An example is providing radiotap headers for IEEE 802.11 frames.
 1.76  09-Jun-2021  martin Add a (FreeBSD compatible) bpf_peers_present() predicate to allow
testing for active listeners on a tap.
 1.75  11-Jun-2020  roy branches: 1.75.6;
bpf(4): Add ioctls BIOCSETWF and BIOCLOCK

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.

Taken from OpenBSD.
 1.74  26-Feb-2019  msaitoh Whitespace change.
 1.73  03-Sep-2018  christos Add definitions from libpcap-1.9.0
 1.72  26-Jun-2018  msaitoh branches: 1.72.2;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.
 1.71  25-Jun-2018  msaitoh Removal of bpf_tap().
 1.70  19-Apr-2018  christos s/static inline/static __inline/g for consistency.
 1.69  25-Jan-2017  ozaki-r branches: 1.69.12;
Use bpf_ops for bpf_mtap_softint

By doing so we don't need to care whether a kernel enables bpfilter or not.
 1.68  24-Jan-2017  ozaki-r Defer bpf_mtap in Rx interrupt context to softint

bpf_mtap of some drivers is still called in hardware interrupt context.
We want to run them in softint as well as bpf_mtap of most drivers
(see if_percpuq_softint and if_input).

To this end, bpf_mtap_softint mechanism is implemented; it defers
bpf_mtap processing to a dedicated softint for a target driver.
By using the machanism, we can move bpf_mtap processing to softint
without changing target drivers much while it adds some overhead
on CPU and memory. Once target drivers are changed to softint-based,
we should return to normal bpf_mtap.

Proposed on tech-kern and tech-net
 1.67  05-Sep-2015  dholland branches: 1.67.2; 1.67.4;
Uses _IOR/_IOW/etc. and thus needs sys/ioccom.h. PR 41200
 1.66  19-Nov-2014  christos branches: 1.66.2;
Add BPF_MOD/BPF_XOR, sync DLT entries and document unused bpf instructions.
From libpcap-1.6.2
 1.65  24-Jun-2014  rmind - Improve the comments in bpf.h and KNF a little.
- Rename bpf_ctx_t member noinit to preinited (reflects the meaning better).
 1.64  24-Jun-2014  alnsn Implement copfuncs and external memory in bpfjit.
 1.63  15-Nov-2013  rmind branches: 1.63.2;
- Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.
 1.62  18-Sep-2013  rmind Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was
originally to preserve compatibility. Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.
 1.61  30-Aug-2013  rmind bpf_filter: add a custom argument which can be passed to coprocessor routine.
 1.60  29-Aug-2013  rmind Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC)
which add a capability to call external functions in a predetermined way.

It can be thought as a BPF "coprocessor" -- a generic mechanism to offload
more complex packet inspection operations. There is no default coprocessor
and this functionality is not targeted to the /dev/bpf. This is primarily
targeted to the kernel subsystems, therefore there is no way to set a custom
coprocessor at the userlevel.

Discussed on: tech-net@
OK: core@
 1.59  15-Mar-2012  christos branches: 1.59.2; 1.59.4;
add {__BEGIN,__END}_DECLS
 1.58  30-Aug-2011  bouyer branches: 1.58.2; 1.58.6; 1.58.8;
Provide netbsd32 compat for bpf. Beside the ioctls, the structure
returned to userland by read(2) also needs to be converted.
For this, the bpf descriptor is flagged as compat32 (or not) in the
open and ioctl functions (where the user process's pid is also updated
in the descriptor). When the bpf buffer is filled in, the 32bits or native
header is used depending on the information stored in the descriptor.

This won't work if a 64bit binary does the open and ioctls, and then
exec a 32bit program which will do the read. But this is very
unlikely to happen in real life ...

Tested on i386 and loongson; with these changes my loongson can run
dhclient and tcpdump with a n32 userland.
 1.57  05-Dec-2010  christos make bpf_validate available in userland.
 1.56  05-Dec-2010  christos constify
 1.55  05-Apr-2010  joerg Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf
check into the inline functions as well the fourth argument for
bpf_attach.
 1.54  13-Mar-2010  christos branches: 1.54.2;
add BIOC{G,S}FEEDBACK which allows one to receive injected outgoing packets
via bpf.
 1.53  25-Jan-2010  pooka branches: 1.53.2;
Make bpf dynamically loadable.
 1.52  19-Jan-2010  pooka Redefine bpf linkage through an always present op vector, i.e.
#if NBPFILTER is no longer required in the client. This change
doesn't yet add support for loading bpf as a module, since drivers
can register before bpf is attached. However, callers of bpf can
now be modularized.

Dynamically loadable bpf could probably be done fairly easily with
coordination from the stub driver and the real driver by registering
attachments in the stub before the real driver is loaded and doing
a handoff. ... and I'm not going to ponder the depths of unload
here.

Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.
 1.51  17-Jan-2010  pooka Forward declare struct bpf_if and use that as the type for bpf_if
instead of "void *". Buys us oo times the type-safety for 0 times
the price.
(no functional change)
 1.50  13-Jan-2009  christos restore binary compatibility on 64 bit systems.
 1.49  11-Jan-2009  christos merge christos-time_t
 1.48  10-Dec-2005  elad branches: 1.48.70; 1.48.72; 1.48.76; 1.48.86;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.
 1.47  05-Dec-2005  rpaulo Make the bpf_maxbufsize a constant when bpfilter pseudo-device is not
present in the kernel config, thus fixing the build. Problem reported
by Havard Eidnes. Solution proposed by Christos, thanks.
 1.46  30-Nov-2005  rpaulo PR 32198: bpf_validate() needs to do more checks, from Otto Moerbeek/OpenBSD
via Guy Harris.
Problems like out-of-bounds read/write in filter machine operations
were fixed.
 1.45  30-Nov-2005  rpaulo Replace u_intXX_t by their C99 counterparts.
 1.44  30-Nov-2005  rpaulo Fix typo in comment found by Guy Harris (PR 32198).
 1.43  04-Aug-2005  rpaulo Implemented the kernel part of BPF statistics and BPF peers, net.bpf.stats
and net.bpf.peers sysctls respectively.

A new structure was added to describe the external (user viewable)
representation of a BPF file; a new entry was added to the bpf_d
structure to store the PID of the calling process; a simple_lock was added
to protect the insert/removal from the net.bpf.peers sysctl handler.

This idea came from FreeBSD (Christian S.J. Peron) but while it is
implemented with sysctl's it differs a bit.

Reviewed by: christos@ and atatat@ (who gave me the tip for the net.bpf.peers
sysctl helper function).
 1.42  26-Feb-2005  perry branches: 1.42.4;
nuke trailing whitespace
 1.41  19-Aug-2004  christos branches: 1.41.4; 1.41.6;
Factor out the hand-crafting of mbufs from the interface files. Reviewed by
gimpy. XXX: I could have used bpf_mtap2 on some of the new functions, but I
chose not to, because I just wanted to do what amounts to a code move.
 1.40  19-Aug-2004  christos - ansify
- remove unnecessary casts
- change caddr_t to void *
- no functional change.
 1.39  29-May-2004  darrenr back out previous change - these diffs aren't what I'd tested.
 1.38  29-May-2004  darrenr add mmap(2) interface to bpf(4) devices, along with BIOCMMAPINFO ioctl call
for applications to interact with the bpf device for the purpose of using
mmap to examinen captured data.
 1.37  30-Apr-2004  dyoung Add bpf_mtap2, which taps a packet whose head is in a void *buffer
and whose tail is in an mbuf chain.
 1.36  15-Apr-2004  darrenr don't use u_long in an ioctl, rather, u_int64_t so there are no long 32/64
bit compatibility problems. bump kernel version like it should have been.
 1.35  15-Apr-2004  darrenr Add a count of the number of packets that match the bpf filter applied to a
particule device. In doing this, make a new the bpf_stat structure with
members that are u_long rather than u_int, matching the counters in the bpf_d.
the original bpf_stat is now bpf_stat_old and so to the original ioctl
is preserved as BIOCGSTATSOLD.
 1.34  10-Apr-2004  darrenr Fix bpf so that select will return for a timeout (from FreeBSD.)

Fix the behaviour of BIOCIMMEDIATE (fix from LBL BPF code via FreeBSD.)

In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf (based on
similar change FreeBSD but fixes BIOC*SEESENT issue with that.)

Copy the implementation of BIOCSSEESENT, BIOCGSEESENT by FreeBSD.

Review Assistance: Guy Harris

PRs: kern/8674, kern/12170
 1.33  22-Jan-2004  jonathan branches: 1.33.2;
Make bpf_maxbufsize writable via sysctl, as written by Andrew Brown.
 1.32  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.
 1.31  21-Sep-2002  thorpej branches: 1.31.6;
Nuke the old SunOS-style ioctl defns.
 1.30  28-Aug-2002  onoe Define new kernel interface bpfattach2() to register another data link
type for the driver, which will be used for 802.11 drivers.
Also add 2 APIs to get a list of available DLTs and use one for them.
BIOCGDLTLIST (struct bpf_dltlist)
BIOCSDLT (u_int)
 1.29  14-Dec-2001  thorpej branches: 1.29.8;
Use __sh__ instead of __sh3__.
 1.28  12-Dec-2000  thorpej branches: 1.28.2; 1.28.4;
Use <net/dlt.h> to get the DLT_* constants. Also change bpfattach()
and bpf_change_type() to take just a pointer to the ifnet, rather than
a pointer to the ifnet and a pointer to a member of the ifnet (the bpf
pointer).

We'll let this ride on the Dec 12 1.5N version bump.
 1.27  11-Nov-2000  thorpej Pull in <sys/time.h>, since we use timevals here.
 1.26  02-Nov-2000  eeh Fix sparc64 LP64 issues.
 1.25  31-Jan-2000  thorpej branches: 1.25.4;
Implement bpfdetach().
 1.24  13-Sep-1999  itojun branches: 1.24.2;
Merge in NetBSD/sh3 from cvs.kame.net repository.

Tree structure:
- sys/arch/sh3: sh3 generic code
As commented, in-chip device drivers are put into sys/arch/sh3/dev.
- sys/arch/evbsh3: sh3 evaluation boards (pure sh3 CPU, no fancy external HW)
- sys/arch/mmeye: Brains mmEye, www.brains.co.jp
MI source code includes couple of #ifdef for sh3-coff support.
(sh3 uses coff or elf)

Needs some more improvements, especialy in sys/arch/sh3/conf/files.sh3,
to compile the tree (due to last minute tree structure change).
 1.23  11-May-1999  thorpej * Add the ability to change the data link type on the fly.
* Define two more data link types: NetBSD PPP-over-serial and NetBSD
PPP-over-Ethernet. (Different PPP encaps have different header formats!)
 1.22  25-Jul-1998  explorer branches: 1.22.10;
define DLT_HDLC
 1.21  14-May-1998  kml Driver for Essential Communications' RoadRunner HIPPI (800 Mb/sec network)
card. With some modification, this could probably also work for their
Gigabit Ethernet card based on the same chipset...
 1.20  30-Apr-1998  thorpej Implement two new BPF ioctls: BPFGHDRCMPLT and BPFSHDRCMPLT, to get/set
the "header already complete" flag. This allows BPF writers to spoof
layer 2 source addresses (providing the layer 2 in use supports it) in
applications where this is necessary. From Greg Smith <greg@nas.nasa.gov>.
 1.19  01-Mar-1998  fvdl Merge with Lite2 + local changes
 1.18  10-Oct-1997  christos Add definitions for bpf_int and bpf_u_int; these are not used in the kernel,
but libpcap expects them if we advertize our current BPF_VERSION.
 1.17  09-Oct-1997  christos sync with bpf-1.2a1
- fix whitespace
- add rcsid
- add BPF_RELEASE define
- add BIOCSTCPF BIOCSUDPF
 1.16  03-Oct-1997  christos - Add some new data link types from libpcap-0.4a3
- bpf_filter() does exist in userland
 1.15  13-Dec-1996  mikel branches: 1.15.10;
add ATM data-link type; reqd. for libpcap.
 1.14  02-May-1996  cgd On new architectures and on the alpha, define SIZEOF_BPF_HDR to be
sizeof(struct bpf_hdr). On machines that we currently support that
can use the old definition (which just covers the size of the data in
struct bpf_hdr), use it even though it's a hack. (This was changed
for the 'new architectures' case so as to be fail-safe; BPF may
waste a few bytes of space per captured packet on new architectures,
but now at least it's more likely to work.)
 1.13  13-Feb-1996  christos Net prototypes
 1.12  27-Sep-1995  thorpej Enhancements to the bpf from Stu Grossman <grossman@cygnus.com>:
* grok FIONBIO, FIOASYNC, and TIOC{G,S}PGRP
* add BIOC{G,S}RSIG; get/set the signal to be delivered
to the process or process group upon packet reception.
Defaults to SIGIO.
 1.11  22-Apr-1995  cgd copy routines should take size_t lengths for prototype consistency.
don't assume that tick is >= 1000; loses badly on alpha (div. by zero)
only try unaligned copies if NetBSD's UNALIGNED_ACCESS symbol is defined.
various misc type size cleanups, mostly short -> int16_t.
 1.10  26-Mar-1995  jtc KERNEL -> _KERNEL
 1.9  06-Mar-1995  mycroft Make this more type-safe for the Alpha. From the libpcap 0.0 distribution.
(Needs more work.)
 1.8  13-Jan-1995  jtc Protect from multiple inclusion with _NET_BPF_H_, for PR #679.
 1.7  30-Oct-1994  cgd be more careful with types, also pull in headers where necessary.
 1.6  29-Jun-1994  cgd New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'
 1.5  13-May-1994  mycroft Update to 4.4-Lite networking code, with a few local changes.
 1.4  20-May-1993  cgd add rcs ids to everything, and clean up headers
 1.3  19-Apr-1993  mycroft Add consistent multiple-inclusion protection.
 1.2  25-Mar-1993  cgd added BPF support, as provided by David Greenman (davidg@implode.rain.com)
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.3  01-Mar-1998  fvdl Import 4.4BSD-Lite2
 1.1.1.2  01-Mar-1998  fvdl Import 4.4BSD-Lite for reference
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.15.10.1  14-Oct-1997  thorpej Update marc-pcmcia branch from trunk.
 1.22.10.1  21-Jun-1999  thorpej Sync w/ -current.
 1.24.2.3  13-Dec-2000  bouyer Sync with HEAD (for UBC fixes).
 1.24.2.2  22-Nov-2000  bouyer Sync with HEAD.
 1.24.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.25.4.1  03-Nov-2000  tv Pullup 1.26 [eeh]:
Fix sparc64 LP64 issues.
 1.28.4.3  10-Oct-2002  jdolecek sync kqueue with -current; this includes merge of gehenna-devsw branch,
merge of i386 MP branch, and part of autoconf rototil work
 1.28.4.2  06-Sep-2002  jdolecek sync kqueue branch with HEAD
 1.28.4.1  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.28.2.3  18-Oct-2002  nathanw Catch up to -current.
 1.28.2.2  17-Sep-2002  nathanw Catch up to -current.
 1.28.2.1  08-Jan-2002  nathanw Catch up to -current.
 1.29.8.1  29-Aug-2002  gehenna catch up with -current.
 1.31.6.7  11-Dec-2005  christos Sync with head.
 1.31.6.6  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.31.6.5  04-Mar-2005  skrll Sync with HEAD.

Hi Perry!
 1.31.6.4  21-Sep-2004  skrll Fix the sync with head I botched.
 1.31.6.3  18-Sep-2004  skrll Sync with HEAD.
 1.31.6.2  25-Aug-2004  skrll Sync with HEAD.
 1.31.6.1  03-Aug-2004  skrll Sync with HEAD
 1.33.2.1  21-Apr-2004  jmc Pullup rev 1.34-1.36 (requested by darrenr in ticket #167)

Reduce bpf buffer to 32k from 1M to reduce kernel memory usage from userland
binaries.
Fix bpf so that select will return for a timeout.
Fix the behaviour of BIOCIMMEDIATE.
In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf.
Various other bpf fixes, including PR#8674, PR#12170
 1.41.6.1  19-Mar-2005  yamt sync with head. xen and whitespace. xen part is not finished.
 1.41.4.1  29-Apr-2005  kent sync with -current
 1.42.4.1  21-Jun-2006  yamt sync with head.
 1.48.86.1  19-Jan-2009  skrll Sync with HEAD.
 1.48.76.3  11-Aug-2010  yamt sync with head.
 1.48.76.2  11-Mar-2010  yamt sync with head
 1.48.76.1  04-May-2009  yamt sync with head.
 1.48.72.3  30-Dec-2008  christos need to burn more numbers since sizeof(timeval50) == sizeof(timeval) on 64
bit archs.
 1.48.72.2  28-Dec-2008  christos back to usecs now for source compatibility
 1.48.72.1  29-Mar-2008  christos Welcome to the time_t=long long dev_t=uint64_t branch.
 1.48.70.1  17-Jan-2009  mjf Sync with HEAD.
 1.53.2.1  30-Apr-2010  uebayasi Sync with HEAD.
 1.54.2.2  05-Mar-2011  rmind sync with head
 1.54.2.1  30-May-2010  rmind sync with head
 1.58.8.1  12-Jun-2012  riz Pull up following revision(s) (requested by abs in ticket #312):
sys/net/bpf.h: revision 1.59
add {__BEGIN,__END}_DECLS
 1.58.6.1  05-Apr-2012  mrg sync to latest -current.
 1.58.2.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.58.2.1  17-Apr-2012  yamt sync with head
 1.59.4.1  18-May-2014  rmind sync with head
 1.59.2.2  03-Dec-2017  jdolecek update from HEAD
 1.59.2.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.63.2.1  10-Aug-2014  tls Rebase.
 1.66.2.2  05-Feb-2017  skrll Sync with HEAD
 1.66.2.1  22-Sep-2015  skrll Sync with HEAD
 1.67.4.1  21-Apr-2017  bouyer Sync with HEAD
 1.67.2.1  20-Mar-2017  pgoyette Sync with HEAD
 1.69.12.4  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.69.12.3  28-Jul-2018  pgoyette Sync with HEAD
 1.69.12.2  25-Jun-2018  pgoyette Sync with HEAD
 1.69.12.1  22-Apr-2018  pgoyette Sync with HEAD
 1.72.2.1  10-Jun-2019  christos Sync with HEAD
 1.75.6.1  17-Jun-2021  thorpej Sync w/ HEAD.
 1.78.4.1  13-Sep-2023  martin Pull up following revision(s) (requested by rin in ticket #373):

sys/net/bpf.h: revision 1.82

bpf: Fix SIZEOF_BPF_HDR (for LP64 userland) on mips64

It cannot fit within 18 bytes, of course ;)

As we had never provided working bpf(4) implementation for LP64
userland on mips, just use natural structure size here.

RSS XML Feed