The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/net/bpf.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1990, 1991, 1993
    3  *      The Regents of the University of California.  All rights reserved.
    4  *
    5  * This code is derived from the Stanford/CMU enet packet filter,
    6  * (net/enet.c) distributed as part of 4.3BSD, and code contributed
    7  * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
    8  * Berkeley Laboratory.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 4. Neither the name of the University nor the names of its contributors
   19  *    may be used to endorse or promote products derived from this software
   20  *    without specific prior written permission.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  *      @(#)bpf.c       8.4 (Berkeley) 1/9/95
   35  *
   36  * $FreeBSD$
   37  */
   38 
   39 #include "opt_bpf.h"
   40 #include "opt_mac.h"
   41 #include "opt_netgraph.h"
   42 
   43 #include <sys/types.h>
   44 #include <sys/param.h>
   45 #include <sys/systm.h>
   46 #include <sys/conf.h>
   47 #include <sys/fcntl.h>
   48 #include <sys/mac.h>
   49 #include <sys/malloc.h>
   50 #include <sys/mbuf.h>
   51 #include <sys/time.h>
   52 #include <sys/proc.h>
   53 #include <sys/signalvar.h>
   54 #include <sys/filio.h>
   55 #include <sys/sockio.h>
   56 #include <sys/ttycom.h>
   57 #include <sys/uio.h>
   58 
   59 #include <sys/event.h>
   60 #include <sys/file.h>
   61 #include <sys/poll.h>
   62 #include <sys/proc.h>
   63 
   64 #include <sys/socket.h>
   65 
   66 #include <net/if.h>
   67 #include <net/bpf.h>
   68 #include <net/bpfdesc.h>
   69 
   70 #include <netinet/in.h>
   71 #include <netinet/if_ether.h>
   72 #include <sys/kernel.h>
   73 #include <sys/sysctl.h>
   74 
   75 static MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
   76 
   77 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
   78 
   79 #define PRINET  26                      /* interruptible */
   80 
   81 /*
   82  * bpf_iflist is a list of BPF interface structures, each corresponding to a
   83  * specific DLT.  The same network interface might have several BPF interface
   84  * structures registered by different layers in the stack (i.e., 802.11
   85  * frames, ethernet frames, etc).
   86  */
   87 static LIST_HEAD(, bpf_if)      bpf_iflist;
   88 static struct mtx       bpf_mtx;                /* bpf global lock */
   89 static int              bpf_bpfd_cnt;
   90 
   91 static int      bpf_allocbufs(struct bpf_d *);
   92 static void     bpf_attachd(struct bpf_d *, struct bpf_if *);
   93 static void     bpf_detachd(struct bpf_d *);
   94 static void     bpf_freed(struct bpf_d *);
   95 static void     bpf_mcopy(const void *, void *, size_t);
   96 static int      bpf_movein(struct uio *, int, struct ifnet *,
   97                     struct mbuf **, struct sockaddr *, struct bpf_insn *);
   98 static int      bpf_setif(struct bpf_d *, struct ifreq *);
   99 static void     bpf_timed_out(void *);
  100 static __inline void
  101                 bpf_wakeup(struct bpf_d *);
  102 static void     catchpacket(struct bpf_d *, u_char *, u_int,
  103                     u_int, void (*)(const void *, void *, size_t),
  104                     struct timeval *);
  105 static void     reset_d(struct bpf_d *);
  106 static int       bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
  107 static int      bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
  108 static int      bpf_setdlt(struct bpf_d *, u_int);
  109 static void     filt_bpfdetach(struct knote *);
  110 static int      filt_bpfread(struct knote *, long);
  111 static void     bpf_drvinit(void *);
  112 static void     bpf_clone(void *, struct ucred *, char *, int, struct cdev **);
  113 static int      bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
  114 
  115 /*
  116  * The default read buffer size is patchable.
  117  */
  118 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
  119 static int bpf_bufsize = 4096;
  120 SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW,
  121     &bpf_bufsize, 0, "");
  122 static int bpf_maxbufsize = BPF_MAXBUFSIZE;
  123 SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW,
  124     &bpf_maxbufsize, 0, "");
  125 static int bpf_maxinsns = BPF_MAXINSNS;
  126 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
  127     &bpf_maxinsns, 0, "Maximum bpf program instructions");
  128 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_RW,
  129     bpf_stats_sysctl, "bpf statistics portal");
  130 
  131 static  d_open_t        bpfopen;
  132 static  d_close_t       bpfclose;
  133 static  d_read_t        bpfread;
  134 static  d_write_t       bpfwrite;
  135 static  d_ioctl_t       bpfioctl;
  136 static  d_poll_t        bpfpoll;
  137 static  d_kqfilter_t    bpfkqfilter;
  138 
  139 static struct cdevsw bpf_cdevsw = {
  140         .d_version =    D_VERSION,
  141         .d_flags =      D_NEEDGIANT | D_TRACKCLOSE,
  142         .d_open =       bpfopen,
  143         .d_close =      bpfclose,
  144         .d_read =       bpfread,
  145         .d_write =      bpfwrite,
  146         .d_ioctl =      bpfioctl,
  147         .d_poll =       bpfpoll,
  148         .d_name =       "bpf",
  149         .d_kqfilter =   bpfkqfilter,
  150 };
  151 
  152 static struct filterops bpfread_filtops =
  153         { 1, NULL, filt_bpfdetach, filt_bpfread };
  154 
  155 static int
  156 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
  157     struct sockaddr *sockp, struct bpf_insn *wfilter)
  158 {
  159         struct ether_header *eh;
  160         struct mbuf *m;
  161         int error;
  162         int len;
  163         int hlen;
  164         int slen;
  165 
  166         /*
  167          * Build a sockaddr based on the data link layer type.
  168          * We do this at this level because the ethernet header
  169          * is copied directly into the data field of the sockaddr.
  170          * In the case of SLIP, there is no header and the packet
  171          * is forwarded as is.
  172          * Also, we are careful to leave room at the front of the mbuf
  173          * for the link level header.
  174          */
  175         switch (linktype) {
  176 
  177         case DLT_SLIP:
  178                 sockp->sa_family = AF_INET;
  179                 hlen = 0;
  180                 break;
  181 
  182         case DLT_EN10MB:
  183                 sockp->sa_family = AF_UNSPEC;
  184                 /* XXX Would MAXLINKHDR be better? */
  185                 hlen = ETHER_HDR_LEN;
  186                 break;
  187 
  188         case DLT_FDDI:
  189                 sockp->sa_family = AF_IMPLINK;
  190                 hlen = 0;
  191                 break;
  192 
  193         case DLT_RAW:
  194                 sockp->sa_family = AF_UNSPEC;
  195                 hlen = 0;
  196                 break;
  197 
  198         case DLT_NULL:
  199                 /*
  200                  * null interface types require a 4 byte pseudo header which
  201                  * corresponds to the address family of the packet.
  202                  */
  203                 sockp->sa_family = AF_UNSPEC;
  204                 hlen = 4;
  205                 break;
  206 
  207         case DLT_ATM_RFC1483:
  208                 /*
  209                  * en atm driver requires 4-byte atm pseudo header.
  210                  * though it isn't standard, vpi:vci needs to be
  211                  * specified anyway.
  212                  */
  213                 sockp->sa_family = AF_UNSPEC;
  214                 hlen = 12;      /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
  215                 break;
  216 
  217         case DLT_PPP:
  218                 sockp->sa_family = AF_UNSPEC;
  219                 hlen = 4;       /* This should match PPP_HDRLEN */
  220                 break;
  221 
  222         default:
  223                 return (EIO);
  224         }
  225 
  226         len = uio->uio_resid;
  227 
  228         if (len - hlen > ifp->if_mtu)
  229                 return (EMSGSIZE);
  230 
  231         if ((unsigned)len > MJUM16BYTES)
  232                 return (EIO);
  233 
  234         if (len <= MHLEN)
  235                 MGETHDR(m, M_TRYWAIT, MT_DATA);
  236         else if (len <= MCLBYTES)
  237                 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
  238         else
  239                 m = m_getjcl(M_TRYWAIT, MT_DATA, M_PKTHDR,
  240 #if (MJUMPAGESIZE > MCLBYTES)
  241                     len <= MJUMPAGESIZE ? MJUMPAGESIZE :
  242 #endif
  243                     (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
  244         if (m == NULL)
  245                 return (ENOBUFS);
  246         m->m_pkthdr.len = m->m_len = len;
  247         m->m_pkthdr.rcvif = NULL;
  248         *mp = m;
  249 
  250         if (m->m_len < hlen) {
  251                 error = EPERM;
  252                 goto bad;
  253         }
  254 
  255         error = uiomove(mtod(m, u_char *), len, uio);
  256         if (error)
  257                 goto bad;
  258 
  259         slen = bpf_filter(wfilter, mtod(m, u_char *), len, len);
  260         if (slen == 0) {
  261                 error = EPERM;
  262                 goto bad;
  263         }
  264 
  265         /* Check for multicast destination */
  266         switch (linktype) {
  267         case DLT_EN10MB:
  268                 eh = mtod(m, struct ether_header *);
  269                 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
  270                         if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
  271                             ETHER_ADDR_LEN) == 0)
  272                                 m->m_flags |= M_BCAST;
  273                         else
  274                                 m->m_flags |= M_MCAST;
  275                 }
  276                 break;
  277         }
  278 
  279         /*
  280          * Make room for link header, and copy it to sockaddr
  281          */
  282         if (hlen != 0) {
  283                 bcopy(m->m_data, sockp->sa_data, hlen);
  284                 m->m_pkthdr.len -= hlen;
  285                 m->m_len -= hlen;
  286 #if BSD >= 199103
  287                 m->m_data += hlen; /* XXX */
  288 #else
  289                 m->m_off += hlen;
  290 #endif
  291         }
  292 
  293         return (0);
  294 bad:
  295         m_freem(m);
  296         return (error);
  297 }
  298 
  299 /*
  300  * Attach file to the bpf interface, i.e. make d listen on bp.
  301  */
  302 static void
  303 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
  304 {
  305         /*
  306          * Point d at bp, and add d to the interface's list of listeners.
  307          * Finally, point the driver's bpf cookie at the interface so
  308          * it will divert packets to bpf.
  309          */
  310         BPFIF_LOCK(bp);
  311         d->bd_bif = bp;
  312         LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
  313 
  314         bpf_bpfd_cnt++;
  315         BPFIF_UNLOCK(bp);
  316 }
  317 
  318 /*
  319  * Detach a file from its interface.
  320  */
  321 static void
  322 bpf_detachd(struct bpf_d *d)
  323 {
  324         int error;
  325         struct bpf_if *bp;
  326         struct ifnet *ifp;
  327 
  328         bp = d->bd_bif;
  329         BPFIF_LOCK(bp);
  330         BPFD_LOCK(d);
  331         ifp = d->bd_bif->bif_ifp;
  332 
  333         /*
  334          * Remove d from the interface's descriptor list.
  335          */
  336         LIST_REMOVE(d, bd_next);
  337 
  338         bpf_bpfd_cnt--;
  339         d->bd_bif = NULL;
  340         BPFD_UNLOCK(d);
  341         BPFIF_UNLOCK(bp);
  342 
  343         /*
  344          * Check if this descriptor had requested promiscuous mode.
  345          * If so, turn it off.
  346          */
  347         if (d->bd_promisc) {
  348                 d->bd_promisc = 0;
  349                 error = ifpromisc(ifp, 0);
  350                 if (error != 0 && error != ENXIO) {
  351                         /*
  352                          * ENXIO can happen if a pccard is unplugged
  353                          * Something is really wrong if we were able to put
  354                          * the driver into promiscuous mode, but can't
  355                          * take it out.
  356                          */
  357                         if_printf(bp->bif_ifp,
  358                                 "bpf_detach: ifpromisc failed (%d)\n", error);
  359                 }
  360         }
  361 }
  362 
  363 /*
  364  * Open ethernet device.  Returns ENXIO for illegal minor device number,
  365  * EBUSY if file is open by another process.
  366  */
  367 /* ARGSUSED */
  368 static  int
  369 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
  370 {
  371         struct bpf_d *d;
  372 
  373         mtx_lock(&bpf_mtx);
  374         d = dev->si_drv1;
  375         /*
  376          * Each minor can be opened by only one process.  If the requested
  377          * minor is in use, return EBUSY.
  378          */
  379         if (d != NULL) {
  380                 mtx_unlock(&bpf_mtx);
  381                 return (EBUSY);
  382         }
  383         dev->si_drv1 = (struct bpf_d *)~0;      /* mark device in use */
  384         mtx_unlock(&bpf_mtx);
  385 
  386         if ((dev->si_flags & SI_NAMED) == 0)
  387                 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600,
  388                     "bpf%d", dev2unit(dev));
  389         MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
  390         dev->si_drv1 = d;
  391         d->bd_bufsize = bpf_bufsize;
  392         d->bd_sig = SIGIO;
  393         d->bd_seesent = 1;
  394         d->bd_pid = td->td_proc->p_pid;
  395         strlcpy(d->bd_pcomm, td->td_proc->p_comm, MAXCOMLEN);
  396 #ifdef MAC
  397         mac_init_bpfdesc(d);
  398         mac_create_bpfdesc(td->td_ucred, d);
  399 #endif
  400         mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF);
  401         callout_init_mtx(&d->bd_callout, &d->bd_mtx, 0);
  402         knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL);
  403 
  404         return (0);
  405 }
  406 
  407 /*
  408  * Close the descriptor by detaching it from its interface,
  409  * deallocating its buffers, and marking it free.
  410  */
  411 /* ARGSUSED */
  412 static  int
  413 bpfclose(struct cdev *dev, int flags, int fmt, struct thread *td)
  414 {
  415         struct bpf_d *d = dev->si_drv1;
  416 
  417         BPFD_LOCK(d);
  418         if (d->bd_state == BPF_WAITING)
  419                 callout_stop(&d->bd_callout);
  420         d->bd_state = BPF_IDLE;
  421         BPFD_UNLOCK(d);
  422         funsetown(&d->bd_sigio);
  423         mtx_lock(&bpf_mtx);
  424         if (d->bd_bif)
  425                 bpf_detachd(d);
  426         mtx_unlock(&bpf_mtx);
  427         selwakeuppri(&d->bd_sel, PRINET);
  428 #ifdef MAC
  429         mac_destroy_bpfdesc(d);
  430 #endif /* MAC */
  431         knlist_destroy(&d->bd_sel.si_note);
  432         callout_drain(&d->bd_callout);
  433         bpf_freed(d);
  434         dev->si_drv1 = NULL;
  435         free(d, M_BPF);
  436 
  437         return (0);
  438 }
  439 
  440 
  441 /*
  442  * Rotate the packet buffers in descriptor d.  Move the store buffer
  443  * into the hold slot, and the free buffer into the store slot.
  444  * Zero the length of the new store buffer.
  445  */
  446 #define ROTATE_BUFFERS(d) \
  447         (d)->bd_hbuf = (d)->bd_sbuf; \
  448         (d)->bd_hlen = (d)->bd_slen; \
  449         (d)->bd_sbuf = (d)->bd_fbuf; \
  450         (d)->bd_slen = 0; \
  451         (d)->bd_fbuf = NULL;
  452 /*
  453  *  bpfread - read next chunk of packets from buffers
  454  */
  455 static  int
  456 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
  457 {
  458         struct bpf_d *d = dev->si_drv1;
  459         int error;
  460         int non_block;
  461         int timed_out;
  462 
  463         /*
  464          * Restrict application to use a buffer the same size as
  465          * as kernel buffers.
  466          */
  467         if (uio->uio_resid != d->bd_bufsize)
  468                 return (EINVAL);
  469 
  470         non_block = ((ioflag & O_NONBLOCK) != 0);
  471 
  472         BPFD_LOCK(d);
  473         d->bd_pid = curthread->td_proc->p_pid;
  474         if (d->bd_state == BPF_WAITING)
  475                 callout_stop(&d->bd_callout);
  476         timed_out = (d->bd_state == BPF_TIMED_OUT);
  477         d->bd_state = BPF_IDLE;
  478         /*
  479          * If the hold buffer is empty, then do a timed sleep, which
  480          * ends when the timeout expires or when enough packets
  481          * have arrived to fill the store buffer.
  482          */
  483         while (d->bd_hbuf == NULL) {
  484                 if (d->bd_slen != 0) {
  485                         /*
  486                          * A packet(s) either arrived since the previous
  487                          * read or arrived while we were asleep.
  488                          */
  489                         if (d->bd_immediate || non_block || timed_out) {
  490                                 /*
  491                                  * Rotate the buffers and return what's here
  492                                  * if we are in immediate mode, non-blocking
  493                                  * flag is set, or this descriptor timed out.
  494                                  */
  495                                 ROTATE_BUFFERS(d);
  496                                 break;
  497                         }
  498                 }
  499 
  500                 /*
  501                  * No data is available, check to see if the bpf device
  502                  * is still pointed at a real interface.  If not, return
  503                  * ENXIO so that the userland process knows to rebind
  504                  * it before using it again.
  505                  */
  506                 if (d->bd_bif == NULL) {
  507                         BPFD_UNLOCK(d);
  508                         return (ENXIO);
  509                 }
  510 
  511                 if (non_block) {
  512                         BPFD_UNLOCK(d);
  513                         return (EWOULDBLOCK);
  514                 }
  515                 error = msleep(d, &d->bd_mtx, PRINET|PCATCH,
  516                      "bpf", d->bd_rtout);
  517                 if (error == EINTR || error == ERESTART) {
  518                         BPFD_UNLOCK(d);
  519                         return (error);
  520                 }
  521                 if (error == EWOULDBLOCK) {
  522                         /*
  523                          * On a timeout, return what's in the buffer,
  524                          * which may be nothing.  If there is something
  525                          * in the store buffer, we can rotate the buffers.
  526                          */
  527                         if (d->bd_hbuf)
  528                                 /*
  529                                  * We filled up the buffer in between
  530                                  * getting the timeout and arriving
  531                                  * here, so we don't need to rotate.
  532                                  */
  533                                 break;
  534 
  535                         if (d->bd_slen == 0) {
  536                                 BPFD_UNLOCK(d);
  537                                 return (0);
  538                         }
  539                         ROTATE_BUFFERS(d);
  540                         break;
  541                 }
  542         }
  543         /*
  544          * At this point, we know we have something in the hold slot.
  545          */
  546         BPFD_UNLOCK(d);
  547 
  548         /*
  549          * Move data from hold buffer into user space.
  550          * We know the entire buffer is transferred since
  551          * we checked above that the read buffer is bpf_bufsize bytes.
  552          */
  553         error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
  554 
  555         BPFD_LOCK(d);
  556         d->bd_fbuf = d->bd_hbuf;
  557         d->bd_hbuf = NULL;
  558         d->bd_hlen = 0;
  559         BPFD_UNLOCK(d);
  560 
  561         return (error);
  562 }
  563 
  564 
  565 /*
  566  * If there are processes sleeping on this descriptor, wake them up.
  567  */
  568 static __inline void
  569 bpf_wakeup(struct bpf_d *d)
  570 {
  571 
  572         BPFD_LOCK_ASSERT(d);
  573         if (d->bd_state == BPF_WAITING) {
  574                 callout_stop(&d->bd_callout);
  575                 d->bd_state = BPF_IDLE;
  576         }
  577         wakeup(d);
  578         if (d->bd_async && d->bd_sig && d->bd_sigio)
  579                 pgsigio(&d->bd_sigio, d->bd_sig, 0);
  580 
  581         selwakeuppri(&d->bd_sel, PRINET);
  582         KNOTE_LOCKED(&d->bd_sel.si_note, 0);
  583 }
  584 
  585 static void
  586 bpf_timed_out(void *arg)
  587 {
  588         struct bpf_d *d = (struct bpf_d *)arg;
  589 
  590         BPFD_LOCK_ASSERT(d);
  591 
  592         if (callout_pending(&d->bd_callout) || !callout_active(&d->bd_callout))
  593                 return;
  594         if (d->bd_state == BPF_WAITING) {
  595                 d->bd_state = BPF_TIMED_OUT;
  596                 if (d->bd_slen != 0)
  597                         bpf_wakeup(d);
  598         }
  599 }
  600 
  601 static int
  602 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
  603 {
  604         struct bpf_d *d = dev->si_drv1;
  605         struct ifnet *ifp;
  606         struct mbuf *m;
  607         int error;
  608         struct sockaddr dst;
  609 
  610         d->bd_pid = curthread->td_proc->p_pid;
  611         if (d->bd_bif == NULL)
  612                 return (ENXIO);
  613 
  614         ifp = d->bd_bif->bif_ifp;
  615 
  616         if ((ifp->if_flags & IFF_UP) == 0)
  617                 return (ENETDOWN);
  618 
  619         if (uio->uio_resid == 0)
  620                 return (0);
  621 
  622         bzero(&dst, sizeof(dst));
  623         error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp,
  624             &m, &dst, d->bd_wfilter);
  625         if (error)
  626                 return (error);
  627 
  628         if (d->bd_hdrcmplt)
  629                 dst.sa_family = pseudo_AF_HDRCMPLT;
  630 
  631 #ifdef MAC
  632         BPFD_LOCK(d);
  633         mac_create_mbuf_from_bpfdesc(d, m);
  634         BPFD_UNLOCK(d);
  635 #endif
  636         NET_LOCK_GIANT();
  637         error = (*ifp->if_output)(ifp, m, &dst, NULL);
  638         NET_UNLOCK_GIANT();
  639         /*
  640          * The driver frees the mbuf.
  641          */
  642         return (error);
  643 }
  644 
  645 /*
  646  * Reset a descriptor by flushing its packet buffer and clearing the
  647  * receive and drop counts.
  648  */
  649 static void
  650 reset_d(struct bpf_d *d)
  651 {
  652 
  653         mtx_assert(&d->bd_mtx, MA_OWNED);
  654         if (d->bd_hbuf) {
  655                 /* Free the hold buffer. */
  656                 d->bd_fbuf = d->bd_hbuf;
  657                 d->bd_hbuf = NULL;
  658         }
  659         d->bd_slen = 0;
  660         d->bd_hlen = 0;
  661         d->bd_rcount = 0;
  662         d->bd_dcount = 0;
  663         d->bd_fcount = 0;
  664 }
  665 
  666 /*
  667  *  FIONREAD            Check for read packet available.
  668  *  SIOCGIFADDR         Get interface address - convenient hook to driver.
  669  *  BIOCGBLEN           Get buffer len [for read()].
  670  *  BIOCSETF            Set ethernet read filter.
  671  *  BIOCSETWF           Set ethernet write filter.
  672  *  BIOCFLUSH           Flush read packet buffer.
  673  *  BIOCPROMISC         Put interface into promiscuous mode.
  674  *  BIOCGDLT            Get link layer type.
  675  *  BIOCGETIF           Get interface name.
  676  *  BIOCSETIF           Set interface.
  677  *  BIOCSRTIMEOUT       Set read timeout.
  678  *  BIOCGRTIMEOUT       Get read timeout.
  679  *  BIOCGSTATS          Get packet stats.
  680  *  BIOCIMMEDIATE       Set immediate mode.
  681  *  BIOCVERSION         Get filter language version.
  682  *  BIOCGHDRCMPLT       Get "header already complete" flag
  683  *  BIOCSHDRCMPLT       Set "header already complete" flag
  684  *  BIOCGSEESENT        Get "see packets sent" flag
  685  *  BIOCSSEESENT        Set "see packets sent" flag
  686  *  BIOCLOCK            Set "locked" flag
  687  */
  688 /* ARGSUSED */
  689 static  int
  690 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
  691     struct thread *td)
  692 {
  693         struct bpf_d *d = dev->si_drv1;
  694         int error = 0;
  695 
  696         /*
  697          * Refresh PID associated with this descriptor.
  698          */
  699         d->bd_pid = td->td_proc->p_pid;
  700         BPFD_LOCK(d);
  701         if (d->bd_state == BPF_WAITING)
  702                 callout_stop(&d->bd_callout);
  703         d->bd_state = BPF_IDLE;
  704         BPFD_UNLOCK(d);
  705 
  706         if (d->bd_locked == 1) {
  707                 switch (cmd) {
  708                 case BIOCGBLEN:
  709                 case BIOCFLUSH:
  710                 case BIOCGDLT:
  711                 case BIOCGDLTLIST:
  712                 case BIOCGETIF:
  713                 case BIOCGRTIMEOUT:
  714                 case BIOCGSTATS:
  715                 case BIOCVERSION:
  716                 case BIOCGRSIG:
  717                 case BIOCGHDRCMPLT:
  718                 case FIONREAD:
  719                 case BIOCLOCK:
  720                 case BIOCSRTIMEOUT:
  721                 case BIOCIMMEDIATE:
  722                 case TIOCGPGRP:
  723                         break;
  724                 default:
  725                         return (EPERM);
  726                 }
  727         }
  728         switch (cmd) {
  729 
  730         default:
  731                 error = EINVAL;
  732                 break;
  733 
  734         /*
  735          * Check for read packet available.
  736          */
  737         case FIONREAD:
  738                 {
  739                         int n;
  740 
  741                         BPFD_LOCK(d);
  742                         n = d->bd_slen;
  743                         if (d->bd_hbuf)
  744                                 n += d->bd_hlen;
  745                         BPFD_UNLOCK(d);
  746 
  747                         *(int *)addr = n;
  748                         break;
  749                 }
  750 
  751         case SIOCGIFADDR:
  752                 {
  753                         struct ifnet *ifp;
  754 
  755                         if (d->bd_bif == NULL)
  756                                 error = EINVAL;
  757                         else {
  758                                 ifp = d->bd_bif->bif_ifp;
  759                                 error = (*ifp->if_ioctl)(ifp, cmd, addr);
  760                         }
  761                         break;
  762                 }
  763 
  764         /*
  765          * Get buffer len [for read()].
  766          */
  767         case BIOCGBLEN:
  768                 *(u_int *)addr = d->bd_bufsize;
  769                 break;
  770 
  771         /*
  772          * Set buffer length.
  773          */
  774         case BIOCSBLEN:
  775                 if (d->bd_bif != NULL)
  776                         error = EINVAL;
  777                 else {
  778                         u_int size = *(u_int *)addr;
  779 
  780                         if (size > bpf_maxbufsize)
  781                                 *(u_int *)addr = size = bpf_maxbufsize;
  782                         else if (size < BPF_MINBUFSIZE)
  783                                 *(u_int *)addr = size = BPF_MINBUFSIZE;
  784                         d->bd_bufsize = size;
  785                 }
  786                 break;
  787 
  788         /*
  789          * Set link layer read filter.
  790          */
  791         case BIOCSETF:
  792         case BIOCSETWF:
  793                 error = bpf_setf(d, (struct bpf_program *)addr, cmd);
  794                 break;
  795 
  796         /*
  797          * Flush read packet buffer.
  798          */
  799         case BIOCFLUSH:
  800                 BPFD_LOCK(d);
  801                 reset_d(d);
  802                 BPFD_UNLOCK(d);
  803                 break;
  804 
  805         /*
  806          * Put interface into promiscuous mode.
  807          */
  808         case BIOCPROMISC:
  809                 if (d->bd_bif == NULL) {
  810                         /*
  811                          * No interface attached yet.
  812                          */
  813                         error = EINVAL;
  814                         break;
  815                 }
  816                 if (d->bd_promisc == 0) {
  817                         mtx_lock(&Giant);
  818                         error = ifpromisc(d->bd_bif->bif_ifp, 1);
  819                         mtx_unlock(&Giant);
  820                         if (error == 0)
  821                                 d->bd_promisc = 1;
  822                 }
  823                 break;
  824 
  825         /*
  826          * Get current data link type.
  827          */
  828         case BIOCGDLT:
  829                 if (d->bd_bif == NULL)
  830                         error = EINVAL;
  831                 else
  832                         *(u_int *)addr = d->bd_bif->bif_dlt;
  833                 break;
  834 
  835         /*
  836          * Get a list of supported data link types.
  837          */
  838         case BIOCGDLTLIST:
  839                 if (d->bd_bif == NULL)
  840                         error = EINVAL;
  841                 else
  842                         error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
  843                 break;
  844 
  845         /*
  846          * Set data link type.
  847          */
  848         case BIOCSDLT:
  849                 if (d->bd_bif == NULL)
  850                         error = EINVAL;
  851                 else
  852                         error = bpf_setdlt(d, *(u_int *)addr);
  853                 break;
  854 
  855         /*
  856          * Get interface name.
  857          */
  858         case BIOCGETIF:
  859                 if (d->bd_bif == NULL)
  860                         error = EINVAL;
  861                 else {
  862                         struct ifnet *const ifp = d->bd_bif->bif_ifp;
  863                         struct ifreq *const ifr = (struct ifreq *)addr;
  864 
  865                         strlcpy(ifr->ifr_name, ifp->if_xname,
  866                             sizeof(ifr->ifr_name));
  867                 }
  868                 break;
  869 
  870         /*
  871          * Set interface.
  872          */
  873         case BIOCSETIF:
  874                 error = bpf_setif(d, (struct ifreq *)addr);
  875                 break;
  876 
  877         /*
  878          * Set read timeout.
  879          */
  880         case BIOCSRTIMEOUT:
  881                 {
  882                         struct timeval *tv = (struct timeval *)addr;
  883 
  884                         /*
  885                          * Subtract 1 tick from tvtohz() since this isn't
  886                          * a one-shot timer.
  887                          */
  888                         if ((error = itimerfix(tv)) == 0)
  889                                 d->bd_rtout = tvtohz(tv) - 1;
  890                         break;
  891                 }
  892 
  893         /*
  894          * Get read timeout.
  895          */
  896         case BIOCGRTIMEOUT:
  897                 {
  898                         struct timeval *tv = (struct timeval *)addr;
  899 
  900                         tv->tv_sec = d->bd_rtout / hz;
  901                         tv->tv_usec = (d->bd_rtout % hz) * tick;
  902                         break;
  903                 }
  904 
  905         /*
  906          * Get packet stats.
  907          */
  908         case BIOCGSTATS:
  909                 {
  910                         struct bpf_stat *bs = (struct bpf_stat *)addr;
  911 
  912                         bs->bs_recv = d->bd_rcount;
  913                         bs->bs_drop = d->bd_dcount;
  914                         break;
  915                 }
  916 
  917         /*
  918          * Set immediate mode.
  919          */
  920         case BIOCIMMEDIATE:
  921                 d->bd_immediate = *(u_int *)addr;
  922                 break;
  923 
  924         case BIOCVERSION:
  925                 {
  926                         struct bpf_version *bv = (struct bpf_version *)addr;
  927 
  928                         bv->bv_major = BPF_MAJOR_VERSION;
  929                         bv->bv_minor = BPF_MINOR_VERSION;
  930                         break;
  931                 }
  932 
  933         /*
  934          * Get "header already complete" flag
  935          */
  936         case BIOCGHDRCMPLT:
  937                 *(u_int *)addr = d->bd_hdrcmplt;
  938                 break;
  939 
  940         case BIOCLOCK:
  941                 d->bd_locked = 1;
  942                 break;
  943         /*
  944          * Set "header already complete" flag
  945          */
  946         case BIOCSHDRCMPLT:
  947                 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
  948                 break;
  949 
  950         /*
  951          * Get "see sent packets" flag
  952          */
  953         case BIOCGSEESENT:
  954                 *(u_int *)addr = d->bd_seesent;
  955                 break;
  956 
  957         /*
  958          * Set "see sent packets" flag
  959          */
  960         case BIOCSSEESENT:
  961                 d->bd_seesent = *(u_int *)addr;
  962                 break;
  963 
  964         case FIONBIO:           /* Non-blocking I/O */
  965                 break;
  966 
  967         case FIOASYNC:          /* Send signal on receive packets */
  968                 d->bd_async = *(int *)addr;
  969                 break;
  970 
  971         case FIOSETOWN:
  972                 error = fsetown(*(int *)addr, &d->bd_sigio);
  973                 break;
  974 
  975         case FIOGETOWN:
  976                 *(int *)addr = fgetown(&d->bd_sigio);
  977                 break;
  978 
  979         /* This is deprecated, FIOSETOWN should be used instead. */
  980         case TIOCSPGRP:
  981                 error = fsetown(-(*(int *)addr), &d->bd_sigio);
  982                 break;
  983 
  984         /* This is deprecated, FIOGETOWN should be used instead. */
  985         case TIOCGPGRP:
  986                 *(int *)addr = -fgetown(&d->bd_sigio);
  987                 break;
  988 
  989         case BIOCSRSIG:         /* Set receive signal */
  990                 {
  991                         u_int sig;
  992 
  993                         sig = *(u_int *)addr;
  994 
  995                         if (sig >= NSIG)
  996                                 error = EINVAL;
  997                         else
  998                                 d->bd_sig = sig;
  999                         break;
 1000                 }
 1001         case BIOCGRSIG:
 1002                 *(u_int *)addr = d->bd_sig;
 1003                 break;
 1004         }
 1005         return (error);
 1006 }
 1007 
 1008 /*
 1009  * Set d's packet filter program to fp.  If this file already has a filter,
 1010  * free it and replace it.  Returns EINVAL for bogus requests.
 1011  */
 1012 static int
 1013 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
 1014 {
 1015         struct bpf_insn *fcode, *old;
 1016         u_int wfilter, flen, size;
 1017 
 1018         if (cmd == BIOCSETWF) {
 1019                 old = d->bd_wfilter;
 1020                 wfilter = 1;
 1021         } else {
 1022                 wfilter = 0;
 1023                 old = d->bd_rfilter;
 1024         }
 1025         if (fp->bf_insns == NULL) {
 1026                 if (fp->bf_len != 0)
 1027                         return (EINVAL);
 1028                 BPFD_LOCK(d);
 1029                 if (wfilter)
 1030                         d->bd_wfilter = NULL;
 1031                 else
 1032                         d->bd_rfilter = NULL;
 1033                 reset_d(d);
 1034                 BPFD_UNLOCK(d);
 1035                 if (old != NULL)
 1036                         free((caddr_t)old, M_BPF);
 1037                 return (0);
 1038         }
 1039         flen = fp->bf_len;
 1040         if (flen > bpf_maxinsns)
 1041                 return (EINVAL);
 1042 
 1043         size = flen * sizeof(*fp->bf_insns);
 1044         fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
 1045         if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
 1046             bpf_validate(fcode, (int)flen)) {
 1047                 BPFD_LOCK(d);
 1048                 if (wfilter)
 1049                         d->bd_wfilter = fcode;
 1050                 else
 1051                         d->bd_rfilter = fcode;
 1052                 reset_d(d);
 1053                 BPFD_UNLOCK(d);
 1054                 if (old != NULL)
 1055                         free((caddr_t)old, M_BPF);
 1056 
 1057                 return (0);
 1058         }
 1059         free((caddr_t)fcode, M_BPF);
 1060         return (EINVAL);
 1061 }
 1062 
 1063 /*
 1064  * Detach a file from its current interface (if attached at all) and attach
 1065  * to the interface indicated by the name stored in ifr.
 1066  * Return an errno or 0.
 1067  */
 1068 static int
 1069 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
 1070 {
 1071         struct bpf_if *bp;
 1072         int error;
 1073         struct ifnet *theywant;
 1074 
 1075         theywant = ifunit(ifr->ifr_name);
 1076         if (theywant == NULL || theywant->if_bpf == NULL)
 1077                 return (ENXIO);
 1078 
 1079         bp = theywant->if_bpf;
 1080         /*
 1081          * Allocate the packet buffers if we need to.
 1082          * If we're already attached to requested interface,
 1083          * just flush the buffer.
 1084          */
 1085         if (d->bd_sbuf == NULL) {
 1086                 error = bpf_allocbufs(d);
 1087                 if (error != 0)
 1088                         return (error);
 1089         }
 1090         if (bp != d->bd_bif) {
 1091                 if (d->bd_bif)
 1092                         /*
 1093                          * Detach if attached to something else.
 1094                          */
 1095                         bpf_detachd(d);
 1096 
 1097                 bpf_attachd(d, bp);
 1098         }
 1099         BPFD_LOCK(d);
 1100         reset_d(d);
 1101         BPFD_UNLOCK(d);
 1102         return (0);
 1103 }
 1104 
 1105 /*
 1106  * Support for select() and poll() system calls
 1107  *
 1108  * Return true iff the specific operation will not block indefinitely.
 1109  * Otherwise, return false but make a note that a selwakeup() must be done.
 1110  */
 1111 static int
 1112 bpfpoll(struct cdev *dev, int events, struct thread *td)
 1113 {
 1114         struct bpf_d *d;
 1115         int revents;
 1116 
 1117         d = dev->si_drv1;
 1118         if (d->bd_bif == NULL)
 1119                 return (ENXIO);
 1120 
 1121         /*
 1122          * Refresh PID associated with this descriptor.
 1123          */
 1124         d->bd_pid = td->td_proc->p_pid;
 1125         revents = events & (POLLOUT | POLLWRNORM);
 1126         BPFD_LOCK(d);
 1127         if (events & (POLLIN | POLLRDNORM)) {
 1128                 if (bpf_ready(d))
 1129                         revents |= events & (POLLIN | POLLRDNORM);
 1130                 else {
 1131                         selrecord(td, &d->bd_sel);
 1132                         /* Start the read timeout if necessary. */
 1133                         if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
 1134                                 callout_reset(&d->bd_callout, d->bd_rtout,
 1135                                     bpf_timed_out, d);
 1136                                 d->bd_state = BPF_WAITING;
 1137                         }
 1138                 }
 1139         }
 1140         BPFD_UNLOCK(d);
 1141         return (revents);
 1142 }
 1143 
 1144 /*
 1145  * Support for kevent() system call.  Register EVFILT_READ filters and
 1146  * reject all others.
 1147  */
 1148 int
 1149 bpfkqfilter(struct cdev *dev, struct knote *kn)
 1150 {
 1151         struct bpf_d *d = (struct bpf_d *)dev->si_drv1;
 1152 
 1153         if (kn->kn_filter != EVFILT_READ)
 1154                 return (1);
 1155 
 1156         /*
 1157          * Refresh PID associated with this descriptor.
 1158          */
 1159         d->bd_pid = curthread->td_proc->p_pid;
 1160         kn->kn_fop = &bpfread_filtops;
 1161         kn->kn_hook = d;
 1162         knlist_add(&d->bd_sel.si_note, kn, 0);
 1163 
 1164         return (0);
 1165 }
 1166 
 1167 static void
 1168 filt_bpfdetach(struct knote *kn)
 1169 {
 1170         struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
 1171 
 1172         knlist_remove(&d->bd_sel.si_note, kn, 0);
 1173 }
 1174 
 1175 static int
 1176 filt_bpfread(struct knote *kn, long hint)
 1177 {
 1178         struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
 1179         int ready;
 1180 
 1181         BPFD_LOCK_ASSERT(d);
 1182         ready = bpf_ready(d);
 1183         if (ready) {
 1184                 kn->kn_data = d->bd_slen;
 1185                 if (d->bd_hbuf)
 1186                         kn->kn_data += d->bd_hlen;
 1187         }
 1188         else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
 1189                 callout_reset(&d->bd_callout, d->bd_rtout,
 1190                     bpf_timed_out, d);
 1191                 d->bd_state = BPF_WAITING;
 1192         }
 1193 
 1194         return (ready);
 1195 }
 1196 
 1197 /*
 1198  * Incoming linkage from device drivers.  Process the packet pkt, of length
 1199  * pktlen, which is stored in a contiguous buffer.  The packet is parsed
 1200  * by each process' filter, and if accepted, stashed into the corresponding
 1201  * buffer.
 1202  */
 1203 void
 1204 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
 1205 {
 1206         struct bpf_d *d;
 1207         u_int slen;
 1208         int gottime;
 1209         struct timeval tv;
 1210 
 1211         gottime = 0;
 1212         BPFIF_LOCK(bp);
 1213         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1214                 BPFD_LOCK(d);
 1215                 ++d->bd_rcount;
 1216                 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
 1217                 if (slen != 0) {
 1218                         d->bd_fcount++;
 1219                         if (!gottime) {
 1220                                 microtime(&tv);
 1221                                 gottime = 1;
 1222                         }
 1223 #ifdef MAC
 1224                         if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
 1225 #endif
 1226                                 catchpacket(d, pkt, pktlen, slen, bcopy, &tv);
 1227                 }
 1228                 BPFD_UNLOCK(d);
 1229         }
 1230         BPFIF_UNLOCK(bp);
 1231 }
 1232 
 1233 /*
 1234  * Copy data from an mbuf chain into a buffer.  This code is derived
 1235  * from m_copydata in sys/uipc_mbuf.c.
 1236  */
 1237 static void
 1238 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
 1239 {
 1240         const struct mbuf *m;
 1241         u_int count;
 1242         u_char *dst;
 1243 
 1244         m = src_arg;
 1245         dst = dst_arg;
 1246         while (len > 0) {
 1247                 if (m == NULL)
 1248                         panic("bpf_mcopy");
 1249                 count = min(m->m_len, len);
 1250                 bcopy(mtod(m, void *), dst, count);
 1251                 m = m->m_next;
 1252                 dst += count;
 1253                 len -= count;
 1254         }
 1255 }
 1256 
 1257 /*
 1258  * Incoming linkage from device drivers, when packet is in an mbuf chain.
 1259  */
 1260 void
 1261 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
 1262 {
 1263         struct bpf_d *d;
 1264         u_int pktlen, slen;
 1265         int gottime;
 1266         struct timeval tv;
 1267 
 1268         gottime = 0;
 1269 
 1270         pktlen = m_length(m, NULL);
 1271 
 1272         BPFIF_LOCK(bp);
 1273         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1274                 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
 1275                         continue;
 1276                 BPFD_LOCK(d);
 1277                 ++d->bd_rcount;
 1278                 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
 1279                 if (slen != 0) {
 1280                         d->bd_fcount++;
 1281                         if (!gottime) {
 1282                                 microtime(&tv);
 1283                                 gottime = 1;
 1284                         }
 1285 #ifdef MAC
 1286                         if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
 1287 #endif
 1288                                 catchpacket(d, (u_char *)m, pktlen, slen,
 1289                                     bpf_mcopy, &tv);
 1290                 }
 1291                 BPFD_UNLOCK(d);
 1292         }
 1293         BPFIF_UNLOCK(bp);
 1294 }
 1295 
 1296 /*
 1297  * Incoming linkage from device drivers, when packet is in
 1298  * an mbuf chain and to be prepended by a contiguous header.
 1299  */
 1300 void
 1301 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
 1302 {
 1303         struct mbuf mb;
 1304         struct bpf_d *d;
 1305         u_int pktlen, slen;
 1306         int gottime;
 1307         struct timeval tv;
 1308 
 1309         gottime = 0;
 1310 
 1311         pktlen = m_length(m, NULL);
 1312         /*
 1313          * Craft on-stack mbuf suitable for passing to bpf_filter.
 1314          * Note that we cut corners here; we only setup what's
 1315          * absolutely needed--this mbuf should never go anywhere else.
 1316          */
 1317         mb.m_next = m;
 1318         mb.m_data = data;
 1319         mb.m_len = dlen;
 1320         pktlen += dlen;
 1321 
 1322         BPFIF_LOCK(bp);
 1323         LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
 1324                 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
 1325                         continue;
 1326                 BPFD_LOCK(d);
 1327                 ++d->bd_rcount;
 1328                 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
 1329                 if (slen != 0) {
 1330                         d->bd_fcount++;
 1331                         if (!gottime) {
 1332                                 microtime(&tv);
 1333                                 gottime = 1;
 1334                         }
 1335 #ifdef MAC
 1336                         if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
 1337 #endif
 1338                                 catchpacket(d, (u_char *)&mb, pktlen, slen,
 1339                                     bpf_mcopy, &tv);
 1340                 }
 1341                 BPFD_UNLOCK(d);
 1342         }
 1343         BPFIF_UNLOCK(bp);
 1344 }
 1345 
 1346 /*
 1347  * Move the packet data from interface memory (pkt) into the
 1348  * store buffer.  "cpfn" is the routine called to do the actual data
 1349  * transfer.  bcopy is passed in to copy contiguous chunks, while
 1350  * bpf_mcopy is passed in to copy mbuf chains.  In the latter case,
 1351  * pkt is really an mbuf.
 1352  */
 1353 static void
 1354 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
 1355     void (*cpfn)(const void *, void *, size_t), struct timeval *tv)
 1356 {
 1357         struct bpf_hdr *hp;
 1358         int totlen, curlen;
 1359         int hdrlen = d->bd_bif->bif_hdrlen;
 1360         int do_wakeup = 0;
 1361 
 1362         BPFD_LOCK_ASSERT(d);
 1363         /*
 1364          * Figure out how many bytes to move.  If the packet is
 1365          * greater or equal to the snapshot length, transfer that
 1366          * much.  Otherwise, transfer the whole packet (unless
 1367          * we hit the buffer size limit).
 1368          */
 1369         totlen = hdrlen + min(snaplen, pktlen);
 1370         if (totlen > d->bd_bufsize)
 1371                 totlen = d->bd_bufsize;
 1372 
 1373         /*
 1374          * Round up the end of the previous packet to the next longword.
 1375          */
 1376         curlen = BPF_WORDALIGN(d->bd_slen);
 1377         if (curlen + totlen > d->bd_bufsize) {
 1378                 /*
 1379                  * This packet will overflow the storage buffer.
 1380                  * Rotate the buffers if we can, then wakeup any
 1381                  * pending reads.
 1382                  */
 1383                 if (d->bd_fbuf == NULL) {
 1384                         /*
 1385                          * We haven't completed the previous read yet,
 1386                          * so drop the packet.
 1387                          */
 1388                         ++d->bd_dcount;
 1389                         return;
 1390                 }
 1391                 ROTATE_BUFFERS(d);
 1392                 do_wakeup = 1;
 1393                 curlen = 0;
 1394         }
 1395         else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
 1396                 /*
 1397                  * Immediate mode is set, or the read timeout has
 1398                  * already expired during a select call.  A packet
 1399                  * arrived, so the reader should be woken up.
 1400                  */
 1401                 do_wakeup = 1;
 1402 
 1403         /*
 1404          * Append the bpf header.
 1405          */
 1406         hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
 1407         hp->bh_tstamp = *tv;
 1408         hp->bh_datalen = pktlen;
 1409         hp->bh_hdrlen = hdrlen;
 1410         /*
 1411          * Copy the packet data into the store buffer and update its length.
 1412          */
 1413         (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
 1414         d->bd_slen = curlen + totlen;
 1415 
 1416         if (do_wakeup)
 1417                 bpf_wakeup(d);
 1418 }
 1419 
 1420 /*
 1421  * Initialize all nonzero fields of a descriptor.
 1422  */
 1423 static int
 1424 bpf_allocbufs(struct bpf_d *d)
 1425 {
 1426         d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
 1427         if (d->bd_fbuf == NULL)
 1428                 return (ENOBUFS);
 1429 
 1430         d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
 1431         if (d->bd_sbuf == NULL) {
 1432                 free(d->bd_fbuf, M_BPF);
 1433                 return (ENOBUFS);
 1434         }
 1435         d->bd_slen = 0;
 1436         d->bd_hlen = 0;
 1437         return (0);
 1438 }
 1439 
 1440 /*
 1441  * Free buffers currently in use by a descriptor.
 1442  * Called on close.
 1443  */
 1444 static void
 1445 bpf_freed(struct bpf_d *d)
 1446 {
 1447         /*
 1448          * We don't need to lock out interrupts since this descriptor has
 1449          * been detached from its interface and it yet hasn't been marked
 1450          * free.
 1451          */
 1452         if (d->bd_sbuf != NULL) {
 1453                 free(d->bd_sbuf, M_BPF);
 1454                 if (d->bd_hbuf != NULL)
 1455                         free(d->bd_hbuf, M_BPF);
 1456                 if (d->bd_fbuf != NULL)
 1457                         free(d->bd_fbuf, M_BPF);
 1458         }
 1459         if (d->bd_rfilter)
 1460                 free((caddr_t)d->bd_rfilter, M_BPF);
 1461         if (d->bd_wfilter)
 1462                 free((caddr_t)d->bd_wfilter, M_BPF);
 1463         mtx_destroy(&d->bd_mtx);
 1464 }
 1465 
 1466 /*
 1467  * Attach an interface to bpf.  dlt is the link layer type; hdrlen is the
 1468  * fixed size of the link header (variable length headers not yet supported).
 1469  */
 1470 void
 1471 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
 1472 {
 1473 
 1474         bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
 1475 }
 1476 
 1477 /*
 1478  * Attach an interface to bpf.  ifp is a pointer to the structure
 1479  * defining the interface to be attached, dlt is the link layer type,
 1480  * and hdrlen is the fixed size of the link header (variable length
 1481  * headers are not yet supporrted).
 1482  */
 1483 void
 1484 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
 1485 {
 1486         struct bpf_if *bp;
 1487 
 1488         bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
 1489         if (bp == NULL)
 1490                 panic("bpfattach");
 1491 
 1492         LIST_INIT(&bp->bif_dlist);
 1493         bp->bif_ifp = ifp;
 1494         bp->bif_dlt = dlt;
 1495         mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF);
 1496         KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
 1497         *driverp = bp;
 1498 
 1499         mtx_lock(&bpf_mtx);
 1500         LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
 1501         mtx_unlock(&bpf_mtx);
 1502 
 1503         /*
 1504          * Compute the length of the bpf header.  This is not necessarily
 1505          * equal to SIZEOF_BPF_HDR because we want to insert spacing such
 1506          * that the network layer header begins on a longword boundary (for
 1507          * performance reasons and to alleviate alignment restrictions).
 1508          */
 1509         bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
 1510 
 1511         if (bootverbose)
 1512                 if_printf(ifp, "bpf attached\n");
 1513 }
 1514 
 1515 /*
 1516  * Detach bpf from an interface.  This involves detaching each descriptor
 1517  * associated with the interface, and leaving bd_bif NULL.  Notify each
 1518  * descriptor as it's detached so that any sleepers wake up and get
 1519  * ENXIO.
 1520  */
 1521 void
 1522 bpfdetach(struct ifnet *ifp)
 1523 {
 1524         struct bpf_if   *bp;
 1525         struct bpf_d    *d;
 1526 
 1527         /* Locate BPF interface information */
 1528         mtx_lock(&bpf_mtx);
 1529         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1530                 if (ifp == bp->bif_ifp)
 1531                         break;
 1532         }
 1533 
 1534         /* Interface wasn't attached */
 1535         if ((bp == NULL) || (bp->bif_ifp == NULL)) {
 1536                 mtx_unlock(&bpf_mtx);
 1537                 printf("bpfdetach: %s was not attached\n", ifp->if_xname);
 1538                 return;
 1539         }
 1540 
 1541         LIST_REMOVE(bp, bif_next);
 1542         mtx_unlock(&bpf_mtx);
 1543 
 1544         while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
 1545                 bpf_detachd(d);
 1546                 BPFD_LOCK(d);
 1547                 bpf_wakeup(d);
 1548                 BPFD_UNLOCK(d);
 1549         }
 1550 
 1551         mtx_destroy(&bp->bif_mtx);
 1552         free(bp, M_BPF);
 1553 }
 1554 
 1555 /*
 1556  * Get a list of available data link type of the interface.
 1557  */
 1558 static int
 1559 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
 1560 {
 1561         int n, error;
 1562         struct ifnet *ifp;
 1563         struct bpf_if *bp;
 1564 
 1565         ifp = d->bd_bif->bif_ifp;
 1566         n = 0;
 1567         error = 0;
 1568         mtx_lock(&bpf_mtx);
 1569         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1570                 if (bp->bif_ifp != ifp)
 1571                         continue;
 1572                 if (bfl->bfl_list != NULL) {
 1573                         if (n >= bfl->bfl_len) {
 1574                                 mtx_unlock(&bpf_mtx);
 1575                                 return (ENOMEM);
 1576                         }
 1577                         error = copyout(&bp->bif_dlt,
 1578                             bfl->bfl_list + n, sizeof(u_int));
 1579                 }
 1580                 n++;
 1581         }
 1582         mtx_unlock(&bpf_mtx);
 1583         bfl->bfl_len = n;
 1584         return (error);
 1585 }
 1586 
 1587 /*
 1588  * Set the data link type of a BPF instance.
 1589  */
 1590 static int
 1591 bpf_setdlt(struct bpf_d *d, u_int dlt)
 1592 {
 1593         int error, opromisc;
 1594         struct ifnet *ifp;
 1595         struct bpf_if *bp;
 1596 
 1597         if (d->bd_bif->bif_dlt == dlt)
 1598                 return (0);
 1599         ifp = d->bd_bif->bif_ifp;
 1600         mtx_lock(&bpf_mtx);
 1601         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1602                 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
 1603                         break;
 1604         }
 1605         mtx_unlock(&bpf_mtx);
 1606         if (bp != NULL) {
 1607                 opromisc = d->bd_promisc;
 1608                 bpf_detachd(d);
 1609                 bpf_attachd(d, bp);
 1610                 BPFD_LOCK(d);
 1611                 reset_d(d);
 1612                 BPFD_UNLOCK(d);
 1613                 if (opromisc) {
 1614                         error = ifpromisc(bp->bif_ifp, 1);
 1615                         if (error)
 1616                                 if_printf(bp->bif_ifp,
 1617                                         "bpf_setdlt: ifpromisc failed (%d)\n",
 1618                                         error);
 1619                         else
 1620                                 d->bd_promisc = 1;
 1621                 }
 1622         }
 1623         return (bp == NULL ? EINVAL : 0);
 1624 }
 1625 
 1626 static void
 1627 bpf_clone(void *arg, struct ucred *cred, char *name, int namelen,
 1628     struct cdev **dev)
 1629 {
 1630         int u;
 1631 
 1632         if (*dev != NULL)
 1633                 return;
 1634         if (dev_stdclone(name, NULL, "bpf", &u) != 1)
 1635                 return;
 1636         *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600,
 1637             "bpf%d", u);
 1638         dev_ref(*dev);
 1639         (*dev)->si_flags |= SI_CHEAPCLONE;
 1640         return;
 1641 }
 1642 
 1643 static void
 1644 bpf_drvinit(void *unused)
 1645 {
 1646 
 1647         mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
 1648         LIST_INIT(&bpf_iflist);
 1649         EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000);
 1650 }
 1651 
 1652 static void
 1653 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
 1654 {
 1655 
 1656         bzero(d, sizeof(*d));
 1657         BPFD_LOCK_ASSERT(bd);
 1658         d->bd_immediate = bd->bd_immediate;
 1659         d->bd_promisc = bd->bd_promisc;
 1660         d->bd_hdrcmplt = bd->bd_hdrcmplt;
 1661         d->bd_seesent = bd->bd_seesent;
 1662         d->bd_async = bd->bd_async;
 1663         d->bd_rcount = bd->bd_rcount;
 1664         d->bd_dcount = bd->bd_dcount;
 1665         d->bd_fcount = bd->bd_fcount;
 1666         d->bd_sig = bd->bd_sig;
 1667         d->bd_slen = bd->bd_slen;
 1668         d->bd_hlen = bd->bd_hlen;
 1669         d->bd_bufsize = bd->bd_bufsize;
 1670         d->bd_pid = bd->bd_pid;
 1671         strlcpy(d->bd_ifname,
 1672             bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
 1673         strlcpy(d->bd_pcomm, bd->bd_pcomm, MAXCOMLEN);
 1674         d->bd_locked = bd->bd_locked;
 1675 }
 1676 
 1677 static int
 1678 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
 1679 {
 1680         struct xbpf_d *xbdbuf, *xbd;
 1681         int index, error;
 1682         struct bpf_if *bp;
 1683         struct bpf_d *bd;
 1684 
 1685         /*
 1686          * XXX This is not technically correct. It is possible for non
 1687          * privileged users to open bpf devices. It would make sense
 1688          * if the users who opened the devices were able to retrieve
 1689          * the statistics for them, too.
 1690          */
 1691         error = suser(req->td);
 1692         if (error)
 1693                 return (error);
 1694         if (req->oldptr == NULL)
 1695                 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
 1696         if (bpf_bpfd_cnt == 0)
 1697                 return (SYSCTL_OUT(req, 0, 0));
 1698         xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
 1699         mtx_lock(&bpf_mtx);
 1700         if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
 1701                 mtx_unlock(&bpf_mtx);
 1702                 free(xbdbuf, M_BPF);
 1703                 return (ENOMEM);
 1704         }
 1705         index = 0;
 1706         LIST_FOREACH(bp, &bpf_iflist, bif_next) {
 1707                 BPFIF_LOCK(bp);
 1708                 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
 1709                         xbd = &xbdbuf[index++];
 1710                         BPFD_LOCK(bd);
 1711                         bpfstats_fill_xbpf(xbd, bd);
 1712                         BPFD_UNLOCK(bd);
 1713                 }
 1714                 BPFIF_UNLOCK(bp);
 1715         }
 1716         mtx_unlock(&bpf_mtx);
 1717         error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
 1718         free(xbdbuf, M_BPF);
 1719         return (error);
 1720 }
 1721 
 1722 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL)
 1723 
 1724 #else /* !DEV_BPF && !NETGRAPH_BPF */
 1725 /*
 1726  * NOP stubs to allow bpf-using drivers to load and function.
 1727  *
 1728  * A 'better' implementation would allow the core bpf functionality
 1729  * to be loaded at runtime.
 1730  */
 1731 static struct bpf_if bp_null;
 1732 
 1733 void
 1734 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
 1735 {
 1736 }
 1737 
 1738 void
 1739 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
 1740 {
 1741 }
 1742 
 1743 void
 1744 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
 1745 {
 1746 }
 1747 
 1748 void
 1749 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
 1750 {
 1751 
 1752         bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
 1753 }
 1754 
 1755 void
 1756 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
 1757 {
 1758 
 1759         *driverp = &bp_null;
 1760 }
 1761 
 1762 void
 1763 bpfdetach(struct ifnet *ifp)
 1764 {
 1765 }
 1766 
 1767 u_int
 1768 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
 1769 {
 1770         return -1;      /* "no filter" behaviour */
 1771 }
 1772 
 1773 int
 1774 bpf_validate(const struct bpf_insn *f, int len)
 1775 {
 1776         return 0;               /* false */
 1777 }
 1778 
 1779 #endif /* !DEV_BPF && !NETGRAPH_BPF */
 1780 
 1781 /*
 1782  * ABI compatibility hacks.  Older drivers check if_bpf against NULL
 1783  * to see if there are active listeners.  In the new ABI, if_bpf is
 1784  * always non-NULL, so bpf_*tap() are always invoked.  We check for
 1785  * listeners in these wrappers and call the real functions if needed.
 1786  */
 1787 #undef bpf_tap
 1788 #undef bpf_mtap
 1789 #undef bpf_mtap2
 1790 
 1791 void     bpf_tap(struct bpf_if *, u_char *, u_int);
 1792 void     bpf_mtap(struct bpf_if *, struct mbuf *);
 1793 void     bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *);
 1794 
 1795 void
 1796 bpf_tap(bp, pkt, pktlen)
 1797         struct bpf_if *bp;
 1798         u_char *pkt;
 1799         u_int pktlen;
 1800 {
 1801 
 1802         if (bpf_peers_present(bp))
 1803                 bpf_tap_new(bp, pkt, pktlen);
 1804 }
 1805 
 1806 void
 1807 bpf_mtap(bp, m)
 1808         struct bpf_if *bp;
 1809         struct mbuf *m;
 1810 {
 1811 
 1812         if (bpf_peers_present(bp))
 1813                 bpf_mtap_new(bp, m);
 1814 }
 1815 
 1816 void
 1817 bpf_mtap2(bp, d, l, m)
 1818         struct bpf_if *bp;
 1819         void *d;
 1820         u_int l;
 1821         struct mbuf *m;
 1822 {
 1823 
 1824         if (bpf_peers_present(bp))
 1825                 bpf_mtap2_new(bp, d, l, m);
 1826 }

Cache object: fd8b330d784d2e16a4a3d243d1c5c582


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.