bpf.c revision 1.166
1 /* $NetBSD: bpf.c,v 1.166 2011/08/30 14:22:22 bouyer Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 37 * static char rcsid[] = 38 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.166 2011/08/30 14:22:22 bouyer Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_bpf.h" 46 #include "sl.h" 47 #include "strip.h" 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/mbuf.h> 53 #include <sys/buf.h> 54 #include <sys/time.h> 55 #include <sys/proc.h> 56 #include <sys/ioctl.h> 57 #include <sys/conf.h> 58 #include <sys/vnode.h> 59 #include <sys/queue.h> 60 #include <sys/stat.h> 61 #include <sys/module.h> 62 #include <sys/once.h> 63 #include <sys/atomic.h> 64 65 #include <sys/file.h> 66 #include <sys/filedesc.h> 67 #include <sys/tty.h> 68 #include <sys/uio.h> 69 70 #include <sys/protosw.h> 71 #include <sys/socket.h> 72 #include <sys/errno.h> 73 #include <sys/kernel.h> 74 #include <sys/poll.h> 75 #include <sys/sysctl.h> 76 #include <sys/kauth.h> 77 78 #include <net/if.h> 79 #include <net/slip.h> 80 81 #include <net/bpf.h> 82 #include <net/bpfdesc.h> 83 84 #include <net/if_arc.h> 85 #include <net/if_ether.h> 86 87 #include <netinet/in.h> 88 #include <netinet/if_inarp.h> 89 90 91 #include <compat/sys/sockio.h> 92 93 #ifndef BPF_BUFSIZE 94 /* 95 * 4096 is too small for FDDI frames. 8192 is too small for gigabit Ethernet 96 * jumbos (circa 9k), ATM, or Intel gig/10gig ethernet jumbos (16k). 97 */ 98 # define BPF_BUFSIZE 32768 99 #endif 100 101 #define PRINET 26 /* interruptible */ 102 103 /* 104 * The default read buffer size, and limit for BIOCSBLEN, is sysctl'able. 105 * XXX the default values should be computed dynamically based 106 * on available memory size and available mbuf clusters. 107 */ 108 int bpf_bufsize = BPF_BUFSIZE; 109 int bpf_maxbufsize = BPF_DFLTBUFSIZE; /* XXX set dynamically, see above */ 110 111 112 /* 113 * Global BPF statistics returned by net.bpf.stats sysctl. 114 */ 115 struct bpf_stat bpf_gstats; 116 117 /* 118 * Use a mutex to avoid a race condition between gathering the stats/peers 119 * and opening/closing the device. 120 */ 121 static kmutex_t bpf_mtx; 122 123 /* 124 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 125 * bpf_dtab holds the descriptors, indexed by minor device # 126 */ 127 struct bpf_if *bpf_iflist; 128 LIST_HEAD(, bpf_d) bpf_list; 129 130 static int bpf_allocbufs(struct bpf_d *); 131 static void bpf_deliver(struct bpf_if *, 132 void *(*cpfn)(void *, const void *, size_t), 133 void *, u_int, u_int, struct ifnet *); 134 static void bpf_freed(struct bpf_d *); 135 static void bpf_ifname(struct ifnet *, struct ifreq *); 136 static void *bpf_mcpy(void *, const void *, size_t); 137 static int bpf_movein(struct uio *, int, uint64_t, 138 struct mbuf **, struct sockaddr *); 139 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 140 static void bpf_detachd(struct bpf_d *); 141 static int bpf_setif(struct bpf_d *, struct ifreq *); 142 static void bpf_timed_out(void *); 143 static inline void 144 bpf_wakeup(struct bpf_d *); 145 static int bpf_hdrlen(struct bpf_d *); 146 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 147 void *(*)(void *, const void *, size_t), struct timespec *); 148 static void reset_d(struct bpf_d *); 149 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 150 static int bpf_setdlt(struct bpf_d *, u_int); 151 152 static int bpf_read(struct file *, off_t *, struct uio *, kauth_cred_t, 153 int); 154 static int bpf_write(struct file *, off_t *, struct uio *, kauth_cred_t, 155 int); 156 static int bpf_ioctl(struct file *, u_long, void *); 157 static int bpf_poll(struct file *, int); 158 static int bpf_stat(struct file *, struct stat *); 159 static int bpf_close(struct file *); 160 static int bpf_kqfilter(struct file *, struct knote *); 161 static void bpf_softintr(void *); 162 163 static const struct fileops bpf_fileops = { 164 .fo_read = bpf_read, 165 .fo_write = bpf_write, 166 .fo_ioctl = bpf_ioctl, 167 .fo_fcntl = fnullop_fcntl, 168 .fo_poll = bpf_poll, 169 .fo_stat = bpf_stat, 170 .fo_close = bpf_close, 171 .fo_kqfilter = bpf_kqfilter, 172 .fo_restart = fnullop_restart, 173 }; 174 175 dev_type_open(bpfopen); 176 177 const struct cdevsw bpf_cdevsw = { 178 bpfopen, noclose, noread, nowrite, noioctl, 179 nostop, notty, nopoll, nommap, nokqfilter, D_OTHER 180 }; 181 182 static int 183 bpf_movein(struct uio *uio, int linktype, uint64_t mtu, struct mbuf **mp, 184 struct sockaddr *sockp) 185 { 186 struct mbuf *m; 187 int error; 188 size_t len; 189 size_t hlen; 190 size_t align; 191 192 /* 193 * Build a sockaddr based on the data link layer type. 194 * We do this at this level because the ethernet header 195 * is copied directly into the data field of the sockaddr. 196 * In the case of SLIP, there is no header and the packet 197 * is forwarded as is. 198 * Also, we are careful to leave room at the front of the mbuf 199 * for the link level header. 200 */ 201 switch (linktype) { 202 203 case DLT_SLIP: 204 sockp->sa_family = AF_INET; 205 hlen = 0; 206 align = 0; 207 break; 208 209 case DLT_PPP: 210 sockp->sa_family = AF_UNSPEC; 211 hlen = 0; 212 align = 0; 213 break; 214 215 case DLT_EN10MB: 216 sockp->sa_family = AF_UNSPEC; 217 /* XXX Would MAXLINKHDR be better? */ 218 /* 6(dst)+6(src)+2(type) */ 219 hlen = sizeof(struct ether_header); 220 align = 2; 221 break; 222 223 case DLT_ARCNET: 224 sockp->sa_family = AF_UNSPEC; 225 hlen = ARC_HDRLEN; 226 align = 5; 227 break; 228 229 case DLT_FDDI: 230 sockp->sa_family = AF_LINK; 231 /* XXX 4(FORMAC)+6(dst)+6(src) */ 232 hlen = 16; 233 align = 0; 234 break; 235 236 case DLT_ECONET: 237 sockp->sa_family = AF_UNSPEC; 238 hlen = 6; 239 align = 2; 240 break; 241 242 case DLT_NULL: 243 sockp->sa_family = AF_UNSPEC; 244 hlen = 0; 245 align = 0; 246 break; 247 248 default: 249 return (EIO); 250 } 251 252 len = uio->uio_resid; 253 /* 254 * If there aren't enough bytes for a link level header or the 255 * packet length exceeds the interface mtu, return an error. 256 */ 257 if (len - hlen > mtu) 258 return (EMSGSIZE); 259 260 /* 261 * XXX Avoid complicated buffer chaining --- 262 * bail if it won't fit in a single mbuf. 263 * (Take into account possible alignment bytes) 264 */ 265 if (len + align > MCLBYTES) 266 return (EIO); 267 268 m = m_gethdr(M_WAIT, MT_DATA); 269 m->m_pkthdr.rcvif = 0; 270 m->m_pkthdr.len = (int)(len - hlen); 271 if (len + align > MHLEN) { 272 m_clget(m, M_WAIT); 273 if ((m->m_flags & M_EXT) == 0) { 274 error = ENOBUFS; 275 goto bad; 276 } 277 } 278 279 /* Insure the data is properly aligned */ 280 if (align > 0) { 281 m->m_data += align; 282 m->m_len -= (int)align; 283 } 284 285 error = uiomove(mtod(m, void *), len, uio); 286 if (error) 287 goto bad; 288 if (hlen != 0) { 289 memcpy(sockp->sa_data, mtod(m, void *), hlen); 290 m->m_data += hlen; /* XXX */ 291 len -= hlen; 292 } 293 m->m_len = (int)len; 294 *mp = m; 295 return (0); 296 297 bad: 298 m_freem(m); 299 return (error); 300 } 301 302 /* 303 * Attach file to the bpf interface, i.e. make d listen on bp. 304 * Must be called at splnet. 305 */ 306 static void 307 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 308 { 309 /* 310 * Point d at bp, and add d to the interface's list of listeners. 311 * Finally, point the driver's bpf cookie at the interface so 312 * it will divert packets to bpf. 313 */ 314 d->bd_bif = bp; 315 d->bd_next = bp->bif_dlist; 316 bp->bif_dlist = d; 317 318 *bp->bif_driverp = bp; 319 } 320 321 /* 322 * Detach a file from its interface. 323 */ 324 static void 325 bpf_detachd(struct bpf_d *d) 326 { 327 struct bpf_d **p; 328 struct bpf_if *bp; 329 330 bp = d->bd_bif; 331 /* 332 * Check if this descriptor had requested promiscuous mode. 333 * If so, turn it off. 334 */ 335 if (d->bd_promisc) { 336 int error; 337 338 d->bd_promisc = 0; 339 /* 340 * Take device out of promiscuous mode. Since we were 341 * able to enter promiscuous mode, we should be able 342 * to turn it off. But we can get an error if 343 * the interface was configured down, so only panic 344 * if we don't get an unexpected error. 345 */ 346 error = ifpromisc(bp->bif_ifp, 0); 347 if (error && error != EINVAL) 348 panic("%s: ifpromisc failed: %d", __func__, error); 349 } 350 /* Remove d from the interface's descriptor list. */ 351 p = &bp->bif_dlist; 352 while (*p != d) { 353 p = &(*p)->bd_next; 354 if (*p == 0) 355 panic("%s: descriptor not in list", __func__); 356 } 357 *p = (*p)->bd_next; 358 if (bp->bif_dlist == 0) 359 /* 360 * Let the driver know that there are no more listeners. 361 */ 362 *d->bd_bif->bif_driverp = 0; 363 d->bd_bif = 0; 364 } 365 366 static int 367 doinit(void) 368 { 369 370 mutex_init(&bpf_mtx, MUTEX_DEFAULT, IPL_NONE); 371 372 LIST_INIT(&bpf_list); 373 374 bpf_gstats.bs_recv = 0; 375 bpf_gstats.bs_drop = 0; 376 bpf_gstats.bs_capt = 0; 377 378 return 0; 379 } 380 381 /* 382 * bpfilterattach() is called at boot time. 383 */ 384 /* ARGSUSED */ 385 void 386 bpfilterattach(int n) 387 { 388 static ONCE_DECL(control); 389 390 RUN_ONCE(&control, doinit); 391 } 392 393 /* 394 * Open ethernet device. Clones. 395 */ 396 /* ARGSUSED */ 397 int 398 bpfopen(dev_t dev, int flag, int mode, struct lwp *l) 399 { 400 struct bpf_d *d; 401 struct file *fp; 402 int error, fd; 403 404 /* falloc() will use the descriptor for us. */ 405 if ((error = fd_allocfile(&fp, &fd)) != 0) 406 return error; 407 408 d = malloc(sizeof(*d), M_DEVBUF, M_WAITOK|M_ZERO); 409 d->bd_bufsize = bpf_bufsize; 410 d->bd_seesent = 1; 411 d->bd_feedback = 0; 412 d->bd_pid = l->l_proc->p_pid; 413 #ifdef _LP64 414 if (curproc->p_flag & PK_32) 415 d->bd_compat32 = 1; 416 #endif 417 getnanotime(&d->bd_btime); 418 d->bd_atime = d->bd_mtime = d->bd_btime; 419 callout_init(&d->bd_callout, 0); 420 selinit(&d->bd_sel); 421 d->bd_sih = softint_establish(SOFTINT_CLOCK, bpf_softintr, d); 422 423 mutex_enter(&bpf_mtx); 424 LIST_INSERT_HEAD(&bpf_list, d, bd_list); 425 mutex_exit(&bpf_mtx); 426 427 return fd_clone(fp, fd, flag, &bpf_fileops, d); 428 } 429 430 /* 431 * Close the descriptor by detaching it from its interface, 432 * deallocating its buffers, and marking it free. 433 */ 434 /* ARGSUSED */ 435 static int 436 bpf_close(struct file *fp) 437 { 438 struct bpf_d *d = fp->f_data; 439 int s; 440 441 KERNEL_LOCK(1, NULL); 442 443 /* 444 * Refresh the PID associated with this bpf file. 445 */ 446 d->bd_pid = curproc->p_pid; 447 448 s = splnet(); 449 if (d->bd_state == BPF_WAITING) 450 callout_stop(&d->bd_callout); 451 d->bd_state = BPF_IDLE; 452 if (d->bd_bif) 453 bpf_detachd(d); 454 splx(s); 455 bpf_freed(d); 456 mutex_enter(&bpf_mtx); 457 LIST_REMOVE(d, bd_list); 458 mutex_exit(&bpf_mtx); 459 callout_destroy(&d->bd_callout); 460 seldestroy(&d->bd_sel); 461 softint_disestablish(d->bd_sih); 462 free(d, M_DEVBUF); 463 fp->f_data = NULL; 464 465 KERNEL_UNLOCK_ONE(NULL); 466 467 return (0); 468 } 469 470 /* 471 * Rotate the packet buffers in descriptor d. Move the store buffer 472 * into the hold slot, and the free buffer into the store slot. 473 * Zero the length of the new store buffer. 474 */ 475 #define ROTATE_BUFFERS(d) \ 476 (d)->bd_hbuf = (d)->bd_sbuf; \ 477 (d)->bd_hlen = (d)->bd_slen; \ 478 (d)->bd_sbuf = (d)->bd_fbuf; \ 479 (d)->bd_slen = 0; \ 480 (d)->bd_fbuf = 0; 481 /* 482 * bpfread - read next chunk of packets from buffers 483 */ 484 static int 485 bpf_read(struct file *fp, off_t *offp, struct uio *uio, 486 kauth_cred_t cred, int flags) 487 { 488 struct bpf_d *d = fp->f_data; 489 int timed_out; 490 int error; 491 int s; 492 493 getnanotime(&d->bd_atime); 494 /* 495 * Restrict application to use a buffer the same size as 496 * the kernel buffers. 497 */ 498 if (uio->uio_resid != d->bd_bufsize) 499 return (EINVAL); 500 501 KERNEL_LOCK(1, NULL); 502 s = splnet(); 503 if (d->bd_state == BPF_WAITING) 504 callout_stop(&d->bd_callout); 505 timed_out = (d->bd_state == BPF_TIMED_OUT); 506 d->bd_state = BPF_IDLE; 507 /* 508 * If the hold buffer is empty, then do a timed sleep, which 509 * ends when the timeout expires or when enough packets 510 * have arrived to fill the store buffer. 511 */ 512 while (d->bd_hbuf == 0) { 513 if (fp->f_flag & FNONBLOCK) { 514 if (d->bd_slen == 0) { 515 splx(s); 516 KERNEL_UNLOCK_ONE(NULL); 517 return (EWOULDBLOCK); 518 } 519 ROTATE_BUFFERS(d); 520 break; 521 } 522 523 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) { 524 /* 525 * A packet(s) either arrived since the previous 526 * read or arrived while we were asleep. 527 * Rotate the buffers and return what's here. 528 */ 529 ROTATE_BUFFERS(d); 530 break; 531 } 532 error = tsleep(d, PRINET|PCATCH, "bpf", 533 d->bd_rtout); 534 if (error == EINTR || error == ERESTART) { 535 splx(s); 536 KERNEL_UNLOCK_ONE(NULL); 537 return (error); 538 } 539 if (error == EWOULDBLOCK) { 540 /* 541 * On a timeout, return what's in the buffer, 542 * which may be nothing. If there is something 543 * in the store buffer, we can rotate the buffers. 544 */ 545 if (d->bd_hbuf) 546 /* 547 * We filled up the buffer in between 548 * getting the timeout and arriving 549 * here, so we don't need to rotate. 550 */ 551 break; 552 553 if (d->bd_slen == 0) { 554 splx(s); 555 KERNEL_UNLOCK_ONE(NULL); 556 return (0); 557 } 558 ROTATE_BUFFERS(d); 559 break; 560 } 561 if (error != 0) 562 goto done; 563 } 564 /* 565 * At this point, we know we have something in the hold slot. 566 */ 567 splx(s); 568 569 /* 570 * Move data from hold buffer into user space. 571 * We know the entire buffer is transferred since 572 * we checked above that the read buffer is bpf_bufsize bytes. 573 */ 574 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 575 576 s = splnet(); 577 d->bd_fbuf = d->bd_hbuf; 578 d->bd_hbuf = 0; 579 d->bd_hlen = 0; 580 done: 581 splx(s); 582 KERNEL_UNLOCK_ONE(NULL); 583 return (error); 584 } 585 586 587 /* 588 * If there are processes sleeping on this descriptor, wake them up. 589 */ 590 static inline void 591 bpf_wakeup(struct bpf_d *d) 592 { 593 wakeup(d); 594 if (d->bd_async) 595 softint_schedule(d->bd_sih); 596 selnotify(&d->bd_sel, 0, 0); 597 } 598 599 static void 600 bpf_softintr(void *cookie) 601 { 602 struct bpf_d *d; 603 604 d = cookie; 605 if (d->bd_async) 606 fownsignal(d->bd_pgid, SIGIO, 0, 0, NULL); 607 } 608 609 static void 610 bpf_timed_out(void *arg) 611 { 612 struct bpf_d *d = arg; 613 int s; 614 615 s = splnet(); 616 if (d->bd_state == BPF_WAITING) { 617 d->bd_state = BPF_TIMED_OUT; 618 if (d->bd_slen != 0) 619 bpf_wakeup(d); 620 } 621 splx(s); 622 } 623 624 625 static int 626 bpf_write(struct file *fp, off_t *offp, struct uio *uio, 627 kauth_cred_t cred, int flags) 628 { 629 struct bpf_d *d = fp->f_data; 630 struct ifnet *ifp; 631 struct mbuf *m, *mc; 632 int error, s; 633 static struct sockaddr_storage dst; 634 635 m = NULL; /* XXX gcc */ 636 637 KERNEL_LOCK(1, NULL); 638 639 if (d->bd_bif == 0) { 640 KERNEL_UNLOCK_ONE(NULL); 641 return (ENXIO); 642 } 643 getnanotime(&d->bd_mtime); 644 645 ifp = d->bd_bif->bif_ifp; 646 647 if (uio->uio_resid == 0) { 648 KERNEL_UNLOCK_ONE(NULL); 649 return (0); 650 } 651 652 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 653 (struct sockaddr *) &dst); 654 if (error) { 655 KERNEL_UNLOCK_ONE(NULL); 656 return (error); 657 } 658 659 if (m->m_pkthdr.len > ifp->if_mtu) { 660 KERNEL_UNLOCK_ONE(NULL); 661 m_freem(m); 662 return (EMSGSIZE); 663 } 664 665 if (d->bd_hdrcmplt) 666 dst.ss_family = pseudo_AF_HDRCMPLT; 667 668 if (d->bd_feedback) { 669 mc = m_dup(m, 0, M_COPYALL, M_NOWAIT); 670 if (mc != NULL) 671 mc->m_pkthdr.rcvif = ifp; 672 /* Set M_PROMISC for outgoing packets to be discarded. */ 673 if (1 /*d->bd_direction == BPF_D_INOUT*/) 674 m->m_flags |= M_PROMISC; 675 } else 676 mc = NULL; 677 678 s = splsoftnet(); 679 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 680 681 if (mc != NULL) { 682 if (error == 0) 683 (*ifp->if_input)(ifp, mc); 684 } else 685 m_freem(mc); 686 splx(s); 687 KERNEL_UNLOCK_ONE(NULL); 688 /* 689 * The driver frees the mbuf. 690 */ 691 return (error); 692 } 693 694 /* 695 * Reset a descriptor by flushing its packet buffer and clearing the 696 * receive and drop counts. Should be called at splnet. 697 */ 698 static void 699 reset_d(struct bpf_d *d) 700 { 701 if (d->bd_hbuf) { 702 /* Free the hold buffer. */ 703 d->bd_fbuf = d->bd_hbuf; 704 d->bd_hbuf = 0; 705 } 706 d->bd_slen = 0; 707 d->bd_hlen = 0; 708 d->bd_rcount = 0; 709 d->bd_dcount = 0; 710 d->bd_ccount = 0; 711 } 712 713 /* 714 * FIONREAD Check for read packet available. 715 * BIOCGBLEN Get buffer len [for read()]. 716 * BIOCSETF Set ethernet read filter. 717 * BIOCFLUSH Flush read packet buffer. 718 * BIOCPROMISC Put interface into promiscuous mode. 719 * BIOCGDLT Get link layer type. 720 * BIOCGETIF Get interface name. 721 * BIOCSETIF Set interface. 722 * BIOCSRTIMEOUT Set read timeout. 723 * BIOCGRTIMEOUT Get read timeout. 724 * BIOCGSTATS Get packet stats. 725 * BIOCIMMEDIATE Set immediate mode. 726 * BIOCVERSION Get filter language version. 727 * BIOCGHDRCMPLT Get "header already complete" flag. 728 * BIOCSHDRCMPLT Set "header already complete" flag. 729 * BIOCSFEEDBACK Set packet feedback mode. 730 * BIOCGFEEDBACK Get packet feedback mode. 731 * BIOCGSEESENT Get "see sent packets" mode. 732 * BIOCSSEESENT Set "see sent packets" mode. 733 */ 734 /* ARGSUSED */ 735 static int 736 bpf_ioctl(struct file *fp, u_long cmd, void *addr) 737 { 738 struct bpf_d *d = fp->f_data; 739 int s, error = 0; 740 741 /* 742 * Refresh the PID associated with this bpf file. 743 */ 744 KERNEL_LOCK(1, NULL); 745 d->bd_pid = curproc->p_pid; 746 #ifdef _LP64 747 if (curproc->p_flag & PK_32) 748 d->bd_compat32 = 1; 749 else 750 d->bd_compat32 = 0; 751 #endif 752 753 s = splnet(); 754 if (d->bd_state == BPF_WAITING) 755 callout_stop(&d->bd_callout); 756 d->bd_state = BPF_IDLE; 757 splx(s); 758 759 switch (cmd) { 760 761 default: 762 error = EINVAL; 763 break; 764 765 /* 766 * Check for read packet available. 767 */ 768 case FIONREAD: 769 { 770 int n; 771 772 s = splnet(); 773 n = d->bd_slen; 774 if (d->bd_hbuf) 775 n += d->bd_hlen; 776 splx(s); 777 778 *(int *)addr = n; 779 break; 780 } 781 782 /* 783 * Get buffer len [for read()]. 784 */ 785 case BIOCGBLEN: 786 *(u_int *)addr = d->bd_bufsize; 787 break; 788 789 /* 790 * Set buffer length. 791 */ 792 case BIOCSBLEN: 793 if (d->bd_bif != 0) 794 error = EINVAL; 795 else { 796 u_int size = *(u_int *)addr; 797 798 if (size > bpf_maxbufsize) 799 *(u_int *)addr = size = bpf_maxbufsize; 800 else if (size < BPF_MINBUFSIZE) 801 *(u_int *)addr = size = BPF_MINBUFSIZE; 802 d->bd_bufsize = size; 803 } 804 break; 805 806 /* 807 * Set link layer read filter. 808 */ 809 case BIOCSETF: 810 error = bpf_setf(d, addr); 811 break; 812 813 /* 814 * Flush read packet buffer. 815 */ 816 case BIOCFLUSH: 817 s = splnet(); 818 reset_d(d); 819 splx(s); 820 break; 821 822 /* 823 * Put interface into promiscuous mode. 824 */ 825 case BIOCPROMISC: 826 if (d->bd_bif == 0) { 827 /* 828 * No interface attached yet. 829 */ 830 error = EINVAL; 831 break; 832 } 833 s = splnet(); 834 if (d->bd_promisc == 0) { 835 error = ifpromisc(d->bd_bif->bif_ifp, 1); 836 if (error == 0) 837 d->bd_promisc = 1; 838 } 839 splx(s); 840 break; 841 842 /* 843 * Get device parameters. 844 */ 845 case BIOCGDLT: 846 if (d->bd_bif == 0) 847 error = EINVAL; 848 else 849 *(u_int *)addr = d->bd_bif->bif_dlt; 850 break; 851 852 /* 853 * Get a list of supported device parameters. 854 */ 855 case BIOCGDLTLIST: 856 if (d->bd_bif == 0) 857 error = EINVAL; 858 else 859 error = bpf_getdltlist(d, addr); 860 break; 861 862 /* 863 * Set device parameters. 864 */ 865 case BIOCSDLT: 866 if (d->bd_bif == 0) 867 error = EINVAL; 868 else 869 error = bpf_setdlt(d, *(u_int *)addr); 870 break; 871 872 /* 873 * Set interface name. 874 */ 875 #ifdef OBIOCGETIF 876 case OBIOCGETIF: 877 #endif 878 case BIOCGETIF: 879 if (d->bd_bif == 0) 880 error = EINVAL; 881 else 882 bpf_ifname(d->bd_bif->bif_ifp, addr); 883 break; 884 885 /* 886 * Set interface. 887 */ 888 #ifdef OBIOCSETIF 889 case OBIOCSETIF: 890 #endif 891 case BIOCSETIF: 892 error = bpf_setif(d, addr); 893 break; 894 895 /* 896 * Set read timeout. 897 */ 898 case BIOCSRTIMEOUT: 899 { 900 struct timeval *tv = addr; 901 902 /* Compute number of ticks. */ 903 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 904 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 905 d->bd_rtout = 1; 906 break; 907 } 908 909 #ifdef BIOCGORTIMEOUT 910 /* 911 * Get read timeout. 912 */ 913 case BIOCGORTIMEOUT: 914 { 915 struct timeval50 *tv = addr; 916 917 tv->tv_sec = d->bd_rtout / hz; 918 tv->tv_usec = (d->bd_rtout % hz) * tick; 919 break; 920 } 921 #endif 922 923 #ifdef BIOCSORTIMEOUT 924 /* 925 * Set read timeout. 926 */ 927 case BIOCSORTIMEOUT: 928 { 929 struct timeval50 *tv = addr; 930 931 /* Compute number of ticks. */ 932 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 933 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 934 d->bd_rtout = 1; 935 break; 936 } 937 #endif 938 939 /* 940 * Get read timeout. 941 */ 942 case BIOCGRTIMEOUT: 943 { 944 struct timeval *tv = addr; 945 946 tv->tv_sec = d->bd_rtout / hz; 947 tv->tv_usec = (d->bd_rtout % hz) * tick; 948 break; 949 } 950 /* 951 * Get packet stats. 952 */ 953 case BIOCGSTATS: 954 { 955 struct bpf_stat *bs = addr; 956 957 bs->bs_recv = d->bd_rcount; 958 bs->bs_drop = d->bd_dcount; 959 bs->bs_capt = d->bd_ccount; 960 break; 961 } 962 963 case BIOCGSTATSOLD: 964 { 965 struct bpf_stat_old *bs = addr; 966 967 bs->bs_recv = d->bd_rcount; 968 bs->bs_drop = d->bd_dcount; 969 break; 970 } 971 972 /* 973 * Set immediate mode. 974 */ 975 case BIOCIMMEDIATE: 976 d->bd_immediate = *(u_int *)addr; 977 break; 978 979 case BIOCVERSION: 980 { 981 struct bpf_version *bv = addr; 982 983 bv->bv_major = BPF_MAJOR_VERSION; 984 bv->bv_minor = BPF_MINOR_VERSION; 985 break; 986 } 987 988 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 989 *(u_int *)addr = d->bd_hdrcmplt; 990 break; 991 992 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 993 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 994 break; 995 996 /* 997 * Get "see sent packets" flag 998 */ 999 case BIOCGSEESENT: 1000 *(u_int *)addr = d->bd_seesent; 1001 break; 1002 1003 /* 1004 * Set "see sent" packets flag 1005 */ 1006 case BIOCSSEESENT: 1007 d->bd_seesent = *(u_int *)addr; 1008 break; 1009 1010 /* 1011 * Set "feed packets from bpf back to input" mode 1012 */ 1013 case BIOCSFEEDBACK: 1014 d->bd_feedback = *(u_int *)addr; 1015 break; 1016 1017 /* 1018 * Get "feed packets from bpf back to input" mode 1019 */ 1020 case BIOCGFEEDBACK: 1021 *(u_int *)addr = d->bd_feedback; 1022 break; 1023 1024 case FIONBIO: /* Non-blocking I/O */ 1025 /* 1026 * No need to do anything special as we use IO_NDELAY in 1027 * bpfread() as an indication of whether or not to block 1028 * the read. 1029 */ 1030 break; 1031 1032 case FIOASYNC: /* Send signal on receive packets */ 1033 d->bd_async = *(int *)addr; 1034 break; 1035 1036 case TIOCSPGRP: /* Process or group to send signals to */ 1037 case FIOSETOWN: 1038 error = fsetown(&d->bd_pgid, cmd, addr); 1039 break; 1040 1041 case TIOCGPGRP: 1042 case FIOGETOWN: 1043 error = fgetown(d->bd_pgid, cmd, addr); 1044 break; 1045 } 1046 KERNEL_UNLOCK_ONE(NULL); 1047 return (error); 1048 } 1049 1050 /* 1051 * Set d's packet filter program to fp. If this file already has a filter, 1052 * free it and replace it. Returns EINVAL for bogus requests. 1053 */ 1054 int 1055 bpf_setf(struct bpf_d *d, struct bpf_program *fp) 1056 { 1057 struct bpf_insn *fcode, *old; 1058 u_int flen, size; 1059 int s; 1060 1061 old = d->bd_filter; 1062 if (fp->bf_insns == 0) { 1063 if (fp->bf_len != 0) 1064 return (EINVAL); 1065 s = splnet(); 1066 d->bd_filter = 0; 1067 reset_d(d); 1068 splx(s); 1069 if (old != 0) 1070 free(old, M_DEVBUF); 1071 return (0); 1072 } 1073 flen = fp->bf_len; 1074 if (flen > BPF_MAXINSNS) 1075 return (EINVAL); 1076 1077 size = flen * sizeof(*fp->bf_insns); 1078 fcode = malloc(size, M_DEVBUF, M_WAITOK); 1079 if (copyin(fp->bf_insns, fcode, size) == 0 && 1080 bpf_validate(fcode, (int)flen)) { 1081 s = splnet(); 1082 d->bd_filter = fcode; 1083 reset_d(d); 1084 splx(s); 1085 if (old != 0) 1086 free(old, M_DEVBUF); 1087 1088 return (0); 1089 } 1090 free(fcode, M_DEVBUF); 1091 return (EINVAL); 1092 } 1093 1094 /* 1095 * Detach a file from its current interface (if attached at all) and attach 1096 * to the interface indicated by the name stored in ifr. 1097 * Return an errno or 0. 1098 */ 1099 static int 1100 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 1101 { 1102 struct bpf_if *bp; 1103 char *cp; 1104 int unit_seen, i, s, error; 1105 1106 /* 1107 * Make sure the provided name has a unit number, and default 1108 * it to '0' if not specified. 1109 * XXX This is ugly ... do this differently? 1110 */ 1111 unit_seen = 0; 1112 cp = ifr->ifr_name; 1113 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 1114 while (*cp++) 1115 if (*cp >= '0' && *cp <= '9') 1116 unit_seen = 1; 1117 if (!unit_seen) { 1118 /* Make sure to leave room for the '\0'. */ 1119 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 1120 if ((ifr->ifr_name[i] >= 'a' && 1121 ifr->ifr_name[i] <= 'z') || 1122 (ifr->ifr_name[i] >= 'A' && 1123 ifr->ifr_name[i] <= 'Z')) 1124 continue; 1125 ifr->ifr_name[i] = '0'; 1126 } 1127 } 1128 1129 /* 1130 * Look through attached interfaces for the named one. 1131 */ 1132 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 1133 struct ifnet *ifp = bp->bif_ifp; 1134 1135 if (ifp == 0 || 1136 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 1137 continue; 1138 /* skip additional entry */ 1139 if (bp->bif_driverp != &ifp->if_bpf) 1140 continue; 1141 /* 1142 * We found the requested interface. 1143 * Allocate the packet buffers if we need to. 1144 * If we're already attached to requested interface, 1145 * just flush the buffer. 1146 */ 1147 if (d->bd_sbuf == 0) { 1148 error = bpf_allocbufs(d); 1149 if (error != 0) 1150 return (error); 1151 } 1152 s = splnet(); 1153 if (bp != d->bd_bif) { 1154 if (d->bd_bif) 1155 /* 1156 * Detach if attached to something else. 1157 */ 1158 bpf_detachd(d); 1159 1160 bpf_attachd(d, bp); 1161 } 1162 reset_d(d); 1163 splx(s); 1164 return (0); 1165 } 1166 /* Not found. */ 1167 return (ENXIO); 1168 } 1169 1170 /* 1171 * Copy the interface name to the ifreq. 1172 */ 1173 static void 1174 bpf_ifname(struct ifnet *ifp, struct ifreq *ifr) 1175 { 1176 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 1177 } 1178 1179 static int 1180 bpf_stat(struct file *fp, struct stat *st) 1181 { 1182 struct bpf_d *d = fp->f_data; 1183 1184 (void)memset(st, 0, sizeof(*st)); 1185 KERNEL_LOCK(1, NULL); 1186 st->st_dev = makedev(cdevsw_lookup_major(&bpf_cdevsw), d->bd_pid); 1187 st->st_atimespec = d->bd_atime; 1188 st->st_mtimespec = d->bd_mtime; 1189 st->st_ctimespec = st->st_birthtimespec = d->bd_btime; 1190 st->st_uid = kauth_cred_geteuid(fp->f_cred); 1191 st->st_gid = kauth_cred_getegid(fp->f_cred); 1192 st->st_mode = S_IFCHR; 1193 KERNEL_UNLOCK_ONE(NULL); 1194 return 0; 1195 } 1196 1197 /* 1198 * Support for poll() system call 1199 * 1200 * Return true iff the specific operation will not block indefinitely - with 1201 * the assumption that it is safe to positively acknowledge a request for the 1202 * ability to write to the BPF device. 1203 * Otherwise, return false but make a note that a selnotify() must be done. 1204 */ 1205 static int 1206 bpf_poll(struct file *fp, int events) 1207 { 1208 struct bpf_d *d = fp->f_data; 1209 int s = splnet(); 1210 int revents; 1211 1212 /* 1213 * Refresh the PID associated with this bpf file. 1214 */ 1215 KERNEL_LOCK(1, NULL); 1216 d->bd_pid = curproc->p_pid; 1217 1218 revents = events & (POLLOUT | POLLWRNORM); 1219 if (events & (POLLIN | POLLRDNORM)) { 1220 /* 1221 * An imitation of the FIONREAD ioctl code. 1222 */ 1223 if (d->bd_hlen != 0 || 1224 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1225 d->bd_slen != 0)) { 1226 revents |= events & (POLLIN | POLLRDNORM); 1227 } else { 1228 selrecord(curlwp, &d->bd_sel); 1229 /* Start the read timeout if necessary */ 1230 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 1231 callout_reset(&d->bd_callout, d->bd_rtout, 1232 bpf_timed_out, d); 1233 d->bd_state = BPF_WAITING; 1234 } 1235 } 1236 } 1237 1238 KERNEL_UNLOCK_ONE(NULL); 1239 splx(s); 1240 return (revents); 1241 } 1242 1243 static void 1244 filt_bpfrdetach(struct knote *kn) 1245 { 1246 struct bpf_d *d = kn->kn_hook; 1247 int s; 1248 1249 KERNEL_LOCK(1, NULL); 1250 s = splnet(); 1251 SLIST_REMOVE(&d->bd_sel.sel_klist, kn, knote, kn_selnext); 1252 splx(s); 1253 KERNEL_UNLOCK_ONE(NULL); 1254 } 1255 1256 static int 1257 filt_bpfread(struct knote *kn, long hint) 1258 { 1259 struct bpf_d *d = kn->kn_hook; 1260 int rv; 1261 1262 KERNEL_LOCK(1, NULL); 1263 kn->kn_data = d->bd_hlen; 1264 if (d->bd_immediate) 1265 kn->kn_data += d->bd_slen; 1266 rv = (kn->kn_data > 0); 1267 KERNEL_UNLOCK_ONE(NULL); 1268 return rv; 1269 } 1270 1271 static const struct filterops bpfread_filtops = 1272 { 1, NULL, filt_bpfrdetach, filt_bpfread }; 1273 1274 static int 1275 bpf_kqfilter(struct file *fp, struct knote *kn) 1276 { 1277 struct bpf_d *d = fp->f_data; 1278 struct klist *klist; 1279 int s; 1280 1281 KERNEL_LOCK(1, NULL); 1282 1283 switch (kn->kn_filter) { 1284 case EVFILT_READ: 1285 klist = &d->bd_sel.sel_klist; 1286 kn->kn_fop = &bpfread_filtops; 1287 break; 1288 1289 default: 1290 KERNEL_UNLOCK_ONE(NULL); 1291 return (EINVAL); 1292 } 1293 1294 kn->kn_hook = d; 1295 1296 s = splnet(); 1297 SLIST_INSERT_HEAD(klist, kn, kn_selnext); 1298 splx(s); 1299 KERNEL_UNLOCK_ONE(NULL); 1300 1301 return (0); 1302 } 1303 1304 /* 1305 * Incoming linkage from device drivers. Process the packet pkt, of length 1306 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1307 * by each process' filter, and if accepted, stashed into the corresponding 1308 * buffer. 1309 */ 1310 static void 1311 _bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 1312 { 1313 struct bpf_d *d; 1314 u_int slen; 1315 struct timespec ts; 1316 int gottime=0; 1317 1318 /* 1319 * Note that the ipl does not have to be raised at this point. 1320 * The only problem that could arise here is that if two different 1321 * interfaces shared any data. This is not the case. 1322 */ 1323 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1324 ++d->bd_rcount; 1325 ++bpf_gstats.bs_recv; 1326 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1327 if (slen != 0) { 1328 if (!gottime) { 1329 nanotime(&ts); 1330 gottime = 1; 1331 } 1332 catchpacket(d, pkt, pktlen, slen, memcpy, &ts); 1333 } 1334 } 1335 } 1336 1337 /* 1338 * Copy data from an mbuf chain into a buffer. This code is derived 1339 * from m_copydata in sys/uipc_mbuf.c. 1340 */ 1341 static void * 1342 bpf_mcpy(void *dst_arg, const void *src_arg, size_t len) 1343 { 1344 const struct mbuf *m; 1345 u_int count; 1346 u_char *dst; 1347 1348 m = src_arg; 1349 dst = dst_arg; 1350 while (len > 0) { 1351 if (m == NULL) 1352 panic("bpf_mcpy"); 1353 count = min(m->m_len, len); 1354 memcpy(dst, mtod(m, const void *), count); 1355 m = m->m_next; 1356 dst += count; 1357 len -= count; 1358 } 1359 return dst_arg; 1360 } 1361 1362 /* 1363 * Dispatch a packet to all the listeners on interface bp. 1364 * 1365 * marg pointer to the packet, either a data buffer or an mbuf chain 1366 * buflen buffer length, if marg is a data buffer 1367 * cpfn a function that can copy marg into the listener's buffer 1368 * pktlen length of the packet 1369 * rcvif either NULL or the interface the packet came in on. 1370 */ 1371 static inline void 1372 bpf_deliver(struct bpf_if *bp, void *(*cpfn)(void *, const void *, size_t), 1373 void *marg, u_int pktlen, u_int buflen, struct ifnet *rcvif) 1374 { 1375 u_int slen; 1376 struct bpf_d *d; 1377 struct timespec ts; 1378 int gottime = 0; 1379 1380 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1381 if (!d->bd_seesent && (rcvif == NULL)) 1382 continue; 1383 ++d->bd_rcount; 1384 ++bpf_gstats.bs_recv; 1385 slen = bpf_filter(d->bd_filter, marg, pktlen, buflen); 1386 if (slen != 0) { 1387 if(!gottime) { 1388 nanotime(&ts); 1389 gottime = 1; 1390 } 1391 catchpacket(d, marg, pktlen, slen, cpfn, &ts); 1392 } 1393 } 1394 } 1395 1396 /* 1397 * Incoming linkage from device drivers, when the head of the packet is in 1398 * a buffer, and the tail is in an mbuf chain. 1399 */ 1400 static void 1401 _bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 1402 { 1403 u_int pktlen; 1404 struct mbuf mb; 1405 1406 /* Skip outgoing duplicate packets. */ 1407 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) { 1408 m->m_flags &= ~M_PROMISC; 1409 return; 1410 } 1411 1412 pktlen = m_length(m) + dlen; 1413 1414 /* 1415 * Craft on-stack mbuf suitable for passing to bpf_filter. 1416 * Note that we cut corners here; we only setup what's 1417 * absolutely needed--this mbuf should never go anywhere else. 1418 */ 1419 (void)memset(&mb, 0, sizeof(mb)); 1420 mb.m_next = m; 1421 mb.m_data = data; 1422 mb.m_len = dlen; 1423 1424 bpf_deliver(bp, bpf_mcpy, &mb, pktlen, 0, m->m_pkthdr.rcvif); 1425 } 1426 1427 /* 1428 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1429 */ 1430 static void 1431 _bpf_mtap(struct bpf_if *bp, struct mbuf *m) 1432 { 1433 void *(*cpfn)(void *, const void *, size_t); 1434 u_int pktlen, buflen; 1435 void *marg; 1436 1437 /* Skip outgoing duplicate packets. */ 1438 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) { 1439 m->m_flags &= ~M_PROMISC; 1440 return; 1441 } 1442 1443 pktlen = m_length(m); 1444 1445 if (pktlen == m->m_len) { 1446 cpfn = (void *)memcpy; 1447 marg = mtod(m, void *); 1448 buflen = pktlen; 1449 } else { 1450 cpfn = bpf_mcpy; 1451 marg = m; 1452 buflen = 0; 1453 } 1454 1455 bpf_deliver(bp, cpfn, marg, pktlen, buflen, m->m_pkthdr.rcvif); 1456 } 1457 1458 /* 1459 * We need to prepend the address family as 1460 * a four byte field. Cons up a dummy header 1461 * to pacify bpf. This is safe because bpf 1462 * will only read from the mbuf (i.e., it won't 1463 * try to free it or keep a pointer a to it). 1464 */ 1465 static void 1466 _bpf_mtap_af(struct bpf_if *bp, uint32_t af, struct mbuf *m) 1467 { 1468 struct mbuf m0; 1469 1470 m0.m_flags = 0; 1471 m0.m_next = m; 1472 m0.m_len = 4; 1473 m0.m_data = (char *)⁡ 1474 1475 _bpf_mtap(bp, &m0); 1476 } 1477 1478 /* 1479 * Put the SLIP pseudo-"link header" in place. 1480 * Note this M_PREPEND() should never fail, 1481 * swince we know we always have enough space 1482 * in the input buffer. 1483 */ 1484 static void 1485 _bpf_mtap_sl_in(struct bpf_if *bp, u_char *chdr, struct mbuf **m) 1486 { 1487 int s; 1488 u_char *hp; 1489 1490 M_PREPEND(*m, SLIP_HDRLEN, M_DONTWAIT); 1491 if (*m == NULL) 1492 return; 1493 1494 hp = mtod(*m, u_char *); 1495 hp[SLX_DIR] = SLIPDIR_IN; 1496 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1497 1498 s = splnet(); 1499 _bpf_mtap(bp, *m); 1500 splx(s); 1501 1502 m_adj(*m, SLIP_HDRLEN); 1503 } 1504 1505 /* 1506 * Put the SLIP pseudo-"link header" in 1507 * place. The compressed header is now 1508 * at the beginning of the mbuf. 1509 */ 1510 static void 1511 _bpf_mtap_sl_out(struct bpf_if *bp, u_char *chdr, struct mbuf *m) 1512 { 1513 struct mbuf m0; 1514 u_char *hp; 1515 int s; 1516 1517 m0.m_flags = 0; 1518 m0.m_next = m; 1519 m0.m_data = m0.m_dat; 1520 m0.m_len = SLIP_HDRLEN; 1521 1522 hp = mtod(&m0, u_char *); 1523 1524 hp[SLX_DIR] = SLIPDIR_OUT; 1525 (void)memcpy(&hp[SLX_CHDR], chdr, CHDR_LEN); 1526 1527 s = splnet(); 1528 _bpf_mtap(bp, &m0); 1529 splx(s); 1530 m_freem(m); 1531 } 1532 1533 static int 1534 bpf_hdrlen(struct bpf_d *d) 1535 { 1536 int hdrlen = d->bd_bif->bif_hdrlen; 1537 /* 1538 * Compute the length of the bpf header. This is not necessarily 1539 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1540 * that the network layer header begins on a longword boundary (for 1541 * performance reasons and to alleviate alignment restrictions). 1542 */ 1543 #ifdef _LP64 1544 if (d->bd_compat32) 1545 return (BPF_WORDALIGN32(hdrlen + SIZEOF_BPF_HDR32) - hdrlen); 1546 else 1547 #endif 1548 return (BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen); 1549 } 1550 /* 1551 * Move the packet data from interface memory (pkt) into the 1552 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1553 * otherwise 0. "copy" is the routine called to do the actual data 1554 * transfer. memcpy is passed in to copy contiguous chunks, while 1555 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1556 * pkt is really an mbuf. 1557 */ 1558 static void 1559 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 1560 void *(*cpfn)(void *, const void *, size_t), struct timespec *ts) 1561 { 1562 struct bpf_hdr *hp; 1563 #ifdef _LP64 1564 struct bpf_hdr32 *hp32; 1565 #endif 1566 int totlen, curlen; 1567 int hdrlen = bpf_hdrlen(d); 1568 int do_wakeup = 0; 1569 1570 ++d->bd_ccount; 1571 ++bpf_gstats.bs_capt; 1572 /* 1573 * Figure out how many bytes to move. If the packet is 1574 * greater or equal to the snapshot length, transfer that 1575 * much. Otherwise, transfer the whole packet (unless 1576 * we hit the buffer size limit). 1577 */ 1578 totlen = hdrlen + min(snaplen, pktlen); 1579 if (totlen > d->bd_bufsize) 1580 totlen = d->bd_bufsize; 1581 1582 /* 1583 * Round up the end of the previous packet to the next longword. 1584 */ 1585 #ifdef _LP64 1586 if (d->bd_compat32) 1587 curlen = BPF_WORDALIGN32(d->bd_slen); 1588 else 1589 #endif 1590 curlen = BPF_WORDALIGN(d->bd_slen); 1591 if (curlen + totlen > d->bd_bufsize) { 1592 /* 1593 * This packet will overflow the storage buffer. 1594 * Rotate the buffers if we can, then wakeup any 1595 * pending reads. 1596 */ 1597 if (d->bd_fbuf == 0) { 1598 /* 1599 * We haven't completed the previous read yet, 1600 * so drop the packet. 1601 */ 1602 ++d->bd_dcount; 1603 ++bpf_gstats.bs_drop; 1604 return; 1605 } 1606 ROTATE_BUFFERS(d); 1607 do_wakeup = 1; 1608 curlen = 0; 1609 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 1610 /* 1611 * Immediate mode is set, or the read timeout has 1612 * already expired during a select call. A packet 1613 * arrived, so the reader should be woken up. 1614 */ 1615 do_wakeup = 1; 1616 } 1617 1618 /* 1619 * Append the bpf header. 1620 */ 1621 #ifdef _LP64 1622 if (d->bd_compat32) { 1623 hp32 = (struct bpf_hdr32 *)((char *)d->bd_sbuf + curlen); 1624 hp32->bh_tstamp.tv_sec = ts->tv_sec; 1625 hp32->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1626 hp32->bh_datalen = pktlen; 1627 hp32->bh_hdrlen = hdrlen; 1628 /* 1629 * Copy the packet data into the store buffer and update its length. 1630 */ 1631 (*cpfn)((u_char *)hp32 + hdrlen, pkt, 1632 (hp32->bh_caplen = totlen - hdrlen)); 1633 } else 1634 #endif 1635 { 1636 hp = (struct bpf_hdr *)((char *)d->bd_sbuf + curlen); 1637 hp->bh_tstamp.tv_sec = ts->tv_sec; 1638 hp->bh_tstamp.tv_usec = ts->tv_nsec / 1000; 1639 hp->bh_datalen = pktlen; 1640 hp->bh_hdrlen = hdrlen; 1641 /* 1642 * Copy the packet data into the store buffer and update 1643 * its length. 1644 */ 1645 (*cpfn)((u_char *)hp + hdrlen, pkt, 1646 (hp->bh_caplen = totlen - hdrlen)); 1647 } 1648 d->bd_slen = curlen + totlen; 1649 1650 /* 1651 * Call bpf_wakeup after bd_slen has been updated so that kevent(2) 1652 * will cause filt_bpfread() to be called with it adjusted. 1653 */ 1654 if (do_wakeup) 1655 bpf_wakeup(d); 1656 } 1657 1658 /* 1659 * Initialize all nonzero fields of a descriptor. 1660 */ 1661 static int 1662 bpf_allocbufs(struct bpf_d *d) 1663 { 1664 1665 d->bd_fbuf = malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK | M_CANFAIL); 1666 if (!d->bd_fbuf) 1667 return (ENOBUFS); 1668 d->bd_sbuf = malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK | M_CANFAIL); 1669 if (!d->bd_sbuf) { 1670 free(d->bd_fbuf, M_DEVBUF); 1671 return (ENOBUFS); 1672 } 1673 d->bd_slen = 0; 1674 d->bd_hlen = 0; 1675 return (0); 1676 } 1677 1678 /* 1679 * Free buffers currently in use by a descriptor. 1680 * Called on close. 1681 */ 1682 static void 1683 bpf_freed(struct bpf_d *d) 1684 { 1685 /* 1686 * We don't need to lock out interrupts since this descriptor has 1687 * been detached from its interface and it yet hasn't been marked 1688 * free. 1689 */ 1690 if (d->bd_sbuf != 0) { 1691 free(d->bd_sbuf, M_DEVBUF); 1692 if (d->bd_hbuf != 0) 1693 free(d->bd_hbuf, M_DEVBUF); 1694 if (d->bd_fbuf != 0) 1695 free(d->bd_fbuf, M_DEVBUF); 1696 } 1697 if (d->bd_filter) 1698 free(d->bd_filter, M_DEVBUF); 1699 } 1700 1701 /* 1702 * Attach an interface to bpf. dlt is the link layer type; 1703 * hdrlen is the fixed size of the link header for the specified dlt 1704 * (variable length headers not yet supported). 1705 */ 1706 static void 1707 _bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 1708 { 1709 struct bpf_if *bp; 1710 bp = malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1711 if (bp == 0) 1712 panic("bpfattach"); 1713 1714 bp->bif_dlist = 0; 1715 bp->bif_driverp = driverp; 1716 bp->bif_ifp = ifp; 1717 bp->bif_dlt = dlt; 1718 1719 bp->bif_next = bpf_iflist; 1720 bpf_iflist = bp; 1721 1722 *bp->bif_driverp = 0; 1723 1724 bp->bif_hdrlen = hdrlen; 1725 #if 0 1726 printf("bpf: %s attached\n", ifp->if_xname); 1727 #endif 1728 } 1729 1730 /* 1731 * Remove an interface from bpf. 1732 */ 1733 static void 1734 _bpfdetach(struct ifnet *ifp) 1735 { 1736 struct bpf_if *bp, **pbp; 1737 struct bpf_d *d; 1738 int s; 1739 1740 /* Nuke the vnodes for any open instances */ 1741 LIST_FOREACH(d, &bpf_list, bd_list) { 1742 if (d->bd_bif != NULL && d->bd_bif->bif_ifp == ifp) { 1743 /* 1744 * Detach the descriptor from an interface now. 1745 * It will be free'ed later by close routine. 1746 */ 1747 s = splnet(); 1748 d->bd_promisc = 0; /* we can't touch device. */ 1749 bpf_detachd(d); 1750 splx(s); 1751 } 1752 } 1753 1754 again: 1755 for (bp = bpf_iflist, pbp = &bpf_iflist; 1756 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1757 if (bp->bif_ifp == ifp) { 1758 *pbp = bp->bif_next; 1759 free(bp, M_DEVBUF); 1760 goto again; 1761 } 1762 } 1763 } 1764 1765 /* 1766 * Change the data link type of a interface. 1767 */ 1768 static void 1769 _bpf_change_type(struct ifnet *ifp, u_int dlt, u_int hdrlen) 1770 { 1771 struct bpf_if *bp; 1772 1773 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1774 if (bp->bif_driverp == &ifp->if_bpf) 1775 break; 1776 } 1777 if (bp == NULL) 1778 panic("bpf_change_type"); 1779 1780 bp->bif_dlt = dlt; 1781 1782 bp->bif_hdrlen = hdrlen; 1783 } 1784 1785 /* 1786 * Get a list of available data link type of the interface. 1787 */ 1788 static int 1789 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 1790 { 1791 int n, error; 1792 struct ifnet *ifp; 1793 struct bpf_if *bp; 1794 1795 ifp = d->bd_bif->bif_ifp; 1796 n = 0; 1797 error = 0; 1798 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1799 if (bp->bif_ifp != ifp) 1800 continue; 1801 if (bfl->bfl_list != NULL) { 1802 if (n >= bfl->bfl_len) 1803 return ENOMEM; 1804 error = copyout(&bp->bif_dlt, 1805 bfl->bfl_list + n, sizeof(u_int)); 1806 } 1807 n++; 1808 } 1809 bfl->bfl_len = n; 1810 return error; 1811 } 1812 1813 /* 1814 * Set the data link type of a BPF instance. 1815 */ 1816 static int 1817 bpf_setdlt(struct bpf_d *d, u_int dlt) 1818 { 1819 int s, error, opromisc; 1820 struct ifnet *ifp; 1821 struct bpf_if *bp; 1822 1823 if (d->bd_bif->bif_dlt == dlt) 1824 return 0; 1825 ifp = d->bd_bif->bif_ifp; 1826 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1827 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 1828 break; 1829 } 1830 if (bp == NULL) 1831 return EINVAL; 1832 s = splnet(); 1833 opromisc = d->bd_promisc; 1834 bpf_detachd(d); 1835 bpf_attachd(d, bp); 1836 reset_d(d); 1837 if (opromisc) { 1838 error = ifpromisc(bp->bif_ifp, 1); 1839 if (error) 1840 printf("%s: bpf_setdlt: ifpromisc failed (%d)\n", 1841 bp->bif_ifp->if_xname, error); 1842 else 1843 d->bd_promisc = 1; 1844 } 1845 splx(s); 1846 return 0; 1847 } 1848 1849 static int 1850 sysctl_net_bpf_maxbufsize(SYSCTLFN_ARGS) 1851 { 1852 int newsize, error; 1853 struct sysctlnode node; 1854 1855 node = *rnode; 1856 node.sysctl_data = &newsize; 1857 newsize = bpf_maxbufsize; 1858 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1859 if (error || newp == NULL) 1860 return (error); 1861 1862 if (newsize < BPF_MINBUFSIZE || newsize > BPF_MAXBUFSIZE) 1863 return (EINVAL); 1864 1865 bpf_maxbufsize = newsize; 1866 1867 return (0); 1868 } 1869 1870 static int 1871 sysctl_net_bpf_peers(SYSCTLFN_ARGS) 1872 { 1873 int error, elem_count; 1874 struct bpf_d *dp; 1875 struct bpf_d_ext dpe; 1876 size_t len, needed, elem_size, out_size; 1877 char *sp; 1878 1879 if (namelen == 1 && name[0] == CTL_QUERY) 1880 return (sysctl_query(SYSCTLFN_CALL(rnode))); 1881 1882 if (namelen != 2) 1883 return (EINVAL); 1884 1885 /* BPF peers is privileged information. */ 1886 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 1887 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL); 1888 if (error) 1889 return (EPERM); 1890 1891 len = (oldp != NULL) ? *oldlenp : 0; 1892 sp = oldp; 1893 elem_size = name[0]; 1894 elem_count = name[1]; 1895 out_size = MIN(sizeof(dpe), elem_size); 1896 needed = 0; 1897 1898 if (elem_size < 1 || elem_count < 0) 1899 return (EINVAL); 1900 1901 mutex_enter(&bpf_mtx); 1902 LIST_FOREACH(dp, &bpf_list, bd_list) { 1903 if (len >= elem_size && elem_count > 0) { 1904 #define BPF_EXT(field) dpe.bde_ ## field = dp->bd_ ## field 1905 BPF_EXT(bufsize); 1906 BPF_EXT(promisc); 1907 BPF_EXT(state); 1908 BPF_EXT(immediate); 1909 BPF_EXT(hdrcmplt); 1910 BPF_EXT(seesent); 1911 BPF_EXT(pid); 1912 BPF_EXT(rcount); 1913 BPF_EXT(dcount); 1914 BPF_EXT(ccount); 1915 #undef BPF_EXT 1916 if (dp->bd_bif) 1917 (void)strlcpy(dpe.bde_ifname, 1918 dp->bd_bif->bif_ifp->if_xname, 1919 IFNAMSIZ - 1); 1920 else 1921 dpe.bde_ifname[0] = '\0'; 1922 1923 error = copyout(&dpe, sp, out_size); 1924 if (error) 1925 break; 1926 sp += elem_size; 1927 len -= elem_size; 1928 } 1929 needed += elem_size; 1930 if (elem_count > 0 && elem_count != INT_MAX) 1931 elem_count--; 1932 } 1933 mutex_exit(&bpf_mtx); 1934 1935 *oldlenp = needed; 1936 1937 return (error); 1938 } 1939 1940 static struct sysctllog *bpf_sysctllog; 1941 static void 1942 sysctl_net_bpf_setup(void) 1943 { 1944 const struct sysctlnode *node; 1945 1946 sysctl_createv(&bpf_sysctllog, 0, NULL, NULL, 1947 CTLFLAG_PERMANENT, 1948 CTLTYPE_NODE, "net", NULL, 1949 NULL, 0, NULL, 0, 1950 CTL_NET, CTL_EOL); 1951 1952 node = NULL; 1953 sysctl_createv(&bpf_sysctllog, 0, NULL, &node, 1954 CTLFLAG_PERMANENT, 1955 CTLTYPE_NODE, "bpf", 1956 SYSCTL_DESCR("BPF options"), 1957 NULL, 0, NULL, 0, 1958 CTL_NET, CTL_CREATE, CTL_EOL); 1959 if (node != NULL) { 1960 sysctl_createv(&bpf_sysctllog, 0, NULL, NULL, 1961 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1962 CTLTYPE_INT, "maxbufsize", 1963 SYSCTL_DESCR("Maximum size for data capture buffer"), 1964 sysctl_net_bpf_maxbufsize, 0, &bpf_maxbufsize, 0, 1965 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1966 sysctl_createv(&bpf_sysctllog, 0, NULL, NULL, 1967 CTLFLAG_PERMANENT, 1968 CTLTYPE_STRUCT, "stats", 1969 SYSCTL_DESCR("BPF stats"), 1970 NULL, 0, &bpf_gstats, sizeof(bpf_gstats), 1971 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1972 sysctl_createv(&bpf_sysctllog, 0, NULL, NULL, 1973 CTLFLAG_PERMANENT, 1974 CTLTYPE_STRUCT, "peers", 1975 SYSCTL_DESCR("BPF peers"), 1976 sysctl_net_bpf_peers, 0, NULL, 0, 1977 CTL_NET, node->sysctl_num, CTL_CREATE, CTL_EOL); 1978 } 1979 1980 } 1981 1982 struct bpf_ops bpf_ops_kernel = { 1983 .bpf_attach = _bpfattach, 1984 .bpf_detach = _bpfdetach, 1985 .bpf_change_type = _bpf_change_type, 1986 1987 .bpf_tap = _bpf_tap, 1988 .bpf_mtap = _bpf_mtap, 1989 .bpf_mtap2 = _bpf_mtap2, 1990 .bpf_mtap_af = _bpf_mtap_af, 1991 .bpf_mtap_sl_in = _bpf_mtap_sl_in, 1992 .bpf_mtap_sl_out = _bpf_mtap_sl_out, 1993 }; 1994 1995 MODULE(MODULE_CLASS_DRIVER, bpf, NULL); 1996 1997 static int 1998 bpf_modcmd(modcmd_t cmd, void *arg) 1999 { 2000 devmajor_t bmajor, cmajor; 2001 int error; 2002 2003 bmajor = cmajor = NODEVMAJOR; 2004 2005 switch (cmd) { 2006 case MODULE_CMD_INIT: 2007 bpfilterattach(0); 2008 error = devsw_attach("bpf", NULL, &bmajor, 2009 &bpf_cdevsw, &cmajor); 2010 if (error == EEXIST) 2011 error = 0; /* maybe built-in ... improve eventually */ 2012 if (error) 2013 break; 2014 2015 bpf_ops_handover_enter(&bpf_ops_kernel); 2016 atomic_swap_ptr(&bpf_ops, &bpf_ops_kernel); 2017 bpf_ops_handover_exit(); 2018 sysctl_net_bpf_setup(); 2019 break; 2020 2021 case MODULE_CMD_FINI: 2022 /* 2023 * While there is no reference counting for bpf callers, 2024 * unload could at least in theory be done similarly to 2025 * system call disestablishment. This should even be 2026 * a little simpler: 2027 * 2028 * 1) replace op vector with stubs 2029 * 2) post update to all cpus with xc 2030 * 3) check that nobody is in bpf anymore 2031 * (it's doubtful we'd want something like l_sysent, 2032 * but we could do something like *signed* percpu 2033 * counters. if the sum is 0, we're good). 2034 * 4) if fail, unroll changes 2035 * 2036 * NOTE: change won't be atomic to the outside. some 2037 * packets may be not captured even if unload is 2038 * not succesful. I think packet capture not working 2039 * is a perfectly logical consequence of trying to 2040 * disable packet capture. 2041 */ 2042 error = EOPNOTSUPP; 2043 /* insert sysctl teardown */ 2044 break; 2045 2046 default: 2047 error = ENOTTY; 2048 break; 2049 } 2050 2051 return error; 2052 } 2053
Indexes created Wed Sep 24 02:09:48 GMT 2025