1 /* $OpenBSD: bpf.c,v 1.47 2004/05/28 08:16:23 grange Exp $ */
2 /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */
3
4 /*
5 * Copyright (c) 1990, 1991, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * This code is derived from the Stanford/CMU enet packet filter,
9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
11 * Berkeley Laboratory.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
38 */
39
40 #include "bpfilter.h"
41
42 #include <sys/param.h>
43 #include <sys/mbuf.h>
44 #include <sys/proc.h>
45 #include <sys/signalvar.h>
46 #include <sys/ioctl.h>
47 #include <sys/conf.h>
48 #include <sys/vnode.h>
49 #include <sys/file.h>
50 #include <sys/socket.h>
51 #include <sys/poll.h>
52 #include <sys/kernel.h>
53 #include <sys/sysctl.h>
54
55 #include <net/if.h>
56 #include <net/bpf.h>
57 #include <net/bpfdesc.h>
58
59 #include <netinet/in.h>
60 #include <netinet/if_arc.h>
61 #include <netinet/if_ether.h>
62
63 #define BPF_BUFSIZE 32768
64
65 #define PRINET 26 /* interruptible */
66
67 /*
68 * The default read buffer size is patchable.
69 */
70 int bpf_bufsize = BPF_BUFSIZE;
71 int bpf_maxbufsize = BPF_MAXBUFSIZE;
72
73 /*
74 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
75 * bpf_d_list is the list of descriptors
76 */
77 struct bpf_if *bpf_iflist;
78 LIST_HEAD(, bpf_d) bpf_d_list;
79
80 int bpf_allocbufs(struct bpf_d *);
81 void bpf_freed(struct bpf_d *);
82 void bpf_ifname(struct ifnet *, struct ifreq *);
83 void bpf_mcopy(const void *, void *, size_t);
84 int bpf_movein(struct uio *, int, struct mbuf **,
85 struct sockaddr *, struct bpf_insn *);
86 void bpf_attachd(struct bpf_d *, struct bpf_if *);
87 void bpf_detachd(struct bpf_d *);
88 int bpf_setif(struct bpf_d *, struct ifreq *);
89 int bpfpoll(dev_t, int, struct proc *);
90 int bpfkqfilter(dev_t, struct knote *);
91 static __inline void bpf_wakeup(struct bpf_d *);
92 void bpf_catchpacket(struct bpf_d *, u_char *, size_t, size_t,
93 void (*)(const void *, void *, size_t));
94 void bpf_reset_d(struct bpf_d *);
95
96 void filt_bpfrdetach(struct knote *);
97 int filt_bpfread(struct knote *, long);
98
99 struct bpf_d *bpfilter_lookup(int);
100 struct bpf_d *bpfilter_create(int);
101 void bpfilter_destroy(struct bpf_d *);
102
103 int
bpf_movein(uio,linktype,mp,sockp,filter)104 bpf_movein(uio, linktype, mp, sockp, filter)
105 struct uio *uio;
106 int linktype;
107 struct mbuf **mp;
108 struct sockaddr *sockp;
109 struct bpf_insn *filter;
110 {
111 struct mbuf *m;
112 int error;
113 u_int hlen;
114 u_int len;
115 u_int slen;
116
117 /*
118 * Build a sockaddr based on the data link layer type.
119 * We do this at this level because the ethernet header
120 * is copied directly into the data field of the sockaddr.
121 * In the case of SLIP, there is no header and the packet
122 * is forwarded as is.
123 * Also, we are careful to leave room at the front of the mbuf
124 * for the link level header.
125 */
126 switch (linktype) {
127
128 case DLT_SLIP:
129 sockp->sa_family = AF_INET;
130 hlen = 0;
131 break;
132
133 case DLT_PPP:
134 sockp->sa_family = AF_UNSPEC;
135 hlen = 0;
136 break;
137
138 case DLT_EN10MB:
139 sockp->sa_family = AF_UNSPEC;
140 /* XXX Would MAXLINKHDR be better? */
141 hlen = sizeof(struct ether_header);
142 break;
143
144 case DLT_ARCNET:
145 sockp->sa_family = AF_UNSPEC;
146 hlen = ARC_HDRLEN;
147 break;
148
149 case DLT_FDDI:
150 sockp->sa_family = AF_UNSPEC;
151 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
152 hlen = 24;
153 break;
154
155 case DLT_RAW:
156 case DLT_NULL:
157 sockp->sa_family = AF_UNSPEC;
158 hlen = 0;
159 break;
160
161 case DLT_ATM_RFC1483:
162 /*
163 * en atm driver requires 4-byte atm pseudo header.
164 * though it isn't standard, vpi:vci needs to be
165 * specified anyway.
166 */
167 sockp->sa_family = AF_UNSPEC;
168 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
169 break;
170
171 default:
172 return (EIO);
173 }
174
175 len = uio->uio_resid;
176 if (len > MCLBYTES)
177 return (EIO);
178
179 MGETHDR(m, M_WAIT, MT_DATA);
180 m->m_pkthdr.rcvif = 0;
181 m->m_pkthdr.len = len - hlen;
182
183 if (len > MHLEN) {
184 MCLGET(m, M_WAIT);
185 if ((m->m_flags & M_EXT) == 0) {
186 error = ENOBUFS;
187 goto bad;
188 }
189 }
190 m->m_len = len;
191 *mp = m;
192
193 error = uiomove(mtod(m, caddr_t), len, uio);
194 if (error)
195 goto bad;
196
197 slen = bpf_filter(filter, mtod(m, u_char *), len, len);
198 if (slen < len) {
199 error = EPERM;
200 goto bad;
201 }
202
203 if (m->m_len < hlen) {
204 error = EPERM;
205 goto bad;
206 }
207 /*
208 * Make room for link header, and copy it to sockaddr
209 */
210 if (hlen != 0) {
211 bcopy(m->m_data, sockp->sa_data, hlen);
212 m->m_len -= hlen;
213 m->m_data += hlen; /* XXX */
214 }
215
216 return (0);
217 bad:
218 m_freem(m);
219 return (error);
220 }
221
222 /*
223 * Attach file to the bpf interface, i.e. make d listen on bp.
224 * Must be called at splimp.
225 */
226 void
bpf_attachd(d,bp)227 bpf_attachd(d, bp)
228 struct bpf_d *d;
229 struct bpf_if *bp;
230 {
231 /*
232 * Point d at bp, and add d to the interface's list of listeners.
233 * Finally, point the driver's bpf cookie at the interface so
234 * it will divert packets to bpf.
235 */
236 d->bd_bif = bp;
237 d->bd_next = bp->bif_dlist;
238 bp->bif_dlist = d;
239
240 *bp->bif_driverp = bp;
241 }
242
243 /*
244 * Detach a file from its interface.
245 */
246 void
bpf_detachd(d)247 bpf_detachd(d)
248 struct bpf_d *d;
249 {
250 struct bpf_d **p;
251 struct bpf_if *bp;
252
253 bp = d->bd_bif;
254 /*
255 * Check if this descriptor had requested promiscuous mode.
256 * If so, turn it off.
257 */
258 if (d->bd_promisc) {
259 int error;
260
261 d->bd_promisc = 0;
262 error = ifpromisc(bp->bif_ifp, 0);
263 if (error && !(error == EINVAL || error == ENODEV))
264 /*
265 * Something is really wrong if we were able to put
266 * the driver into promiscuous mode, but can't
267 * take it out.
268 */
269 panic("bpf: ifpromisc failed");
270 }
271 /* Remove d from the interface's descriptor list. */
272 p = &bp->bif_dlist;
273 while (*p != d) {
274 p = &(*p)->bd_next;
275 if (*p == 0)
276 panic("bpf_detachd: descriptor not in list");
277 }
278 *p = (*p)->bd_next;
279 if (bp->bif_dlist == 0)
280 /*
281 * Let the driver know that there are no more listeners.
282 */
283 *d->bd_bif->bif_driverp = 0;
284 d->bd_bif = 0;
285 }
286
287
288 /*
289 * Mark a descriptor free by making it point to itself.
290 * This is probably cheaper than marking with a constant since
291 * the address should be in a register anyway.
292 */
293 #define D_ISFREE(d) ((d) == (d)->bd_next)
294 #define D_MARKFREE(d) ((d)->bd_next = (d))
295 #define D_MARKUSED(d) ((d)->bd_next = 0)
296
297 /*
298 * Reference count access to descriptor buffers
299 */
300 #define D_GET(d) ((d)->bd_ref++)
301 #define D_PUT(d) bpf_freed(d)
302
303 /*
304 * bpfilterattach() is called at boot time in new systems. We do
305 * nothing here since old systems will not call this.
306 */
307 /* ARGSUSED */
308 void
bpfilterattach(n)309 bpfilterattach(n)
310 int n;
311 {
312 LIST_INIT(&bpf_d_list);
313 }
314
315 /*
316 * Open ethernet device. Returns ENXIO for illegal minor device number,
317 * EBUSY if file is open by another process.
318 */
319 /* ARGSUSED */
320 int
bpfopen(dev,flag,mode,p)321 bpfopen(dev, flag, mode, p)
322 dev_t dev;
323 int flag;
324 int mode;
325 struct proc *p;
326 {
327 struct bpf_d *d;
328
329 /* create on demand */
330 if ((d = bpfilter_create(minor(dev))) == NULL)
331 return (ENXIO);
332 /*
333 * Each minor can be opened by only one process. If the requested
334 * minor is in use, return EBUSY.
335 */
336 if (!D_ISFREE(d))
337 return (EBUSY);
338
339 /* Mark "free" and do most initialization. */
340 d->bd_bufsize = bpf_bufsize;
341 d->bd_sig = SIGIO;
342
343 D_GET(d);
344
345 return (0);
346 }
347
348 /*
349 * Close the descriptor by detaching it from its interface,
350 * deallocating its buffers, and marking it free.
351 */
352 /* ARGSUSED */
353 int
bpfclose(dev,flag,mode,p)354 bpfclose(dev, flag, mode, p)
355 dev_t dev;
356 int flag;
357 int mode;
358 struct proc *p;
359 {
360 struct bpf_d *d;
361 int s;
362
363 d = bpfilter_lookup(minor(dev));
364 s = splimp();
365 if (d->bd_bif)
366 bpf_detachd(d);
367 bpf_wakeup(d);
368 D_PUT(d);
369 splx(s);
370
371 return (0);
372 }
373
374 /*
375 * Rotate the packet buffers in descriptor d. Move the store buffer
376 * into the hold slot, and the free buffer into the store slot.
377 * Zero the length of the new store buffer.
378 */
379 #define ROTATE_BUFFERS(d) \
380 (d)->bd_hbuf = (d)->bd_sbuf; \
381 (d)->bd_hlen = (d)->bd_slen; \
382 (d)->bd_sbuf = (d)->bd_fbuf; \
383 (d)->bd_slen = 0; \
384 (d)->bd_fbuf = 0;
385 /*
386 * bpfread - read next chunk of packets from buffers
387 */
388 int
bpfread(dev,uio,ioflag)389 bpfread(dev, uio, ioflag)
390 dev_t dev;
391 struct uio *uio;
392 int ioflag;
393 {
394 struct bpf_d *d;
395 int error;
396 int s;
397
398 d = bpfilter_lookup(minor(dev));
399 if (d->bd_bif == 0)
400 return (ENXIO);
401
402 /*
403 * Restrict application to use a buffer the same size as
404 * as kernel buffers.
405 */
406 if (uio->uio_resid != d->bd_bufsize)
407 return (EINVAL);
408
409 s = splimp();
410
411 D_GET(d);
412
413 /*
414 * bd_rdStart is tagged when we start the read, iff there's a timeout.
415 * we can then figure out when we're done reading.
416 */
417 if (d->bd_rtout != -1 && d->bd_rdStart == 0)
418 d->bd_rdStart = ticks;
419 else
420 d->bd_rdStart = 0;
421
422 /*
423 * If the hold buffer is empty, then do a timed sleep, which
424 * ends when the timeout expires or when enough packets
425 * have arrived to fill the store buffer.
426 */
427 while (d->bd_hbuf == 0) {
428 if (d->bd_bif == NULL) {
429 /* interface is gone */
430 if (d->bd_slen == 0) {
431 D_PUT(d);
432 splx(s);
433 return (EIO);
434 }
435 ROTATE_BUFFERS(d);
436 break;
437 }
438 if (d->bd_immediate && d->bd_slen != 0) {
439 /*
440 * A packet(s) either arrived since the previous
441 * read or arrived while we were asleep.
442 * Rotate the buffers and return what's here.
443 */
444 ROTATE_BUFFERS(d);
445 break;
446 }
447 if ((d->bd_rtout != -1) || (d->bd_rdStart + d->bd_rtout) < ticks) {
448 error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf",
449 d->bd_rtout);
450 } else {
451 if (d->bd_rtout == -1) {
452 /* User requested non-blocking I/O */
453 error = EWOULDBLOCK;
454 } else
455 error = 0;
456 }
457 if (error == EINTR || error == ERESTART) {
458 D_PUT(d);
459 splx(s);
460 return (error);
461 }
462 if (error == EWOULDBLOCK) {
463 /*
464 * On a timeout, return what's in the buffer,
465 * which may be nothing. If there is something
466 * in the store buffer, we can rotate the buffers.
467 */
468 if (d->bd_hbuf)
469 /*
470 * We filled up the buffer in between
471 * getting the timeout and arriving
472 * here, so we don't need to rotate.
473 */
474 break;
475
476 if (d->bd_slen == 0) {
477 D_PUT(d);
478 splx(s);
479 return (0);
480 }
481 ROTATE_BUFFERS(d);
482 break;
483 }
484 }
485 /*
486 * At this point, we know we have something in the hold slot.
487 */
488 splx(s);
489
490 /*
491 * Move data from hold buffer into user space.
492 * We know the entire buffer is transferred since
493 * we checked above that the read buffer is bpf_bufsize bytes.
494 */
495 error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
496
497 s = splimp();
498 d->bd_fbuf = d->bd_hbuf;
499 d->bd_hbuf = 0;
500 d->bd_hlen = 0;
501
502 D_PUT(d);
503 splx(s);
504
505 return (error);
506 }
507
508
509 /*
510 * If there are processes sleeping on this descriptor, wake them up.
511 */
512 static __inline void
bpf_wakeup(d)513 bpf_wakeup(d)
514 struct bpf_d *d;
515 {
516 wakeup((caddr_t)d);
517 if (d->bd_async && d->bd_sig)
518 csignal(d->bd_pgid, d->bd_sig,
519 d->bd_siguid, d->bd_sigeuid);
520
521 selwakeup(&d->bd_sel);
522 /* XXX */
523 d->bd_sel.si_selpid = 0;
524 KNOTE(&d->bd_sel.si_note, 0);
525 }
526
527 int
bpfwrite(dev,uio,ioflag)528 bpfwrite(dev, uio, ioflag)
529 dev_t dev;
530 struct uio *uio;
531 int ioflag;
532 {
533 struct bpf_d *d;
534 struct ifnet *ifp;
535 struct mbuf *m;
536 int error, s;
537 struct sockaddr_storage dst;
538
539 d = bpfilter_lookup(minor(dev));
540 if (d->bd_bif == 0)
541 return (ENXIO);
542
543 ifp = d->bd_bif->bif_ifp;
544
545 if (uio->uio_resid == 0)
546 return (0);
547
548 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m,
549 (struct sockaddr *)&dst, d->bd_wfilter);
550 if (error)
551 return (error);
552
553 if (m->m_pkthdr.len > ifp->if_mtu) {
554 m_freem(m);
555 return (EMSGSIZE);
556 }
557
558 if (d->bd_hdrcmplt)
559 dst.ss_family = pseudo_AF_HDRCMPLT;
560
561 s = splsoftnet();
562 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)&dst,
563 (struct rtentry *)0);
564 splx(s);
565 /*
566 * The driver frees the mbuf.
567 */
568 return (error);
569 }
570
571 /*
572 * Reset a descriptor by flushing its packet buffer and clearing the
573 * receive and drop counts. Should be called at splimp.
574 */
575 void
bpf_reset_d(d)576 bpf_reset_d(d)
577 struct bpf_d *d;
578 {
579 if (d->bd_hbuf) {
580 /* Free the hold buffer. */
581 d->bd_fbuf = d->bd_hbuf;
582 d->bd_hbuf = 0;
583 }
584 d->bd_slen = 0;
585 d->bd_hlen = 0;
586 d->bd_rcount = 0;
587 d->bd_dcount = 0;
588 }
589
590 /*
591 * FIONREAD Check for read packet available.
592 * BIOCGBLEN Get buffer len [for read()].
593 * BIOCSETF Set ethernet read filter.
594 * BIOCFLUSH Flush read packet buffer.
595 * BIOCPROMISC Put interface into promiscuous mode.
596 * BIOCGDLT Get link layer type.
597 * BIOCGETIF Get interface name.
598 * BIOCSETIF Set interface.
599 * BIOCSRTIMEOUT Set read timeout.
600 * BIOCGRTIMEOUT Get read timeout.
601 * BIOCGSTATS Get packet stats.
602 * BIOCIMMEDIATE Set immediate mode.
603 * BIOCVERSION Get filter language version.
604 * BIOCGHDRCMPLT Get "header already complete" flag
605 * BIOCSHDRCMPLT Set "header already complete" flag
606 */
607 /* ARGSUSED */
608 int
bpfioctl(dev,cmd,addr,flag,p)609 bpfioctl(dev, cmd, addr, flag, p)
610 dev_t dev;
611 u_long cmd;
612 caddr_t addr;
613 int flag;
614 struct proc *p;
615 {
616 struct bpf_d *d;
617 int s, error = 0;
618
619 d = bpfilter_lookup(minor(dev));
620 if (d->bd_locked && suser(p, 0) != 0) {
621 /* list of allowed ioctls when locked and not root */
622 switch (cmd) {
623 case BIOCGBLEN:
624 case BIOCFLUSH:
625 case BIOCGDLT:
626 case BIOCGETIF:
627 case BIOCGRTIMEOUT:
628 case BIOCGSTATS:
629 case BIOCVERSION:
630 case BIOCGRSIG:
631 case BIOCGHDRCMPLT:
632 case FIONREAD:
633 case BIOCLOCK:
634 case BIOCSRTIMEOUT:
635 case BIOCIMMEDIATE:
636 case TIOCGPGRP:
637 break;
638 default:
639 return (EPERM);
640 }
641 }
642
643 switch (cmd) {
644
645 default:
646 error = EINVAL;
647 break;
648
649 /*
650 * Check for read packet available.
651 */
652 case FIONREAD:
653 {
654 int n;
655
656 s = splimp();
657 n = d->bd_slen;
658 if (d->bd_hbuf)
659 n += d->bd_hlen;
660 splx(s);
661
662 *(int *)addr = n;
663 break;
664 }
665
666 /*
667 * Get buffer len [for read()].
668 */
669 case BIOCGBLEN:
670 *(u_int *)addr = d->bd_bufsize;
671 break;
672
673 /*
674 * Set buffer length.
675 */
676 case BIOCSBLEN:
677 if (d->bd_bif != 0)
678 error = EINVAL;
679 else {
680 u_int size = *(u_int *)addr;
681
682 if (size > bpf_maxbufsize)
683 *(u_int *)addr = size = bpf_maxbufsize;
684 else if (size < BPF_MINBUFSIZE)
685 *(u_int *)addr = size = BPF_MINBUFSIZE;
686 d->bd_bufsize = size;
687 }
688 break;
689
690 /*
691 * Set link layer read filter.
692 */
693 case BIOCSETF:
694 error = bpf_setf(d, (struct bpf_program *)addr, 0);
695 break;
696
697 /*
698 * Set link layer write filter.
699 */
700 case BIOCSETWF:
701 error = bpf_setf(d, (struct bpf_program *)addr, 1);
702 break;
703
704 /*
705 * Flush read packet buffer.
706 */
707 case BIOCFLUSH:
708 s = splimp();
709 bpf_reset_d(d);
710 splx(s);
711 break;
712
713 /*
714 * Put interface into promiscuous mode.
715 */
716 case BIOCPROMISC:
717 if (d->bd_bif == 0) {
718 /*
719 * No interface attached yet.
720 */
721 error = EINVAL;
722 break;
723 }
724 s = splimp();
725 if (d->bd_promisc == 0) {
726 error = ifpromisc(d->bd_bif->bif_ifp, 1);
727 if (error == 0)
728 d->bd_promisc = 1;
729 }
730 splx(s);
731 break;
732
733 /*
734 * Get device parameters.
735 */
736 case BIOCGDLT:
737 if (d->bd_bif == 0)
738 error = EINVAL;
739 else
740 *(u_int *)addr = d->bd_bif->bif_dlt;
741 break;
742
743 /*
744 * Set interface name.
745 */
746 case BIOCGETIF:
747 if (d->bd_bif == 0)
748 error = EINVAL;
749 else
750 bpf_ifname(d->bd_bif->bif_ifp, (struct ifreq *)addr);
751 break;
752
753 /*
754 * Set interface.
755 */
756 case BIOCSETIF:
757 error = bpf_setif(d, (struct ifreq *)addr);
758 break;
759
760 /*
761 * Set read timeout.
762 */
763 case BIOCSRTIMEOUT:
764 {
765 struct timeval *tv = (struct timeval *)addr;
766
767 /* Compute number of ticks. */
768 d->bd_rtout = tv->tv_sec * hz + tv->tv_usec / tick;
769 if (d->bd_rtout == 0 && tv->tv_usec != 0)
770 d->bd_rtout = 1;
771 break;
772 }
773
774 /*
775 * Get read timeout.
776 */
777 case BIOCGRTIMEOUT:
778 {
779 struct timeval *tv = (struct timeval *)addr;
780
781 tv->tv_sec = d->bd_rtout / hz;
782 tv->tv_usec = (d->bd_rtout % hz) * tick;
783 break;
784 }
785
786 /*
787 * Get packet stats.
788 */
789 case BIOCGSTATS:
790 {
791 struct bpf_stat *bs = (struct bpf_stat *)addr;
792
793 bs->bs_recv = d->bd_rcount;
794 bs->bs_drop = d->bd_dcount;
795 break;
796 }
797
798 /*
799 * Set immediate mode.
800 */
801 case BIOCIMMEDIATE:
802 d->bd_immediate = *(u_int *)addr;
803 break;
804
805 case BIOCVERSION:
806 {
807 struct bpf_version *bv = (struct bpf_version *)addr;
808
809 bv->bv_major = BPF_MAJOR_VERSION;
810 bv->bv_minor = BPF_MINOR_VERSION;
811 break;
812 }
813
814 case BIOCGHDRCMPLT: /* get "header already complete" flag */
815 *(u_int *)addr = d->bd_hdrcmplt;
816 break;
817
818 case BIOCSHDRCMPLT: /* set "header already complete" flag */
819 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
820 break;
821
822 case BIOCLOCK: /* set "locked" flag (no reset) */
823 d->bd_locked = 1;
824 break;
825
826 case FIONBIO: /* Non-blocking I/O */
827 if (*(int *)addr)
828 d->bd_rtout = -1;
829 else
830 d->bd_rtout = 0;
831 break;
832
833 case FIOASYNC: /* Send signal on receive packets */
834 d->bd_async = *(int *)addr;
835 break;
836
837 /*
838 * N.B. ioctl (FIOSETOWN) and fcntl (F_SETOWN) both end up doing
839 * the equivalent of a TIOCSPGRP and hence end up here. *However*
840 * TIOCSPGRP's arg is a process group if it's positive and a process
841 * id if it's negative. This is exactly the opposite of what the
842 * other two functions want! Therefore there is code in ioctl and
843 * fcntl to negate the arg before calling here.
844 */
845 case TIOCSPGRP: /* Process or group to send signals to */
846 d->bd_pgid = *(int *)addr;
847 d->bd_siguid = p->p_cred->p_ruid;
848 d->bd_sigeuid = p->p_ucred->cr_uid;
849 break;
850
851 case TIOCGPGRP:
852 *(int *)addr = d->bd_pgid;
853 break;
854
855 case BIOCSRSIG: /* Set receive signal */
856 {
857 u_int sig;
858
859 sig = *(u_int *)addr;
860
861 if (sig >= NSIG)
862 error = EINVAL;
863 else
864 d->bd_sig = sig;
865 break;
866 }
867 case BIOCGRSIG:
868 *(u_int *)addr = d->bd_sig;
869 break;
870 }
871 return (error);
872 }
873
874 /*
875 * Set d's packet filter program to fp. If this file already has a filter,
876 * free it and replace it. Returns EINVAL for bogus requests.
877 */
878 int
bpf_setf(d,fp,wf)879 bpf_setf(d, fp, wf)
880 struct bpf_d *d;
881 struct bpf_program *fp;
882 int wf;
883 {
884 struct bpf_insn *fcode, *old;
885 u_int flen, size;
886 int s;
887
888 old = wf ? d->bd_wfilter : d->bd_rfilter;
889 if (fp->bf_insns == 0) {
890 if (fp->bf_len != 0)
891 return (EINVAL);
892 s = splimp();
893 if (wf)
894 d->bd_wfilter = 0;
895 else
896 d->bd_rfilter = 0;
897 bpf_reset_d(d);
898 splx(s);
899 if (old != 0)
900 free((caddr_t)old, M_DEVBUF);
901 return (0);
902 }
903 flen = fp->bf_len;
904 if (flen > BPF_MAXINSNS)
905 return (EINVAL);
906
907 size = flen * sizeof(*fp->bf_insns);
908 fcode = (struct bpf_insn *)malloc(size, M_DEVBUF, M_WAITOK);
909 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
910 bpf_validate(fcode, (int)flen)) {
911 s = splimp();
912 if (wf)
913 d->bd_wfilter = fcode;
914 else
915 d->bd_rfilter = fcode;
916 bpf_reset_d(d);
917 splx(s);
918 if (old != 0)
919 free((caddr_t)old, M_DEVBUF);
920
921 return (0);
922 }
923 free((caddr_t)fcode, M_DEVBUF);
924 return (EINVAL);
925 }
926
927 /*
928 * Detach a file from its current interface (if attached at all) and attach
929 * to the interface indicated by the name stored in ifr.
930 * Return an errno or 0.
931 */
932 int
bpf_setif(d,ifr)933 bpf_setif(d, ifr)
934 struct bpf_d *d;
935 struct ifreq *ifr;
936 {
937 struct bpf_if *bp;
938 char *cp;
939 int unit_seen, i, s, error;
940
941 /*
942 * Make sure the provided name has a unit number, and default
943 * it to '0' if not specified.
944 * XXX This is ugly ... do this differently?
945 */
946 unit_seen = 0;
947 cp = ifr->ifr_name;
948 cp[sizeof(ifr->ifr_name) - 1] = '\0'; /* sanity */
949 while (*cp++)
950 if (*cp >= '0' && *cp <= '9')
951 unit_seen = 1;
952 if (!unit_seen) {
953 /* Make sure to leave room for the '\0'. */
954 for (i = 0; i < (IFNAMSIZ - 1); ++i) {
955 if ((ifr->ifr_name[i] >= 'a' &&
956 ifr->ifr_name[i] <= 'z') ||
957 (ifr->ifr_name[i] >= 'A' &&
958 ifr->ifr_name[i] <= 'Z'))
959 continue;
960 ifr->ifr_name[i] = '0';
961 }
962 }
963
964 /*
965 * Look through attached interfaces for the named one.
966 */
967 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
968 struct ifnet *ifp = bp->bif_ifp;
969
970 if (ifp == 0 ||
971 strcmp(ifp->if_xname, ifr->ifr_name) != 0)
972 continue;
973 /*
974 * We found the requested interface.
975 * If it's not up, return an error.
976 * Allocate the packet buffers if we need to.
977 * If we're already attached to requested interface,
978 * just flush the buffer.
979 */
980 if ((ifp->if_flags & IFF_UP) == 0)
981 return (ENETDOWN);
982
983 if (d->bd_sbuf == 0) {
984 error = bpf_allocbufs(d);
985 if (error != 0)
986 return (error);
987 }
988 s = splimp();
989 if (bp != d->bd_bif) {
990 if (d->bd_bif)
991 /*
992 * Detach if attached to something else.
993 */
994 bpf_detachd(d);
995
996 bpf_attachd(d, bp);
997 }
998 bpf_reset_d(d);
999 splx(s);
1000 return (0);
1001 }
1002 /* Not found. */
1003 return (ENXIO);
1004 }
1005
1006 /*
1007 * Copy the interface name to the ifreq.
1008 */
1009 void
bpf_ifname(ifp,ifr)1010 bpf_ifname(ifp, ifr)
1011 struct ifnet *ifp;
1012 struct ifreq *ifr;
1013 {
1014 bcopy(ifp->if_xname, ifr->ifr_name, IFNAMSIZ);
1015 }
1016
1017 /*
1018 * Support for poll() system call
1019 */
1020 int
bpfpoll(dev,events,p)1021 bpfpoll(dev, events, p)
1022 dev_t dev;
1023 int events;
1024 struct proc *p;
1025 {
1026 struct bpf_d *d;
1027 int s, revents;
1028
1029 revents = events & (POLLIN | POLLRDNORM);
1030 if (revents == 0)
1031 return (0); /* only support reading */
1032
1033 /*
1034 * An imitation of the FIONREAD ioctl code.
1035 */
1036 d = bpfilter_lookup(minor(dev));
1037 s = splimp();
1038 if (d->bd_hlen == 0 && (!d->bd_immediate || d->bd_slen == 0)) {
1039 revents = 0; /* no data waiting */
1040 /*
1041 * if there's a timeout, mark the time we started waiting.
1042 */
1043 if (d->bd_rtout != -1 && d->bd_rdStart == 0)
1044 d->bd_rdStart = ticks;
1045 selrecord(p, &d->bd_sel);
1046 }
1047 splx(s);
1048 return (revents);
1049 }
1050
1051 struct filterops bpfread_filtops =
1052 { 1, NULL, filt_bpfrdetach, filt_bpfread };
1053
1054 int
bpfkqfilter(dev_t dev,struct knote * kn)1055 bpfkqfilter(dev_t dev,struct knote *kn)
1056 {
1057 struct bpf_d *d;
1058 struct klist *klist;
1059 int s;
1060
1061 d = bpfilter_lookup(minor(dev));
1062 switch (kn->kn_filter) {
1063 case EVFILT_READ:
1064 klist = &d->bd_sel.si_note;
1065 kn->kn_fop = &bpfread_filtops;
1066 break;
1067 case EVFILT_WRITE:
1068 default:
1069 return (1);
1070 }
1071
1072 kn->kn_hook = (caddr_t)((u_long)dev);
1073
1074 s = splimp();
1075 SLIST_INSERT_HEAD(klist, kn, kn_selnext);
1076 splx(s);
1077
1078 return (0);
1079 }
1080
1081 void
filt_bpfrdetach(struct knote * kn)1082 filt_bpfrdetach(struct knote *kn)
1083 {
1084 dev_t dev = (dev_t)((u_long)kn->kn_hook);
1085 struct bpf_d *d;
1086 int s = splimp();
1087
1088 d = bpfilter_lookup(minor(dev));
1089 SLIST_REMOVE(&d->bd_sel.si_note, kn, knote, kn_selnext);
1090 splx(s);
1091 }
1092
1093 int
filt_bpfread(struct knote * kn,long hint)1094 filt_bpfread(struct knote *kn, long hint)
1095 {
1096 dev_t dev = (dev_t)((u_long)kn->kn_hook);
1097 struct bpf_d *d;
1098 int res, s;
1099
1100 kn->kn_data = 0;
1101
1102 d = bpfilter_lookup(minor(dev));
1103 s = splimp();
1104 res = d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0);
1105 splx(s);
1106 return (res);
1107 }
1108
1109 /*
1110 * Incoming linkage from device drivers. Process the packet pkt, of length
1111 * pktlen, which is stored in a contiguous buffer. The packet is parsed
1112 * by each process' filter, and if accepted, stashed into the corresponding
1113 * buffer.
1114 */
1115 void
bpf_tap(arg,pkt,pktlen)1116 bpf_tap(arg, pkt, pktlen)
1117 caddr_t arg;
1118 u_char *pkt;
1119 u_int pktlen;
1120 {
1121 struct bpf_if *bp;
1122 struct bpf_d *d;
1123 size_t slen;
1124 /*
1125 * Note that the ipl does not have to be raised at this point.
1126 * The only problem that could arise here is that if two different
1127 * interfaces shared any data. This is not the case.
1128 */
1129 bp = (struct bpf_if *)arg;
1130 for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1131 ++d->bd_rcount;
1132 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
1133 if (slen != 0)
1134 bpf_catchpacket(d, pkt, pktlen, slen, bcopy);
1135 }
1136 }
1137
1138 /*
1139 * Copy data from an mbuf chain into a buffer. This code is derived
1140 * from m_copydata in sys/uipc_mbuf.c.
1141 */
1142 void
bpf_mcopy(src_arg,dst_arg,len)1143 bpf_mcopy(src_arg, dst_arg, len)
1144 const void *src_arg;
1145 void *dst_arg;
1146 size_t len;
1147 {
1148 const struct mbuf *m;
1149 u_int count;
1150 u_char *dst;
1151
1152 m = src_arg;
1153 dst = dst_arg;
1154 while (len > 0) {
1155 if (m == 0)
1156 panic("bpf_mcopy");
1157 count = min(m->m_len, len);
1158 bcopy(mtod(m, caddr_t), (caddr_t)dst, count);
1159 m = m->m_next;
1160 dst += count;
1161 len -= count;
1162 }
1163 }
1164
1165 /*
1166 * Incoming linkage from device drivers, when packet is in an mbuf chain.
1167 */
1168 void
bpf_mtap(arg,m)1169 bpf_mtap(arg, m)
1170 caddr_t arg;
1171 struct mbuf *m;
1172 {
1173 struct bpf_if *bp = (struct bpf_if *)arg;
1174 struct bpf_d *d;
1175 size_t pktlen, slen;
1176 struct mbuf *m0;
1177
1178 if (m == NULL)
1179 return;
1180
1181 pktlen = 0;
1182 for (m0 = m; m0 != 0; m0 = m0->m_next)
1183 pktlen += m0->m_len;
1184
1185 for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1186 ++d->bd_rcount;
1187 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
1188 if (slen != 0)
1189 bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1190 }
1191 }
1192
1193 /*
1194 * Move the packet data from interface memory (pkt) into the
1195 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
1196 * otherwise 0. "copy" is the routine called to do the actual data
1197 * transfer. bcopy is passed in to copy contiguous chunks, while
1198 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1199 * pkt is really an mbuf.
1200 */
1201 void
bpf_catchpacket(d,pkt,pktlen,snaplen,cpfn)1202 bpf_catchpacket(d, pkt, pktlen, snaplen, cpfn)
1203 struct bpf_d *d;
1204 u_char *pkt;
1205 size_t pktlen, snaplen;
1206 void (*cpfn)(const void *, void *, size_t);
1207 {
1208 struct bpf_hdr *hp;
1209 int totlen, curlen;
1210 int hdrlen = d->bd_bif->bif_hdrlen;
1211 struct timeval tv;
1212
1213 /*
1214 * Figure out how many bytes to move. If the packet is
1215 * greater or equal to the snapshot length, transfer that
1216 * much. Otherwise, transfer the whole packet (unless
1217 * we hit the buffer size limit).
1218 */
1219 totlen = hdrlen + min(snaplen, pktlen);
1220 if (totlen > d->bd_bufsize)
1221 totlen = d->bd_bufsize;
1222
1223 /*
1224 * Round up the end of the previous packet to the next longword.
1225 */
1226 curlen = BPF_WORDALIGN(d->bd_slen);
1227 if (curlen + totlen > d->bd_bufsize) {
1228 /*
1229 * This packet will overflow the storage buffer.
1230 * Rotate the buffers if we can, then wakeup any
1231 * pending reads.
1232 */
1233 if (d->bd_fbuf == 0) {
1234 /*
1235 * We haven't completed the previous read yet,
1236 * so drop the packet.
1237 */
1238 ++d->bd_dcount;
1239 return;
1240 }
1241 ROTATE_BUFFERS(d);
1242 bpf_wakeup(d);
1243 curlen = 0;
1244 }
1245
1246 /*
1247 * Append the bpf header.
1248 */
1249 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1250 microtime(&tv);
1251 hp->bh_tstamp.tv_sec = tv.tv_sec;
1252 hp->bh_tstamp.tv_usec = tv.tv_usec;
1253 hp->bh_datalen = pktlen;
1254 hp->bh_hdrlen = hdrlen;
1255 /*
1256 * Copy the packet data into the store buffer and update its length.
1257 */
1258 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1259 d->bd_slen = curlen + totlen;
1260
1261 if (d->bd_immediate) {
1262 /*
1263 * Immediate mode is set. A packet arrived so any
1264 * reads should be woken up.
1265 */
1266 bpf_wakeup(d);
1267 }
1268
1269 if (d->bd_rdStart && (d->bd_rtout + d->bd_rdStart < ticks)) {
1270 /*
1271 * we could be selecting on the bpf, and we
1272 * may have timeouts set. We got here by getting
1273 * a packet, so wake up the reader.
1274 */
1275 if (d->bd_fbuf) {
1276 d->bd_rdStart = 0;
1277 ROTATE_BUFFERS(d);
1278 bpf_wakeup(d);
1279 curlen = 0;
1280 }
1281 }
1282 }
1283
1284 /*
1285 * Initialize all nonzero fields of a descriptor.
1286 */
1287 int
bpf_allocbufs(d)1288 bpf_allocbufs(d)
1289 struct bpf_d *d;
1290 {
1291 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT);
1292 if (d->bd_fbuf == NULL)
1293 return (ENOBUFS);
1294 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_DEVBUF, M_NOWAIT);
1295 if (d->bd_sbuf == NULL) {
1296 free(d->bd_fbuf, M_DEVBUF);
1297 return (ENOBUFS);
1298 }
1299 d->bd_slen = 0;
1300 d->bd_hlen = 0;
1301 return (0);
1302 }
1303
1304 /*
1305 * Free buffers currently in use by a descriptor
1306 * when the reference count drops to zero.
1307 */
1308 void
bpf_freed(d)1309 bpf_freed(d)
1310 struct bpf_d *d;
1311 {
1312 if (--d->bd_ref > 0)
1313 return;
1314
1315 if (d->bd_sbuf != 0) {
1316 free(d->bd_sbuf, M_DEVBUF);
1317 if (d->bd_hbuf != 0)
1318 free(d->bd_hbuf, M_DEVBUF);
1319 if (d->bd_fbuf != 0)
1320 free(d->bd_fbuf, M_DEVBUF);
1321 }
1322 if (d->bd_rfilter)
1323 free((caddr_t)d->bd_rfilter, M_DEVBUF);
1324 if (d->bd_wfilter)
1325 free((caddr_t)d->bd_wfilter, M_DEVBUF);
1326
1327 bpfilter_destroy(d);
1328 }
1329
1330 /*
1331 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
1332 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
1333 * size of the link header (variable length headers not yet supported).
1334 */
1335 void
bpfattach(driverp,ifp,dlt,hdrlen)1336 bpfattach(driverp, ifp, dlt, hdrlen)
1337 caddr_t *driverp;
1338 struct ifnet *ifp;
1339 u_int dlt, hdrlen;
1340 {
1341 struct bpf_if *bp;
1342 bp = (struct bpf_if *)malloc(sizeof(*bp), M_DEVBUF, M_DONTWAIT);
1343
1344 if (bp == 0)
1345 panic("bpfattach");
1346
1347 bp->bif_dlist = 0;
1348 bp->bif_driverp = (struct bpf_if **)driverp;
1349 bp->bif_ifp = ifp;
1350 bp->bif_dlt = dlt;
1351
1352 bp->bif_next = bpf_iflist;
1353 bpf_iflist = bp;
1354
1355 *bp->bif_driverp = 0;
1356
1357 /*
1358 * Compute the length of the bpf header. This is not necessarily
1359 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1360 * that the network layer header begins on a longword boundary (for
1361 * performance reasons and to alleviate alignment restrictions).
1362 */
1363 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1364 }
1365
1366 /* Detach an interface from its attached bpf device. */
1367 void
bpfdetach(ifp)1368 bpfdetach(ifp)
1369 struct ifnet *ifp;
1370 {
1371 struct bpf_if *bp, *nbp, **pbp = &bpf_iflist;
1372 struct bpf_d *bd;
1373 int maj;
1374
1375 for (bp = bpf_iflist; bp; bp = nbp) {
1376 nbp= bp->bif_next;
1377 if (bp->bif_ifp == ifp) {
1378 *pbp = nbp;
1379
1380 /* Locate the major number. */
1381 for (maj = 0; maj < nchrdev; maj++)
1382 if (cdevsw[maj].d_open == bpfopen)
1383 break;
1384
1385 for (bd = bp->bif_dlist; bd; bd = bp->bif_dlist) {
1386 struct bpf_d *d;
1387
1388 /*
1389 * Locate the minor number and nuke the vnode
1390 * for any open instance.
1391 */
1392 LIST_FOREACH(d, &bpf_d_list, bd_list)
1393 if (d == bd) {
1394 vdevgone(maj, d->bd_unit,
1395 d->bd_unit, VCHR);
1396 break;
1397 }
1398 }
1399
1400 free(bp, M_DEVBUF);
1401 } else
1402 pbp = &bp->bif_next;
1403 }
1404 ifp->if_bpf = NULL;
1405 }
1406
1407 int
bpf_sysctl(int * name,u_int namelen,void * oldp,size_t * oldlenp,void * newp,size_t newlen)1408 bpf_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
1409 size_t newlen)
1410 {
1411 int newval;
1412 int error;
1413
1414 if (namelen != 1)
1415 return (ENOTDIR);
1416
1417 switch (name[0]) {
1418 case NET_BPF_BUFSIZE:
1419 newval = bpf_bufsize;
1420 error = sysctl_int(oldp, oldlenp, newp, newlen, &newval);
1421 if (error)
1422 return (error);
1423 if (newval < BPF_MINBUFSIZE || newval > bpf_maxbufsize)
1424 return (EINVAL);
1425 bpf_bufsize = newval;
1426 break;
1427 case NET_BPF_MAXBUFSIZE:
1428 newval = bpf_maxbufsize;
1429 error = sysctl_int(oldp, oldlenp, newp, newlen, &newval);
1430 if (error)
1431 return (error);
1432 if (newval < BPF_MINBUFSIZE)
1433 return (EINVAL);
1434 bpf_maxbufsize = newval;
1435 break;
1436 default:
1437 return (EOPNOTSUPP);
1438 }
1439 return (0);
1440 }
1441
1442 struct bpf_d *
bpfilter_lookup(int unit)1443 bpfilter_lookup(int unit)
1444 {
1445 struct bpf_d *bd;
1446
1447 LIST_FOREACH(bd, &bpf_d_list, bd_list)
1448 if (bd->bd_unit == unit)
1449 return (bd);
1450 return (NULL);
1451 }
1452
1453 struct bpf_d *
bpfilter_create(int unit)1454 bpfilter_create(int unit)
1455 {
1456 struct bpf_d *bd;
1457
1458 if ((bd = bpfilter_lookup(unit)) != NULL)
1459 return (bd);
1460 if ((bd = malloc(sizeof(*bd), M_DEVBUF, M_NOWAIT)) != NULL) {
1461 bzero(bd, sizeof(*bd));
1462 bd->bd_unit = unit;
1463 D_MARKFREE(bd);
1464 LIST_INSERT_HEAD(&bpf_d_list, bd, bd_list);
1465 }
1466 return (bd);
1467 }
1468
1469 void
bpfilter_destroy(struct bpf_d * bd)1470 bpfilter_destroy(struct bpf_d *bd)
1471 {
1472 LIST_REMOVE(bd, bd_list);
1473 free(bd, M_DEVBUF);
1474 }
1475