bpf.c revision 1.61.4.1
1 /* $NetBSD: bpf.c,v 1.61.4.1 2001/09/07 04:45:41 thorpej Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 41 * static char rcsid[] = 42 * "Header: bpf.c,v 1.67 96/09/26 22:00:52 leres Exp "; 43 */ 44 45 #include "bpfilter.h" 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/mbuf.h> 50 #include <sys/buf.h> 51 #include <sys/time.h> 52 #include <sys/proc.h> 53 #include <sys/user.h> 54 #include <sys/ioctl.h> 55 #include <sys/map.h> 56 #include <sys/conf.h> 57 #include <sys/vnode.h> 58 59 #include <miscfs/specfs/specdev.h> 60 61 #include <sys/file.h> 62 #include <sys/tty.h> 63 #include <sys/uio.h> 64 65 #include <sys/protosw.h> 66 #include <sys/socket.h> 67 #include <sys/errno.h> 68 #include <sys/kernel.h> 69 #include <sys/poll.h> 70 71 #include <net/if.h> 72 73 #include <net/bpf.h> 74 #include <net/bpfdesc.h> 75 76 #include <net/if_arc.h> 77 #include <net/if_ether.h> 78 79 #include <netinet/in.h> 80 #include <netinet/if_inarp.h> 81 82 #ifndef BPF_BUFSIZE 83 # define BPF_BUFSIZE 8192 /* 4096 too small for FDDI frames */ 84 #endif 85 86 #define PRINET 26 /* interruptible */ 87 88 /* 89 * The default read buffer size is patchable. 90 */ 91 int bpf_bufsize = BPF_BUFSIZE; 92 93 /* 94 * bpf_iflist is the list of interfaces; each corresponds to an ifnet 95 * bpf_dtab holds the descriptors, indexed by minor device # 96 */ 97 struct bpf_if *bpf_iflist; 98 struct bpf_d bpf_dtab[NBPFILTER]; 99 100 static int bpf_allocbufs __P((struct bpf_d *)); 101 static void bpf_freed __P((struct bpf_d *)); 102 static void bpf_ifname __P((struct ifnet *, struct ifreq *)); 103 static void *bpf_mcpy __P((void *, const void *, size_t)); 104 static int bpf_movein __P((struct uio *, int, int, 105 struct mbuf **, struct sockaddr *)); 106 static void bpf_attachd __P((struct bpf_d *, struct bpf_if *)); 107 static void bpf_detachd __P((struct bpf_d *)); 108 static int bpf_setif __P((struct bpf_d *, struct ifreq *)); 109 static __inline void 110 bpf_wakeup __P((struct bpf_d *)); 111 static void catchpacket __P((struct bpf_d *, u_char *, u_int, u_int, 112 void *(*)(void *, const void *, size_t))); 113 static void reset_d __P((struct bpf_d *)); 114 115 static int 116 bpf_movein(uio, linktype, mtu, mp, sockp) 117 struct uio *uio; 118 int linktype; 119 int mtu; 120 struct mbuf **mp; 121 struct sockaddr *sockp; 122 { 123 struct mbuf *m; 124 int error; 125 int len; 126 int hlen; 127 int align; 128 129 /* 130 * Build a sockaddr based on the data link layer type. 131 * We do this at this level because the ethernet header 132 * is copied directly into the data field of the sockaddr. 133 * In the case of SLIP, there is no header and the packet 134 * is forwarded as is. 135 * Also, we are careful to leave room at the front of the mbuf 136 * for the link level header. 137 */ 138 switch (linktype) { 139 140 case DLT_SLIP: 141 sockp->sa_family = AF_INET; 142 hlen = 0; 143 align = 0; 144 break; 145 146 case DLT_PPP: 147 sockp->sa_family = AF_UNSPEC; 148 hlen = 0; 149 align = 0; 150 break; 151 152 case DLT_EN10MB: 153 sockp->sa_family = AF_UNSPEC; 154 /* XXX Would MAXLINKHDR be better? */ 155 /* 6(dst)+6(src)+2(type) */ 156 hlen = sizeof(struct ether_header); 157 align = 2; 158 break; 159 160 case DLT_ARCNET: 161 sockp->sa_family = AF_UNSPEC; 162 hlen = ARC_HDRLEN; 163 align = 5; 164 break; 165 166 case DLT_FDDI: 167 sockp->sa_family = AF_LINK; 168 /* XXX 4(FORMAC)+6(dst)+6(src) */ 169 hlen = 16; 170 align = 0; 171 break; 172 173 case DLT_NULL: 174 sockp->sa_family = AF_UNSPEC; 175 hlen = 0; 176 align = 0; 177 break; 178 179 default: 180 return (EIO); 181 } 182 183 len = uio->uio_resid; 184 /* 185 * If there aren't enough bytes for a link level header or the 186 * packet length exceeds the interface mtu, return an error. 187 */ 188 if (len < hlen || len - hlen > mtu) 189 return (EMSGSIZE); 190 191 /* 192 * XXX Avoid complicated buffer chaining --- 193 * bail if it won't fit in a single mbuf. 194 * (Take into account possible alignment bytes) 195 */ 196 if ((unsigned)len > MCLBYTES - align) 197 return (EIO); 198 199 MGETHDR(m, M_WAIT, MT_DATA); 200 if (m == 0) 201 return (ENOBUFS); 202 m->m_pkthdr.rcvif = 0; 203 m->m_pkthdr.len = len - hlen; 204 if (len > MHLEN - align) { 205 MCLGET(m, M_WAIT); 206 if ((m->m_flags & M_EXT) == 0) { 207 error = ENOBUFS; 208 goto bad; 209 } 210 } 211 212 /* Insure the data is properly aligned */ 213 if (align > 0) { 214 m->m_data += align; 215 m->m_len -= align; 216 } 217 218 error = uiomove(mtod(m, caddr_t), len, uio); 219 if (error) 220 goto bad; 221 if (hlen != 0) { 222 memcpy(sockp->sa_data, mtod(m, caddr_t), hlen); 223 m->m_data += hlen; /* XXX */ 224 len -= hlen; 225 } 226 m->m_len = len; 227 *mp = m; 228 return (0); 229 230 bad: 231 m_freem(m); 232 return (error); 233 } 234 235 /* 236 * Attach file to the bpf interface, i.e. make d listen on bp. 237 * Must be called at splnet. 238 */ 239 static void 240 bpf_attachd(d, bp) 241 struct bpf_d *d; 242 struct bpf_if *bp; 243 { 244 /* 245 * Point d at bp, and add d to the interface's list of listeners. 246 * Finally, point the driver's bpf cookie at the interface so 247 * it will divert packets to bpf. 248 */ 249 d->bd_bif = bp; 250 d->bd_next = bp->bif_dlist; 251 bp->bif_dlist = d; 252 253 *bp->bif_driverp = bp; 254 } 255 256 /* 257 * Detach a file from its interface. 258 */ 259 static void 260 bpf_detachd(d) 261 struct bpf_d *d; 262 { 263 struct bpf_d **p; 264 struct bpf_if *bp; 265 266 bp = d->bd_bif; 267 /* 268 * Check if this descriptor had requested promiscuous mode. 269 * If so, turn it off. 270 */ 271 if (d->bd_promisc) { 272 int error; 273 274 d->bd_promisc = 0; 275 /* 276 * Take device out of promiscuous mode. Since we were 277 * able to enter promiscuous mode, we should be able 278 * to turn it off. But we can get an error if 279 * the interface was configured down, so only panic 280 * if we don't get an unexpected error. 281 */ 282 error = ifpromisc(bp->bif_ifp, 0); 283 if (error && error != EINVAL) 284 panic("bpf: ifpromisc failed"); 285 } 286 /* Remove d from the interface's descriptor list. */ 287 p = &bp->bif_dlist; 288 while (*p != d) { 289 p = &(*p)->bd_next; 290 if (*p == 0) 291 panic("bpf_detachd: descriptor not in list"); 292 } 293 *p = (*p)->bd_next; 294 if (bp->bif_dlist == 0) 295 /* 296 * Let the driver know that there are no more listeners. 297 */ 298 *d->bd_bif->bif_driverp = 0; 299 d->bd_bif = 0; 300 } 301 302 303 /* 304 * Mark a descriptor free by making it point to itself. 305 * This is probably cheaper than marking with a constant since 306 * the address should be in a register anyway. 307 */ 308 #define D_ISFREE(d) ((d) == (d)->bd_next) 309 #define D_MARKFREE(d) ((d)->bd_next = (d)) 310 #define D_MARKUSED(d) ((d)->bd_next = 0) 311 312 /* 313 * bpfilterattach() is called at boot time. 314 */ 315 /* ARGSUSED */ 316 void 317 bpfilterattach(n) 318 int n; 319 { 320 int i; 321 /* 322 * Mark all the descriptors free. 323 */ 324 for (i = 0; i < NBPFILTER; ++i) 325 D_MARKFREE(&bpf_dtab[i]); 326 327 } 328 329 /* 330 * Open ethernet device. Returns ENXIO for illegal minor device number, 331 * EBUSY if file is open by another process. 332 */ 333 /* ARGSUSED */ 334 int 335 bpfopen(devvp, flag, mode, p) 336 struct vnode *devvp; 337 int flag; 338 int mode; 339 struct proc *p; 340 { 341 struct bpf_d *d; 342 343 if (minor(devvp->v_rdev) >= NBPFILTER) 344 return (ENXIO); 345 /* 346 * Each minor can be opened by only one process. If the requested 347 * minor is in use, return EBUSY. 348 */ 349 d = &bpf_dtab[minor(devvp->v_rdev)]; 350 if (!D_ISFREE(d)) 351 return (EBUSY); 352 353 /* Mark "free" and do most initialization. */ 354 memset((char *)d, 0, sizeof(*d)); 355 d->bd_bufsize = bpf_bufsize; 356 357 devvp->v_devcookie = d; 358 359 return (0); 360 } 361 362 /* 363 * Close the descriptor by detaching it from its interface, 364 * deallocating its buffers, and marking it free. 365 */ 366 /* ARGSUSED */ 367 int 368 bpfclose(devvp, flag, mode, p) 369 struct vnode *devvp; 370 int flag; 371 int mode; 372 struct proc *p; 373 { 374 struct bpf_d *d = devvp->v_devcookie; 375 int s; 376 377 s = splnet(); 378 if (d->bd_bif) 379 bpf_detachd(d); 380 splx(s); 381 bpf_freed(d); 382 383 return (0); 384 } 385 386 /* 387 * Rotate the packet buffers in descriptor d. Move the store buffer 388 * into the hold slot, and the free buffer into the store slot. 389 * Zero the length of the new store buffer. 390 */ 391 #define ROTATE_BUFFERS(d) \ 392 (d)->bd_hbuf = (d)->bd_sbuf; \ 393 (d)->bd_hlen = (d)->bd_slen; \ 394 (d)->bd_sbuf = (d)->bd_fbuf; \ 395 (d)->bd_slen = 0; \ 396 (d)->bd_fbuf = 0; 397 /* 398 * bpfread - read next chunk of packets from buffers 399 */ 400 int 401 bpfread(devvp, uio, ioflag) 402 struct vnode *devvp; 403 struct uio *uio; 404 int ioflag; 405 { 406 struct bpf_d *d = devvp->v_devcookie; 407 int error; 408 int s; 409 410 /* 411 * Restrict application to use a buffer the same size as 412 * as kernel buffers. 413 */ 414 if (uio->uio_resid != d->bd_bufsize) 415 return (EINVAL); 416 417 s = splnet(); 418 /* 419 * If the hold buffer is empty, then do a timed sleep, which 420 * ends when the timeout expires or when enough packets 421 * have arrived to fill the store buffer. 422 */ 423 while (d->bd_hbuf == 0) { 424 if (d->bd_immediate) { 425 if (d->bd_slen == 0) { 426 splx(s); 427 return (EWOULDBLOCK); 428 } 429 /* 430 * A packet(s) either arrived since the previous 431 * read or arrived while we were asleep. 432 * Rotate the buffers and return what's here. 433 */ 434 ROTATE_BUFFERS(d); 435 break; 436 } 437 if (d->bd_rtout != -1) 438 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", 439 d->bd_rtout); 440 else { 441 if (d->bd_rtout == -1) { 442 /* User requested non-blocking I/O */ 443 error = EWOULDBLOCK; 444 } else 445 error = 0; 446 } 447 if (error == EINTR || error == ERESTART) { 448 splx(s); 449 return (error); 450 } 451 if (error == EWOULDBLOCK) { 452 /* 453 * On a timeout, return what's in the buffer, 454 * which may be nothing. If there is something 455 * in the store buffer, we can rotate the buffers. 456 */ 457 if (d->bd_hbuf) 458 /* 459 * We filled up the buffer in between 460 * getting the timeout and arriving 461 * here, so we don't need to rotate. 462 */ 463 break; 464 465 if (d->bd_slen == 0) { 466 splx(s); 467 return (0); 468 } 469 ROTATE_BUFFERS(d); 470 break; 471 } 472 if (error != 0) 473 goto done; 474 } 475 /* 476 * At this point, we know we have something in the hold slot. 477 */ 478 splx(s); 479 480 /* 481 * Move data from hold buffer into user space. 482 * We know the entire buffer is transferred since 483 * we checked above that the read buffer is bpf_bufsize bytes. 484 */ 485 error = uiomove(d->bd_hbuf, d->bd_hlen, uio); 486 487 s = splnet(); 488 d->bd_fbuf = d->bd_hbuf; 489 d->bd_hbuf = 0; 490 d->bd_hlen = 0; 491 done: 492 splx(s); 493 return (error); 494 } 495 496 497 /* 498 * If there are processes sleeping on this descriptor, wake them up. 499 */ 500 static __inline void 501 bpf_wakeup(d) 502 struct bpf_d *d; 503 { 504 struct proc *p; 505 506 wakeup((caddr_t)d); 507 if (d->bd_async) { 508 if (d->bd_pgid > 0) 509 gsignal (d->bd_pgid, SIGIO); 510 else if (d->bd_pgid && (p = pfind (-d->bd_pgid)) != NULL) 511 psignal (p, SIGIO); 512 } 513 514 selwakeup(&d->bd_sel); 515 /* XXX */ 516 d->bd_sel.si_pid = 0; 517 } 518 519 int 520 bpfwrite(devvp, uio, ioflag) 521 struct vnode *devvp; 522 struct uio *uio; 523 int ioflag; 524 { 525 struct bpf_d *d = devvp->v_devcookie; 526 struct ifnet *ifp; 527 struct mbuf *m; 528 int error, s; 529 static struct sockaddr_storage dst; 530 531 if (d->bd_bif == 0) 532 return (ENXIO); 533 534 ifp = d->bd_bif->bif_ifp; 535 536 if (uio->uio_resid == 0) 537 return (0); 538 539 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp->if_mtu, &m, 540 (struct sockaddr *) &dst); 541 if (error) 542 return (error); 543 544 if (m->m_pkthdr.len > ifp->if_mtu) 545 return (EMSGSIZE); 546 547 if (d->bd_hdrcmplt) 548 dst.ss_family = pseudo_AF_HDRCMPLT; 549 550 s = splsoftnet(); 551 error = (*ifp->if_output)(ifp, m, (struct sockaddr *) &dst, NULL); 552 splx(s); 553 /* 554 * The driver frees the mbuf. 555 */ 556 return (error); 557 } 558 559 /* 560 * Reset a descriptor by flushing its packet buffer and clearing the 561 * receive and drop counts. Should be called at splnet. 562 */ 563 static void 564 reset_d(d) 565 struct bpf_d *d; 566 { 567 if (d->bd_hbuf) { 568 /* Free the hold buffer. */ 569 d->bd_fbuf = d->bd_hbuf; 570 d->bd_hbuf = 0; 571 } 572 d->bd_slen = 0; 573 d->bd_hlen = 0; 574 d->bd_rcount = 0; 575 d->bd_dcount = 0; 576 } 577 578 #ifdef BPF_KERN_FILTER 579 extern struct bpf_insn *bpf_tcp_filter; 580 extern struct bpf_insn *bpf_udp_filter; 581 #endif 582 583 /* 584 * FIONREAD Check for read packet available. 585 * BIOCGBLEN Get buffer len [for read()]. 586 * BIOCSETF Set ethernet read filter. 587 * BIOCFLUSH Flush read packet buffer. 588 * BIOCPROMISC Put interface into promiscuous mode. 589 * BIOCGDLT Get link layer type. 590 * BIOCGETIF Get interface name. 591 * BIOCSETIF Set interface. 592 * BIOCSRTIMEOUT Set read timeout. 593 * BIOCGRTIMEOUT Get read timeout. 594 * BIOCGSTATS Get packet stats. 595 * BIOCIMMEDIATE Set immediate mode. 596 * BIOCVERSION Get filter language version. 597 * BIOGHDRCMPLT Get "header already complete" flag. 598 * BIOSHDRCMPLT Set "header already complete" flag. 599 */ 600 /* ARGSUSED */ 601 int 602 bpfioctl(devvp, cmd, addr, flag, p) 603 struct vnode *devvp; 604 u_long cmd; 605 caddr_t addr; 606 int flag; 607 struct proc *p; 608 { 609 struct bpf_d *d = devvp->v_devcookie; 610 int s, error = 0; 611 #ifdef BPF_KERN_FILTER 612 struct bpf_insn **p; 613 #endif 614 615 switch (cmd) { 616 617 default: 618 error = EINVAL; 619 break; 620 621 /* 622 * Check for read packet available. 623 */ 624 case FIONREAD: 625 { 626 int n; 627 628 s = splnet(); 629 n = d->bd_slen; 630 if (d->bd_hbuf) 631 n += d->bd_hlen; 632 splx(s); 633 634 *(int *)addr = n; 635 break; 636 } 637 638 /* 639 * Get buffer len [for read()]. 640 */ 641 case BIOCGBLEN: 642 *(u_int *)addr = d->bd_bufsize; 643 break; 644 645 /* 646 * Set buffer length. 647 */ 648 case BIOCSBLEN: 649 if (d->bd_bif != 0) 650 error = EINVAL; 651 else { 652 u_int size = *(u_int *)addr; 653 654 if (size > BPF_MAXBUFSIZE) 655 *(u_int *)addr = size = BPF_MAXBUFSIZE; 656 else if (size < BPF_MINBUFSIZE) 657 *(u_int *)addr = size = BPF_MINBUFSIZE; 658 d->bd_bufsize = size; 659 } 660 break; 661 662 /* 663 * Set link layer read filter. 664 */ 665 case BIOCSETF: 666 error = bpf_setf(d, (struct bpf_program *)addr); 667 break; 668 669 #ifdef BPF_KERN_FILTER 670 /* 671 * Set TCP or UDP reject filter. 672 */ 673 case BIOCSTCPF: 674 case BIOCSUDPF: 675 if (!suser()) { 676 error = EPERM; 677 break; 678 } 679 680 /* Validate and store filter */ 681 error = bpf_setf(d, (struct bpf_program *)addr); 682 683 /* Free possible old filter */ 684 if (cmd == BIOCSTCPF) 685 p = &bpf_tcp_filter; 686 else 687 p = &bpf_udp_filter; 688 if (*p != NULL) 689 free((caddr_t)*p, M_DEVBUF); 690 691 /* Steal new filter (noop if error) */ 692 s = splnet(); 693 *p = d->bd_filter; 694 d->bd_filter = NULL; 695 splx(s); 696 break; 697 #endif 698 699 /* 700 * Flush read packet buffer. 701 */ 702 case BIOCFLUSH: 703 s = splnet(); 704 reset_d(d); 705 splx(s); 706 break; 707 708 /* 709 * Put interface into promiscuous mode. 710 */ 711 case BIOCPROMISC: 712 if (d->bd_bif == 0) { 713 /* 714 * No interface attached yet. 715 */ 716 error = EINVAL; 717 break; 718 } 719 s = splnet(); 720 if (d->bd_promisc == 0) { 721 error = ifpromisc(d->bd_bif->bif_ifp, 1); 722 if (error == 0) 723 d->bd_promisc = 1; 724 } 725 splx(s); 726 break; 727 728 /* 729 * Get device parameters. 730 */ 731 case BIOCGDLT: 732 if (d->bd_bif == 0) 733 error = EINVAL; 734 else 735 *(u_int *)addr = d->bd_bif->bif_dlt; 736 break; 737 738 /* 739 * Set interface name. 740 */ 741 case BIOCGETIF: 742 if (d->bd_bif == 0) 743 error = EINVAL; 744 else 745 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr); 746 break; 747 748 /* 749 * Set interface. 750 */ 751 case BIOCSETIF: 752 error = bpf_setif(d, (struct ifreq *)addr); 753 break; 754 755 /* 756 * Set read timeout. 757 */ 758 case BIOCSRTIMEOUT: 759 { 760 struct timeval *tv = (struct timeval *)addr; 761 762 /* Compute number of ticks. */ 763 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick; 764 if ((d->bd_rtout == 0) && (tv->tv_usec != 0)) 765 d->bd_rtout = 1; 766 break; 767 } 768 769 /* 770 * Get read timeout. 771 */ 772 case BIOCGRTIMEOUT: 773 { 774 struct timeval *tv = (struct timeval *)addr; 775 776 tv->tv_sec = d->bd_rtout / hz; 777 tv->tv_usec = (d->bd_rtout % hz) * tick; 778 break; 779 } 780 781 /* 782 * Get packet stats. 783 */ 784 case BIOCGSTATS: 785 { 786 struct bpf_stat *bs = (struct bpf_stat *)addr; 787 788 bs->bs_recv = d->bd_rcount; 789 bs->bs_drop = d->bd_dcount; 790 break; 791 } 792 793 /* 794 * Set immediate mode. 795 */ 796 case BIOCIMMEDIATE: 797 d->bd_immediate = *(u_int *)addr; 798 break; 799 800 case BIOCVERSION: 801 { 802 struct bpf_version *bv = (struct bpf_version *)addr; 803 804 bv->bv_major = BPF_MAJOR_VERSION; 805 bv->bv_minor = BPF_MINOR_VERSION; 806 break; 807 } 808 809 case BIOCGHDRCMPLT: /* get "header already complete" flag */ 810 *(u_int *)addr = d->bd_hdrcmplt; 811 break; 812 813 case BIOCSHDRCMPLT: /* set "header already complete" flag */ 814 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 815 break; 816 817 case FIONBIO: /* Non-blocking I/O */ 818 if (*(int *)addr) 819 d->bd_rtout = -1; 820 else 821 d->bd_rtout = 0; 822 break; 823 824 case FIOASYNC: /* Send signal on receive packets */ 825 d->bd_async = *(int *)addr; 826 break; 827 828 /* 829 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing 830 * the equivalent of a TIOCSPGRP and hence end up here. *However* 831 * TIOCSPGRP's arg is a process group if it's positive and a process 832 * id if it's negative. This is exactly the opposite of what the 833 * other two functions want! Therefore there is code in ioctl and 834 * fcntl to negate the arg before calling here. 835 */ 836 case TIOCSPGRP: /* Process or group to send signals to */ 837 d->bd_pgid = *(int *)addr; 838 break; 839 840 case TIOCGPGRP: 841 *(int *)addr = d->bd_pgid; 842 break; 843 } 844 return (error); 845 } 846 847 /* 848 * Set d's packet filter program to fp. If this file already has a filter, 849 * free it and replace it. Returns EINVAL for bogus requests. 850 */ 851 int 852 bpf_setf(d, fp) 853 struct bpf_d *d; 854 struct bpf_program *fp; 855 { 856 struct bpf_insn *fcode, *old; 857 u_int flen, size; 858 int s; 859 860 old = d->bd_filter; 861 if (fp->bf_insns == 0) { 862 if (fp->bf_len != 0) 863 return (EINVAL); 864 s = splnet(); 865 d->bd_filter = 0; 866 reset_d(d); 867 splx(s); 868 if (old != 0) 869 free((caddr_t)old, M_DEVBUF); 870 return (0); 871 } 872 flen = fp->bf_len; 873 if (flen > BPF_MAXINSNS) 874 return (EINVAL); 875 876 size = flen * sizeof(*fp->bf_insns); 877 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK); 878 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 && 879 bpf_validate(fcode, (int)flen)) { 880 s = splnet(); 881 d->bd_filter = fcode; 882 reset_d(d); 883 splx(s); 884 if (old != 0) 885 free((caddr_t)old, M_DEVBUF); 886 887 return (0); 888 } 889 free((caddr_t)fcode, M_DEVBUF); 890 return (EINVAL); 891 } 892 893 /* 894 * Detach a file from its current interface (if attached at all) and attach 895 * to the interface indicated by the name stored in ifr. 896 * Return an errno or 0. 897 */ 898 static int 899 bpf_setif(d, ifr) 900 struct bpf_d *d; 901 struct ifreq *ifr; 902 { 903 struct bpf_if *bp; 904 char *cp; 905 int unit_seen, i, s, error; 906 907 /* 908 * Make sure the provided name has a unit number, and default 909 * it to '0' if not specified. 910 * XXX This is ugly ... do this differently? 911 */ 912 unit_seen = 0; 913 cp = ifr->ifr_name; 914 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */ 915 while (*cp++) 916 if (*cp >= '0' && *cp <= '9') 917 unit_seen = 1; 918 if (!unit_seen) { 919 /* Make sure to leave room for the '\0'. */ 920 for (i = 0; i < (IFNAMSIZ - 1); ++i) { 921 if ((ifr->ifr_name[i] >= 'a' && 922 ifr->ifr_name[i] <= 'z') || 923 (ifr->ifr_name[i] >= 'A' && 924 ifr->ifr_name[i] <= 'Z')) 925 continue; 926 ifr->ifr_name[i] = '0'; 927 } 928 } 929 930 /* 931 * Look through attached interfaces for the named one. 932 */ 933 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) { 934 struct ifnet *ifp = bp->bif_ifp; 935 936 if (ifp == 0 || 937 strcmp(ifp->if_xname, ifr->ifr_name) != 0) 938 continue; 939 /* 940 * We found the requested interface. 941 * If it's not up, return an error. 942 * Allocate the packet buffers if we need to. 943 * If we're already attached to requested interface, 944 * just flush the buffer. 945 */ 946 if ((ifp->if_flags & IFF_UP) == 0) 947 return (ENETDOWN); 948 949 if (d->bd_sbuf == 0) { 950 error = bpf_allocbufs(d); 951 if (error != 0) 952 return (error); 953 } 954 s = splnet(); 955 if (bp != d->bd_bif) { 956 if (d->bd_bif) 957 /* 958 * Detach if attached to something else. 959 */ 960 bpf_detachd(d); 961 962 bpf_attachd(d, bp); 963 } 964 reset_d(d); 965 splx(s); 966 return (0); 967 } 968 /* Not found. */ 969 return (ENXIO); 970 } 971 972 /* 973 * Copy the interface name to the ifreq. 974 */ 975 static void 976 bpf_ifname(ifp, ifr) 977 struct ifnet *ifp; 978 struct ifreq *ifr; 979 { 980 981 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ); 982 } 983 984 /* 985 * Support for poll() system call 986 * 987 * Return true iff the specific operation will not block indefinitely. 988 * Otherwise, return false but make a note that a selwakeup() must be done. 989 */ 990 int 991 bpfpoll(devvp, events, p) 992 struct vnode *devvp; 993 int events; 994 struct proc *p; 995 { 996 struct bpf_d *d = devvp->v_devcookie; 997 int revents = 0; 998 int s = splnet(); 999 1000 /* 1001 * An imitation of the FIONREAD ioctl code. 1002 */ 1003 if (events & (POLLIN | POLLRDNORM)) { 1004 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0)) 1005 revents |= events & (POLLIN | POLLRDNORM); 1006 else 1007 selrecord(p, &d->bd_sel); 1008 } 1009 1010 splx(s); 1011 return (revents); 1012 } 1013 1014 /* 1015 * Incoming linkage from device drivers. Process the packet pkt, of length 1016 * pktlen, which is stored in a contiguous buffer. The packet is parsed 1017 * by each process' filter, and if accepted, stashed into the corresponding 1018 * buffer. 1019 */ 1020 void 1021 bpf_tap(arg, pkt, pktlen) 1022 caddr_t arg; 1023 u_char *pkt; 1024 u_int pktlen; 1025 { 1026 struct bpf_if *bp; 1027 struct bpf_d *d; 1028 u_int slen; 1029 /* 1030 * Note that the ipl does not have to be raised at this point. 1031 * The only problem that could arise here is that if two different 1032 * interfaces shared any data. This is not the case. 1033 */ 1034 bp = (struct bpf_if *)arg; 1035 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1036 ++d->bd_rcount; 1037 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); 1038 if (slen != 0) 1039 catchpacket(d, pkt, pktlen, slen, memcpy); 1040 } 1041 } 1042 1043 /* 1044 * Copy data from an mbuf chain into a buffer. This code is derived 1045 * from m_copydata in sys/uipc_mbuf.c. 1046 */ 1047 static void * 1048 bpf_mcpy(dst_arg, src_arg, len) 1049 void *dst_arg; 1050 const void *src_arg; 1051 size_t len; 1052 { 1053 const struct mbuf *m; 1054 u_int count; 1055 u_char *dst; 1056 1057 m = src_arg; 1058 dst = dst_arg; 1059 while (len > 0) { 1060 if (m == 0) 1061 panic("bpf_mcpy"); 1062 count = min(m->m_len, len); 1063 memcpy((caddr_t)dst, mtod(m, caddr_t), count); 1064 m = m->m_next; 1065 dst += count; 1066 len -= count; 1067 } 1068 return(dst_arg); 1069 } 1070 1071 /* 1072 * Incoming linkage from device drivers, when packet is in an mbuf chain. 1073 */ 1074 void 1075 bpf_mtap(arg, m) 1076 caddr_t arg; 1077 struct mbuf *m; 1078 { 1079 struct bpf_if *bp = (struct bpf_if *)arg; 1080 struct bpf_d *d; 1081 u_int pktlen, slen; 1082 struct mbuf *m0; 1083 1084 pktlen = 0; 1085 for (m0 = m; m0 != 0; m0 = m0->m_next) 1086 pktlen += m0->m_len; 1087 1088 for (d = bp->bif_dlist; d != 0; d = d->bd_next) { 1089 ++d->bd_rcount; 1090 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); 1091 if (slen != 0) 1092 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcpy); 1093 } 1094 } 1095 1096 /* 1097 * Move the packet data from interface memory (pkt) into the 1098 * store buffer. Return 1 if it's time to wakeup a listener (buffer full), 1099 * otherwise 0. "copy" is the routine called to do the actual data 1100 * transfer. memcpy is passed in to copy contiguous chunks, while 1101 * bpf_mcpy is passed in to copy mbuf chains. In the latter case, 1102 * pkt is really an mbuf. 1103 */ 1104 static void 1105 catchpacket(d, pkt, pktlen, snaplen, cpfn) 1106 struct bpf_d *d; 1107 u_char *pkt; 1108 u_int pktlen, snaplen; 1109 void *(*cpfn) __P((void *, const void *, size_t)); 1110 { 1111 struct bpf_hdr *hp; 1112 int totlen, curlen; 1113 int hdrlen = d->bd_bif->bif_hdrlen; 1114 /* 1115 * Figure out how many bytes to move. If the packet is 1116 * greater or equal to the snapshot length, transfer that 1117 * much. Otherwise, transfer the whole packet (unless 1118 * we hit the buffer size limit). 1119 */ 1120 totlen = hdrlen + min(snaplen, pktlen); 1121 if (totlen > d->bd_bufsize) 1122 totlen = d->bd_bufsize; 1123 1124 /* 1125 * Round up the end of the previous packet to the next longword. 1126 */ 1127 curlen = BPF_WORDALIGN(d->bd_slen); 1128 if (curlen + totlen > d->bd_bufsize) { 1129 /* 1130 * This packet will overflow the storage buffer. 1131 * Rotate the buffers if we can, then wakeup any 1132 * pending reads. 1133 */ 1134 if (d->bd_fbuf == 0) { 1135 /* 1136 * We haven't completed the previous read yet, 1137 * so drop the packet. 1138 */ 1139 ++d->bd_dcount; 1140 return; 1141 } 1142 ROTATE_BUFFERS(d); 1143 bpf_wakeup(d); 1144 curlen = 0; 1145 } 1146 else if (d->bd_immediate) 1147 /* 1148 * Immediate mode is set. A packet arrived so any 1149 * reads should be woken up. 1150 */ 1151 bpf_wakeup(d); 1152 1153 /* 1154 * Append the bpf header. 1155 */ 1156 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen); 1157 microtime(&hp->bh_tstamp); 1158 hp->bh_datalen = pktlen; 1159 hp->bh_hdrlen = hdrlen; 1160 /* 1161 * Copy the packet data into the store buffer and update its length. 1162 */ 1163 (*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen)); 1164 d->bd_slen = curlen + totlen; 1165 } 1166 1167 /* 1168 * Initialize all nonzero fields of a descriptor. 1169 */ 1170 static int 1171 bpf_allocbufs(d) 1172 struct bpf_d *d; 1173 { 1174 1175 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1176 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_WAITOK); 1177 d->bd_slen = 0; 1178 d->bd_hlen = 0; 1179 return (0); 1180 } 1181 1182 /* 1183 * Free buffers currently in use by a descriptor. 1184 * Called on close. 1185 */ 1186 static void 1187 bpf_freed(d) 1188 struct bpf_d *d; 1189 { 1190 /* 1191 * We don't need to lock out interrupts since this descriptor has 1192 * been detached from its interface and it yet hasn't been marked 1193 * free. 1194 */ 1195 if (d->bd_sbuf != 0) { 1196 free(d->bd_sbuf, M_DEVBUF); 1197 if (d->bd_hbuf != 0) 1198 free(d->bd_hbuf, M_DEVBUF); 1199 if (d->bd_fbuf != 0) 1200 free(d->bd_fbuf, M_DEVBUF); 1201 } 1202 if (d->bd_filter) 1203 free((caddr_t)d->bd_filter, M_DEVBUF); 1204 1205 D_MARKFREE(d); 1206 } 1207 1208 /* 1209 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 1210 * fixed size of the link header (variable length headers not yet supported). 1211 */ 1212 void 1213 bpfattach(ifp, dlt, hdrlen) 1214 struct ifnet *ifp; 1215 u_int dlt, hdrlen; 1216 { 1217 struct bpf_if *bp; 1218 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT); 1219 if (bp == 0) 1220 panic("bpfattach"); 1221 1222 bp->bif_dlist = 0; 1223 bp->bif_driverp = (struct bpf_if **)&ifp->if_bpf; 1224 bp->bif_ifp = ifp; 1225 bp->bif_dlt = dlt; 1226 1227 bp->bif_next = bpf_iflist; 1228 bpf_iflist = bp; 1229 1230 *bp->bif_driverp = 0; 1231 1232 /* 1233 * Compute the length of the bpf header. This is not necessarily 1234 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1235 * that the network layer header begins on a longword boundary (for 1236 * performance reasons and to alleviate alignment restrictions). 1237 */ 1238 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1239 1240 #if 0 1241 printf("bpf: %s attached\n", ifp->if_xname); 1242 #endif 1243 } 1244 1245 /* 1246 * Remove an interface from bpf. 1247 */ 1248 void 1249 bpfdetach(ifp) 1250 struct ifnet *ifp; 1251 { 1252 struct bpf_if *bp, **pbp; 1253 struct bpf_d *d; 1254 int i, s, cmaj; 1255 1256 /* locate the major number */ 1257 for (cmaj = 0; cmaj <= nchrdev; cmaj++) 1258 if (cdevsw[cmaj].d_open == bpfopen) 1259 break; 1260 1261 /* Nuke the vnodes for any open instances */ 1262 for (i = 0; i < NBPFILTER; ++i) { 1263 d = &bpf_dtab[i]; 1264 if (!D_ISFREE(d) && d->bd_bif != NULL && 1265 d->bd_bif->bif_ifp == ifp) { 1266 /* 1267 * Detach the descriptor from an interface now. 1268 * It will be free'ed later by close routine. 1269 */ 1270 s = splnet(); 1271 d->bd_promisc = 0; /* we can't touch device. */ 1272 bpf_detachd(d); 1273 splx(s); 1274 vdevgone(cmaj, i, i, VCHR); 1275 } 1276 } 1277 1278 for (bp = bpf_iflist, pbp = &bpf_iflist; 1279 bp != NULL; pbp = &bp->bif_next, bp = bp->bif_next) { 1280 if (bp->bif_ifp == ifp) { 1281 *pbp = bp->bif_next; 1282 free(bp, M_DEVBUF); 1283 break; 1284 } 1285 } 1286 } 1287 1288 /* 1289 * Change the data link type of a BPF instance. 1290 */ 1291 void 1292 bpf_change_type(ifp, dlt, hdrlen) 1293 struct ifnet *ifp; 1294 u_int dlt, hdrlen; 1295 { 1296 struct bpf_if *bp; 1297 1298 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) { 1299 if (bp->bif_driverp == (struct bpf_if **)&ifp->if_bpf) 1300 break; 1301 } 1302 if (bp == NULL) 1303 panic("bpf_change_type"); 1304 1305 bp->bif_dlt = dlt; 1306 1307 /* 1308 * Compute the length of the bpf header. This is not necessarily 1309 * equal to SIZEOF_BPF_HDR because we want to insert spacing such 1310 * that the network layer header begins on a longword boundary (for 1311 * performance reasons and to alleviate alignment restrictions). 1312 */ 1313 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen; 1314 } 1315
Indexes created Wed Oct 01 12:09:54 GMT 2025