Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/bpf.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1990, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * Copyright (c) 2019 Andrey V. Elsukov <ae@FreeBSD.org> 7 * 8 * This code is derived from the Stanford/CMU enet packet filter, 9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 11 * Berkeley Laboratory. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * @(#)bpf.c 8.4 (Berkeley) 1/9/95 38 */ 39 40 #include <sys/cdefs.h> 41 __FBSDID("$FreeBSD$"); 42 43 #include "opt_bpf.h" 44 #include "opt_ddb.h" 45 #include "opt_netgraph.h" 46 47 #include <sys/param.h> 48 #include <sys/conf.h> 49 #include <sys/eventhandler.h> 50 #include <sys/fcntl.h> 51 #include <sys/jail.h> 52 #include <sys/ktr.h> 53 #include <sys/lock.h> 54 #include <sys/malloc.h> 55 #include <sys/mbuf.h> 56 #include <sys/mutex.h> 57 #include <sys/time.h> 58 #include <sys/priv.h> 59 #include <sys/proc.h> 60 #include <sys/signalvar.h> 61 #include <sys/filio.h> 62 #include <sys/sockio.h> 63 #include <sys/ttycom.h> 64 #include <sys/uio.h> 65 #include <sys/sysent.h> 66 #include <sys/systm.h> 67 68 #include <sys/event.h> 69 #include <sys/file.h> 70 #include <sys/poll.h> 71 #include <sys/proc.h> 72 73 #include <sys/socket.h> 74 75 #ifdef DDB 76 #include <ddb/ddb.h> 77 #endif 78 79 #include <net/if.h> 80 #include <net/if_var.h> 81 #include <net/if_private.h> 82 #include <net/if_vlan_var.h> 83 #include <net/if_dl.h> 84 #include <net/bpf.h> 85 #include <net/bpf_buffer.h> 86 #ifdef BPF_JITTER 87 #include <net/bpf_jitter.h> 88 #endif 89 #include <net/bpf_zerocopy.h> 90 #include <net/bpfdesc.h> 91 #include <net/route.h> 92 #include <net/vnet.h> 93 94 #include <netinet/in.h> 95 #include <netinet/if_ether.h> 96 #include <sys/kernel.h> 97 #include <sys/sysctl.h> 98 99 #include <net80211/ieee80211_freebsd.h> 100 101 #include <security/mac/mac_framework.h> 102 103 MALLOC_DEFINE(M_BPF, "BPF", "BPF data"); 104 105 static struct bpf_if_ext dead_bpf_if = { 106 .bif_dlist = CK_LIST_HEAD_INITIALIZER() 107 }; 108 109 struct bpf_if { 110 #define bif_next bif_ext.bif_next 111 #define bif_dlist bif_ext.bif_dlist 112 struct bpf_if_ext bif_ext; /* public members */ 113 u_int bif_dlt; /* link layer type */ 114 u_int bif_hdrlen; /* length of link header */ 115 struct bpfd_list bif_wlist; /* writer-only list */ 116 struct ifnet *bif_ifp; /* corresponding interface */ 117 struct bpf_if **bif_bpf; /* Pointer to pointer to us */ 118 volatile u_int bif_refcnt; 119 struct epoch_context epoch_ctx; 120 }; 121 122 CTASSERT(offsetof(struct bpf_if, bif_ext) == 0); 123 124 struct bpf_program_buffer { 125 struct epoch_context epoch_ctx; 126 #ifdef BPF_JITTER 127 bpf_jit_filter *func; 128 #endif 129 void *buffer[0]; 130 }; 131 132 #if defined(DEV_BPF) || defined(NETGRAPH_BPF) 133 134 #define PRINET 26 /* interruptible */ 135 #define BPF_PRIO_MAX 7 136 137 #define SIZEOF_BPF_HDR(type) \ 138 (offsetof(type, bh_hdrlen) + sizeof(((type *)0)->bh_hdrlen)) 139 140 #ifdef COMPAT_FREEBSD32 141 #include <sys/mount.h> 142 #include <compat/freebsd32/freebsd32.h> 143 #define BPF_ALIGNMENT32 sizeof(int32_t) 144 #define BPF_WORDALIGN32(x) roundup2(x, BPF_ALIGNMENT32) 145 146 #ifndef BURN_BRIDGES 147 /* 148 * 32-bit version of structure prepended to each packet. We use this header 149 * instead of the standard one for 32-bit streams. We mark the a stream as 150 * 32-bit the first time we see a 32-bit compat ioctl request. 151 */ 152 struct bpf_hdr32 { 153 struct timeval32 bh_tstamp; /* time stamp */ 154 uint32_t bh_caplen; /* length of captured portion */ 155 uint32_t bh_datalen; /* original length of packet */ 156 uint16_t bh_hdrlen; /* length of bpf header (this struct 157 plus alignment padding) */ 158 }; 159 #endif 160 161 struct bpf_program32 { 162 u_int bf_len; 163 uint32_t bf_insns; 164 }; 165 166 struct bpf_dltlist32 { 167 u_int bfl_len; 168 u_int bfl_list; 169 }; 170 171 #define BIOCSETF32 _IOW('B', 103, struct bpf_program32) 172 #define BIOCSRTIMEOUT32 _IOW('B', 109, struct timeval32) 173 #define BIOCGRTIMEOUT32 _IOR('B', 110, struct timeval32) 174 #define BIOCGDLTLIST32 _IOWR('B', 121, struct bpf_dltlist32) 175 #define BIOCSETWF32 _IOW('B', 123, struct bpf_program32) 176 #define BIOCSETFNR32 _IOW('B', 130, struct bpf_program32) 177 #endif 178 179 #define BPF_LOCK() sx_xlock(&bpf_sx) 180 #define BPF_UNLOCK() sx_xunlock(&bpf_sx) 181 #define BPF_LOCK_ASSERT() sx_assert(&bpf_sx, SA_XLOCKED) 182 /* 183 * bpf_iflist is a list of BPF interface structures, each corresponding to a 184 * specific DLT. The same network interface might have several BPF interface 185 * structures registered by different layers in the stack (i.e., 802.11 186 * frames, ethernet frames, etc). 187 */ 188 CK_LIST_HEAD(bpf_iflist, bpf_if); 189 static struct bpf_iflist bpf_iflist; 190 static struct sx bpf_sx; /* bpf global lock */ 191 static int bpf_bpfd_cnt; 192 193 static void bpfif_ref(struct bpf_if *); 194 static void bpfif_rele(struct bpf_if *); 195 196 static void bpfd_ref(struct bpf_d *); 197 static void bpfd_rele(struct bpf_d *); 198 static void bpf_attachd(struct bpf_d *, struct bpf_if *); 199 static void bpf_detachd(struct bpf_d *); 200 static void bpf_detachd_locked(struct bpf_d *, bool); 201 static void bpfd_free(epoch_context_t); 202 static int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **, 203 struct sockaddr *, int *, struct bpf_d *); 204 static int bpf_setif(struct bpf_d *, struct ifreq *); 205 static void bpf_timed_out(void *); 206 static __inline void 207 bpf_wakeup(struct bpf_d *); 208 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int, 209 void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int), 210 struct bintime *); 211 static void reset_d(struct bpf_d *); 212 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd); 213 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *); 214 static int bpf_setdlt(struct bpf_d *, u_int); 215 static void filt_bpfdetach(struct knote *); 216 static int filt_bpfread(struct knote *, long); 217 static int filt_bpfwrite(struct knote *, long); 218 static void bpf_drvinit(void *); 219 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS); 220 221 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 222 "bpf sysctl"); 223 int bpf_maxinsns = BPF_MAXINSNS; 224 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW, 225 &bpf_maxinsns, 0, "Maximum bpf program instructions"); 226 static int bpf_zerocopy_enable = 0; 227 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW, 228 &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions"); 229 static SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW, 230 bpf_stats_sysctl, "bpf statistics portal"); 231 232 VNET_DEFINE_STATIC(int, bpf_optimize_writers) = 0; 233 #define V_bpf_optimize_writers VNET(bpf_optimize_writers) 234 SYSCTL_INT(_net_bpf, OID_AUTO, optimize_writers, CTLFLAG_VNET | CTLFLAG_RWTUN, 235 &VNET_NAME(bpf_optimize_writers), 0, 236 "Do not send packets until BPF program is set"); 237 238 static d_open_t bpfopen; 239 static d_read_t bpfread; 240 static d_write_t bpfwrite; 241 static d_ioctl_t bpfioctl; 242 static d_poll_t bpfpoll; 243 static d_kqfilter_t bpfkqfilter; 244 245 static struct cdevsw bpf_cdevsw = { 246 .d_version = D_VERSION, 247 .d_open = bpfopen, 248 .d_read = bpfread, 249 .d_write = bpfwrite, 250 .d_ioctl = bpfioctl, 251 .d_poll = bpfpoll, 252 .d_name = "bpf", 253 .d_kqfilter = bpfkqfilter, 254 }; 255 256 static struct filterops bpfread_filtops = { 257 .f_isfd = 1, 258 .f_detach = filt_bpfdetach, 259 .f_event = filt_bpfread, 260 }; 261 262 static struct filterops bpfwrite_filtops = { 263 .f_isfd = 1, 264 .f_detach = filt_bpfdetach, 265 .f_event = filt_bpfwrite, 266 }; 267 268 /* 269 * LOCKING MODEL USED BY BPF 270 * 271 * Locks: 272 * 1) global lock (BPF_LOCK). Sx, used to protect some global counters, 273 * every bpf_iflist changes, serializes ioctl access to bpf descriptors. 274 * 2) Descriptor lock. Mutex, used to protect BPF buffers and various 275 * structure fields used by bpf_*tap* code. 276 * 277 * Lock order: global lock, then descriptor lock. 278 * 279 * There are several possible consumers: 280 * 281 * 1. The kernel registers interface pointer with bpfattach(). 282 * Each call allocates new bpf_if structure, references ifnet pointer 283 * and links bpf_if into bpf_iflist chain. This is protected with global 284 * lock. 285 * 286 * 2. An userland application uses ioctl() call to bpf_d descriptor. 287 * All such call are serialized with global lock. BPF filters can be 288 * changed, but pointer to old filter will be freed using NET_EPOCH_CALL(). 289 * Thus it should be safe for bpf_tap/bpf_mtap* code to do access to 290 * filter pointers, even if change will happen during bpf_tap execution. 291 * Destroying of bpf_d descriptor also is doing using NET_EPOCH_CALL(). 292 * 293 * 3. An userland application can write packets into bpf_d descriptor. 294 * There we need to be sure, that ifnet won't disappear during bpfwrite(). 295 * 296 * 4. The kernel invokes bpf_tap/bpf_mtap* functions. The access to 297 * bif_dlist is protected with net_epoch_preempt section. So, it should 298 * be safe to make access to bpf_d descriptor inside the section. 299 * 300 * 5. The kernel invokes bpfdetach() on interface destroying. All lists 301 * are modified with global lock held and actual free() is done using 302 * NET_EPOCH_CALL(). 303 */ 304 305 static void 306 bpfif_free(epoch_context_t ctx) 307 { 308 struct bpf_if *bp; 309 310 bp = __containerof(ctx, struct bpf_if, epoch_ctx); 311 if_rele(bp->bif_ifp); 312 free(bp, M_BPF); 313 } 314 315 static void 316 bpfif_ref(struct bpf_if *bp) 317 { 318 319 refcount_acquire(&bp->bif_refcnt); 320 } 321 322 static void 323 bpfif_rele(struct bpf_if *bp) 324 { 325 326 if (!refcount_release(&bp->bif_refcnt)) 327 return; 328 NET_EPOCH_CALL(bpfif_free, &bp->epoch_ctx); 329 } 330 331 static void 332 bpfd_ref(struct bpf_d *d) 333 { 334 335 refcount_acquire(&d->bd_refcnt); 336 } 337 338 static void 339 bpfd_rele(struct bpf_d *d) 340 { 341 342 if (!refcount_release(&d->bd_refcnt)) 343 return; 344 NET_EPOCH_CALL(bpfd_free, &d->epoch_ctx); 345 } 346 347 static struct bpf_program_buffer* 348 bpf_program_buffer_alloc(size_t size, int flags) 349 { 350 351 return (malloc(sizeof(struct bpf_program_buffer) + size, 352 M_BPF, flags)); 353 } 354 355 static void 356 bpf_program_buffer_free(epoch_context_t ctx) 357 { 358 struct bpf_program_buffer *ptr; 359 360 ptr = __containerof(ctx, struct bpf_program_buffer, epoch_ctx); 361 #ifdef BPF_JITTER 362 if (ptr->func != NULL) 363 bpf_destroy_jit_filter(ptr->func); 364 #endif 365 free(ptr, M_BPF); 366 } 367 368 /* 369 * Wrapper functions for various buffering methods. If the set of buffer 370 * modes expands, we will probably want to introduce a switch data structure 371 * similar to protosw, et. 372 */ 373 static void 374 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src, 375 u_int len) 376 { 377 378 BPFD_LOCK_ASSERT(d); 379 380 switch (d->bd_bufmode) { 381 case BPF_BUFMODE_BUFFER: 382 return (bpf_buffer_append_bytes(d, buf, offset, src, len)); 383 384 case BPF_BUFMODE_ZBUF: 385 counter_u64_add(d->bd_zcopy, 1); 386 return (bpf_zerocopy_append_bytes(d, buf, offset, src, len)); 387 388 default: 389 panic("bpf_buf_append_bytes"); 390 } 391 } 392 393 static void 394 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src, 395 u_int len) 396 { 397 398 BPFD_LOCK_ASSERT(d); 399 400 switch (d->bd_bufmode) { 401 case BPF_BUFMODE_BUFFER: 402 return (bpf_buffer_append_mbuf(d, buf, offset, src, len)); 403 404 case BPF_BUFMODE_ZBUF: 405 counter_u64_add(d->bd_zcopy, 1); 406 return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len)); 407 408 default: 409 panic("bpf_buf_append_mbuf"); 410 } 411 } 412 413 /* 414 * This function gets called when the free buffer is re-assigned. 415 */ 416 static void 417 bpf_buf_reclaimed(struct bpf_d *d) 418 { 419 420 BPFD_LOCK_ASSERT(d); 421 422 switch (d->bd_bufmode) { 423 case BPF_BUFMODE_BUFFER: 424 return; 425 426 case BPF_BUFMODE_ZBUF: 427 bpf_zerocopy_buf_reclaimed(d); 428 return; 429 430 default: 431 panic("bpf_buf_reclaimed"); 432 } 433 } 434 435 /* 436 * If the buffer mechanism has a way to decide that a held buffer can be made 437 * free, then it is exposed via the bpf_canfreebuf() interface. (1) is 438 * returned if the buffer can be discarded, (0) is returned if it cannot. 439 */ 440 static int 441 bpf_canfreebuf(struct bpf_d *d) 442 { 443 444 BPFD_LOCK_ASSERT(d); 445 446 switch (d->bd_bufmode) { 447 case BPF_BUFMODE_ZBUF: 448 return (bpf_zerocopy_canfreebuf(d)); 449 } 450 return (0); 451 } 452 453 /* 454 * Allow the buffer model to indicate that the current store buffer is 455 * immutable, regardless of the appearance of space. Return (1) if the 456 * buffer is writable, and (0) if not. 457 */ 458 static int 459 bpf_canwritebuf(struct bpf_d *d) 460 { 461 BPFD_LOCK_ASSERT(d); 462 463 switch (d->bd_bufmode) { 464 case BPF_BUFMODE_ZBUF: 465 return (bpf_zerocopy_canwritebuf(d)); 466 } 467 return (1); 468 } 469 470 /* 471 * Notify buffer model that an attempt to write to the store buffer has 472 * resulted in a dropped packet, in which case the buffer may be considered 473 * full. 474 */ 475 static void 476 bpf_buffull(struct bpf_d *d) 477 { 478 479 BPFD_LOCK_ASSERT(d); 480 481 switch (d->bd_bufmode) { 482 case BPF_BUFMODE_ZBUF: 483 bpf_zerocopy_buffull(d); 484 break; 485 } 486 } 487 488 /* 489 * Notify the buffer model that a buffer has moved into the hold position. 490 */ 491 void 492 bpf_bufheld(struct bpf_d *d) 493 { 494 495 BPFD_LOCK_ASSERT(d); 496 497 switch (d->bd_bufmode) { 498 case BPF_BUFMODE_ZBUF: 499 bpf_zerocopy_bufheld(d); 500 break; 501 } 502 } 503 504 static void 505 bpf_free(struct bpf_d *d) 506 { 507 508 switch (d->bd_bufmode) { 509 case BPF_BUFMODE_BUFFER: 510 return (bpf_buffer_free(d)); 511 512 case BPF_BUFMODE_ZBUF: 513 return (bpf_zerocopy_free(d)); 514 515 default: 516 panic("bpf_buf_free"); 517 } 518 } 519 520 static int 521 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio) 522 { 523 524 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) 525 return (EOPNOTSUPP); 526 return (bpf_buffer_uiomove(d, buf, len, uio)); 527 } 528 529 static int 530 bpf_ioctl_sblen(struct bpf_d *d, u_int *i) 531 { 532 533 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) 534 return (EOPNOTSUPP); 535 return (bpf_buffer_ioctl_sblen(d, i)); 536 } 537 538 static int 539 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i) 540 { 541 542 if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 543 return (EOPNOTSUPP); 544 return (bpf_zerocopy_ioctl_getzmax(td, d, i)); 545 } 546 547 static int 548 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz) 549 { 550 551 if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 552 return (EOPNOTSUPP); 553 return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz)); 554 } 555 556 static int 557 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz) 558 { 559 560 if (d->bd_bufmode != BPF_BUFMODE_ZBUF) 561 return (EOPNOTSUPP); 562 return (bpf_zerocopy_ioctl_setzbuf(td, d, bz)); 563 } 564 565 /* 566 * General BPF functions. 567 */ 568 static int 569 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp, 570 struct sockaddr *sockp, int *hdrlen, struct bpf_d *d) 571 { 572 const struct ieee80211_bpf_params *p; 573 struct ether_header *eh; 574 struct mbuf *m; 575 int error; 576 int len; 577 int hlen; 578 int slen; 579 580 /* 581 * Build a sockaddr based on the data link layer type. 582 * We do this at this level because the ethernet header 583 * is copied directly into the data field of the sockaddr. 584 * In the case of SLIP, there is no header and the packet 585 * is forwarded as is. 586 * Also, we are careful to leave room at the front of the mbuf 587 * for the link level header. 588 */ 589 switch (linktype) { 590 case DLT_SLIP: 591 sockp->sa_family = AF_INET; 592 hlen = 0; 593 break; 594 595 case DLT_EN10MB: 596 sockp->sa_family = AF_UNSPEC; 597 /* XXX Would MAXLINKHDR be better? */ 598 hlen = ETHER_HDR_LEN; 599 break; 600 601 case DLT_FDDI: 602 sockp->sa_family = AF_IMPLINK; 603 hlen = 0; 604 break; 605 606 case DLT_RAW: 607 sockp->sa_family = AF_UNSPEC; 608 hlen = 0; 609 break; 610 611 case DLT_NULL: 612 /* 613 * null interface types require a 4 byte pseudo header which 614 * corresponds to the address family of the packet. 615 */ 616 sockp->sa_family = AF_UNSPEC; 617 hlen = 4; 618 break; 619 620 case DLT_ATM_RFC1483: 621 /* 622 * en atm driver requires 4-byte atm pseudo header. 623 * though it isn't standard, vpi:vci needs to be 624 * specified anyway. 625 */ 626 sockp->sa_family = AF_UNSPEC; 627 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */ 628 break; 629 630 case DLT_PPP: 631 sockp->sa_family = AF_UNSPEC; 632 hlen = 4; /* This should match PPP_HDRLEN */ 633 break; 634 635 case DLT_IEEE802_11: /* IEEE 802.11 wireless */ 636 sockp->sa_family = AF_IEEE80211; 637 hlen = 0; 638 break; 639 640 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */ 641 sockp->sa_family = AF_IEEE80211; 642 sockp->sa_len = 12; /* XXX != 0 */ 643 hlen = sizeof(struct ieee80211_bpf_params); 644 break; 645 646 default: 647 return (EIO); 648 } 649 650 len = uio->uio_resid; 651 if (len < hlen || len - hlen > ifp->if_mtu) 652 return (EMSGSIZE); 653 654 /* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */ 655 m = m_get3(len, M_WAITOK, MT_DATA, M_PKTHDR); 656 if (m == NULL) 657 return (EIO); 658 m->m_pkthdr.len = m->m_len = len; 659 *mp = m; 660 661 error = uiomove(mtod(m, u_char *), len, uio); 662 if (error) 663 goto bad; 664 665 slen = bpf_filter(d->bd_wfilter, mtod(m, u_char *), len, len); 666 if (slen == 0) { 667 error = EPERM; 668 goto bad; 669 } 670 671 /* Check for multicast destination */ 672 switch (linktype) { 673 case DLT_EN10MB: 674 eh = mtod(m, struct ether_header *); 675 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 676 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost, 677 ETHER_ADDR_LEN) == 0) 678 m->m_flags |= M_BCAST; 679 else 680 m->m_flags |= M_MCAST; 681 } 682 if (d->bd_hdrcmplt == 0) { 683 memcpy(eh->ether_shost, IF_LLADDR(ifp), 684 sizeof(eh->ether_shost)); 685 } 686 break; 687 } 688 689 /* 690 * Make room for link header, and copy it to sockaddr 691 */ 692 if (hlen != 0) { 693 if (sockp->sa_family == AF_IEEE80211) { 694 /* 695 * Collect true length from the parameter header 696 * NB: sockp is known to be zero'd so if we do a 697 * short copy unspecified parameters will be 698 * zero. 699 * NB: packet may not be aligned after stripping 700 * bpf params 701 * XXX check ibp_vers 702 */ 703 p = mtod(m, const struct ieee80211_bpf_params *); 704 hlen = p->ibp_len; 705 if (hlen > sizeof(sockp->sa_data)) { 706 error = EINVAL; 707 goto bad; 708 } 709 } 710 bcopy(mtod(m, const void *), sockp->sa_data, hlen); 711 } 712 *hdrlen = hlen; 713 714 return (0); 715 bad: 716 m_freem(m); 717 return (error); 718 } 719 720 /* 721 * Attach descriptor to the bpf interface, i.e. make d listen on bp, 722 * then reset its buffers and counters with reset_d(). 723 */ 724 static void 725 bpf_attachd(struct bpf_d *d, struct bpf_if *bp) 726 { 727 int op_w; 728 729 BPF_LOCK_ASSERT(); 730 731 /* 732 * Save sysctl value to protect from sysctl change 733 * between reads 734 */ 735 op_w = V_bpf_optimize_writers || d->bd_writer; 736 737 if (d->bd_bif != NULL) 738 bpf_detachd_locked(d, false); 739 /* 740 * Point d at bp, and add d to the interface's list. 741 * Since there are many applications using BPF for 742 * sending raw packets only (dhcpd, cdpd are good examples) 743 * we can delay adding d to the list of active listeners until 744 * some filter is configured. 745 */ 746 747 BPFD_LOCK(d); 748 /* 749 * Hold reference to bpif while descriptor uses this interface. 750 */ 751 bpfif_ref(bp); 752 d->bd_bif = bp; 753 if (op_w != 0) { 754 /* Add to writers-only list */ 755 CK_LIST_INSERT_HEAD(&bp->bif_wlist, d, bd_next); 756 /* 757 * We decrement bd_writer on every filter set operation. 758 * First BIOCSETF is done by pcap_open_live() to set up 759 * snap length. After that appliation usually sets its own 760 * filter. 761 */ 762 d->bd_writer = 2; 763 } else 764 CK_LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next); 765 766 reset_d(d); 767 768 /* Trigger EVFILT_WRITE events. */ 769 bpf_wakeup(d); 770 771 BPFD_UNLOCK(d); 772 bpf_bpfd_cnt++; 773 774 CTR3(KTR_NET, "%s: bpf_attach called by pid %d, adding to %s list", 775 __func__, d->bd_pid, d->bd_writer ? "writer" : "active"); 776 777 if (op_w == 0) 778 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1); 779 } 780 781 /* 782 * Check if we need to upgrade our descriptor @d from write-only mode. 783 */ 784 static int 785 bpf_check_upgrade(u_long cmd, struct bpf_d *d, struct bpf_insn *fcode, 786 int flen) 787 { 788 int is_snap, need_upgrade; 789 790 /* 791 * Check if we've already upgraded or new filter is empty. 792 */ 793 if (d->bd_writer == 0 || fcode == NULL) 794 return (0); 795 796 need_upgrade = 0; 797 798 /* 799 * Check if cmd looks like snaplen setting from 800 * pcap_bpf.c:pcap_open_live(). 801 * Note we're not checking .k value here: 802 * while pcap_open_live() definitely sets to non-zero value, 803 * we'd prefer to treat k=0 (deny ALL) case the same way: e.g. 804 * do not consider upgrading immediately 805 */ 806 if (cmd == BIOCSETF && flen == 1 && 807 fcode[0].code == (BPF_RET | BPF_K)) 808 is_snap = 1; 809 else 810 is_snap = 0; 811 812 if (is_snap == 0) { 813 /* 814 * We're setting first filter and it doesn't look like 815 * setting snaplen. We're probably using bpf directly. 816 * Upgrade immediately. 817 */ 818 need_upgrade = 1; 819 } else { 820 /* 821 * Do not require upgrade by first BIOCSETF 822 * (used to set snaplen) by pcap_open_live(). 823 */ 824 825 if (--d->bd_writer == 0) { 826 /* 827 * First snaplen filter has already 828 * been set. This is probably catch-all 829 * filter 830 */ 831 need_upgrade = 1; 832 } 833 } 834 835 CTR5(KTR_NET, 836 "%s: filter function set by pid %d, " 837 "bd_writer counter %d, snap %d upgrade %d", 838 __func__, d->bd_pid, d->bd_writer, 839 is_snap, need_upgrade); 840 841 return (need_upgrade); 842 } 843 844 /* 845 * Detach a file from its interface. 846 */ 847 static void 848 bpf_detachd(struct bpf_d *d) 849 { 850 BPF_LOCK(); 851 bpf_detachd_locked(d, false); 852 BPF_UNLOCK(); 853 } 854 855 static void 856 bpf_detachd_locked(struct bpf_d *d, bool detached_ifp) 857 { 858 struct bpf_if *bp; 859 struct ifnet *ifp; 860 int error; 861 862 BPF_LOCK_ASSERT(); 863 CTR2(KTR_NET, "%s: detach required by pid %d", __func__, d->bd_pid); 864 865 /* Check if descriptor is attached */ 866 if ((bp = d->bd_bif) == NULL) 867 return; 868 869 BPFD_LOCK(d); 870 /* Remove d from the interface's descriptor list. */ 871 CK_LIST_REMOVE(d, bd_next); 872 /* Save bd_writer value */ 873 error = d->bd_writer; 874 ifp = bp->bif_ifp; 875 d->bd_bif = NULL; 876 if (detached_ifp) { 877 /* 878 * Notify descriptor as it's detached, so that any 879 * sleepers wake up and get ENXIO. 880 */ 881 bpf_wakeup(d); 882 } 883 BPFD_UNLOCK(d); 884 bpf_bpfd_cnt--; 885 886 /* Call event handler iff d is attached */ 887 if (error == 0) 888 EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0); 889 890 /* 891 * Check if this descriptor had requested promiscuous mode. 892 * If so and ifnet is not detached, turn it off. 893 */ 894 if (d->bd_promisc && !detached_ifp) { 895 d->bd_promisc = 0; 896 CURVNET_SET(ifp->if_vnet); 897 error = ifpromisc(ifp, 0); 898 CURVNET_RESTORE(); 899 if (error != 0 && error != ENXIO) { 900 /* 901 * ENXIO can happen if a pccard is unplugged 902 * Something is really wrong if we were able to put 903 * the driver into promiscuous mode, but can't 904 * take it out. 905 */ 906 if_printf(bp->bif_ifp, 907 "bpf_detach: ifpromisc failed (%d)\n", error); 908 } 909 } 910 bpfif_rele(bp); 911 } 912 913 /* 914 * Close the descriptor by detaching it from its interface, 915 * deallocating its buffers, and marking it free. 916 */ 917 static void 918 bpf_dtor(void *data) 919 { 920 struct bpf_d *d = data; 921 922 BPFD_LOCK(d); 923 if (d->bd_state == BPF_WAITING) 924 callout_stop(&d->bd_callout); 925 d->bd_state = BPF_IDLE; 926 BPFD_UNLOCK(d); 927 funsetown(&d->bd_sigio); 928 bpf_detachd(d); 929 #ifdef MAC 930 mac_bpfdesc_destroy(d); 931 #endif /* MAC */ 932 seldrain(&d->bd_sel); 933 knlist_destroy(&d->bd_sel.si_note); 934 callout_drain(&d->bd_callout); 935 bpfd_rele(d); 936 } 937 938 /* 939 * Open ethernet device. Returns ENXIO for illegal minor device number, 940 * EBUSY if file is open by another process. 941 */ 942 /* ARGSUSED */ 943 static int 944 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td) 945 { 946 struct bpf_d *d; 947 int error; 948 949 d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO); 950 error = devfs_set_cdevpriv(d, bpf_dtor); 951 if (error != 0) { 952 free(d, M_BPF); 953 return (error); 954 } 955 956 /* Setup counters */ 957 d->bd_rcount = counter_u64_alloc(M_WAITOK); 958 d->bd_dcount = counter_u64_alloc(M_WAITOK); 959 d->bd_fcount = counter_u64_alloc(M_WAITOK); 960 d->bd_wcount = counter_u64_alloc(M_WAITOK); 961 d->bd_wfcount = counter_u64_alloc(M_WAITOK); 962 d->bd_wdcount = counter_u64_alloc(M_WAITOK); 963 d->bd_zcopy = counter_u64_alloc(M_WAITOK); 964 965 /* 966 * For historical reasons, perform a one-time initialization call to 967 * the buffer routines, even though we're not yet committed to a 968 * particular buffer method. 969 */ 970 bpf_buffer_init(d); 971 if ((flags & FREAD) == 0) 972 d->bd_writer = 2; 973 d->bd_hbuf_in_use = 0; 974 d->bd_bufmode = BPF_BUFMODE_BUFFER; 975 d->bd_sig = SIGIO; 976 d->bd_direction = BPF_D_INOUT; 977 refcount_init(&d->bd_refcnt, 1); 978 BPF_PID_REFRESH(d, td); 979 #ifdef MAC 980 mac_bpfdesc_init(d); 981 mac_bpfdesc_create(td->td_ucred, d); 982 #endif 983 mtx_init(&d->bd_lock, devtoname(dev), "bpf cdev lock", MTX_DEF); 984 callout_init_mtx(&d->bd_callout, &d->bd_lock, 0); 985 knlist_init_mtx(&d->bd_sel.si_note, &d->bd_lock); 986 987 /* Disable VLAN pcp tagging. */ 988 d->bd_pcp = 0; 989 990 return (0); 991 } 992 993 /* 994 * bpfread - read next chunk of packets from buffers 995 */ 996 static int 997 bpfread(struct cdev *dev, struct uio *uio, int ioflag) 998 { 999 struct bpf_d *d; 1000 int error; 1001 int non_block; 1002 int timed_out; 1003 1004 error = devfs_get_cdevpriv((void **)&d); 1005 if (error != 0) 1006 return (error); 1007 1008 /* 1009 * Restrict application to use a buffer the same size as 1010 * as kernel buffers. 1011 */ 1012 if (uio->uio_resid != d->bd_bufsize) 1013 return (EINVAL); 1014 1015 non_block = ((ioflag & O_NONBLOCK) != 0); 1016 1017 BPFD_LOCK(d); 1018 BPF_PID_REFRESH_CUR(d); 1019 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) { 1020 BPFD_UNLOCK(d); 1021 return (EOPNOTSUPP); 1022 } 1023 if (d->bd_state == BPF_WAITING) 1024 callout_stop(&d->bd_callout); 1025 timed_out = (d->bd_state == BPF_TIMED_OUT); 1026 d->bd_state = BPF_IDLE; 1027 while (d->bd_hbuf_in_use) { 1028 error = mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock, 1029 PRINET|PCATCH, "bd_hbuf", 0); 1030 if (error != 0) { 1031 BPFD_UNLOCK(d); 1032 return (error); 1033 } 1034 } 1035 /* 1036 * If the hold buffer is empty, then do a timed sleep, which 1037 * ends when the timeout expires or when enough packets 1038 * have arrived to fill the store buffer. 1039 */ 1040 while (d->bd_hbuf == NULL) { 1041 if (d->bd_slen != 0) { 1042 /* 1043 * A packet(s) either arrived since the previous 1044 * read or arrived while we were asleep. 1045 */ 1046 if (d->bd_immediate || non_block || timed_out) { 1047 /* 1048 * Rotate the buffers and return what's here 1049 * if we are in immediate mode, non-blocking 1050 * flag is set, or this descriptor timed out. 1051 */ 1052 ROTATE_BUFFERS(d); 1053 break; 1054 } 1055 } 1056 1057 /* 1058 * No data is available, check to see if the bpf device 1059 * is still pointed at a real interface. If not, return 1060 * ENXIO so that the userland process knows to rebind 1061 * it before using it again. 1062 */ 1063 if (d->bd_bif == NULL) { 1064 BPFD_UNLOCK(d); 1065 return (ENXIO); 1066 } 1067 1068 if (non_block) { 1069 BPFD_UNLOCK(d); 1070 return (EWOULDBLOCK); 1071 } 1072 error = msleep(d, &d->bd_lock, PRINET|PCATCH, 1073 "bpf", d->bd_rtout); 1074 if (error == EINTR || error == ERESTART) { 1075 BPFD_UNLOCK(d); 1076 return (error); 1077 } 1078 if (error == EWOULDBLOCK) { 1079 /* 1080 * On a timeout, return what's in the buffer, 1081 * which may be nothing. If there is something 1082 * in the store buffer, we can rotate the buffers. 1083 */ 1084 if (d->bd_hbuf) 1085 /* 1086 * We filled up the buffer in between 1087 * getting the timeout and arriving 1088 * here, so we don't need to rotate. 1089 */ 1090 break; 1091 1092 if (d->bd_slen == 0) { 1093 BPFD_UNLOCK(d); 1094 return (0); 1095 } 1096 ROTATE_BUFFERS(d); 1097 break; 1098 } 1099 } 1100 /* 1101 * At this point, we know we have something in the hold slot. 1102 */ 1103 d->bd_hbuf_in_use = 1; 1104 BPFD_UNLOCK(d); 1105 1106 /* 1107 * Move data from hold buffer into user space. 1108 * We know the entire buffer is transferred since 1109 * we checked above that the read buffer is bpf_bufsize bytes. 1110 * 1111 * We do not have to worry about simultaneous reads because 1112 * we waited for sole access to the hold buffer above. 1113 */ 1114 error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio); 1115 1116 BPFD_LOCK(d); 1117 KASSERT(d->bd_hbuf != NULL, ("bpfread: lost bd_hbuf")); 1118 d->bd_fbuf = d->bd_hbuf; 1119 d->bd_hbuf = NULL; 1120 d->bd_hlen = 0; 1121 bpf_buf_reclaimed(d); 1122 d->bd_hbuf_in_use = 0; 1123 wakeup(&d->bd_hbuf_in_use); 1124 BPFD_UNLOCK(d); 1125 1126 return (error); 1127 } 1128 1129 /* 1130 * If there are processes sleeping on this descriptor, wake them up. 1131 */ 1132 static __inline void 1133 bpf_wakeup(struct bpf_d *d) 1134 { 1135 1136 BPFD_LOCK_ASSERT(d); 1137 if (d->bd_state == BPF_WAITING) { 1138 callout_stop(&d->bd_callout); 1139 d->bd_state = BPF_IDLE; 1140 } 1141 wakeup(d); 1142 if (d->bd_async && d->bd_sig && d->bd_sigio) 1143 pgsigio(&d->bd_sigio, d->bd_sig, 0); 1144 1145 selwakeuppri(&d->bd_sel, PRINET); 1146 KNOTE_LOCKED(&d->bd_sel.si_note, 0); 1147 } 1148 1149 static void 1150 bpf_timed_out(void *arg) 1151 { 1152 struct bpf_d *d = (struct bpf_d *)arg; 1153 1154 BPFD_LOCK_ASSERT(d); 1155 1156 if (callout_pending(&d->bd_callout) || 1157 !callout_active(&d->bd_callout)) 1158 return; 1159 if (d->bd_state == BPF_WAITING) { 1160 d->bd_state = BPF_TIMED_OUT; 1161 if (d->bd_slen != 0) 1162 bpf_wakeup(d); 1163 } 1164 } 1165 1166 static int 1167 bpf_ready(struct bpf_d *d) 1168 { 1169 1170 BPFD_LOCK_ASSERT(d); 1171 1172 if (!bpf_canfreebuf(d) && d->bd_hlen != 0) 1173 return (1); 1174 if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) && 1175 d->bd_slen != 0) 1176 return (1); 1177 return (0); 1178 } 1179 1180 static int 1181 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag) 1182 { 1183 struct route ro; 1184 struct sockaddr dst; 1185 struct epoch_tracker et; 1186 struct bpf_if *bp; 1187 struct bpf_d *d; 1188 struct ifnet *ifp; 1189 struct mbuf *m, *mc; 1190 int error, hlen; 1191 1192 error = devfs_get_cdevpriv((void **)&d); 1193 if (error != 0) 1194 return (error); 1195 1196 NET_EPOCH_ENTER(et); 1197 BPFD_LOCK(d); 1198 BPF_PID_REFRESH_CUR(d); 1199 counter_u64_add(d->bd_wcount, 1); 1200 if ((bp = d->bd_bif) == NULL) { 1201 error = ENXIO; 1202 goto out_locked; 1203 } 1204 1205 ifp = bp->bif_ifp; 1206 if ((ifp->if_flags & IFF_UP) == 0) { 1207 error = ENETDOWN; 1208 goto out_locked; 1209 } 1210 1211 if (uio->uio_resid == 0) 1212 goto out_locked; 1213 1214 bzero(&dst, sizeof(dst)); 1215 m = NULL; 1216 hlen = 0; 1217 1218 /* 1219 * Take extra reference, unlock d and exit from epoch section, 1220 * since bpf_movein() can sleep. 1221 */ 1222 bpfd_ref(d); 1223 NET_EPOCH_EXIT(et); 1224 BPFD_UNLOCK(d); 1225 1226 error = bpf_movein(uio, (int)bp->bif_dlt, ifp, 1227 &m, &dst, &hlen, d); 1228 1229 if (error != 0) { 1230 counter_u64_add(d->bd_wdcount, 1); 1231 bpfd_rele(d); 1232 return (error); 1233 } 1234 1235 BPFD_LOCK(d); 1236 /* 1237 * Check that descriptor is still attached to the interface. 1238 * This can happen on bpfdetach(). To avoid access to detached 1239 * ifnet, free mbuf and return ENXIO. 1240 */ 1241 if (d->bd_bif == NULL) { 1242 counter_u64_add(d->bd_wdcount, 1); 1243 BPFD_UNLOCK(d); 1244 bpfd_rele(d); 1245 m_freem(m); 1246 return (ENXIO); 1247 } 1248 counter_u64_add(d->bd_wfcount, 1); 1249 if (d->bd_hdrcmplt) 1250 dst.sa_family = pseudo_AF_HDRCMPLT; 1251 1252 if (d->bd_feedback) { 1253 mc = m_dup(m, M_NOWAIT); 1254 if (mc != NULL) 1255 mc->m_pkthdr.rcvif = ifp; 1256 /* Set M_PROMISC for outgoing packets to be discarded. */ 1257 if (d->bd_direction == BPF_D_INOUT) 1258 m->m_flags |= M_PROMISC; 1259 } else 1260 mc = NULL; 1261 1262 m->m_pkthdr.len -= hlen; 1263 m->m_len -= hlen; 1264 m->m_data += hlen; /* XXX */ 1265 1266 CURVNET_SET(ifp->if_vnet); 1267 #ifdef MAC 1268 mac_bpfdesc_create_mbuf(d, m); 1269 if (mc != NULL) 1270 mac_bpfdesc_create_mbuf(d, mc); 1271 #endif 1272 1273 bzero(&ro, sizeof(ro)); 1274 if (hlen != 0) { 1275 ro.ro_prepend = (u_char *)&dst.sa_data; 1276 ro.ro_plen = hlen; 1277 ro.ro_flags = RT_HAS_HEADER; 1278 } 1279 1280 if (d->bd_pcp != 0) 1281 vlan_set_pcp(m, d->bd_pcp); 1282 1283 /* Avoid possible recursion on BPFD_LOCK(). */ 1284 NET_EPOCH_ENTER(et); 1285 BPFD_UNLOCK(d); 1286 error = (*ifp->if_output)(ifp, m, &dst, &ro); 1287 if (error) 1288 counter_u64_add(d->bd_wdcount, 1); 1289 1290 if (mc != NULL) { 1291 if (error == 0) 1292 (*ifp->if_input)(ifp, mc); 1293 else 1294 m_freem(mc); 1295 } 1296 NET_EPOCH_EXIT(et); 1297 CURVNET_RESTORE(); 1298 bpfd_rele(d); 1299 return (error); 1300 1301 out_locked: 1302 counter_u64_add(d->bd_wdcount, 1); 1303 NET_EPOCH_EXIT(et); 1304 BPFD_UNLOCK(d); 1305 return (error); 1306 } 1307 1308 /* 1309 * Reset a descriptor by flushing its packet buffer and clearing the receive 1310 * and drop counts. This is doable for kernel-only buffers, but with 1311 * zero-copy buffers, we can't write to (or rotate) buffers that are 1312 * currently owned by userspace. It would be nice if we could encapsulate 1313 * this logic in the buffer code rather than here. 1314 */ 1315 static void 1316 reset_d(struct bpf_d *d) 1317 { 1318 1319 BPFD_LOCK_ASSERT(d); 1320 1321 while (d->bd_hbuf_in_use) 1322 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock, PRINET, 1323 "bd_hbuf", 0); 1324 if ((d->bd_hbuf != NULL) && 1325 (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) { 1326 /* Free the hold buffer. */ 1327 d->bd_fbuf = d->bd_hbuf; 1328 d->bd_hbuf = NULL; 1329 d->bd_hlen = 0; 1330 bpf_buf_reclaimed(d); 1331 } 1332 if (bpf_canwritebuf(d)) 1333 d->bd_slen = 0; 1334 counter_u64_zero(d->bd_rcount); 1335 counter_u64_zero(d->bd_dcount); 1336 counter_u64_zero(d->bd_fcount); 1337 counter_u64_zero(d->bd_wcount); 1338 counter_u64_zero(d->bd_wfcount); 1339 counter_u64_zero(d->bd_wdcount); 1340 counter_u64_zero(d->bd_zcopy); 1341 } 1342 1343 /* 1344 * FIONREAD Check for read packet available. 1345 * BIOCGBLEN Get buffer len [for read()]. 1346 * BIOCSETF Set read filter. 1347 * BIOCSETFNR Set read filter without resetting descriptor. 1348 * BIOCSETWF Set write filter. 1349 * BIOCFLUSH Flush read packet buffer. 1350 * BIOCPROMISC Put interface into promiscuous mode. 1351 * BIOCGDLT Get link layer type. 1352 * BIOCGETIF Get interface name. 1353 * BIOCSETIF Set interface. 1354 * BIOCSRTIMEOUT Set read timeout. 1355 * BIOCGRTIMEOUT Get read timeout. 1356 * BIOCGSTATS Get packet stats. 1357 * BIOCIMMEDIATE Set immediate mode. 1358 * BIOCVERSION Get filter language version. 1359 * BIOCGHDRCMPLT Get "header already complete" flag 1360 * BIOCSHDRCMPLT Set "header already complete" flag 1361 * BIOCGDIRECTION Get packet direction flag 1362 * BIOCSDIRECTION Set packet direction flag 1363 * BIOCGTSTAMP Get time stamp format and resolution. 1364 * BIOCSTSTAMP Set time stamp format and resolution. 1365 * BIOCLOCK Set "locked" flag 1366 * BIOCFEEDBACK Set packet feedback mode. 1367 * BIOCSETZBUF Set current zero-copy buffer locations. 1368 * BIOCGETZMAX Get maximum zero-copy buffer size. 1369 * BIOCROTZBUF Force rotation of zero-copy buffer 1370 * BIOCSETBUFMODE Set buffer mode. 1371 * BIOCGETBUFMODE Get current buffer mode. 1372 * BIOCSETVLANPCP Set VLAN PCP tag. 1373 */ 1374 /* ARGSUSED */ 1375 static int 1376 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, 1377 struct thread *td) 1378 { 1379 struct bpf_d *d; 1380 int error; 1381 1382 error = devfs_get_cdevpriv((void **)&d); 1383 if (error != 0) 1384 return (error); 1385 1386 /* 1387 * Refresh PID associated with this descriptor. 1388 */ 1389 BPFD_LOCK(d); 1390 BPF_PID_REFRESH(d, td); 1391 if (d->bd_state == BPF_WAITING) 1392 callout_stop(&d->bd_callout); 1393 d->bd_state = BPF_IDLE; 1394 BPFD_UNLOCK(d); 1395 1396 if (d->bd_locked == 1) { 1397 switch (cmd) { 1398 case BIOCGBLEN: 1399 case BIOCFLUSH: 1400 case BIOCGDLT: 1401 case BIOCGDLTLIST: 1402 #ifdef COMPAT_FREEBSD32 1403 case BIOCGDLTLIST32: 1404 #endif 1405 case BIOCGETIF: 1406 case BIOCGRTIMEOUT: 1407 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1408 case BIOCGRTIMEOUT32: 1409 #endif 1410 case BIOCGSTATS: 1411 case BIOCVERSION: 1412 case BIOCGRSIG: 1413 case BIOCGHDRCMPLT: 1414 case BIOCSTSTAMP: 1415 case BIOCFEEDBACK: 1416 case FIONREAD: 1417 case BIOCLOCK: 1418 case BIOCSRTIMEOUT: 1419 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1420 case BIOCSRTIMEOUT32: 1421 #endif 1422 case BIOCIMMEDIATE: 1423 case TIOCGPGRP: 1424 case BIOCROTZBUF: 1425 break; 1426 default: 1427 return (EPERM); 1428 } 1429 } 1430 #ifdef COMPAT_FREEBSD32 1431 /* 1432 * If we see a 32-bit compat ioctl, mark the stream as 32-bit so 1433 * that it will get 32-bit packet headers. 1434 */ 1435 switch (cmd) { 1436 case BIOCSETF32: 1437 case BIOCSETFNR32: 1438 case BIOCSETWF32: 1439 case BIOCGDLTLIST32: 1440 case BIOCGRTIMEOUT32: 1441 case BIOCSRTIMEOUT32: 1442 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { 1443 BPFD_LOCK(d); 1444 d->bd_compat32 = 1; 1445 BPFD_UNLOCK(d); 1446 } 1447 } 1448 #endif 1449 1450 CURVNET_SET(TD_TO_VNET(td)); 1451 switch (cmd) { 1452 default: 1453 error = EINVAL; 1454 break; 1455 1456 /* 1457 * Check for read packet available. 1458 */ 1459 case FIONREAD: 1460 { 1461 int n; 1462 1463 BPFD_LOCK(d); 1464 n = d->bd_slen; 1465 while (d->bd_hbuf_in_use) 1466 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock, 1467 PRINET, "bd_hbuf", 0); 1468 if (d->bd_hbuf) 1469 n += d->bd_hlen; 1470 BPFD_UNLOCK(d); 1471 1472 *(int *)addr = n; 1473 break; 1474 } 1475 1476 /* 1477 * Get buffer len [for read()]. 1478 */ 1479 case BIOCGBLEN: 1480 BPFD_LOCK(d); 1481 *(u_int *)addr = d->bd_bufsize; 1482 BPFD_UNLOCK(d); 1483 break; 1484 1485 /* 1486 * Set buffer length. 1487 */ 1488 case BIOCSBLEN: 1489 error = bpf_ioctl_sblen(d, (u_int *)addr); 1490 break; 1491 1492 /* 1493 * Set link layer read filter. 1494 */ 1495 case BIOCSETF: 1496 case BIOCSETFNR: 1497 case BIOCSETWF: 1498 #ifdef COMPAT_FREEBSD32 1499 case BIOCSETF32: 1500 case BIOCSETFNR32: 1501 case BIOCSETWF32: 1502 #endif 1503 error = bpf_setf(d, (struct bpf_program *)addr, cmd); 1504 break; 1505 1506 /* 1507 * Flush read packet buffer. 1508 */ 1509 case BIOCFLUSH: 1510 BPFD_LOCK(d); 1511 reset_d(d); 1512 BPFD_UNLOCK(d); 1513 break; 1514 1515 /* 1516 * Put interface into promiscuous mode. 1517 */ 1518 case BIOCPROMISC: 1519 BPF_LOCK(); 1520 if (d->bd_bif == NULL) { 1521 /* 1522 * No interface attached yet. 1523 */ 1524 error = EINVAL; 1525 } else if (d->bd_promisc == 0) { 1526 error = ifpromisc(d->bd_bif->bif_ifp, 1); 1527 if (error == 0) 1528 d->bd_promisc = 1; 1529 } 1530 BPF_UNLOCK(); 1531 break; 1532 1533 /* 1534 * Get current data link type. 1535 */ 1536 case BIOCGDLT: 1537 BPF_LOCK(); 1538 if (d->bd_bif == NULL) 1539 error = EINVAL; 1540 else 1541 *(u_int *)addr = d->bd_bif->bif_dlt; 1542 BPF_UNLOCK(); 1543 break; 1544 1545 /* 1546 * Get a list of supported data link types. 1547 */ 1548 #ifdef COMPAT_FREEBSD32 1549 case BIOCGDLTLIST32: 1550 { 1551 struct bpf_dltlist32 *list32; 1552 struct bpf_dltlist dltlist; 1553 1554 list32 = (struct bpf_dltlist32 *)addr; 1555 dltlist.bfl_len = list32->bfl_len; 1556 dltlist.bfl_list = PTRIN(list32->bfl_list); 1557 BPF_LOCK(); 1558 if (d->bd_bif == NULL) 1559 error = EINVAL; 1560 else { 1561 error = bpf_getdltlist(d, &dltlist); 1562 if (error == 0) 1563 list32->bfl_len = dltlist.bfl_len; 1564 } 1565 BPF_UNLOCK(); 1566 break; 1567 } 1568 #endif 1569 1570 case BIOCGDLTLIST: 1571 BPF_LOCK(); 1572 if (d->bd_bif == NULL) 1573 error = EINVAL; 1574 else 1575 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr); 1576 BPF_UNLOCK(); 1577 break; 1578 1579 /* 1580 * Set data link type. 1581 */ 1582 case BIOCSDLT: 1583 BPF_LOCK(); 1584 if (d->bd_bif == NULL) 1585 error = EINVAL; 1586 else 1587 error = bpf_setdlt(d, *(u_int *)addr); 1588 BPF_UNLOCK(); 1589 break; 1590 1591 /* 1592 * Get interface name. 1593 */ 1594 case BIOCGETIF: 1595 BPF_LOCK(); 1596 if (d->bd_bif == NULL) 1597 error = EINVAL; 1598 else { 1599 struct ifnet *const ifp = d->bd_bif->bif_ifp; 1600 struct ifreq *const ifr = (struct ifreq *)addr; 1601 1602 strlcpy(ifr->ifr_name, ifp->if_xname, 1603 sizeof(ifr->ifr_name)); 1604 } 1605 BPF_UNLOCK(); 1606 break; 1607 1608 /* 1609 * Set interface. 1610 */ 1611 case BIOCSETIF: 1612 { 1613 int alloc_buf, size; 1614 1615 /* 1616 * Behavior here depends on the buffering model. If 1617 * we're using kernel memory buffers, then we can 1618 * allocate them here. If we're using zero-copy, 1619 * then the user process must have registered buffers 1620 * by the time we get here. 1621 */ 1622 alloc_buf = 0; 1623 BPFD_LOCK(d); 1624 if (d->bd_bufmode == BPF_BUFMODE_BUFFER && 1625 d->bd_sbuf == NULL) 1626 alloc_buf = 1; 1627 BPFD_UNLOCK(d); 1628 if (alloc_buf) { 1629 size = d->bd_bufsize; 1630 error = bpf_buffer_ioctl_sblen(d, &size); 1631 if (error != 0) 1632 break; 1633 } 1634 BPF_LOCK(); 1635 error = bpf_setif(d, (struct ifreq *)addr); 1636 BPF_UNLOCK(); 1637 break; 1638 } 1639 1640 /* 1641 * Set read timeout. 1642 */ 1643 case BIOCSRTIMEOUT: 1644 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1645 case BIOCSRTIMEOUT32: 1646 #endif 1647 { 1648 struct timeval *tv = (struct timeval *)addr; 1649 #if defined(COMPAT_FREEBSD32) && !defined(__mips__) 1650 struct timeval32 *tv32; 1651 struct timeval tv64; 1652 1653 if (cmd == BIOCSRTIMEOUT32) { 1654 tv32 = (struct timeval32 *)addr; 1655 tv = &tv64; 1656 tv->tv_sec = tv32->tv_sec; 1657 tv->tv_usec = tv32->tv_usec; 1658 } else 1659 #endif 1660 tv = (struct timeval *)addr; 1661 1662 /* 1663 * Subtract 1 tick from tvtohz() since this isn't 1664 * a one-shot timer. 1665 */ 1666 if ((error = itimerfix(tv)) == 0) 1667 d->bd_rtout = tvtohz(tv) - 1; 1668 break; 1669 } 1670 1671 /* 1672 * Get read timeout. 1673 */ 1674 case BIOCGRTIMEOUT: 1675 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1676 case BIOCGRTIMEOUT32: 1677 #endif 1678 { 1679 struct timeval *tv; 1680 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1681 struct timeval32 *tv32; 1682 struct timeval tv64; 1683 1684 if (cmd == BIOCGRTIMEOUT32) 1685 tv = &tv64; 1686 else 1687 #endif 1688 tv = (struct timeval *)addr; 1689 1690 tv->tv_sec = d->bd_rtout / hz; 1691 tv->tv_usec = (d->bd_rtout % hz) * tick; 1692 #if defined(COMPAT_FREEBSD32) && defined(__amd64__) 1693 if (cmd == BIOCGRTIMEOUT32) { 1694 tv32 = (struct timeval32 *)addr; 1695 tv32->tv_sec = tv->tv_sec; 1696 tv32->tv_usec = tv->tv_usec; 1697 } 1698 #endif 1699 1700 break; 1701 } 1702 1703 /* 1704 * Get packet stats. 1705 */ 1706 case BIOCGSTATS: 1707 { 1708 struct bpf_stat *bs = (struct bpf_stat *)addr; 1709 1710 /* XXXCSJP overflow */ 1711 bs->bs_recv = (u_int)counter_u64_fetch(d->bd_rcount); 1712 bs->bs_drop = (u_int)counter_u64_fetch(d->bd_dcount); 1713 break; 1714 } 1715 1716 /* 1717 * Set immediate mode. 1718 */ 1719 case BIOCIMMEDIATE: 1720 BPFD_LOCK(d); 1721 d->bd_immediate = *(u_int *)addr; 1722 BPFD_UNLOCK(d); 1723 break; 1724 1725 case BIOCVERSION: 1726 { 1727 struct bpf_version *bv = (struct bpf_version *)addr; 1728 1729 bv->bv_major = BPF_MAJOR_VERSION; 1730 bv->bv_minor = BPF_MINOR_VERSION; 1731 break; 1732 } 1733 1734 /* 1735 * Get "header already complete" flag 1736 */ 1737 case BIOCGHDRCMPLT: 1738 BPFD_LOCK(d); 1739 *(u_int *)addr = d->bd_hdrcmplt; 1740 BPFD_UNLOCK(d); 1741 break; 1742 1743 /* 1744 * Set "header already complete" flag 1745 */ 1746 case BIOCSHDRCMPLT: 1747 BPFD_LOCK(d); 1748 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; 1749 BPFD_UNLOCK(d); 1750 break; 1751 1752 /* 1753 * Get packet direction flag 1754 */ 1755 case BIOCGDIRECTION: 1756 BPFD_LOCK(d); 1757 *(u_int *)addr = d->bd_direction; 1758 BPFD_UNLOCK(d); 1759 break; 1760 1761 /* 1762 * Set packet direction flag 1763 */ 1764 case BIOCSDIRECTION: 1765 { 1766 u_int direction; 1767 1768 direction = *(u_int *)addr; 1769 switch (direction) { 1770 case BPF_D_IN: 1771 case BPF_D_INOUT: 1772 case BPF_D_OUT: 1773 BPFD_LOCK(d); 1774 d->bd_direction = direction; 1775 BPFD_UNLOCK(d); 1776 break; 1777 default: 1778 error = EINVAL; 1779 } 1780 } 1781 break; 1782 1783 /* 1784 * Get packet timestamp format and resolution. 1785 */ 1786 case BIOCGTSTAMP: 1787 BPFD_LOCK(d); 1788 *(u_int *)addr = d->bd_tstamp; 1789 BPFD_UNLOCK(d); 1790 break; 1791 1792 /* 1793 * Set packet timestamp format and resolution. 1794 */ 1795 case BIOCSTSTAMP: 1796 { 1797 u_int func; 1798 1799 func = *(u_int *)addr; 1800 if (BPF_T_VALID(func)) 1801 d->bd_tstamp = func; 1802 else 1803 error = EINVAL; 1804 } 1805 break; 1806 1807 case BIOCFEEDBACK: 1808 BPFD_LOCK(d); 1809 d->bd_feedback = *(u_int *)addr; 1810 BPFD_UNLOCK(d); 1811 break; 1812 1813 case BIOCLOCK: 1814 BPFD_LOCK(d); 1815 d->bd_locked = 1; 1816 BPFD_UNLOCK(d); 1817 break; 1818 1819 case FIONBIO: /* Non-blocking I/O */ 1820 break; 1821 1822 case FIOASYNC: /* Send signal on receive packets */ 1823 BPFD_LOCK(d); 1824 d->bd_async = *(int *)addr; 1825 BPFD_UNLOCK(d); 1826 break; 1827 1828 case FIOSETOWN: 1829 /* 1830 * XXX: Add some sort of locking here? 1831 * fsetown() can sleep. 1832 */ 1833 error = fsetown(*(int *)addr, &d->bd_sigio); 1834 break; 1835 1836 case FIOGETOWN: 1837 BPFD_LOCK(d); 1838 *(int *)addr = fgetown(&d->bd_sigio); 1839 BPFD_UNLOCK(d); 1840 break; 1841 1842 /* This is deprecated, FIOSETOWN should be used instead. */ 1843 case TIOCSPGRP: 1844 error = fsetown(-(*(int *)addr), &d->bd_sigio); 1845 break; 1846 1847 /* This is deprecated, FIOGETOWN should be used instead. */ 1848 case TIOCGPGRP: 1849 *(int *)addr = -fgetown(&d->bd_sigio); 1850 break; 1851 1852 case BIOCSRSIG: /* Set receive signal */ 1853 { 1854 u_int sig; 1855 1856 sig = *(u_int *)addr; 1857 1858 if (sig >= NSIG) 1859 error = EINVAL; 1860 else { 1861 BPFD_LOCK(d); 1862 d->bd_sig = sig; 1863 BPFD_UNLOCK(d); 1864 } 1865 break; 1866 } 1867 case BIOCGRSIG: 1868 BPFD_LOCK(d); 1869 *(u_int *)addr = d->bd_sig; 1870 BPFD_UNLOCK(d); 1871 break; 1872 1873 case BIOCGETBUFMODE: 1874 BPFD_LOCK(d); 1875 *(u_int *)addr = d->bd_bufmode; 1876 BPFD_UNLOCK(d); 1877 break; 1878 1879 case BIOCSETBUFMODE: 1880 /* 1881 * Allow the buffering mode to be changed as long as we 1882 * haven't yet committed to a particular mode. Our 1883 * definition of commitment, for now, is whether or not a 1884 * buffer has been allocated or an interface attached, since 1885 * that's the point where things get tricky. 1886 */ 1887 switch (*(u_int *)addr) { 1888 case BPF_BUFMODE_BUFFER: 1889 break; 1890 1891 case BPF_BUFMODE_ZBUF: 1892 if (bpf_zerocopy_enable) 1893 break; 1894 /* FALLSTHROUGH */ 1895 1896 default: 1897 CURVNET_RESTORE(); 1898 return (EINVAL); 1899 } 1900 1901 BPFD_LOCK(d); 1902 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL || 1903 d->bd_fbuf != NULL || d->bd_bif != NULL) { 1904 BPFD_UNLOCK(d); 1905 CURVNET_RESTORE(); 1906 return (EBUSY); 1907 } 1908 d->bd_bufmode = *(u_int *)addr; 1909 BPFD_UNLOCK(d); 1910 break; 1911 1912 case BIOCGETZMAX: 1913 error = bpf_ioctl_getzmax(td, d, (size_t *)addr); 1914 break; 1915 1916 case BIOCSETZBUF: 1917 error = bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr); 1918 break; 1919 1920 case BIOCROTZBUF: 1921 error = bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr); 1922 break; 1923 1924 case BIOCSETVLANPCP: 1925 { 1926 u_int pcp; 1927 1928 pcp = *(u_int *)addr; 1929 if (pcp > BPF_PRIO_MAX || pcp < 0) { 1930 error = EINVAL; 1931 break; 1932 } 1933 d->bd_pcp = pcp; 1934 break; 1935 } 1936 } 1937 CURVNET_RESTORE(); 1938 return (error); 1939 } 1940 1941 /* 1942 * Set d's packet filter program to fp. If this file already has a filter, 1943 * free it and replace it. Returns EINVAL for bogus requests. 1944 * 1945 * Note we use global lock here to serialize bpf_setf() and bpf_setif() 1946 * calls. 1947 */ 1948 static int 1949 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd) 1950 { 1951 #ifdef COMPAT_FREEBSD32 1952 struct bpf_program fp_swab; 1953 struct bpf_program32 *fp32; 1954 #endif 1955 struct bpf_program_buffer *fcode; 1956 struct bpf_insn *filter; 1957 #ifdef BPF_JITTER 1958 bpf_jit_filter *jfunc; 1959 #endif 1960 size_t size; 1961 u_int flen; 1962 bool track_event; 1963 1964 #ifdef COMPAT_FREEBSD32 1965 switch (cmd) { 1966 case BIOCSETF32: 1967 case BIOCSETWF32: 1968 case BIOCSETFNR32: 1969 fp32 = (struct bpf_program32 *)fp; 1970 fp_swab.bf_len = fp32->bf_len; 1971 fp_swab.bf_insns = 1972 (struct bpf_insn *)(uintptr_t)fp32->bf_insns; 1973 fp = &fp_swab; 1974 switch (cmd) { 1975 case BIOCSETF32: 1976 cmd = BIOCSETF; 1977 break; 1978 case BIOCSETWF32: 1979 cmd = BIOCSETWF; 1980 break; 1981 } 1982 break; 1983 } 1984 #endif 1985 1986 filter = NULL; 1987 #ifdef BPF_JITTER 1988 jfunc = NULL; 1989 #endif 1990 /* 1991 * Check new filter validness before acquiring any locks. 1992 * Allocate memory for new filter, if needed. 1993 */ 1994 flen = fp->bf_len; 1995 if (flen > bpf_maxinsns || (fp->bf_insns == NULL && flen != 0)) 1996 return (EINVAL); 1997 size = flen * sizeof(*fp->bf_insns); 1998 if (size > 0) { 1999 /* We're setting up new filter. Copy and check actual data. */ 2000 fcode = bpf_program_buffer_alloc(size, M_WAITOK); 2001 filter = (struct bpf_insn *)fcode->buffer; 2002 if (copyin(fp->bf_insns, filter, size) != 0 || 2003 !bpf_validate(filter, flen)) { 2004 free(fcode, M_BPF); 2005 return (EINVAL); 2006 } 2007 #ifdef BPF_JITTER 2008 if (cmd != BIOCSETWF) { 2009 /* 2010 * Filter is copied inside fcode and is 2011 * perfectly valid. 2012 */ 2013 jfunc = bpf_jitter(filter, flen); 2014 } 2015 #endif 2016 } 2017 2018 track_event = false; 2019 fcode = NULL; 2020 2021 BPF_LOCK(); 2022 BPFD_LOCK(d); 2023 /* Set up new filter. */ 2024 if (cmd == BIOCSETWF) { 2025 if (d->bd_wfilter != NULL) { 2026 fcode = __containerof((void *)d->bd_wfilter, 2027 struct bpf_program_buffer, buffer); 2028 #ifdef BPF_JITTER 2029 fcode->func = NULL; 2030 #endif 2031 } 2032 d->bd_wfilter = filter; 2033 } else { 2034 if (d->bd_rfilter != NULL) { 2035 fcode = __containerof((void *)d->bd_rfilter, 2036 struct bpf_program_buffer, buffer); 2037 #ifdef BPF_JITTER 2038 fcode->func = d->bd_bfilter; 2039 #endif 2040 } 2041 d->bd_rfilter = filter; 2042 #ifdef BPF_JITTER 2043 d->bd_bfilter = jfunc; 2044 #endif 2045 if (cmd == BIOCSETF) 2046 reset_d(d); 2047 2048 if (bpf_check_upgrade(cmd, d, filter, flen) != 0) { 2049 /* 2050 * Filter can be set several times without 2051 * specifying interface. In this case just mark d 2052 * as reader. 2053 */ 2054 d->bd_writer = 0; 2055 if (d->bd_bif != NULL) { 2056 /* 2057 * Remove descriptor from writers-only list 2058 * and add it to active readers list. 2059 */ 2060 CK_LIST_REMOVE(d, bd_next); 2061 CK_LIST_INSERT_HEAD(&d->bd_bif->bif_dlist, 2062 d, bd_next); 2063 CTR2(KTR_NET, 2064 "%s: upgrade required by pid %d", 2065 __func__, d->bd_pid); 2066 track_event = true; 2067 } 2068 } 2069 } 2070 BPFD_UNLOCK(d); 2071 2072 if (fcode != NULL) 2073 NET_EPOCH_CALL(bpf_program_buffer_free, &fcode->epoch_ctx); 2074 2075 if (track_event) 2076 EVENTHANDLER_INVOKE(bpf_track, 2077 d->bd_bif->bif_ifp, d->bd_bif->bif_dlt, 1); 2078 2079 BPF_UNLOCK(); 2080 return (0); 2081 } 2082 2083 /* 2084 * Detach a file from its current interface (if attached at all) and attach 2085 * to the interface indicated by the name stored in ifr. 2086 * Return an errno or 0. 2087 */ 2088 static int 2089 bpf_setif(struct bpf_d *d, struct ifreq *ifr) 2090 { 2091 struct bpf_if *bp; 2092 struct ifnet *theywant; 2093 2094 BPF_LOCK_ASSERT(); 2095 2096 theywant = ifunit(ifr->ifr_name); 2097 if (theywant == NULL || theywant->if_bpf == NULL) 2098 return (ENXIO); 2099 2100 bp = theywant->if_bpf; 2101 /* 2102 * At this point, we expect the buffer is already allocated. If not, 2103 * return an error. 2104 */ 2105 switch (d->bd_bufmode) { 2106 case BPF_BUFMODE_BUFFER: 2107 case BPF_BUFMODE_ZBUF: 2108 if (d->bd_sbuf == NULL) 2109 return (EINVAL); 2110 break; 2111 2112 default: 2113 panic("bpf_setif: bufmode %d", d->bd_bufmode); 2114 } 2115 if (bp != d->bd_bif) 2116 bpf_attachd(d, bp); 2117 else { 2118 BPFD_LOCK(d); 2119 reset_d(d); 2120 BPFD_UNLOCK(d); 2121 } 2122 return (0); 2123 } 2124 2125 /* 2126 * Support for select() and poll() system calls 2127 * 2128 * Return true iff the specific operation will not block indefinitely. 2129 * Otherwise, return false but make a note that a selwakeup() must be done. 2130 */ 2131 static int 2132 bpfpoll(struct cdev *dev, int events, struct thread *td) 2133 { 2134 struct bpf_d *d; 2135 int revents; 2136 2137 if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL) 2138 return (events & 2139 (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM)); 2140 2141 /* 2142 * Refresh PID associated with this descriptor. 2143 */ 2144 revents = events & (POLLOUT | POLLWRNORM); 2145 BPFD_LOCK(d); 2146 BPF_PID_REFRESH(d, td); 2147 if (events & (POLLIN | POLLRDNORM)) { 2148 if (bpf_ready(d)) 2149 revents |= events & (POLLIN | POLLRDNORM); 2150 else { 2151 selrecord(td, &d->bd_sel); 2152 /* Start the read timeout if necessary. */ 2153 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 2154 callout_reset(&d->bd_callout, d->bd_rtout, 2155 bpf_timed_out, d); 2156 d->bd_state = BPF_WAITING; 2157 } 2158 } 2159 } 2160 BPFD_UNLOCK(d); 2161 return (revents); 2162 } 2163 2164 /* 2165 * Support for kevent() system call. Register EVFILT_READ filters and 2166 * reject all others. 2167 */ 2168 int 2169 bpfkqfilter(struct cdev *dev, struct knote *kn) 2170 { 2171 struct bpf_d *d; 2172 2173 if (devfs_get_cdevpriv((void **)&d) != 0) 2174 return (1); 2175 2176 switch (kn->kn_filter) { 2177 case EVFILT_READ: 2178 kn->kn_fop = &bpfread_filtops; 2179 break; 2180 2181 case EVFILT_WRITE: 2182 kn->kn_fop = &bpfwrite_filtops; 2183 break; 2184 2185 default: 2186 return (1); 2187 } 2188 2189 /* 2190 * Refresh PID associated with this descriptor. 2191 */ 2192 BPFD_LOCK(d); 2193 BPF_PID_REFRESH_CUR(d); 2194 kn->kn_hook = d; 2195 knlist_add(&d->bd_sel.si_note, kn, 1); 2196 BPFD_UNLOCK(d); 2197 2198 return (0); 2199 } 2200 2201 static void 2202 filt_bpfdetach(struct knote *kn) 2203 { 2204 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 2205 2206 knlist_remove(&d->bd_sel.si_note, kn, 0); 2207 } 2208 2209 static int 2210 filt_bpfread(struct knote *kn, long hint) 2211 { 2212 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 2213 int ready; 2214 2215 BPFD_LOCK_ASSERT(d); 2216 ready = bpf_ready(d); 2217 if (ready) { 2218 kn->kn_data = d->bd_slen; 2219 /* 2220 * Ignore the hold buffer if it is being copied to user space. 2221 */ 2222 if (!d->bd_hbuf_in_use && d->bd_hbuf) 2223 kn->kn_data += d->bd_hlen; 2224 } else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) { 2225 callout_reset(&d->bd_callout, d->bd_rtout, 2226 bpf_timed_out, d); 2227 d->bd_state = BPF_WAITING; 2228 } 2229 2230 return (ready); 2231 } 2232 2233 static int 2234 filt_bpfwrite(struct knote *kn, long hint) 2235 { 2236 struct bpf_d *d = (struct bpf_d *)kn->kn_hook; 2237 2238 BPFD_LOCK_ASSERT(d); 2239 2240 if (d->bd_bif == NULL) { 2241 kn->kn_data = 0; 2242 return (0); 2243 } else { 2244 kn->kn_data = d->bd_bif->bif_ifp->if_mtu; 2245 return (1); 2246 } 2247 } 2248 2249 #define BPF_TSTAMP_NONE 0 2250 #define BPF_TSTAMP_FAST 1 2251 #define BPF_TSTAMP_NORMAL 2 2252 #define BPF_TSTAMP_EXTERN 3 2253 2254 static int 2255 bpf_ts_quality(int tstype) 2256 { 2257 2258 if (tstype == BPF_T_NONE) 2259 return (BPF_TSTAMP_NONE); 2260 if ((tstype & BPF_T_FAST) != 0) 2261 return (BPF_TSTAMP_FAST); 2262 2263 return (BPF_TSTAMP_NORMAL); 2264 } 2265 2266 static int 2267 bpf_gettime(struct bintime *bt, int tstype, struct mbuf *m) 2268 { 2269 struct timespec ts; 2270 struct m_tag *tag; 2271 int quality; 2272 2273 quality = bpf_ts_quality(tstype); 2274 if (quality == BPF_TSTAMP_NONE) 2275 return (quality); 2276 2277 if (m != NULL) { 2278 if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR | M_TSTMP)) { 2279 mbuf_tstmp2timespec(m, &ts); 2280 timespec2bintime(&ts, bt); 2281 return (BPF_TSTAMP_EXTERN); 2282 } 2283 tag = m_tag_locate(m, MTAG_BPF, MTAG_BPF_TIMESTAMP, NULL); 2284 if (tag != NULL) { 2285 *bt = *(struct bintime *)(tag + 1); 2286 return (BPF_TSTAMP_EXTERN); 2287 } 2288 } 2289 if (quality == BPF_TSTAMP_NORMAL) 2290 binuptime(bt); 2291 else 2292 getbinuptime(bt); 2293 2294 return (quality); 2295 } 2296 2297 /* 2298 * Incoming linkage from device drivers. Process the packet pkt, of length 2299 * pktlen, which is stored in a contiguous buffer. The packet is parsed 2300 * by each process' filter, and if accepted, stashed into the corresponding 2301 * buffer. 2302 */ 2303 void 2304 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 2305 { 2306 struct epoch_tracker et; 2307 struct bintime bt; 2308 struct bpf_d *d; 2309 #ifdef BPF_JITTER 2310 bpf_jit_filter *bf; 2311 #endif 2312 u_int slen; 2313 int gottime; 2314 2315 gottime = BPF_TSTAMP_NONE; 2316 NET_EPOCH_ENTER(et); 2317 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 2318 counter_u64_add(d->bd_rcount, 1); 2319 /* 2320 * NB: We dont call BPF_CHECK_DIRECTION() here since there 2321 * is no way for the caller to indiciate to us whether this 2322 * packet is inbound or outbound. In the bpf_mtap() routines, 2323 * we use the interface pointers on the mbuf to figure it out. 2324 */ 2325 #ifdef BPF_JITTER 2326 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL; 2327 if (bf != NULL) 2328 slen = (*(bf->func))(pkt, pktlen, pktlen); 2329 else 2330 #endif 2331 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); 2332 if (slen != 0) { 2333 /* 2334 * Filter matches. Let's to acquire write lock. 2335 */ 2336 BPFD_LOCK(d); 2337 counter_u64_add(d->bd_fcount, 1); 2338 if (gottime < bpf_ts_quality(d->bd_tstamp)) 2339 gottime = bpf_gettime(&bt, d->bd_tstamp, 2340 NULL); 2341 #ifdef MAC 2342 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 2343 #endif 2344 catchpacket(d, pkt, pktlen, slen, 2345 bpf_append_bytes, &bt); 2346 BPFD_UNLOCK(d); 2347 } 2348 } 2349 NET_EPOCH_EXIT(et); 2350 } 2351 2352 #define BPF_CHECK_DIRECTION(d, r, i) \ 2353 (((d)->bd_direction == BPF_D_IN && (r) != (i)) || \ 2354 ((d)->bd_direction == BPF_D_OUT && (r) == (i))) 2355 2356 /* 2357 * Incoming linkage from device drivers, when packet is in an mbuf chain. 2358 * Locking model is explained in bpf_tap(). 2359 */ 2360 void 2361 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 2362 { 2363 struct epoch_tracker et; 2364 struct bintime bt; 2365 struct bpf_d *d; 2366 #ifdef BPF_JITTER 2367 bpf_jit_filter *bf; 2368 #endif 2369 u_int pktlen, slen; 2370 int gottime; 2371 2372 /* Skip outgoing duplicate packets. */ 2373 if ((m->m_flags & M_PROMISC) != 0 && m_rcvif(m) == NULL) { 2374 m->m_flags &= ~M_PROMISC; 2375 return; 2376 } 2377 2378 pktlen = m_length(m, NULL); 2379 gottime = BPF_TSTAMP_NONE; 2380 2381 NET_EPOCH_ENTER(et); 2382 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 2383 if (BPF_CHECK_DIRECTION(d, m_rcvif(m), bp->bif_ifp)) 2384 continue; 2385 counter_u64_add(d->bd_rcount, 1); 2386 #ifdef BPF_JITTER 2387 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL; 2388 /* XXX We cannot handle multiple mbufs. */ 2389 if (bf != NULL && m->m_next == NULL) 2390 slen = (*(bf->func))(mtod(m, u_char *), pktlen, 2391 pktlen); 2392 else 2393 #endif 2394 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); 2395 if (slen != 0) { 2396 BPFD_LOCK(d); 2397 2398 counter_u64_add(d->bd_fcount, 1); 2399 if (gottime < bpf_ts_quality(d->bd_tstamp)) 2400 gottime = bpf_gettime(&bt, d->bd_tstamp, m); 2401 #ifdef MAC 2402 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 2403 #endif 2404 catchpacket(d, (u_char *)m, pktlen, slen, 2405 bpf_append_mbuf, &bt); 2406 BPFD_UNLOCK(d); 2407 } 2408 } 2409 NET_EPOCH_EXIT(et); 2410 } 2411 2412 /* 2413 * Incoming linkage from device drivers, when packet is in 2414 * an mbuf chain and to be prepended by a contiguous header. 2415 */ 2416 void 2417 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m) 2418 { 2419 struct epoch_tracker et; 2420 struct bintime bt; 2421 struct mbuf mb; 2422 struct bpf_d *d; 2423 u_int pktlen, slen; 2424 int gottime; 2425 2426 /* Skip outgoing duplicate packets. */ 2427 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) { 2428 m->m_flags &= ~M_PROMISC; 2429 return; 2430 } 2431 2432 pktlen = m_length(m, NULL); 2433 /* 2434 * Craft on-stack mbuf suitable for passing to bpf_filter. 2435 * Note that we cut corners here; we only setup what's 2436 * absolutely needed--this mbuf should never go anywhere else. 2437 */ 2438 mb.m_flags = 0; 2439 mb.m_next = m; 2440 mb.m_data = data; 2441 mb.m_len = dlen; 2442 pktlen += dlen; 2443 2444 gottime = BPF_TSTAMP_NONE; 2445 2446 NET_EPOCH_ENTER(et); 2447 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) { 2448 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp)) 2449 continue; 2450 counter_u64_add(d->bd_rcount, 1); 2451 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0); 2452 if (slen != 0) { 2453 BPFD_LOCK(d); 2454 2455 counter_u64_add(d->bd_fcount, 1); 2456 if (gottime < bpf_ts_quality(d->bd_tstamp)) 2457 gottime = bpf_gettime(&bt, d->bd_tstamp, m); 2458 #ifdef MAC 2459 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0) 2460 #endif 2461 catchpacket(d, (u_char *)&mb, pktlen, slen, 2462 bpf_append_mbuf, &bt); 2463 BPFD_UNLOCK(d); 2464 } 2465 } 2466 NET_EPOCH_EXIT(et); 2467 } 2468 2469 #undef BPF_CHECK_DIRECTION 2470 #undef BPF_TSTAMP_NONE 2471 #undef BPF_TSTAMP_FAST 2472 #undef BPF_TSTAMP_NORMAL 2473 #undef BPF_TSTAMP_EXTERN 2474 2475 static int 2476 bpf_hdrlen(struct bpf_d *d) 2477 { 2478 int hdrlen; 2479 2480 hdrlen = d->bd_bif->bif_hdrlen; 2481 #ifndef BURN_BRIDGES 2482 if (d->bd_tstamp == BPF_T_NONE || 2483 BPF_T_FORMAT(d->bd_tstamp) == BPF_T_MICROTIME) 2484 #ifdef COMPAT_FREEBSD32 2485 if (d->bd_compat32) 2486 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr32); 2487 else 2488 #endif 2489 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr); 2490 else 2491 #endif 2492 hdrlen += SIZEOF_BPF_HDR(struct bpf_xhdr); 2493 #ifdef COMPAT_FREEBSD32 2494 if (d->bd_compat32) 2495 hdrlen = BPF_WORDALIGN32(hdrlen); 2496 else 2497 #endif 2498 hdrlen = BPF_WORDALIGN(hdrlen); 2499 2500 return (hdrlen - d->bd_bif->bif_hdrlen); 2501 } 2502 2503 static void 2504 bpf_bintime2ts(struct bintime *bt, struct bpf_ts *ts, int tstype) 2505 { 2506 struct bintime bt2, boottimebin; 2507 struct timeval tsm; 2508 struct timespec tsn; 2509 2510 if ((tstype & BPF_T_MONOTONIC) == 0) { 2511 bt2 = *bt; 2512 getboottimebin(&boottimebin); 2513 bintime_add(&bt2, &boottimebin); 2514 bt = &bt2; 2515 } 2516 switch (BPF_T_FORMAT(tstype)) { 2517 case BPF_T_MICROTIME: 2518 bintime2timeval(bt, &tsm); 2519 ts->bt_sec = tsm.tv_sec; 2520 ts->bt_frac = tsm.tv_usec; 2521 break; 2522 case BPF_T_NANOTIME: 2523 bintime2timespec(bt, &tsn); 2524 ts->bt_sec = tsn.tv_sec; 2525 ts->bt_frac = tsn.tv_nsec; 2526 break; 2527 case BPF_T_BINTIME: 2528 ts->bt_sec = bt->sec; 2529 ts->bt_frac = bt->frac; 2530 break; 2531 } 2532 } 2533 2534 /* 2535 * Move the packet data from interface memory (pkt) into the 2536 * store buffer. "cpfn" is the routine called to do the actual data 2537 * transfer. bcopy is passed in to copy contiguous chunks, while 2538 * bpf_append_mbuf is passed in to copy mbuf chains. In the latter case, 2539 * pkt is really an mbuf. 2540 */ 2541 static void 2542 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen, 2543 void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int), 2544 struct bintime *bt) 2545 { 2546 static char zeroes[BPF_ALIGNMENT]; 2547 struct bpf_xhdr hdr; 2548 #ifndef BURN_BRIDGES 2549 struct bpf_hdr hdr_old; 2550 #ifdef COMPAT_FREEBSD32 2551 struct bpf_hdr32 hdr32_old; 2552 #endif 2553 #endif 2554 int caplen, curlen, hdrlen, pad, totlen; 2555 int do_wakeup = 0; 2556 int do_timestamp; 2557 int tstype; 2558 2559 BPFD_LOCK_ASSERT(d); 2560 if (d->bd_bif == NULL) { 2561 /* Descriptor was detached in concurrent thread */ 2562 counter_u64_add(d->bd_dcount, 1); 2563 return; 2564 } 2565 2566 /* 2567 * Detect whether user space has released a buffer back to us, and if 2568 * so, move it from being a hold buffer to a free buffer. This may 2569 * not be the best place to do it (for example, we might only want to 2570 * run this check if we need the space), but for now it's a reliable 2571 * spot to do it. 2572 */ 2573 if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) { 2574 d->bd_fbuf = d->bd_hbuf; 2575 d->bd_hbuf = NULL; 2576 d->bd_hlen = 0; 2577 bpf_buf_reclaimed(d); 2578 } 2579 2580 /* 2581 * Figure out how many bytes to move. If the packet is 2582 * greater or equal to the snapshot length, transfer that 2583 * much. Otherwise, transfer the whole packet (unless 2584 * we hit the buffer size limit). 2585 */ 2586 hdrlen = bpf_hdrlen(d); 2587 totlen = hdrlen + min(snaplen, pktlen); 2588 if (totlen > d->bd_bufsize) 2589 totlen = d->bd_bufsize; 2590 2591 /* 2592 * Round up the end of the previous packet to the next longword. 2593 * 2594 * Drop the packet if there's no room and no hope of room 2595 * If the packet would overflow the storage buffer or the storage 2596 * buffer is considered immutable by the buffer model, try to rotate 2597 * the buffer and wakeup pending processes. 2598 */ 2599 #ifdef COMPAT_FREEBSD32 2600 if (d->bd_compat32) 2601 curlen = BPF_WORDALIGN32(d->bd_slen); 2602 else 2603 #endif 2604 curlen = BPF_WORDALIGN(d->bd_slen); 2605 if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) { 2606 if (d->bd_fbuf == NULL) { 2607 /* 2608 * There's no room in the store buffer, and no 2609 * prospect of room, so drop the packet. Notify the 2610 * buffer model. 2611 */ 2612 bpf_buffull(d); 2613 counter_u64_add(d->bd_dcount, 1); 2614 return; 2615 } 2616 KASSERT(!d->bd_hbuf_in_use, ("hold buffer is in use")); 2617 ROTATE_BUFFERS(d); 2618 do_wakeup = 1; 2619 curlen = 0; 2620 } else { 2621 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) { 2622 /* 2623 * Immediate mode is set, or the read timeout has 2624 * already expired during a select call. A packet 2625 * arrived, so the reader should be woken up. 2626 */ 2627 do_wakeup = 1; 2628 } 2629 pad = curlen - d->bd_slen; 2630 KASSERT(pad >= 0 && pad <= sizeof(zeroes), 2631 ("%s: invalid pad byte count %d", __func__, pad)); 2632 if (pad > 0) { 2633 /* Zero pad bytes. */ 2634 bpf_append_bytes(d, d->bd_sbuf, d->bd_slen, zeroes, 2635 pad); 2636 } 2637 } 2638 2639 caplen = totlen - hdrlen; 2640 tstype = d->bd_tstamp; 2641 do_timestamp = tstype != BPF_T_NONE; 2642 #ifndef BURN_BRIDGES 2643 if (tstype == BPF_T_NONE || BPF_T_FORMAT(tstype) == BPF_T_MICROTIME) { 2644 struct bpf_ts ts; 2645 if (do_timestamp) 2646 bpf_bintime2ts(bt, &ts, tstype); 2647 #ifdef COMPAT_FREEBSD32 2648 if (d->bd_compat32) { 2649 bzero(&hdr32_old, sizeof(hdr32_old)); 2650 if (do_timestamp) { 2651 hdr32_old.bh_tstamp.tv_sec = ts.bt_sec; 2652 hdr32_old.bh_tstamp.tv_usec = ts.bt_frac; 2653 } 2654 hdr32_old.bh_datalen = pktlen; 2655 hdr32_old.bh_hdrlen = hdrlen; 2656 hdr32_old.bh_caplen = caplen; 2657 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr32_old, 2658 sizeof(hdr32_old)); 2659 goto copy; 2660 } 2661 #endif 2662 bzero(&hdr_old, sizeof(hdr_old)); 2663 if (do_timestamp) { 2664 hdr_old.bh_tstamp.tv_sec = ts.bt_sec; 2665 hdr_old.bh_tstamp.tv_usec = ts.bt_frac; 2666 } 2667 hdr_old.bh_datalen = pktlen; 2668 hdr_old.bh_hdrlen = hdrlen; 2669 hdr_old.bh_caplen = caplen; 2670 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr_old, 2671 sizeof(hdr_old)); 2672 goto copy; 2673 } 2674 #endif 2675 2676 /* 2677 * Append the bpf header. Note we append the actual header size, but 2678 * move forward the length of the header plus padding. 2679 */ 2680 bzero(&hdr, sizeof(hdr)); 2681 if (do_timestamp) 2682 bpf_bintime2ts(bt, &hdr.bh_tstamp, tstype); 2683 hdr.bh_datalen = pktlen; 2684 hdr.bh_hdrlen = hdrlen; 2685 hdr.bh_caplen = caplen; 2686 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr)); 2687 2688 /* 2689 * Copy the packet data into the store buffer and update its length. 2690 */ 2691 #ifndef BURN_BRIDGES 2692 copy: 2693 #endif 2694 (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, caplen); 2695 d->bd_slen = curlen + totlen; 2696 2697 if (do_wakeup) 2698 bpf_wakeup(d); 2699 } 2700 2701 /* 2702 * Free buffers currently in use by a descriptor. 2703 * Called on close. 2704 */ 2705 static void 2706 bpfd_free(epoch_context_t ctx) 2707 { 2708 struct bpf_d *d; 2709 struct bpf_program_buffer *p; 2710 2711 /* 2712 * We don't need to lock out interrupts since this descriptor has 2713 * been detached from its interface and it yet hasn't been marked 2714 * free. 2715 */ 2716 d = __containerof(ctx, struct bpf_d, epoch_ctx); 2717 bpf_free(d); 2718 if (d->bd_rfilter != NULL) { 2719 p = __containerof((void *)d->bd_rfilter, 2720 struct bpf_program_buffer, buffer); 2721 #ifdef BPF_JITTER 2722 p->func = d->bd_bfilter; 2723 #endif 2724 bpf_program_buffer_free(&p->epoch_ctx); 2725 } 2726 if (d->bd_wfilter != NULL) { 2727 p = __containerof((void *)d->bd_wfilter, 2728 struct bpf_program_buffer, buffer); 2729 #ifdef BPF_JITTER 2730 p->func = NULL; 2731 #endif 2732 bpf_program_buffer_free(&p->epoch_ctx); 2733 } 2734 2735 mtx_destroy(&d->bd_lock); 2736 counter_u64_free(d->bd_rcount); 2737 counter_u64_free(d->bd_dcount); 2738 counter_u64_free(d->bd_fcount); 2739 counter_u64_free(d->bd_wcount); 2740 counter_u64_free(d->bd_wfcount); 2741 counter_u64_free(d->bd_wdcount); 2742 counter_u64_free(d->bd_zcopy); 2743 free(d, M_BPF); 2744 } 2745 2746 /* 2747 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the 2748 * fixed size of the link header (variable length headers not yet supported). 2749 */ 2750 void 2751 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 2752 { 2753 2754 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 2755 } 2756 2757 /* 2758 * Attach an interface to bpf. ifp is a pointer to the structure 2759 * defining the interface to be attached, dlt is the link layer type, 2760 * and hdrlen is the fixed size of the link header (variable length 2761 * headers are not yet supporrted). 2762 */ 2763 void 2764 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, 2765 struct bpf_if **driverp) 2766 { 2767 struct bpf_if *bp; 2768 2769 KASSERT(*driverp == NULL, 2770 ("bpfattach2: driverp already initialized")); 2771 2772 bp = malloc(sizeof(*bp), M_BPF, M_WAITOK | M_ZERO); 2773 2774 CK_LIST_INIT(&bp->bif_dlist); 2775 CK_LIST_INIT(&bp->bif_wlist); 2776 bp->bif_ifp = ifp; 2777 bp->bif_dlt = dlt; 2778 bp->bif_hdrlen = hdrlen; 2779 bp->bif_bpf = driverp; 2780 refcount_init(&bp->bif_refcnt, 1); 2781 *driverp = bp; 2782 /* 2783 * Reference ifnet pointer, so it won't freed until 2784 * we release it. 2785 */ 2786 if_ref(ifp); 2787 BPF_LOCK(); 2788 CK_LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next); 2789 BPF_UNLOCK(); 2790 2791 if (bootverbose && IS_DEFAULT_VNET(curvnet)) 2792 if_printf(ifp, "bpf attached\n"); 2793 } 2794 2795 #ifdef VIMAGE 2796 /* 2797 * When moving interfaces between vnet instances we need a way to 2798 * query the dlt and hdrlen before detach so we can re-attch the if_bpf 2799 * after the vmove. We unfortunately have no device driver infrastructure 2800 * to query the interface for these values after creation/attach, thus 2801 * add this as a workaround. 2802 */ 2803 int 2804 bpf_get_bp_params(struct bpf_if *bp, u_int *bif_dlt, u_int *bif_hdrlen) 2805 { 2806 2807 if (bp == NULL) 2808 return (ENXIO); 2809 if (bif_dlt == NULL && bif_hdrlen == NULL) 2810 return (0); 2811 2812 if (bif_dlt != NULL) 2813 *bif_dlt = bp->bif_dlt; 2814 if (bif_hdrlen != NULL) 2815 *bif_hdrlen = bp->bif_hdrlen; 2816 2817 return (0); 2818 } 2819 #endif 2820 2821 /* 2822 * Detach bpf from an interface. This involves detaching each descriptor 2823 * associated with the interface. Notify each descriptor as it's detached 2824 * so that any sleepers wake up and get ENXIO. 2825 */ 2826 void 2827 bpfdetach(struct ifnet *ifp) 2828 { 2829 struct bpf_if *bp, *bp_temp; 2830 struct bpf_d *d; 2831 2832 BPF_LOCK(); 2833 /* Find all bpf_if struct's which reference ifp and detach them. */ 2834 CK_LIST_FOREACH_SAFE(bp, &bpf_iflist, bif_next, bp_temp) { 2835 if (ifp != bp->bif_ifp) 2836 continue; 2837 2838 CK_LIST_REMOVE(bp, bif_next); 2839 *bp->bif_bpf = (struct bpf_if *)&dead_bpf_if; 2840 2841 CTR4(KTR_NET, 2842 "%s: sheduling free for encap %d (%p) for if %p", 2843 __func__, bp->bif_dlt, bp, ifp); 2844 2845 /* Detach common descriptors */ 2846 while ((d = CK_LIST_FIRST(&bp->bif_dlist)) != NULL) { 2847 bpf_detachd_locked(d, true); 2848 } 2849 2850 /* Detach writer-only descriptors */ 2851 while ((d = CK_LIST_FIRST(&bp->bif_wlist)) != NULL) { 2852 bpf_detachd_locked(d, true); 2853 } 2854 bpfif_rele(bp); 2855 } 2856 BPF_UNLOCK(); 2857 } 2858 2859 /* 2860 * Get a list of available data link type of the interface. 2861 */ 2862 static int 2863 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl) 2864 { 2865 struct ifnet *ifp; 2866 struct bpf_if *bp; 2867 u_int *lst; 2868 int error, n, n1; 2869 2870 BPF_LOCK_ASSERT(); 2871 2872 ifp = d->bd_bif->bif_ifp; 2873 n1 = 0; 2874 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2875 if (bp->bif_ifp == ifp) 2876 n1++; 2877 } 2878 if (bfl->bfl_list == NULL) { 2879 bfl->bfl_len = n1; 2880 return (0); 2881 } 2882 if (n1 > bfl->bfl_len) 2883 return (ENOMEM); 2884 2885 lst = malloc(n1 * sizeof(u_int), M_TEMP, M_WAITOK); 2886 n = 0; 2887 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2888 if (bp->bif_ifp != ifp) 2889 continue; 2890 lst[n++] = bp->bif_dlt; 2891 } 2892 error = copyout(lst, bfl->bfl_list, sizeof(u_int) * n); 2893 free(lst, M_TEMP); 2894 bfl->bfl_len = n; 2895 return (error); 2896 } 2897 2898 /* 2899 * Set the data link type of a BPF instance. 2900 */ 2901 static int 2902 bpf_setdlt(struct bpf_d *d, u_int dlt) 2903 { 2904 int error, opromisc; 2905 struct ifnet *ifp; 2906 struct bpf_if *bp; 2907 2908 BPF_LOCK_ASSERT(); 2909 MPASS(d->bd_bif != NULL); 2910 2911 /* 2912 * It is safe to check bd_bif without BPFD_LOCK, it can not be 2913 * changed while we hold global lock. 2914 */ 2915 if (d->bd_bif->bif_dlt == dlt) 2916 return (0); 2917 2918 ifp = d->bd_bif->bif_ifp; 2919 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2920 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt) 2921 break; 2922 } 2923 if (bp == NULL) 2924 return (EINVAL); 2925 2926 opromisc = d->bd_promisc; 2927 bpf_attachd(d, bp); 2928 if (opromisc) { 2929 error = ifpromisc(bp->bif_ifp, 1); 2930 if (error) 2931 if_printf(bp->bif_ifp, "%s: ifpromisc failed (%d)\n", 2932 __func__, error); 2933 else 2934 d->bd_promisc = 1; 2935 } 2936 return (0); 2937 } 2938 2939 static void 2940 bpf_drvinit(void *unused) 2941 { 2942 struct cdev *dev; 2943 2944 sx_init(&bpf_sx, "bpf global lock"); 2945 CK_LIST_INIT(&bpf_iflist); 2946 2947 dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf"); 2948 /* For compatibility */ 2949 make_dev_alias(dev, "bpf0"); 2950 } 2951 2952 /* 2953 * Zero out the various packet counters associated with all of the bpf 2954 * descriptors. At some point, we will probably want to get a bit more 2955 * granular and allow the user to specify descriptors to be zeroed. 2956 */ 2957 static void 2958 bpf_zero_counters(void) 2959 { 2960 struct bpf_if *bp; 2961 struct bpf_d *bd; 2962 2963 BPF_LOCK(); 2964 /* 2965 * We are protected by global lock here, interfaces and 2966 * descriptors can not be deleted while we hold it. 2967 */ 2968 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) { 2969 CK_LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 2970 counter_u64_zero(bd->bd_rcount); 2971 counter_u64_zero(bd->bd_dcount); 2972 counter_u64_zero(bd->bd_fcount); 2973 counter_u64_zero(bd->bd_wcount); 2974 counter_u64_zero(bd->bd_wfcount); 2975 counter_u64_zero(bd->bd_zcopy); 2976 } 2977 } 2978 BPF_UNLOCK(); 2979 } 2980 2981 /* 2982 * Fill filter statistics 2983 */ 2984 static void 2985 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd) 2986 { 2987 2988 BPF_LOCK_ASSERT(); 2989 bzero(d, sizeof(*d)); 2990 d->bd_structsize = sizeof(*d); 2991 d->bd_immediate = bd->bd_immediate; 2992 d->bd_promisc = bd->bd_promisc; 2993 d->bd_hdrcmplt = bd->bd_hdrcmplt; 2994 d->bd_direction = bd->bd_direction; 2995 d->bd_feedback = bd->bd_feedback; 2996 d->bd_async = bd->bd_async; 2997 d->bd_rcount = counter_u64_fetch(bd->bd_rcount); 2998 d->bd_dcount = counter_u64_fetch(bd->bd_dcount); 2999 d->bd_fcount = counter_u64_fetch(bd->bd_fcount); 3000 d->bd_sig = bd->bd_sig; 3001 d->bd_slen = bd->bd_slen; 3002 d->bd_hlen = bd->bd_hlen; 3003 d->bd_bufsize = bd->bd_bufsize; 3004 d->bd_pid = bd->bd_pid; 3005 strlcpy(d->bd_ifname, 3006 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ); 3007 d->bd_locked = bd->bd_locked; 3008 d->bd_wcount = counter_u64_fetch(bd->bd_wcount); 3009 d->bd_wdcount = counter_u64_fetch(bd->bd_wdcount); 3010 d->bd_wfcount = counter_u64_fetch(bd->bd_wfcount); 3011 d->bd_zcopy = counter_u64_fetch(bd->bd_zcopy); 3012 d->bd_bufmode = bd->bd_bufmode; 3013 } 3014 3015 /* 3016 * Handle `netstat -B' stats request 3017 */ 3018 static int 3019 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS) 3020 { 3021 static const struct xbpf_d zerostats; 3022 struct xbpf_d *xbdbuf, *xbd, tempstats; 3023 int index, error; 3024 struct bpf_if *bp; 3025 struct bpf_d *bd; 3026 3027 /* 3028 * XXX This is not technically correct. It is possible for non 3029 * privileged users to open bpf devices. It would make sense 3030 * if the users who opened the devices were able to retrieve 3031 * the statistics for them, too. 3032 */ 3033 error = priv_check(req->td, PRIV_NET_BPF); 3034 if (error) 3035 return (error); 3036 /* 3037 * Check to see if the user is requesting that the counters be 3038 * zeroed out. Explicitly check that the supplied data is zeroed, 3039 * as we aren't allowing the user to set the counters currently. 3040 */ 3041 if (req->newptr != NULL) { 3042 if (req->newlen != sizeof(tempstats)) 3043 return (EINVAL); 3044 memset(&tempstats, 0, sizeof(tempstats)); 3045 error = SYSCTL_IN(req, &tempstats, sizeof(tempstats)); 3046 if (error) 3047 return (error); 3048 if (bcmp(&tempstats, &zerostats, sizeof(tempstats)) != 0) 3049 return (EINVAL); 3050 bpf_zero_counters(); 3051 return (0); 3052 } 3053 if (req->oldptr == NULL) 3054 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd))); 3055 if (bpf_bpfd_cnt == 0) 3056 return (SYSCTL_OUT(req, 0, 0)); 3057 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK); 3058 BPF_LOCK(); 3059 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) { 3060 BPF_UNLOCK(); 3061 free(xbdbuf, M_BPF); 3062 return (ENOMEM); 3063 } 3064 index = 0; 3065 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) { 3066 /* Send writers-only first */ 3067 CK_LIST_FOREACH(bd, &bp->bif_wlist, bd_next) { 3068 xbd = &xbdbuf[index++]; 3069 bpfstats_fill_xbpf(xbd, bd); 3070 } 3071 CK_LIST_FOREACH(bd, &bp->bif_dlist, bd_next) { 3072 xbd = &xbdbuf[index++]; 3073 bpfstats_fill_xbpf(xbd, bd); 3074 } 3075 } 3076 BPF_UNLOCK(); 3077 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd)); 3078 free(xbdbuf, M_BPF); 3079 return (error); 3080 } 3081 3082 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL); 3083 3084 #else /* !DEV_BPF && !NETGRAPH_BPF */ 3085 3086 /* 3087 * NOP stubs to allow bpf-using drivers to load and function. 3088 * 3089 * A 'better' implementation would allow the core bpf functionality 3090 * to be loaded at runtime. 3091 */ 3092 3093 void 3094 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen) 3095 { 3096 } 3097 3098 void 3099 bpf_mtap(struct bpf_if *bp, struct mbuf *m) 3100 { 3101 } 3102 3103 void 3104 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m) 3105 { 3106 } 3107 3108 void 3109 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen) 3110 { 3111 3112 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf); 3113 } 3114 3115 void 3116 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp) 3117 { 3118 3119 *driverp = (struct bpf_if *)&dead_bpf_if; 3120 } 3121 3122 void 3123 bpfdetach(struct ifnet *ifp) 3124 { 3125 } 3126 3127 u_int 3128 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) 3129 { 3130 return -1; /* "no filter" behaviour */ 3131 } 3132 3133 int 3134 bpf_validate(const struct bpf_insn *f, int len) 3135 { 3136 return 0; /* false */ 3137 } 3138 3139 #endif /* !DEV_BPF && !NETGRAPH_BPF */ 3140 3141 #ifdef DDB 3142 static void 3143 bpf_show_bpf_if(struct bpf_if *bpf_if) 3144 { 3145 3146 if (bpf_if == NULL) 3147 return; 3148 db_printf("%p:\n", bpf_if); 3149 #define BPF_DB_PRINTF(f, e) db_printf(" %s = " f "\n", #e, bpf_if->e); 3150 #define BPF_DB_PRINTF_RAW(f, e) db_printf(" %s = " f "\n", #e, e); 3151 /* bif_ext.bif_next */ 3152 /* bif_ext.bif_dlist */ 3153 BPF_DB_PRINTF("%#x", bif_dlt); 3154 BPF_DB_PRINTF("%u", bif_hdrlen); 3155 /* bif_wlist */ 3156 BPF_DB_PRINTF("%p", bif_ifp); 3157 BPF_DB_PRINTF("%p", bif_bpf); 3158 BPF_DB_PRINTF_RAW("%u", refcount_load(&bpf_if->bif_refcnt)); 3159 } 3160 3161 DB_SHOW_COMMAND(bpf_if, db_show_bpf_if) 3162 { 3163 3164 if (!have_addr) { 3165 db_printf("usage: show bpf_if <struct bpf_if *>\n"); 3166 return; 3167 } 3168 3169 bpf_show_bpf_if((struct bpf_if *)addr); 3170 } 3171 #endif
Cache object: 694dc28bc2d82854bb6ce46e17a901e4
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]