[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/net/bpf.c

Version: -  FREEBSD  -  FREEBSD8  -  FREEBSD7  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  OPENSOLARIS  -  minix-3-1-1  -  FREEBSD-LIBC  -  FREEBSD7-LIBC  -  FREEBSD6-LIBC  -  GLIBC27 
SearchContext: -  none  -  excerpts  -  bigexcerpts 

    1 /*-
    2  * Copyright (c) 1990, 1991, 1993
    3  *      The Regents of the University of California.  All rights reserved.
    4  *
    5  * This code is derived from the Stanford/CMU enet packet filter,
    6  * (net/enet.c) distributed as part of 4.3BSD, and code contributed
    7  * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
    8  * Berkeley Laboratory.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 4. Neither the name of the University nor the names of its contributors
   19  *    may be used to endorse or promote products derived from this software
   20  *    without specific prior written permission.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  *      @(#)bpf.c       8.4 (Berkeley) 1/9/95
   35  */
   36 
   37 #include <sys/cdefs.h>
   38 __FBSDID("$FreeBSD: head/sys/net/bpf.c 198417 2009-10-23 17:26:29Z rwatson $");
   39 
   40 #include "opt_bpf.h"
   41 #include "opt_netgraph.h"
   42 
   43 #include <sys/types.h>
   44 #include <sys/param.h>
   45 #include <sys/systm.h>
   46 #include <sys/conf.h>
   47 #include <sys/fcntl.h>
   48 #include <sys/jail.h>
   49 #include <sys/malloc.h>
   50 #include <sys/mbuf.h>
   51 #include <sys/time.h>
   52 #include <sys/priv.h>
   53 #include <sys/proc.h>
   54 #include <sys/signalvar.h>
   55 #include <sys/filio.h>
   56 #include <sys/sockio.h>
   57 #include <sys/ttycom.h>
   58 #include <sys/uio.h>
   59 
   60 #include <sys/event.h>
   61 #include <sys/file.h>
   62 #include <sys/poll.h>
   63 #include <sys/proc.h>
   64 
   65 #include <sys/socket.h>
   66 
   67 #include <net/if.h>
   68 #include <net/bpf.h>
   69 #include <net/bpf_buffer.h>
   70 #ifdef BPF_JITTER
   71 #include <net/bpf_jitter.h>
   72 #endif
   73 #include <net/bpf_zerocopy.h>
   74 #include <net/bpfdesc.h>
   75 #include <net/vnet.h>
   76 
   77 #include <netinet/in.h>
   78 #include <netinet/if_ether.h>
   79 #include <sys/kernel.h>
   80 #include <sys/sysctl.h>
   81 
   82 #include <net80211/ieee80211_freebsd.h>
   83 
   84 #include <security/mac/mac_framework.h>
   85 
   86 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
   87 
   88 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
   89 
   90 #define PRINET  26                      /* interruptible */
   91 
   92 /*
   93  * bpf_iflist is a list of BPF interface structures, each corresponding to a
   94  * specific DLT.  The same network interface might have several BPF interface
   95  * structures registered by different layers in the stack (i.e., 802.11
   96  * frames, ethernet frames, etc).
   97  */
   98 static LIST_HEAD(, bpf_if)      bpf_iflist;
   99 static struct mtx       bpf_mtx;                /* bpf global lock */
  100 static int              bpf_bpfd_cnt;
  101 
  102 static void     bpf_attachd(struct bpf_d *, struct bpf_if *);
  103 static void     bpf_detachd(struct bpf_d *);
  104 static void     bpf_freed(struct bpf_d *);
  105 static int      bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **,
  106                     struct sockaddr *, int *, struct bpf_insn *);
  107 static int      bpf_setif(struct bpf_d *, struct ifreq *);
  108 static void     bpf_timed_out(void *);
  109 static __inline void
  110                 bpf_wakeup(struct bpf_d *);
  111 static void     catchpacket(struct bpf_d *, u_char *, u_int, u_int,
  112                     void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int),
  113                     struct timeval *);
  114 static void     reset_d(struct bpf_d *);
  115 static int       bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
  116 static int      bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
  117 static int      bpf_setdlt(struct bpf_d *, u_int);
  118 static void     filt_bpfdetach(struct knote *);
  119 static int      filt_bpfread(struct knote *, long);
  120 static void     bpf_drvinit(void *);
  121 static int      bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
  122 
  123 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
  124 int bpf_maxinsns = BPF_MAXINSNS;
  125 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
  126     &bpf_maxinsns, 0, "Maximum bpf program instructions");
  127 static int bpf_zerocopy_enable = 0;
  128 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW,
  129     &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions");
  130 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW,
  131     bpf_stats_sysctl, "bpf statistics portal");
  132 
  133 static  d_open_t        bpfopen;
  134 static  d_read_t        bpfread;
  135 static  d_write_t       bpfwrite;
  136 static  d_ioctl_t       bpfioctl;
  137 static  d_poll_t        bpfpoll;
  138 static  d_kqfilter_t    bpfkqfilter;
  139 
  140 static struct cdevsw bpf_cdevsw = {
  141         .d_version =    D_VERSION,
  142         .d_open =       bpfopen,
  143         .d_read =       bpfread,
  144         .d_write =      bpfwrite,
  145         .d_ioctl =      bpfioctl,
  146         .d_poll =       bpfpoll,
  147         .d_name =       "bpf",
  148         .d_kqfilter =   bpfkqfilter,
  149 };
  150 
  151 static struct filterops bpfread_filtops = {
  152         .f_isfd = 1,
  153         .f_detach = filt_bpfdetach,
  154         .f_event = filt_bpfread,
  155 };
  156 
  157 /*
  158  * Wrapper functions for various buffering methods.  If the set of buffer
  159  * modes expands, we will probably want to introduce a switch data structure
  160  * similar to protosw, et.
  161  */
  162 static void
  163 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
  164     u_int len)
  165 {
  166 
  167         BPFD_LOCK_ASSERT(d);
  168 
  169         switch (d->bd_bufmode) {
  170         case BPF_BUFMODE_BUFFER:
  171                 return (bpf_buffer_append_bytes(d, buf, offset, src, len));
  172 
  173         case BPF_BUFMODE_ZBUF:
  174                 d->bd_zcopy++;
  175                 return (bpf_zerocopy_append_bytes(d, buf, offset, src, len));
  176 
  177         default:
  178                 panic("bpf_buf_append_bytes");
  179         }
  180 }
  181 
  182 static void
  183 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
  184     u_int len)
  185 {
  186 
  187         BPFD_LOCK_ASSERT(d);
  188 
  189         switch (d->bd_bufmode) {
  190         case BPF_BUFMODE_BUFFER:
  191                 return (bpf_buffer_append_mbuf(d, buf, offset, src, len));
  192 
  193         case BPF_BUFMODE_ZBUF:
  194                 d->bd_zcopy++;
  195                 return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len));
  196 
  197         default:
  198                 panic("bpf_buf_append_mbuf");
  199         }
  200 }
  201 
  202 /*
  203  * This function gets called when the free buffer is re-assigned.
  204  */
  205 static void
  206 bpf_buf_reclaimed(struct bpf_d *d)
  207 {
  208 
  209         BPFD_LOCK_ASSERT(d);
  210 
  211         switch (d->bd_bufmode) {
  212         case BPF_BUFMODE_BUFFER:
  213                 return;
  214 
  215         case BPF_BUFMODE_ZBUF:
  216                 bpf_zerocopy_buf_reclaimed(d);
  217                 return;
  218 
  219         default:
  220                 panic("bpf_buf_reclaimed");
  221         }
  222 }
  223 
  224 /*
  225  * If the buffer mechanism has a way to decide that a held buffer can be made
  226  * free, then it is exposed via the bpf_canfreebuf() interface.  (1) is
  227  * returned if the buffer can be discarded, (0) is returned if it cannot.
  228  */
  229 static int
  230 bpf_canfreebuf(struct bpf_d *d)
  231 {
  232 
  233         BPFD_LOCK_ASSERT(d);
  234 
  235         switch (d->bd_bufmode) {
  236         case BPF_BUFMODE_ZBUF:
  237                 return (bpf_zerocopy_canfreebuf(d));
  238         }
  239         return (0);
  240 }
  241 
  242 /*
  243  * Allow the buffer model to indicate that the current store buffer is
  244  * immutable, regardless of the appearance of space.  Return (1) if the
  245  * buffer is writable, and (0) if not.
  246  */
  247 static int
  248 bpf_canwritebuf(struct bpf_d *d)
  249 {
  250 
  251         BPFD_LOCK_ASSERT(d);
  252 
  253         switch (d->bd_bufmode) {
  254         case BPF_BUFMODE_ZBUF:
  255                 return (bpf_zerocopy_canwritebuf(d));
  256         }
  257         return (1);
  258 }
  259 
  260 /*
  261  * Notify buffer model that an attempt to write to the store buffer has
  262  * resulted in a dropped packet, in which case the buffer may be considered
  263  * full.
  264  */
  265 static void
  266 bpf_buffull(struct bpf_d *d)
  267 {
  268 
  269         BPFD_LOCK_ASSERT(d);
  270 
  271         switch (d->bd_bufmode) {
  272         case BPF_BUFMODE_ZBUF:
  273                 bpf_zerocopy_buffull(d);
  274                 break;
  275         }
  276 }
  277 
  278 /*
  279  * Notify the buffer model that a buffer has moved into the hold position.
  280  */
  281 void
  282 bpf_bufheld(struct bpf_d *d)
  283 {
  284 
  285         BPFD_LOCK_ASSERT(d);
  286 
  287         switch (d->bd_bufmode) {
  288         case BPF_BUFMODE_ZBUF:
  289                 bpf_zerocopy_bufheld(d);
  290                 break;
  291         }
  292 }
  293 
  294 static void
  295 bpf_free(struct bpf_d *d)
  296 {
  297 
  298         switch (d->bd_bufmode) {
  299         case BPF_BUFMODE_BUFFER:
  300                 return (bpf_buffer_free(d));
  301 
  302         case BPF_BUFMODE_ZBUF:
  303                 return (bpf_zerocopy_free(d));
  304 
  305         default:
  306                 panic("bpf_buf_free");
  307         }
  308 }
  309 
  310 static int
  311 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio)
  312 {
  313 
  314         if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
  315                 return (EOPNOTSUPP);
  316         return (bpf_buffer_uiomove(d, buf, len, uio));
  317 }
  318 
  319 static int
  320 bpf_ioctl_sblen(struct bpf_d *d, u_int *i)
  321 {
  322 
  323         if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
  324                 return (EOPNOTSUPP);
  325         return (bpf_buffer_ioctl_sblen(d, i));
  326 }
  327 
  328 static int
  329 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i)
  330 {
  331 
  332         if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
  333                 return (EOPNOTSUPP);
  334         return (bpf_zerocopy_ioctl_getzmax(td, d, i));
  335 }
  336 
  337 static int
  338 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
  339 {
  340 
  341         if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
  342                 return (EOPNOTSUPP);
  343         return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz));
  344 }
  345 
  346 static int
  347 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
  348 {
  349 
  350         if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
  351                 return (EOPNOTSUPP);
  352         return (bpf_zerocopy_ioctl_setzbuf(td, d, bz));
  353 }
  354 
  355 /*
  356  * General BPF functions.
  357  */
  358 static int
  359 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
  360     struct sockaddr *sockp, int *hdrlen, struct bpf_insn *wfilter)
  361 {
  362         const struct ieee80211_bpf_params *p;
  363         struct ether_header *eh;
  364         struct mbuf *m;
  365         int error;
  366         int len;
  367         int hlen;
  368         int slen;
  369 
  370         /*
  371          * Build a sockaddr based on the data link layer type.
  372          * We do this at this level because the ethernet header
  373          * is copied directly into the data field of the sockaddr.
  374          * In the case of SLIP, there is no header and the packet
  375          * is forwarded as is.
  376          * Also, we are careful to leave room at the front of the mbuf
  377          * for the link level header.
  378          */
  379         switch (linktype) {
  380 
  381         case DLT_SLIP:
  382                 sockp->sa_family = AF_INET;
  383                 hlen = 0;
  384                 break;
  385 
  386         case DLT_EN10MB:
  387                 sockp->sa_family = AF_UNSPEC;
  388                 /* XXX Would MAXLINKHDR be better? */
  389                 hlen = ETHER_HDR_LEN;
  390                 break;
  391 
  392         case DLT_FDDI:
  393                 sockp->sa_family = AF_IMPLINK;
  394                 hlen = 0;
  395                 break;
  396 
  397         case DLT_RAW:
  398                 sockp->sa_family = AF_UNSPEC;
  399                 hlen = 0;
  400                 break;
  401 
  402         case DLT_NULL:
  403                 /*
  404                  * null interface types require a 4 byte pseudo header which
  405                  * corresponds to the address family of the packet.
  406                  */
  407                 sockp->sa_family = AF_UNSPEC;
  408                 hlen = 4;
  409                 break;
  410 
  411         case DLT_ATM_RFC1483:
  412                 /*
  413                  * en atm driver requires 4-byte atm pseudo header.
  414                  * though it isn't standard, vpi:vci needs to be
  415                  * specified anyway.
  416                  */
  417                 sockp->sa_family = AF_UNSPEC;
  418                 hlen = 12;      /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
  419                 break;
  420 
  421         case DLT_PPP:
  422                 sockp->sa_family = AF_UNSPEC;
  423                 hlen = 4;       /* This should match PPP_HDRLEN */
  424                 break;
  425 
  426         case DLT_IEEE802_11:            /* IEEE 802.11 wireless */
  427                 sockp->sa_family = AF_IEEE80211;
  428                 hlen = 0;
  429                 break;
  430 
  431         case DLT_IEEE802_11_RADIO:      /* IEEE 802.11 wireless w/ phy params */
  432                 sockp->sa_family = AF_IEEE80211;
  433                 sockp->sa_len = 12;     /* XXX != 0 */
  434                 hlen = sizeof(struct ieee80211_bpf_params);
  435                 break;
  436 
  437         default:
  438                 return (EIO);
  439         }
  440 
  441         len = uio->uio_resid;
  442 
  443         if (len - hlen > ifp->if_mtu)
  444                 return (EMSGSIZE);
  445 
  446         if ((unsigned)len > MJUM16BYTES)
  447                 return (EIO);
  448 
  449         if (len <= MHLEN)
  450                 MGETHDR(m, M_WAIT, MT_DATA);
  451         else if (len <= MCLBYTES)
  452                 m = m_getcl(M_WAIT, MT_DATA, M_PKTHDR);
  453         else
  454                 m = m_getjcl(M_WAIT, MT_DATA, M_PKTHDR,
  455 #if (MJUMPAGESIZE > MCLBYTES)
  456                     len <= MJUMPAGESIZE ? MJUMPAGESIZE :
  457 #endif
  458                     (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
  459         m->m_pkthdr.len = m->m_len = len;
  460         m->m_pkthdr.rcvif = NULL;
  461         *mp = m;
  462 
  463         if (m->m_len < hlen) {
  464                 error = EPERM;
  465                 goto bad;
  466         }
  467 
  468         error = uiomove(mtod(m, u_char *), len, uio);
  469         if (error)
  470                 goto bad;
  471 
  472         slen = bpf_filter(wfilter, mtod(m, u_char *), len, len);
  473         if (slen == 0) {
  474                 error = EPERM;
  475                 goto bad;
  476         }
  477 
  478         /* Check for multicast destination */
  479         switch (linktype) {
  480         case DLT_EN10MB:
  481                 eh = mtod(m, struct ether_header *);
  482                 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
  483                         if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
  484                             ETHER_ADDR_LEN) == 0)
  485                                 m->m_flags |= M_BCAST;
  486                         else
  487                                 m->m_flags |= M_MCAST;
  488                 }
  489                 break;
  490         }
  491 
  492         /*
  493          * Make room for link header, and copy it to sockaddr
  494          */
  495         if (hlen != 0) {
  496                 if (sockp->sa_family == AF_IEEE80211) {
  497                         /*
  498                          * Collect true length from the parameter header
  499                          * NB: sockp is known to be zero'd so if we do a
  500                          *     short copy unspecified parameters will be
  501                          *     zero.
  502                          * NB: packet may not be aligned after stripping
  503                          *     bpf params
  504                          * XXX check ibp_vers
  505                          */
  506                         p = mtod(m, const struct ieee80211_bpf_params *);
  507                         hlen = p->ibp_len;
  508                         if (hlen > sizeof(sockp->sa_data)) {
  509                                 error = EINVAL;
  510                                 goto bad;
  511                         }
  512                 }
  513                 bcopy(m->m_data, sockp->sa_data, hlen);
  514         }
  515         *hdrlen = hlen;
  516 
  517         return (0);
  518 bad:
  519         m_freem(m);
  520         return (error);
  521 }
  522 
  523 /*
  524  * Attach file to the bpf interface, i.e. make d listen on bp.
  525  */
  526 static void
  527 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
  528 {
  529         /*
  530          * Point d at bp, and add d to the interface's list of listeners.
  531          * Finally, point the driver's bpf cookie at the interface so
  532          * it will divert packets to bpf.
  533          */
  534         BPFIF_LOCK(bp);
  535         d->bd_bif = bp;
  536         LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
  537 
  538         bpf_bpfd_cnt++;
  539         BPFIF_UNLOCK(bp);
  540 
  541         EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
  542 }
  543 
  544 /*
  545  * Detach a file from its interface.
  546  */
  547 static void
  548 bpf_detachd(struct bpf_d *d)
  549 {
  550         int error;
  551         struct bpf_if *bp;
  552         struct ifnet *ifp;
  553 
  554         bp = d->bd_bif;
  555         BPFIF_LOCK(bp);
  556         BPFD_LOCK(d);
  557         ifp = d->bd_bif->bif_ifp;
  558 
  559         /*
  560          * Remove d from the interface's descriptor list.
  561          */
  562         LIST_REMOVE(d, bd_next);
  563 
  564         bpf_bpfd_cnt--;
  565         d->bd_bif = NULL;
  566         BPFD_UNLOCK(d);
  567         BPFIF_UNLOCK(bp);
  568 
  569         EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0);
  570 
  571         /*
  572          * Check if this descriptor had requested promiscuous mode.
  573          * If so, turn it off.
  574          */
  575         if (d->bd_promisc) {
  576                 d->bd_promisc = 0;
  577                 CURVNET_SET(ifp->if_vnet);
  578                 error = ifpromisc(ifp, 0);
  579                 CURVNET_RESTORE();
  580                 if (error != 0 && error != ENXIO) {
  581                         /*
  582                          * ENXIO can happen if a pccard is unplugged
  583                          * Something is really wrong if we were able to put
  584                          * the driver into promiscuous mode, but can't
  585                          * take it out.
  586                          */
  587                         if_printf(bp->bif_ifp,
  588                                 "bpf_detach: ifpromisc failed (%d)\n", error);
  589                 }
  590         }
  591 }
  592 
  593 /*
  594  * Close the descriptor by detaching it from its interface,
  595  * deallocating its buffers, and marking it free.
  596  */
  597 static void
  598 bpf_dtor(void *data)
  599 {
  600         struct bpf_d *d = data;
  601 
  602         BPFD_LOCK(d);
  603         if (d->bd_state == BPF_WAITING)
  604                 callout_stop(&d->bd_callout);
  605         d->bd_state = BPF_IDLE;
  606         BPFD_UNLOCK(d);
  607         funsetown(&d->bd_sigio);
  608         mtx_lock(&bpf_mtx);
  609         if (d->bd_bif)
  610                 bpf_detachd(d);
  611         mtx_unlock(&bpf_mtx);
  612         selwakeuppri(&d->bd_sel, PRINET);
  613 #ifdef MAC
  614         mac_bpfdesc_destroy(d);
  615 #endif /* MAC */
  616         knlist_destroy(&d->bd_sel.si_note);
  617         bpf_freed(d);
  618         free(d, M_BPF);
  619 }
  620 
  621 /*
  622  * Open ethernet device.  Returns ENXIO for illegal minor device number,
  623  * EBUSY if file is open by another process.
  624  */
  625 /* ARGSUSED */
  626 static  int
  627 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
  628 {
  629         struct bpf_d *d;
  630         int error;
  631 
  632         d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
  633         error = devfs_set_cdevpriv(d, bpf_dtor);
  634         if (error != 0) {
  635                 free(d, M_BPF);
  636                 return (error);
  637         }
  638 
  639         /*
  640          * For historical reasons, perform a one-time initialization call to
  641          * the buffer routines, even though we're not yet committed to a
  642          * particular buffer method.
  643          */
  644         bpf_buffer_init(d);
  645         d->bd_bufmode = BPF_BUFMODE_BUFFER;
  646         d->bd_sig = SIGIO;
  647         d->bd_direction = BPF_D_INOUT;
  648         d->bd_pid = td->td_proc->p_pid;
  649 #ifdef MAC
  650         mac_bpfdesc_init(d);
  651         mac_bpfdesc_create(td->td_ucred, d);
  652 #endif
  653         mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF);
  654         callout_init(&d->bd_callout, CALLOUT_MPSAFE);
  655         knlist_init_mtx(&d->bd_sel.si_note, &d->bd_mtx);
  656 
  657         return (0);
  658 }
  659 
  660 /*
  661  *  bpfread - read next chunk of packets from buffers
  662  */
  663 static  int
  664 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
  665 {
  666         struct bpf_d *d;
  667         int timed_out;
  668         int error;
  669 
  670         error = devfs_get_cdevpriv((void **)&d);
  671         if (error != 0)
  672                 return (error);
  673 
  674         /*
  675          * Restrict application to use a buffer the same size as
  676          * as kernel buffers.
  677          */
  678         if (uio->uio_resid != d->bd_bufsize)
  679                 return (EINVAL);
  680 
  681         BPFD_LOCK(d);
  682         d->bd_pid = curthread->td_proc->p_pid;
  683         if (d->bd_bufmode != BPF_BUFMODE_BUFFER) {
  684                 BPFD_UNLOCK(d);
  685                 return (EOPNOTSUPP);
  686         }
  687         if (d->bd_state == BPF_WAITING)
  688                 callout_stop(&d->bd_callout);
  689         timed_out = (d->bd_state == BPF_TIMED_OUT);
  690         d->bd_state = BPF_IDLE;
  691         /*
  692          * If the hold buffer is empty, then do a timed sleep, which
  693          * ends when the timeout expires or when enough packets
  694          * have arrived to fill the store buffer.
  695          */
  696         while (d->bd_hbuf == NULL) {
  697                 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
  698                         /*
  699                          * A packet(s) either arrived since the previous
  700                          * read or arrived while we were asleep.
  701                          * Rotate the buffers and return what's here.
  702                          */
  703                         ROTATE_BUFFERS(d);
  704                         break;
  705                 }
  706 
  707                 /*
  708                  * No data is available, check to see if the bpf device
  709                  * is still pointed at a real interface.  If not, return
  710                  * ENXIO so that the userland process knows to rebind
  711                  * it before using it again.
  712                  */
  713                 if (d->bd_bif == NULL) {
  714                         BPFD_UNLOCK(d);
  715                         return (ENXIO);
  716                 }
  717 
  718                 if (ioflag & O_NONBLOCK) {
  719                         BPFD_UNLOCK(d);
  720                         return (EWOULDBLOCK);
  721                 }
  722                 error = msleep(d, &d->bd_mtx, PRINET|PCATCH,
  723                      "bpf", d->bd_rtout);
  724                 if (error == EINTR || error == ERESTART) {
  725                         BPFD_UNLOCK(d);
  726                         return (error);
  727                 }
  728                 if (error == EWOULDBLOCK) {
  729                         /*
  730                          * On a timeout, return what's in the buffer,
  731                          * which may be nothing.  If there is something
  732                          * in the store buffer, we can rotate the buffers.
  733                          */
  734                         if (d->bd_hbuf)
  735                                 /*
  736                                  * We filled up the buffer in between
  737                                  * getting the timeout and arriving
  738                                  * here, so we don't need to rotate.
  739                                  */
  740                                 break;
  741 
  742                         if (d->bd_slen == 0) {
  743                                 BPFD_UNLOCK(d);
  744                                 return (0);
  745                         }
  746                         ROTATE_BUFFERS(d);
  747                         break;
  748                 }
  749         }
  750         /*
  751          * At this point, we know we have something in the hold slot.
  752          */
  753         BPFD_UNLOCK(d);
  754 
  755         /*
  756          * Move data from hold buffer into user space.
  757          * We know the entire buffer is transferred since
  758          * we checked above that the read buffer is bpf_bufsize bytes.
  759          *
  760          * XXXRW: More synchronization needed here: what if a second thread
  761          * issues a read on the same fd at the same time?  Don't want this
  762          * getting invalidated.
  763          */
  764         error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio);
  765 
  766         BPFD_LOCK(d);
  767         d->bd_fbuf = d->bd_hbuf;
  768         d->bd_hbuf = NULL;
  769         d->bd_hlen = 0;
  770         bpf_buf_reclaimed(d);
  771         BPFD_UNLOCK(d);
  772 
  773         return (error);
  774 }
  775 
  776 /*
  777  * If there are processes sleeping on this descriptor, wake them up.
  778  */
  779 static __inline void
  780 bpf_wakeup(struct bpf_d *d)
  781 {
  782 
  783         BPFD_LOCK_ASSERT(d);
  784         if (d->bd_state == BPF_WAITING) {
  785                 callout_stop(&d->bd_callout);
  786                 d->bd_state = BPF_IDLE;
  787         }
  788         wakeup(d);
  789         if (d->bd_async && d->bd_sig && d->bd_sigio)
  790                 pgsigio(&d->bd_sigio, d->bd_sig, 0);
  791 
  792         selwakeuppri(&d->bd_sel, PRINET);
  793         KNOTE_LOCKED(&d->bd_sel.si_note, 0);
  794 }
  795 
  796 static void
  797 bpf_timed_out(void *arg)
  798 {
  799         struct bpf_d *d = (struct bpf_d *)arg;
  800 
  801         BPFD_LOCK(d);
  802         if (d->bd_state == BPF_WAITING) {
  803                 d->bd_state = BPF_TIMED_OUT;
  804                 if (d->bd_slen != 0)
  805                         bpf_wakeup(d);
  806         }
  807         BPFD_UNLOCK(d);
  808 }
  809 
  810 static int
  811 bpf_ready(struct bpf_d *d)
  812 {
  813 
  814         BPFD_LOCK_ASSERT(d);
  815 
  816         if (!bpf_canfreebuf(d) && d->bd_hlen != 0)
  817                 return (1);
  818         if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
  819             d->bd_slen != 0)
  820                 return (1);
  821         return (0);
  822 }
  823 
  824 static int
  825 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
  826 {
  827         struct bpf_d *d;
  828         struct ifnet *ifp;
  829         struct mbuf *m, *mc;
  830         struct sockaddr dst;
  831         int error, hlen;
  832 
  833         error = devfs_get_cdevpriv((void **)&d);
  834         if (error != 0)
  835                 return (error);
  836 
  837         d->bd_pid = curthread->td_proc->p_pid;
  838         d->bd_wcount++;
  839         if (d->bd_bif == NULL) {
  840                 d->bd_wdcount++;
  841                 return (ENXIO);
  842         }
  843 
  844         ifp = d->bd_bif->bif_ifp;
  845 
  846         if ((ifp->if_flags & IFF_UP) == 0) {
  847                 d->bd_wdcount++;
  848                 return (ENETDOWN);
  849         }
  850 
  851         if (uio->uio_resid == 0) {
  852                 d->bd_wdcount++;
  853                 return (0);
  854         }
  855 
  856         bzero(&dst, sizeof(dst));
  857         m = NULL;
  858         hlen = 0;
  859         error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp,
  860             &m, &dst, &hlen, d->bd_wfilter);
  861         if (error) {
  862                 d->bd_wdcount++;
  863                 return (error);
  864         }
  865         d->bd_wfcount++;
  866         if (d->bd_hdrcmplt)
  867                 dst.sa_family = pseudo_AF_HDRCMPLT;
  868 
  869         if (d->bd_feedback) {
  870                 mc = m_dup(m, M_DONTWAIT);
  871                 if (mc != NULL)
  872                         mc->m_pkthdr.rcvif = ifp;
  873                 /* Set M_PROMISC for outgoing packets to be discarded. */
  874                 if (d->bd_direction == BPF_D_INOUT)
  875                         m->m_flags |= M_PROMISC;
  876         } else
  877                 mc = NULL;
  878 
  879         m->m_pkthdr.len -= hlen;
  880         m->m_len -= hlen;
  881         m->m_data += hlen;      /* XXX */
  882 
  883         CURVNET_SET(ifp->if_vnet);
  884 #ifdef MAC
  885         BPFD_LOCK(d);
  886         mac_bpfdesc_create_mbuf(d, m);
  887         if (mc != NULL)
  888                 mac_bpfdesc_create_mbuf(d, mc);
  889         BPFD_UNLOCK(d);
  890 #endif
  891 
  892         error = (*ifp->if_output)(ifp, m, &dst, NULL);
  893         if (error)
  894                 d->bd_wdcount++;
  895 
  896         if (mc != NULL) {
  897                 if (error == 0)
  898                         (*ifp->if_input)(ifp, mc);
  899                 else
  900                         m_freem(mc);
  901         }
  902         CURVNET_RESTORE();
  903 
  904         return (error);
  905 }
  906 
  907 /*
  908  * Reset a descriptor by flushing its packet buffer and clearing the receive
  909  * and drop counts.  This is doable for kernel-only buffers, but with
  910  * zero-copy buffers, we can't write to (or rotate) buffers that are
  911  * currently owned by userspace.  It would be nice if we could encapsulate
  912  * this logic in the buffer code rather than here.
  913  */
  914 static void
  915 reset_d(struct bpf_d *d)
  916 {
  917 
  918         mtx_assert(&d->bd_mtx, MA_OWNED);
  919 
  920         if ((d->bd_hbuf != NULL) &&
  921             (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) {
  922                 /* Free the hold buffer. */
  923                 d->bd_fbuf = d->bd_hbuf;
  924                 d->bd_hbuf = NULL;
  925                 d->bd_hlen = 0;
  926                 bpf_buf_reclaimed(d);
  927         }
  928         if (bpf_canwritebuf(d))
  929                 d->bd_slen = 0;
  930         d->bd_rcount = 0;
  931         d->bd_dcount = 0;
  932         d->bd_fcount = 0;
  933         d->bd_wcount = 0;
  934         d->bd_wfcount = 0;
  935         d->bd_wdcount = 0;
  936         d->bd_zcopy = 0;
  937 }
  938 
  939 /*
  940  *  FIONREAD            Check for read packet available.
  941  *  SIOCGIFADDR         Get interface address - convenient hook to driver.
  942  *  BIOCGBLEN           Get buffer len [for read()].
  943  *  BIOCSETF            Set read filter.
  944  *  BIOCSETFNR          Set read filter without resetting descriptor.
  945  *  BIOCSETWF           Set write filter.
  946  *  BIOCFLUSH           Flush read packet buffer.
  947  *  BIOCPROMISC         Put interface into promiscuous mode.
  948  *  BIOCGDLT            Get link layer type.
  949  *  BIOCGETIF           Get interface name.
  950  *  BIOCSETIF           Set interface.
  951  *  BIOCSRTIMEOUT       Set read timeout.
  952  *  BIOCGRTIMEOUT       Get read timeout.
  953  *  BIOCGSTATS          Get packet stats.
  954  *  BIOCIMMEDIATE       Set immediate mode.
  955  *  BIOCVERSION         Get filter language version.
  956  *  BIOCGHDRCMPLT       Get "header already complete" flag
  957  *  BIOCSHDRCMPLT       Set "header already complete" flag
  958  *  BIOCGDIRECTION      Get packet direction flag
  959  *  BIOCSDIRECTION      Set packet direction flag
  960  *  BIOCLOCK            Set "locked" flag
  961  *  BIOCFEEDBACK        Set packet feedback mode.
  962  *  BIOCSETZBUF         Set current zero-copy buffer locations.
  963  *  BIOCGETZMAX         Get maximum zero-copy buffer size.
  964  *  BIOCROTZBUF         Force rotation of zero-copy buffer
  965  *  BIOCSETBUFMODE      Set buffer mode.
  966  *  BIOCGETBUFMODE      Get current buffer mode.
  967  */
  968 /* ARGSUSED */
  969 static  int
  970 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
  971     struct thread *td)
  972 {
  973         struct bpf_d *d;
  974         int error;
  975 
  976         error = devfs_get_cdevpriv((void **)&d);
  977         if (error != 0)
  978                 return (error);
  979 
  980         /*
  981          * Refresh PID associated with this descriptor.
  982          */
  983         BPFD_LOCK(d);
  984         d->bd_pid = td->td_proc->p_pid;
  985         if (d->bd_state == BPF_WAITING)
  986                 callout_stop(&d->bd_callout);
  987         d->bd_state = BPF_IDLE;
  988         BPFD_UNLOCK(d);
  989 
  990         if (d->bd_locked == 1) {
  991                 switch (cmd) {
  992                 case BIOCGBLEN:
  993                 case BIOCFLUSH:
  994                 case BIOCGDLT:
  995                 case BIOCGDLTLIST:
  996                 case BIOCGETIF:
  997                 case BIOCGRTIMEOUT:
  998                 case BIOCGSTATS:
  999                 case BIOCVERSION:
 1000                 case BIOCGRSIG:
 1001                 case BIOCGHDRCMPLT:
 1002                 case BIOCFEEDBACK:
 1003                 case FIONREAD:
 1004                 case BIOCLOCK:
 1005                 case BIOCSRTIMEOUT:
 1006                 case BIOCIMMEDIATE:
 1007                 case TIOCGPGRP:
 1008                 case BIOCROTZBUF:
 1009                         break;
 1010                 default:
 1011                         return (EPERM);
 1012                 }
 1013         }
 1014         CURVNET_SET(TD_TO_VNET(td));
 1015         switch (cmd) {
 1016 
 1017         default:
 1018                 error = EINVAL;
 1019                 break;
 1020 
 1021         /*
 1022          * Check for read packet available.
 1023          */
 1024         case FIONREAD:
 1025                 {
 1026                         int n;
 1027 
 1028                         BPFD_LOCK(d);
 1029                         n = d->bd_slen;
 1030                         if (d->bd_hbuf)
 1031                                 n += d->bd_hlen;
 1032                         BPFD_UNLOCK(d);
 1033 
 1034                         *(int *)addr = n;
 1035                         break;
 1036                 }
 1037 
 1038         case SIOCGIFADDR:
 1039                 {
 1040                         struct ifnet *ifp;
 1041 
 1042                         if (d->bd_bif == NULL)
 1043                                 error = EINVAL;
 1044                         else {
 1045                                 ifp = d->bd_bif->bif_ifp;
 1046                                 error = (*ifp->if_ioctl)(ifp, cmd, addr);
 1047                         }
 1048                         break;
 1049                 }
 1050 
 1051         /*
 1052          * Get buffer len [for read()].
 1053          */
 1054         case BIOCGBLEN:
 1055                 *(u_int *)addr = d->bd_bufsize;
 1056                 break;
 1057 
 1058         /*
 1059          * Set buffer length.
 1060          */
 1061         case BIOCSBLEN:
 1062                 error = bpf_ioctl_sblen(d, (u_int *)addr);
 1063                 break;
 1064 
 1065         /*
 1066          * Set link layer read filter.
 1067          */
 1068         case BIOCSETF:
 1069         case BIOCSETFNR:
 1070         case BIOCSETWF:
 1071                 error = bpf_setf(d, (struct bpf_program *)addr, cmd);
 1072                 break;
 1073 
 1074         /*
 1075          * Flush read packet buffer.
 1076          */
 1077         case BIOCFLUSH:
 1078                 BPFD_LOCK(d);
 1079                 reset_d(d);
 1080                 BPFD_UNLOCK(d);
 1081                 break;
 1082 
 1083         /*
 1084          * Put interface into promiscuous mode.
 1085          */
 1086         case BIOCPROMISC:
 1087                 if (d->bd_bif == NULL) {
 1088                         /*
 1089                          * No interface attached yet.
 1090                          */
 1091                         error = EINVAL;
 1092                         break;
 1093                 }
 1094                 if (d->bd_promisc == 0) {
 1095                         error = ifpromisc(d->bd_bif->bif_ifp, 1);
 1096                         if (error == 0)
 1097                                 d->bd_promisc = 1;
 1098                 }
 1099                 break;
 1100 
 1101         /*
 1102          * Get current data link type.
 1103          */
 1104         case BIOCGDLT:
 1105                 if (d->bd_bif == NULL)
 1106                         error = EINVAL;
 1107                 else
 1108                         *(u_int *)addr = d->bd_bif->bif_dlt;
 1109                 break;
 1110 
 1111         /*
 1112          * Get a list of supported data link types.
 1113          */
 1114         case BIOCGDLTLIST:
 1115                 if (d->bd_bif == NULL)
 1116                         error = EINVAL;
 1117                 else
 1118                         error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
 1119                 break;
 1120 
 1121         /*
 1122          * Set data link type.
 1123          */
 1124         case BIOCSDLT:
 1125                 if (d->bd_bif == NULL)
 1126                         error = EINVAL;
 1127                 else
 1128                         error = bpf_setdlt(d, *(u_int *)addr);
 1129                 break;
 1130 
 1131         /*
 1132          * Get interface name.
 1133          */
 1134         case BIOCGETIF:
 1135                 if (d->bd_bif == NULL)
 1136                         error = EINVAL;
 1137                 else {
 1138                         struct ifnet *const ifp = d->bd_bif->bif_ifp;
 1139                         struct ifreq *const ifr = (struct ifreq *)addr;
 1140 
 1141                         strlcpy(ifr->ifr_name, ifp->if_xname,
 1142                             sizeof(ifr->ifr_name));
 1143                 }
 1144                 break;
 1145 
 1146         /*
 1147          * Set interface.
 1148          */
 1149         case BIOCSETIF:
 1150                 error = bpf_setif(d, (struct ifreq *)addr);
 1151                 break;
 1152 
 1153         /*
 1154          * Set read timeout.
 1155          */
 1156         case BIOCSRTIMEOUT:
 1157                 {
 1158                         struct timeval *tv = (struct timeval *)addr;
 1159 
 1160                         /*
 1161                          * Subtract 1 tick from tvtohz() since this isn't
 1162                          * a one-shot timer.
 1163                          */
 1164                         if ((error = itimerfix(tv)) == 0)
 1165                                 d->bd_rtout = tvtohz(tv) - 1;
 1166                         break;
 1167                 }
 1168 
 1169         /*
 1170          * Get read timeout.
 1171          */
 1172         case BIOCGRTIMEOUT:
 1173                 {
 1174                         struct timeval *tv = (struct timeval *)addr;
 1175 
 1176                         tv->tv_sec = d->bd_rtout / hz;
 1177                         tv->tv_usec = (d->bd_rtout % hz) * tick;
 1178                         break;
 1179                 }
 1180 
 1181         /*
 1182          * Get packet stats.
 1183          */
 1184         case BIOCGSTATS:
 1185                 {
 1186                         struct bpf_stat *bs = (struct bpf_stat *)addr;
 1187 
 1188                         /* XXXCSJP overflow */
 1189                         bs->bs_recv = d->bd_rcount;
 1190                         bs->bs_drop = d->bd_dcount;
 1191                         break;
 1192                 }
 1193 
 1194         /*
 1195          * Set immediate mode.
 1196          */
 1197         case BIOCIMMEDIATE:
 1198                 d->bd_immediate = *(u_int *)addr;
 1199                 break;
 1200 
 1201         case BIOCVERSION:
 1202                 {
 1203                         struct bpf_version *bv = (struct bpf_version *)addr;
 1204 
 1205                         bv->bv_major = BPF_MAJOR_VERSION;
 1206                         bv->bv_minor = BPF_MINOR_VERSION;
 1207                         break;
 1208                 }
 1209 
 1210         /*
 1211          * Get "header already complete" flag
 1212          */
 1213         case BIOCGHDRCMPLT:
 1214                 *(u_int *)addr = d->bd_hdrcmplt;
 1215                 break;
 1216 
 1217         /*
 1218          * Set "header already complete" flag
 1219          */
 1220         case BIOCSHDRCMPLT:
 1221                 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
 1222                 break;
 1223 
 1224         /*
 1225          * Get packet direction flag
 1226          */
 1227         case BIOCGDIRECTION:
 1228                 *(u_int *)addr = d->bd_direction;
 1229                 break;
 1230 
 1231         /*
 1232          * Set packet direction flag
 1233          */
 1234         case BIOCSDIRECTION:
 1235                 {
 1236                         u_int   direction;
 1237 
 1238                         direction = *(u_int *)addr;
 1239                         switch (direction) {
 1240                         case BPF_D_IN:
 1241                         case BPF_D_INOUT:
 1242                         case BPF_D_OUT:
 1243                                 d->bd_direction = direction;
 1244                                 break;
 1245                         default:
 1246                                 error = EINVAL;
 1247                         }
 1248                 }
 1249                 break;
 1250 
 1251         case BIOCFEEDBACK:
 1252                 d->bd_feedback = *(u_int *)addr;
 1253                 break;
 1254 
 1255         case BIOCLOCK:
 1256                 d->bd_locked = 1;
 1257                 break;
 1258 
 1259         case FIONBIO:           /* Non-blocking I/O */
 1260                 break;
 1261 
 1262         case FIOASYNC:          /* Send signal on receive packets */
 1263                 d->bd_async = *(int *)addr;
 1264                 break;
 1265 
 1266         case FIOSETOWN:
 1267                 error = fsetown(*(int *)addr, &d->bd_sigio);
 1268                 break;
 1269 
 1270         case FIOGETOWN:
 1271                 *(int *)addr = fgetown(&d->bd_sigio);
 1272                 break;
 1273 
 1274         /* This is deprecated, FIOSETOWN should be used instead. */
 1275         case TIOCSPGRP:
 1276                 error = fsetown(-(*(int *)addr), &d->bd_sigio);
 1277                 break;
 1278 
 1279         /* This is deprecated, FIOGETOWN should be used instead. */
 1280         case TIOCGPGRP:
 1281                 *(int *)addr = -fgetown(&d->bd_sigio);
 1282                 break;
 1283 
 1284         case BIOCSRSIG:         /* Set receive signal */
 1285                 {
 1286                         u_int sig;
 1287 
 1288                         sig = *(u_int *)addr;
 1289 
 1290                         if (sig >= NSIG)
 1291                                 error = EINVAL;
 1292                         else
 1293                                 d->bd_sig = sig;
 1294                         break;
 1295                 }
 1296         case BIOCGRSIG:
 1297                 *(u_int *)addr = d->bd_sig;
 1298                 break;
 1299 
 1300         case BIOCGETBUFMODE:
 1301                 *(u_int *)addr = d->bd_bufmode;
 1302                 break;
 1303 
 1304         case BIOCSETBUFMODE:
 1305                 /*
 1306                  * Allow the buffering mode to be changed as long as we
 1307                  * haven't yet committed to a particular mode.  Our
 1308                  * definition of commitment, for now, is whether or not a
 1309                  * buffer has been allocated or an interface attached, since
 1310                  * that's the point where things get tricky.
 1311                  */
 1312                 switch (*(u_int *)addr) {
 1313                 case BPF_BUFMODE_BUFFER:
 1314                         break;
 1315 
 1316                 case BPF_BUFMODE_ZBUF:
 1317                         if (bpf_zerocopy_enable)
 1318                                 break;
 1319                         /* FALLSTHROUGH */
 1320 
 1321                 default:
 1322                         return (EINVAL);
 1323                 }
 1324 
 1325                 BPFD_LOCK(d);
 1326                 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL ||
 1327                     d->bd_fbuf != NULL || d->bd_bif != NULL) {
 1328                         BPFD_UNLOCK(d);
 1329                         return (EBUSY);
 1330                 }
 1331                 d->bd_bufmode = *(u_int *)addr;
 1332                 BPFD_UNLOCK(d);
 1333                 break;
 1334 
 1335         case BIOCGETZMAX:
 1336                 return (bpf_ioctl_getzmax(td, d, (size_t *)addr));
 1337 
 1338         case BIOCSETZBUF:
 1339                 return (bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr));
 1340 
 1341         case BIOCROTZBUF:
 1342                 return (bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr));
 1343         }
 1344         CURVNET_RESTORE();
 1345         return (error);
 1346 }
 1347 
 1348 /*
 1349  * Set d's packet filter program to fp.  If this file already has a filter,
 1350  * free it and replace it.  Returns EINVAL for bogus requests.
 1351  */
 1352 static int
 1353 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
 1354 {
 1355         struct bpf_insn *fcode, *old;
 1356         u_int wfilter, flen, size;
 1357 #ifdef BPF_JITTER
 1358         bpf_jit_filter *ofunc;
 1359 #endif
 1360 
 1361         if (cmd == BIOCSETWF) {
 1362                 old = d->bd_wfilter;
 1363                 wfilter = 1;
 1364 #ifdef BPF_JITTER
 1365                 ofunc = NULL;
 1366 #endif
 1367         } else {
 1368                 wfilter = 0;
 1369                 old = d->bd_rfilter;
 1370 #ifdef BPF_JITTER
 1371                 ofunc = d->bd_bfilter;
 1372 #endif
 1373         }
 1374         if (fp->bf_insns == NULL) {
 1375                 if (fp->bf_len != 0)
 1376                         return (EINVAL);
 1377                 BPFD_LOCK(d);
 1378                 if (wfilter)
 1379                         d->bd_wfilter = NULL;
 1380                 else {
 1381                         d->bd_rfilter = NULL;
 1382 #ifdef BPF_JITTER
 1383                         d->bd_bfilter = NULL;
 1384 #endif
 1385                         if (cmd == BIOCSETF)
 1386                                 reset_d(d);
 1387                 }
 1388                 BPFD_UNLOCK(d);
 1389                 if (old != NULL)
 1390                         free((caddr_t)old, M_BPF);
 1391 #ifdef BPF_JITTER
 1392                 if (ofunc != NULL)
 1393                         bpf_destroy_jit_filter(ofunc);
 1394 #endif
 1395                 return (0);
 1396         }
 1397         flen = fp->bf_len;
 1398         if (flen > bpf_maxinsns)
 1399                 return (EINVAL);
 1400 
 1401         size = flen * sizeof(*fp->bf_insns);
 1402         fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
 1403         if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
 1404             bpf_validate(fcode, (int)flen)) {
 1405                 BPFD_LOCK(d);
 1406                 if (wfilter)
 1407                         d->bd_wfilter = fcode;
 1408                 else {
 1409                         d->bd_rfilter = fcode;
 1410 #ifdef BPF_JITTER
 1411                         d->bd_bfilter = bpf_jitter(fcode, flen);
 1412 #endif
 1413                         if (cmd == BIOCSETF)
 1414                                 reset_d(d);
 1415                 }
 1416                 BPFD_UNLOCK(d);
 1417                 if (old != NULL)
 1418                         free((caddr_t)old, M_BPF);
 1419 #ifdef BPF_JITTER
 1420                 if (ofunc != NULL)
 1421                         bpf_destroy_jit_filter(ofunc);
 1422 #endif
 1423 
 1424                 return (0);
 1425         }
 1426         free((caddr_t)fcode, M_BPF);
 1427         return (EINVAL);
 1428 }
 1429 
 1430 /*
 1431  * Detach a file from its current interface (if attached at all) and attach
 1432  * to the interface indicated by the name stored in ifr.
 1433  * Return an errno or 0.
 1434  */
 1435 static int
 1436 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
 1437 {
 1438         struct bpf_if *bp;
 1439         struct ifnet *theywant;
 1440 
 1441         theywant = ifunit(ifr->ifr_name);
 1442         if (theywant == NULL || theywant->if_bpf == NULL)
 1443                 return (ENXIO);
 1444 
 1445         bp = theywant->if_bpf;
 1446 
 1447         /*
 1448          * Behavior here depends on the buffering model.  If we're using
 1449          * kernel memory buffers, then we can allocate them here.  If we're
 1450          * using zero-copy, then the user process must have registered
 1451          * buffers by the time we get here.  If not, return an error.
 1452          *
 1453          * XXXRW: There are locking issues here with multi-threaded use: what
 1454          * if two threads try to set the interface at once?
 1455          */
 1456         switch (d->bd_bufmode) {
 1457         case BPF_BUFMODE_BUFFER:
 1458                 if (d->bd_sbuf == NULL)
 1459                         bpf_buffer_alloc(d);
 1460                 KASSERT(d->bd_sbuf != NULL, ("bpf_setif: bd_sbuf NULL"));
 1461                 break;
 1462 
 1463         case BPF_BUFMODE_ZBUF:
 1464                 if (d->bd_sbuf == NULL)
 1465                         return (EINVAL);
 1466                 break;
 1467 
 1468         default:
 1469                 panic("bpf_setif: bufmode %d", d->bd_bufmode);
 1470         }
 1471         if (bp != d->bd_bif) {
 1472                 if (d->bd_bif)
 1473                         /*
 1474                          * Detach if attached to something else.
 1475                          */
 1476                         bpf_detachd(d);
 1477 
 1478                 bpf_attachd(d, bp);
 1479         }
 1480         BPFD_LOCK(d);
 1481         reset_d(d);
 1482         BPFD_UNLOCK(d);
 1483         return (0);
 1484 }
 1485 
 1486 /*
 1487  * Support for select() and poll() system calls
 1488  *
 1489  * Return true iff the specific operation will not block indefinitely.
 1490  * Otherwise, return false but make a note that a selwakeup() must be done.
 1491  */
 1492 static int
 1493 bpfpoll(struct cdev *dev, int events, struct thread *td)
 1494 {
 1495         struct bpf_d *d;
 1496         int revents;
 1497 
 1498         if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL)
 1499                 return (events &
 1500                     (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
 1501 
 1502         /*
 1503          * Refresh PID associated with this descriptor.
 1504          */
 1505         revents = events & (POLLOUT | POLLWRNORM);
 1506         BPFD_LOCK(d);
 1507         d->bd_pid = td->td_proc->p_pid;
 1508         if (events & (POLLIN | POLLRDNORM)) {
 1509                 if (bpf_ready(d))
 1510                         revents |= events & (POLLIN | POLLRDNORM);
 1511                 else {
 1512                         selrecord(td, &d->bd_sel);
 1513                         /* Start the read timeout if necessary. */
 1514                         if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
 1515                                 callout_reset(&d->bd_callout, d->bd_rtout,
 1516                                     bpf_timed_out, d);
 1517                                 d->bd_state = BPF_WAITING;
 1518                         }
 1519                 }
 1520         }
 1521         BPFD_UNLOCK(d);
 1522         return (revents);
 1523 }
 1524 
 1525 /*
 1526  * Support for kevent() system call.  Register EVFILT_READ filters and
 1527  * reject all others.
 1528  */
 1529 int
 1530 bpfkqfilter(struct cdev *dev, struct knote *kn)
 1531 {
 1532         struct bpf_d *d;
 1533 
 1534         if (devfs_get_cdevpriv((void **)&d) != 0 ||
 1535             kn->kn_filter != EVFILT_READ)
 1536                 return (1);
 1537 
 1538         /*
 1539          * Refresh PID associated with this descriptor.
 1540          */
 1541         BPFD_LOCK(d);
 1542         d->bd_pid = curthread->td_proc->p_pid;
 1543         kn->kn_fop = &bpfread_filtops;
 1544         kn->kn_hook = d;
 1545         knlist_add(&d->bd_sel.si_note, kn, 1);
 1546         BPFD_UNLOCK(d);
 1547 
 1548         return (0);
 1549 }
 1550 
 1551 static void
 1552 filt_bpfdetach(struct knote *kn)
 1553 {
 1554         struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
 1555 
 1556         knlist_remove(&d->bd_sel.si_note, kn, 0);
 1557 }
 1558 
 1559 static int
 1560 filt_bpfread(struct knote *kn, long hint)
 1561 {
 1562         struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
 1563         int ready;
 1564 
 1565         BPFD_LOCK_ASSERT(d);
 1566         ready = bpf_ready(d);
 1567         if (ready) {
 1568                 kn->kn_data = d->bd_slen;
 1569                 if (d->bd_hbuf)
 1570                         kn->kn_data += d->bd_hlen;
 1571         }
 1572         else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
 1573                 callout_reset(&d->bd_callout, d->bd_rtout,
 1574                     bpf_timed_out, d);
 1575                 d->bd_state = BPF_WAITING;
 1576         }
 1577 
 1578         return (ready);
 1579 }
 1580 
 1581 /*
 1582  * Incoming linkage from device drivers.  Process the packet pkt, of length
 1583  * pktlen, which is stored in a contiguous buffer.  The packet is parsed
 1584  * by each process' filter, and if accepted, stashed into the corresponding
 1585  * buffer.
 1586  */
 1587 void
 1588 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
 1589 {
 1590         struct bpf_d *d;
 1591 #ifdef BPF_JITTER
 1592         bpf_jit_filter *bf;
 1593 #endif
 1594         u_int slen;
 1595         int gottime;
 1596         struct timeval tv;
 1597 
 1598         gottime = 0;
 1599         BPFIF_LOCK(bp);
 1600         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1601                 BPFD_LOCK(d);
 1602                 ++d->bd_rcount;
 1603                 /*
 1604                  * NB: We dont call BPF_CHECK_DIRECTION() here since there is no
 1605                  * way for the caller to indiciate to us whether this packet
 1606                  * is inbound or outbound.  In the bpf_mtap() routines, we use
 1607                  * the interface pointers on the mbuf to figure it out.
 1608                  */
 1609 #ifdef BPF_JITTER
 1610                 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
 1611                 if (bf != NULL)
 1612                         slen = (*(bf->func))(pkt, pktlen, pktlen);
 1613                 else
 1614 #endif
 1615                 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
 1616                 if (slen != 0) {
 1617                         d->bd_fcount++;
 1618                         if (!gottime) {
 1619                                 microtime(&tv);
 1620                                 gottime = 1;
 1621                         }
 1622 #ifdef MAC
 1623                         if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
 1624 #endif
 1625                                 catchpacket(d, pkt, pktlen, slen,
 1626                                     bpf_append_bytes, &tv);
 1627                 }
 1628                 BPFD_UNLOCK(d);
 1629         }
 1630         BPFIF_UNLOCK(bp);
 1631 }
 1632 
 1633 #define BPF_CHECK_DIRECTION(d, r, i)                            \
 1634             (((d)->bd_direction == BPF_D_IN && (r) != (i)) ||   \
 1635             ((d)->bd_direction == BPF_D_OUT && (r) == (i)))
 1636 
 1637 /*
 1638  * Incoming linkage from device drivers, when packet is in an mbuf chain.
 1639  */
 1640 void
 1641 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
 1642 {
 1643         struct bpf_d *d;
 1644 #ifdef BPF_JITTER
 1645         bpf_jit_filter *bf;
 1646 #endif
 1647         u_int pktlen, slen;
 1648         int gottime;
 1649         struct timeval tv;
 1650 
 1651         /* Skip outgoing duplicate packets. */
 1652         if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
 1653                 m->m_flags &= ~M_PROMISC;
 1654                 return;
 1655         }
 1656 
 1657         gottime = 0;
 1658 
 1659         pktlen = m_length(m, NULL);
 1660 
 1661         BPFIF_LOCK(bp);
 1662         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1663                 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 1664                         continue;
 1665                 BPFD_LOCK(d);
 1666                 ++d->bd_rcount;
 1667 #ifdef BPF_JITTER
 1668                 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
 1669                 /* XXX We cannot handle multiple mbufs. */
 1670                 if (bf != NULL && m->m_next == NULL)
 1671                         slen = (*(bf->func))(mtod(m, u_char *), pktlen, pktlen);
 1672                 else
 1673 #endif
 1674                 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
 1675                 if (slen != 0) {
 1676                         d->bd_fcount++;
 1677                         if (!gottime) {
 1678                                 microtime(&tv);
 1679                                 gottime = 1;
 1680                         }
 1681 #ifdef MAC
 1682                         if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
 1683 #endif
 1684                                 catchpacket(d, (u_char *)m, pktlen, slen,
 1685                                     bpf_append_mbuf, &tv);
 1686                 }
 1687                 BPFD_UNLOCK(d);
 1688         }
 1689         BPFIF_UNLOCK(bp);
 1690 }
 1691 
 1692 /*
 1693  * Incoming linkage from device drivers, when packet is in
 1694  * an mbuf chain and to be prepended by a contiguous header.
 1695  */
 1696 void
 1697 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
 1698 {
 1699         struct mbuf mb;
 1700         struct bpf_d *d;
 1701         u_int pktlen, slen;
 1702         int gottime;
 1703         struct timeval tv;
 1704 
 1705         /* Skip outgoing duplicate packets. */
 1706         if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
 1707                 m->m_flags &= ~M_PROMISC;
 1708                 return;
 1709         }
 1710 
 1711         gottime = 0;
 1712 
 1713         pktlen = m_length(m, NULL);
 1714         /*
 1715          * Craft on-stack mbuf suitable for passing to bpf_filter.
 1716          * Note that we cut corners here; we only setup what's
 1717          * absolutely needed--this mbuf should never go anywhere else.
 1718          */
 1719         mb.m_next = m;
 1720         mb.m_data = data;
 1721         mb.m_len = dlen;
 1722         pktlen += dlen;
 1723 
 1724         BPFIF_LOCK(bp);
 1725         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1726                 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
 1727                         continue;
 1728                 BPFD_LOCK(d);
 1729                 ++d->bd_rcount;
 1730                 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
 1731                 if (slen != 0) {
 1732                         d->bd_fcount++;
 1733                         if (!gottime) {
 1734                                 microtime(&tv);
 1735                                 gottime = 1;
 1736                         }
 1737 #ifdef MAC
 1738                         if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
 1739 #endif
 1740                                 catchpacket(d, (u_char *)&mb, pktlen, slen,
 1741                                     bpf_append_mbuf, &tv);
 1742                 }
 1743                 BPFD_UNLOCK(d);
 1744         }
 1745         BPFIF_UNLOCK(bp);
 1746 }
 1747 
 1748 #undef  BPF_CHECK_DIRECTION
 1749 
 1750 /*
 1751  * Move the packet data from interface memory (pkt) into the
 1752  * store buffer.  "cpfn" is the routine called to do the actual data
 1753  * transfer.  bcopy is passed in to copy contiguous chunks, while
 1754  * bpf_append_mbuf is passed in to copy mbuf chains.  In the latter case,
 1755  * pkt is really an mbuf.
 1756  */
 1757 static void
 1758 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
 1759     void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int),
 1760     struct timeval *tv)
 1761 {
 1762         struct bpf_hdr hdr;
 1763         int totlen, curlen;
 1764         int hdrlen = d->bd_bif->bif_hdrlen;
 1765         int do_wakeup = 0;
 1766 
 1767         BPFD_LOCK_ASSERT(d);
 1768 
 1769         /*
 1770          * Detect whether user space has released a buffer back to us, and if
 1771          * so, move it from being a hold buffer to a free buffer.  This may
 1772          * not be the best place to do it (for example, we might only want to
 1773          * run this check if we need the space), but for now it's a reliable
 1774          * spot to do it.
 1775          */
 1776         if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) {
 1777                 d->bd_fbuf = d->bd_hbuf;
 1778                 d->bd_hbuf = NULL;
 1779                 d->bd_hlen = 0;
 1780                 bpf_buf_reclaimed(d);
 1781         }
 1782 
 1783         /*
 1784          * Figure out how many bytes to move.  If the packet is
 1785          * greater or equal to the snapshot length, transfer that
 1786          * much.  Otherwise, transfer the whole packet (unless
 1787          * we hit the buffer size limit).
 1788          */
 1789         totlen = hdrlen + min(snaplen, pktlen);
 1790         if (totlen > d->bd_bufsize)
 1791                 totlen = d->bd_bufsize;
 1792 
 1793         /*
 1794          * Round up the end of the previous packet to the next longword.
 1795          *
 1796          * Drop the packet if there's no room and no hope of room
 1797          * If the packet would overflow the storage buffer or the storage
 1798          * buffer is considered immutable by the buffer model, try to rotate
 1799          * the buffer and wakeup pending processes.
 1800          */
 1801         curlen = BPF_WORDALIGN(d->bd_slen);
 1802         if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) {
 1803                 if (d->bd_fbuf == NULL) {
 1804                         /*
 1805                          * There's no room in the store buffer, and no
 1806                          * prospect of room, so drop the packet.  Notify the
 1807                          * buffer model.
 1808                          */
 1809                         bpf_buffull(d);
 1810                         ++d->bd_dcount;
 1811                         return;
 1812                 }
 1813                 ROTATE_BUFFERS(d);
 1814                 do_wakeup = 1;
 1815                 curlen = 0;
 1816         } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
 1817                 /*
 1818                  * Immediate mode is set, or the read timeout has already
 1819                  * expired during a select call.  A packet arrived, so the
 1820                  * reader should be woken up.
 1821                  */
 1822                 do_wakeup = 1;
 1823 
 1824         /*
 1825          * Append the bpf header.  Note we append the actual header size, but
 1826          * move forward the length of the header plus padding.
 1827          */
 1828         bzero(&hdr, sizeof(hdr));
 1829         hdr.bh_tstamp = *tv;
 1830         hdr.bh_datalen = pktlen;
 1831         hdr.bh_hdrlen = hdrlen;
 1832         hdr.bh_caplen = totlen - hdrlen;
 1833         bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr));
 1834 
 1835         /*
 1836          * Copy the packet data into the store buffer and update its length.
 1837          */
 1838         (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, hdr.bh_caplen);
 1839         d->bd_slen = curlen + totlen;
 1840 
 1841         if (do_wakeup)
 1842                 bpf_wakeup(d);
 1843 }
 1844 
 1845 /*
 1846  * Free buffers currently in use by a descriptor.
 1847  * Called on close.
 1848  */
 1849 static void
 1850 bpf_freed(struct bpf_d *d)
 1851 {
 1852 
 1853         /*
 1854          * We don't need to lock out interrupts since this descriptor has
 1855          * been detached from its interface and it yet hasn't been marked
 1856          * free.
 1857          */
 1858         bpf_free(d);
 1859         if (d->bd_rfilter) {
 1860                 free((caddr_t)d->bd_rfilter, M_BPF);
 1861 #ifdef BPF_JITTER
 1862                 bpf_destroy_jit_filter(d->bd_bfilter);
 1863 #endif
 1864         }
 1865         if (d->bd_wfilter)
 1866                 free((caddr_t)d->bd_wfilter, M_BPF);
 1867         mtx_destroy(&d->bd_mtx);
 1868 }
 1869 
 1870 /*
 1871  * Attach an interface to bpf.  dlt is the link layer type; hdrlen is the
 1872  * fixed size of the link header (variable length headers not yet supported).
 1873  */
 1874 void
 1875 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
 1876 {
 1877 
 1878         bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
 1879 }
 1880 
 1881 /*
 1882  * Attach an interface to bpf.  ifp is a pointer to the structure
 1883  * defining the interface to be attached, dlt is the link layer type,
 1884  * and hdrlen is the fixed size of the link header (variable length
 1885  * headers are not yet supporrted).
 1886  */
 1887 void
 1888 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
 1889 {
 1890         struct bpf_if *bp;
 1891 
 1892         bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
 1893         if (bp == NULL)
 1894                 panic("bpfattach");
 1895 
 1896         LIST_INIT(&bp->bif_dlist);
 1897         bp->bif_ifp = ifp;
 1898         bp->bif_dlt = dlt;
 1899         mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF);
 1900         KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
 1901         *driverp = bp;
 1902 
 1903         mtx_lock(&bpf_mtx);
 1904         LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
 1905         mtx_unlock(&bpf_mtx);
 1906 
 1907         /*
 1908          * Compute the length of the bpf header.  This is not necessarily
 1909          * equal to SIZEOF_BPF_HDR because we want to insert spacing such
 1910          * that the network layer header begins on a longword boundary (for
 1911          * performance reasons and to alleviate alignment restrictions).
 1912          */
 1913         bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
 1914 
 1915         if (bootverbose)
 1916                 if_printf(ifp, "bpf attached\n");
 1917 }
 1918 
 1919 /*
 1920  * Detach bpf from an interface.  This involves detaching each descriptor
 1921  * associated with the interface, and leaving bd_bif NULL.  Notify each
 1922  * descriptor as it's detached so that any sleepers wake up and get
 1923  * ENXIO.
 1924  */
 1925 void
 1926 bpfdetach(struct ifnet *ifp)
 1927 {
 1928         struct bpf_if   *bp;
 1929         struct bpf_d    *d;
 1930 
 1931         /* Locate BPF interface information */
 1932         mtx_lock(&bpf_mtx);
 1933         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1934                 if (ifp == bp->bif_ifp)
 1935                         break;
 1936         }
 1937 
 1938         /* Interface wasn't attached */
 1939         if ((bp == NULL) || (bp->bif_ifp == NULL)) {
 1940                 mtx_unlock(&bpf_mtx);
 1941                 printf("bpfdetach: %s was not attached\n", ifp->if_xname);
 1942                 return;
 1943         }
 1944 
 1945         LIST_REMOVE(bp, bif_next);
 1946         mtx_unlock(&bpf_mtx);
 1947 
 1948         while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
 1949                 bpf_detachd(d);
 1950                 BPFD_LOCK(d);
 1951                 bpf_wakeup(d);
 1952                 BPFD_UNLOCK(d);
 1953         }
 1954 
 1955         mtx_destroy(&bp->bif_mtx);
 1956         free(bp, M_BPF);
 1957 }
 1958 
 1959 /*
 1960  * Get a list of available data link type of the interface.
 1961  */
 1962 static int
 1963 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
 1964 {
 1965         int n, error;
 1966         struct ifnet *ifp;
 1967         struct bpf_if *bp;
 1968 
 1969         ifp = d->bd_bif->bif_ifp;
 1970         n = 0;
 1971         error = 0;
 1972         mtx_lock(&bpf_mtx);
 1973         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1974                 if (bp->bif_ifp != ifp)
 1975                         continue;
 1976                 if (bfl->bfl_list != NULL) {
 1977                         if (n >= bfl->bfl_len) {
 1978                                 mtx_unlock(&bpf_mtx);
 1979                                 return (ENOMEM);
 1980                         }
 1981                         error = copyout(&bp->bif_dlt,
 1982                             bfl->bfl_list + n, sizeof(u_int));
 1983                 }
 1984                 n++;
 1985         }
 1986         mtx_unlock(&bpf_mtx);
 1987         bfl->bfl_len = n;
 1988         return (error);
 1989 }
 1990 
 1991 /*
 1992  * Set the data link type of a BPF instance.
 1993  */
 1994 static int
 1995 bpf_setdlt(struct bpf_d *d, u_int dlt)
 1996 {
 1997         int error, opromisc;
 1998         struct ifnet *ifp;
 1999         struct bpf_if *bp;
 2000 
 2001         if (d->bd_bif->bif_dlt == dlt)
 2002                 return (0);
 2003         ifp = d->bd_bif->bif_ifp;
 2004         mtx_lock(&bpf_mtx);
 2005         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 2006                 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
 2007                         break;
 2008         }
 2009         mtx_unlock(&bpf_mtx);
 2010         if (bp != NULL) {
 2011                 opromisc = d->bd_promisc;
 2012                 bpf_detachd(d);
 2013                 bpf_attachd(d, bp);
 2014                 BPFD_LOCK(d);
 2015                 reset_d(d);
 2016                 BPFD_UNLOCK(d);
 2017                 if (opromisc) {
 2018                         error = ifpromisc(bp->bif_ifp, 1);
 2019                         if (error)
 2020                                 if_printf(bp->bif_ifp,
 2021                                         "bpf_setdlt: ifpromisc failed (%d)\n",
 2022                                         error);
 2023                         else
 2024                                 d->bd_promisc = 1;
 2025                 }
 2026         }
 2027         return (bp == NULL ? EINVAL : 0);
 2028 }
 2029 
 2030 static void
 2031 bpf_drvinit(void *unused)
 2032 {
 2033         struct cdev *dev;
 2034 
 2035         mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
 2036         LIST_INIT(&bpf_iflist);
 2037 
 2038         dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf");
 2039         /* For compatibility */
 2040         make_dev_alias(dev, "bpf0");
 2041 }
 2042 
 2043 /*
 2044  * Zero out the various packet counters associated with all of the bpf
 2045  * descriptors.  At some point, we will probably want to get a bit more
 2046  * granular and allow the user to specify descriptors to be zeroed.
 2047  */
 2048 static void
 2049 bpf_zero_counters(void)
 2050 {
 2051         struct bpf_if *bp;
 2052         struct bpf_d *bd;
 2053 
 2054         mtx_lock(&bpf_mtx);
 2055         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 2056                 BPFIF_LOCK(bp);
 2057                 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
 2058                         BPFD_LOCK(bd);
 2059                         bd->bd_rcount = 0;
 2060                         bd->bd_dcount = 0;
 2061                         bd->bd_fcount = 0;
 2062                         bd->bd_wcount = 0;
 2063                         bd->bd_wfcount = 0;
 2064                         bd->bd_zcopy = 0;
 2065                         BPFD_UNLOCK(bd);
 2066                 }
 2067                 BPFIF_UNLOCK(bp);
 2068         }
 2069         mtx_unlock(&bpf_mtx);
 2070 }
 2071 
 2072 static void
 2073 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
 2074 {
 2075 
 2076         bzero(d, sizeof(*d));
 2077         BPFD_LOCK_ASSERT(bd);
 2078         d->bd_structsize = sizeof(*d);
 2079         d->bd_immediate = bd->bd_immediate;
 2080         d->bd_promisc = bd->bd_promisc;
 2081         d->bd_hdrcmplt = bd->bd_hdrcmplt;
 2082         d->bd_direction = bd->bd_direction;
 2083         d->bd_feedback = bd->bd_feedback;
 2084         d->bd_async = bd->bd_async;
 2085         d->bd_rcount = bd->bd_rcount;
 2086         d->bd_dcount = bd->bd_dcount;
 2087         d->bd_fcount = bd->bd_fcount;
 2088         d->bd_sig = bd->bd_sig;
 2089         d->bd_slen = bd->bd_slen;
 2090         d->bd_hlen = bd->bd_hlen;
 2091         d->bd_bufsize = bd->bd_bufsize;
 2092         d->bd_pid = bd->bd_pid;
 2093         strlcpy(d->bd_ifname,
 2094             bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
 2095         d->bd_locked = bd->bd_locked;
 2096         d->bd_wcount = bd->bd_wcount;
 2097         d->bd_wdcount = bd->bd_wdcount;
 2098         d->bd_wfcount = bd->bd_wfcount;
 2099         d->bd_zcopy = bd->bd_zcopy;
 2100         d->bd_bufmode = bd->bd_bufmode;
 2101 }
 2102 
 2103 static int
 2104 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
 2105 {
 2106         struct xbpf_d *xbdbuf, *xbd, zerostats;
 2107         int index, error;
 2108         struct bpf_if *bp;
 2109         struct bpf_d *bd;
 2110 
 2111         /*
 2112          * XXX This is not technically correct. It is possible for non
 2113          * privileged users to open bpf devices. It would make sense
 2114          * if the users who opened the devices were able to retrieve
 2115          * the statistics for them, too.
 2116          */
 2117         error = priv_check(req->td, PRIV_NET_BPF);
 2118         if (error)
 2119                 return (error);
 2120         /*
 2121          * Check to see if the user is requesting that the counters be
 2122          * zeroed out.  Explicitly check that the supplied data is zeroed,
 2123          * as we aren't allowing the user to set the counters currently.
 2124          */
 2125         if (req->newptr != NULL) {
 2126                 if (req->newlen != sizeof(zerostats))
 2127                         return (EINVAL);
 2128                 bzero(&zerostats, sizeof(zerostats));
 2129                 xbd = req->newptr;
 2130                 if (bcmp(xbd, &zerostats, sizeof(*xbd)) != 0)
 2131                         return (EINVAL);
 2132                 bpf_zero_counters();
 2133                 return (0);
 2134         }
 2135         if (req->oldptr == NULL)
 2136                 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
 2137         if (bpf_bpfd_cnt == 0)
 2138                 return (SYSCTL_OUT(req, 0, 0));
 2139         xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
 2140         mtx_lock(&bpf_mtx);
 2141         if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
 2142                 mtx_unlock(&bpf_mtx);
 2143                 free(xbdbuf, M_BPF);
 2144                 return (ENOMEM);
 2145         }
 2146         index = 0;
 2147         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 2148                 BPFIF_LOCK(bp);
 2149                 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
 2150                         xbd = &xbdbuf[index++];
 2151                         BPFD_LOCK(bd);
 2152                         bpfstats_fill_xbpf(xbd, bd);
 2153                         BPFD_UNLOCK(bd);
 2154                 }
 2155                 BPFIF_UNLOCK(bp);
 2156         }
 2157         mtx_unlock(&bpf_mtx);
 2158         error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
 2159         free(xbdbuf, M_BPF);
 2160         return (error);
 2161 }
 2162 
 2163 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL);
 2164 
 2165 #else /* !DEV_BPF && !NETGRAPH_BPF */
 2166 /*
 2167  * NOP stubs to allow bpf-using drivers to load and function.
 2168  *
 2169  * A 'better' implementation would allow the core bpf functionality
 2170  * to be loaded at runtime.
 2171  */
 2172 static struct bpf_if bp_null;
 2173 
 2174 void
 2175 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
 2176 {
 2177 }
 2178 
 2179 void
 2180 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
 2181 {
 2182 }
 2183 
 2184 void
 2185 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
 2186 {
 2187 }
 2188 
 2189 void
 2190 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
 2191 {
 2192 
 2193         bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
 2194 }
 2195 
 2196 void
 2197 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
 2198 {
 2199 
 2200         *driverp = &bp_null;
 2201 }
 2202 
 2203 void
 2204 bpfdetach(struct ifnet *ifp)
 2205 {
 2206 }
 2207 
 2208 u_int
 2209 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
 2210 {
 2211         return -1;      /* "no filter" behaviour */
 2212 }
 2213 
 2214 int
 2215 bpf_validate(const struct bpf_insn *f, int len)
 2216 {
 2217         return 0;               /* false */
 2218 }
 2219 
 2220 #endif /* !DEV_BPF && !NETGRAPH_BPF */

Cache object: 694dc28bc2d82854bb6ce46e17a901e4


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.