Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netgraph/ng_bpf.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 2 /* 3 * ng_bpf.c 4 * 5 * Copyright (c) 1999 Whistle Communications, Inc. 6 * All rights reserved. 7 * 8 * Subject to the following obligations and disclaimer of warranty, use and 9 * redistribution of this software, in source or object code forms, with or 10 * without modifications are expressly permitted by Whistle Communications; 11 * provided, however, that: 12 * 1. Any and all reproductions of the source or object code must include the 13 * copyright notice above and the following disclaimer of warranties; and 14 * 2. No rights are granted, in any manner or form, to use Whistle 15 * Communications, Inc. trademarks, including the mark "WHISTLE 16 * COMMUNICATIONS" on advertising, endorsements, or otherwise except as 17 * such appears in the above copyright notice or in the software. 18 * 19 * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND 20 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO 21 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE, 22 * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF 23 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. 24 * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANBPF, OR MAKE ANY 25 * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS 26 * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. 27 * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES 28 * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING 29 * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 30 * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR 31 * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY 35 * OF SUCH DAMAGE. 36 * 37 * Author: Archie Cobbs <archie@freebsd.org> 38 * 39 * $FreeBSD$ 40 * $Whistle: ng_bpf.c,v 1.3 1999/12/03 20:30:23 archie Exp $ 41 */ 42 43 /* 44 * BPF NETGRAPH NODE TYPE 45 * 46 * This node type accepts any number of hook connections. With each hook 47 * is associated a bpf(4) filter program, and two hook names (each possibly 48 * the empty string). Incoming packets are compared against the filter; 49 * matching packets are delivered out the first named hook (or dropped if 50 * the empty string), and non-matching packets are delivered out the second 51 * named hook (or dropped if the empty string). 52 * 53 * Each hook also keeps statistics about how many packets have matched, etc. 54 */ 55 56 #include <sys/param.h> 57 #include <sys/systm.h> 58 #include <sys/errno.h> 59 #include <sys/kernel.h> 60 #include <sys/malloc.h> 61 #include <sys/mbuf.h> 62 63 #include <net/bpf.h> 64 65 #include <netgraph/ng_message.h> 66 #include <netgraph/netgraph.h> 67 #include <netgraph/ng_parse.h> 68 #include <netgraph/ng_bpf.h> 69 70 #define OFFSETOF(s, e) ((char *)&((s *)0)->e - (char *)((s *)0)) 71 72 #define ERROUT(x) do { error = (x); goto done; } while (0) 73 74 /* Per hook private info */ 75 struct ng_bpf_hookinfo { 76 node_p node; 77 hook_p hook; 78 struct ng_bpf_hookprog *prog; 79 struct ng_bpf_hookstat stats; 80 }; 81 typedef struct ng_bpf_hookinfo *hinfo_p; 82 83 /* Netgraph methods */ 84 static ng_constructor_t ng_bpf_constructor; 85 static ng_rcvmsg_t ng_bpf_rcvmsg; 86 static ng_shutdown_t ng_bpf_rmnode; 87 static ng_newhook_t ng_bpf_newhook; 88 static ng_rcvdata_t ng_bpf_rcvdata; 89 static ng_disconnect_t ng_bpf_disconnect; 90 91 /* Internal helper functions */ 92 static int ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp); 93 94 /* Parse type for one struct bfp_insn */ 95 static const struct ng_parse_struct_info ng_bpf_insn_type_info = { 96 { 97 { "code", &ng_parse_int16_type }, 98 { "jt", &ng_parse_int8_type }, 99 { "jf", &ng_parse_int8_type }, 100 { "k", &ng_parse_int32_type }, 101 { NULL } 102 } 103 }; 104 static const struct ng_parse_type ng_bpf_insn_type = { 105 &ng_parse_struct_type, 106 &ng_bpf_insn_type_info 107 }; 108 109 /* Parse type for the field 'bpf_prog' in struct ng_bpf_hookprog */ 110 static int 111 ng_bpf_hookprogary_getLength(const struct ng_parse_type *type, 112 const u_char *start, const u_char *buf) 113 { 114 const struct ng_bpf_hookprog *hp; 115 116 hp = (const struct ng_bpf_hookprog *) 117 (buf - OFFSETOF(struct ng_bpf_hookprog, bpf_prog)); 118 return hp->bpf_prog_len; 119 } 120 121 static const struct ng_parse_array_info ng_bpf_hookprogary_info = { 122 &ng_bpf_insn_type, 123 &ng_bpf_hookprogary_getLength, 124 NULL 125 }; 126 static const struct ng_parse_type ng_bpf_hookprogary_type = { 127 &ng_parse_array_type, 128 &ng_bpf_hookprogary_info 129 }; 130 131 /* Parse type for struct ng_bpf_hookprog */ 132 static const struct ng_parse_struct_info ng_bpf_hookprog_type_info 133 = NG_BPF_HOOKPROG_TYPE_INFO(&ng_bpf_hookprogary_type); 134 static const struct ng_parse_type ng_bpf_hookprog_type = { 135 &ng_parse_struct_type, 136 &ng_bpf_hookprog_type_info 137 }; 138 139 /* Parse type for struct ng_bpf_hookstat */ 140 static const struct ng_parse_struct_info 141 ng_bpf_hookstat_type_info = NG_BPF_HOOKSTAT_TYPE_INFO; 142 static const struct ng_parse_type ng_bpf_hookstat_type = { 143 &ng_parse_struct_type, 144 &ng_bpf_hookstat_type_info 145 }; 146 147 /* List of commands and how to convert arguments to/from ASCII */ 148 static const struct ng_cmdlist ng_bpf_cmdlist[] = { 149 { 150 NGM_BPF_COOKIE, 151 NGM_BPF_SET_PROGRAM, 152 "setprogram", 153 &ng_bpf_hookprog_type, 154 NULL 155 }, 156 { 157 NGM_BPF_COOKIE, 158 NGM_BPF_GET_PROGRAM, 159 "getprogram", 160 &ng_parse_hookbuf_type, 161 &ng_bpf_hookprog_type 162 }, 163 { 164 NGM_BPF_COOKIE, 165 NGM_BPF_GET_STATS, 166 "getstats", 167 &ng_parse_hookbuf_type, 168 &ng_bpf_hookstat_type 169 }, 170 { 171 NGM_BPF_COOKIE, 172 NGM_BPF_CLR_STATS, 173 "clrstats", 174 &ng_parse_hookbuf_type, 175 NULL 176 }, 177 { 178 NGM_BPF_COOKIE, 179 NGM_BPF_GETCLR_STATS, 180 "getclrstats", 181 &ng_parse_hookbuf_type, 182 &ng_bpf_hookstat_type 183 }, 184 { 0 } 185 }; 186 187 /* Netgraph type descriptor */ 188 static struct ng_type typestruct = { 189 NG_VERSION, 190 NG_BPF_NODE_TYPE, 191 NULL, 192 ng_bpf_constructor, 193 ng_bpf_rcvmsg, 194 ng_bpf_rmnode, 195 ng_bpf_newhook, 196 NULL, 197 NULL, 198 ng_bpf_rcvdata, 199 ng_bpf_rcvdata, 200 ng_bpf_disconnect, 201 ng_bpf_cmdlist 202 }; 203 NETGRAPH_INIT(bpf, &typestruct); 204 205 /* Default BPF program for a hook that matches nothing */ 206 static const struct ng_bpf_hookprog ng_bpf_default_prog = { 207 { '\0' }, /* to be filled in at hook creation time */ 208 { '\0' }, 209 { '\0' }, 210 1, 211 { BPF_STMT(BPF_RET+BPF_K, 0) } 212 }; 213 214 /* 215 * Node constructor 216 * 217 * We don't keep any per-node private data 218 */ 219 static int 220 ng_bpf_constructor(node_p *nodep) 221 { 222 int error = 0; 223 224 if ((error = ng_make_node_common(&typestruct, nodep))) 225 return (error); 226 (*nodep)->private = NULL; 227 return (0); 228 } 229 230 /* 231 * Add a hook 232 */ 233 static int 234 ng_bpf_newhook(node_p node, hook_p hook, const char *name) 235 { 236 hinfo_p hip; 237 int error; 238 239 /* Create hook private structure */ 240 MALLOC(hip, hinfo_p, sizeof(*hip), M_NETGRAPH, M_WAITOK); 241 if (hip == NULL) 242 return (ENOMEM); 243 bzero(hip, sizeof(*hip)); 244 hip->hook = hook; 245 hook->private = hip; 246 hip->node = node; 247 248 /* Attach the default BPF program */ 249 if ((error = ng_bpf_setprog(hook, &ng_bpf_default_prog)) != 0) { 250 FREE(hip, M_NETGRAPH); 251 hook->private = NULL; 252 return (error); 253 } 254 255 /* Set hook name */ 256 strncpy(hip->prog->thisHook, name, sizeof(hip->prog->thisHook) - 1); 257 hip->prog->thisHook[sizeof(hip->prog->thisHook) - 1] = '\0'; 258 return (0); 259 } 260 261 /* 262 * Receive a control message 263 */ 264 static int 265 ng_bpf_rcvmsg(node_p node, struct ng_mesg *msg, const char *retaddr, 266 struct ng_mesg **rptr) 267 { 268 struct ng_mesg *resp = NULL; 269 int error = 0; 270 271 switch (msg->header.typecookie) { 272 case NGM_BPF_COOKIE: 273 switch (msg->header.cmd) { 274 case NGM_BPF_SET_PROGRAM: 275 { 276 struct ng_bpf_hookprog *const 277 hp = (struct ng_bpf_hookprog *)msg->data; 278 hook_p hook; 279 280 /* Sanity check */ 281 if (msg->header.arglen < sizeof(*hp) 282 || msg->header.arglen 283 != NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) 284 ERROUT(EINVAL); 285 286 /* Find hook */ 287 if ((hook = ng_findhook(node, hp->thisHook)) == NULL) 288 ERROUT(ENOENT); 289 290 /* Set new program */ 291 if ((error = ng_bpf_setprog(hook, hp)) != 0) 292 ERROUT(error); 293 break; 294 } 295 296 case NGM_BPF_GET_PROGRAM: 297 { 298 struct ng_bpf_hookprog *hp; 299 hook_p hook; 300 301 /* Sanity check */ 302 if (msg->header.arglen == 0) 303 ERROUT(EINVAL); 304 msg->data[msg->header.arglen - 1] = '\0'; 305 306 /* Find hook */ 307 if ((hook = ng_findhook(node, msg->data)) == NULL) 308 ERROUT(ENOENT); 309 310 /* Build response */ 311 hp = ((hinfo_p)hook->private)->prog; 312 NG_MKRESPONSE(resp, msg, 313 NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len), M_NOWAIT); 314 if (resp == NULL) 315 ERROUT(ENOMEM); 316 bcopy(hp, resp->data, 317 NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)); 318 break; 319 } 320 321 case NGM_BPF_GET_STATS: 322 case NGM_BPF_CLR_STATS: 323 case NGM_BPF_GETCLR_STATS: 324 { 325 struct ng_bpf_hookstat *stats; 326 hook_p hook; 327 328 /* Sanity check */ 329 if (msg->header.arglen == 0) 330 ERROUT(EINVAL); 331 msg->data[msg->header.arglen - 1] = '\0'; 332 333 /* Find hook */ 334 if ((hook = ng_findhook(node, msg->data)) == NULL) 335 ERROUT(ENOENT); 336 stats = &((hinfo_p)hook->private)->stats; 337 338 /* Build response (if desired) */ 339 if (msg->header.cmd != NGM_BPF_CLR_STATS) { 340 NG_MKRESPONSE(resp, 341 msg, sizeof(*stats), M_NOWAIT); 342 if (resp == NULL) 343 ERROUT(ENOMEM); 344 bcopy(stats, resp->data, sizeof(*stats)); 345 } 346 347 /* Clear stats (if desired) */ 348 if (msg->header.cmd != NGM_BPF_GET_STATS) 349 bzero(stats, sizeof(*stats)); 350 break; 351 } 352 353 default: 354 error = EINVAL; 355 break; 356 } 357 break; 358 default: 359 error = EINVAL; 360 break; 361 } 362 if (rptr) 363 *rptr = resp; 364 else if (resp) 365 FREE(resp, M_NETGRAPH); 366 367 done: 368 FREE(msg, M_NETGRAPH); 369 return (error); 370 } 371 372 /* 373 * Receive data on a hook 374 * 375 * Apply the filter, and then drop or forward packet as appropriate. 376 */ 377 static int 378 ng_bpf_rcvdata(hook_p hook, struct mbuf *m, meta_p meta) 379 { 380 const hinfo_p hip = hook->private; 381 int totlen = m->m_pkthdr.len; 382 int needfree = 0, error = 0; 383 u_char *data, buf[256]; 384 hinfo_p dhip; 385 hook_p dest; 386 u_int len; 387 388 /* Update stats on incoming hook */ 389 hip->stats.recvFrames++; 390 hip->stats.recvOctets += totlen; 391 392 /* Need to put packet in contiguous memory for bpf */ 393 if (m->m_next != NULL) { 394 if (totlen > sizeof(buf)) { 395 MALLOC(data, u_char *, totlen, M_NETGRAPH, M_NOWAIT); 396 if (data == NULL) { 397 NG_FREE_DATA(m, meta); 398 return (ENOMEM); 399 } 400 needfree = 1; 401 } else 402 data = buf; 403 m_copydata(m, 0, totlen, (caddr_t)data); 404 } else 405 data = mtod(m, u_char *); 406 407 /* Run packet through filter */ 408 len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen); 409 if (needfree) 410 FREE(data, M_NETGRAPH); 411 412 /* See if we got a match and find destination hook */ 413 if (len > 0) { 414 415 /* Update stats */ 416 hip->stats.recvMatchFrames++; 417 hip->stats.recvMatchOctets += totlen; 418 419 /* Truncate packet length if required by the filter */ 420 if (len < totlen) { 421 m_adj(m, -(totlen - len)); 422 totlen -= len; 423 } 424 dest = ng_findhook(hip->node, hip->prog->ifMatch); 425 } else 426 dest = ng_findhook(hip->node, hip->prog->ifNotMatch); 427 if (dest == NULL) { 428 NG_FREE_DATA(m, meta); 429 return (0); 430 } 431 432 /* Deliver frame out destination hook */ 433 dhip = (hinfo_p)dest->private; 434 dhip->stats.xmitOctets += totlen; 435 dhip->stats.xmitFrames++; 436 NG_SEND_DATA(error, dest, m, meta); 437 return (error); 438 } 439 440 /* 441 * Shutdown processing 442 */ 443 static int 444 ng_bpf_rmnode(node_p node) 445 { 446 node->flags |= NG_INVALID; 447 ng_cutlinks(node); 448 ng_unname(node); 449 ng_unref(node); 450 return (0); 451 } 452 453 /* 454 * Hook disconnection 455 */ 456 static int 457 ng_bpf_disconnect(hook_p hook) 458 { 459 const hinfo_p hip = hook->private; 460 461 KASSERT(hip != NULL, ("%s: null info", __FUNCTION__)); 462 FREE(hip->prog, M_NETGRAPH); 463 bzero(hip, sizeof(*hip)); 464 FREE(hip, M_NETGRAPH); 465 hook->private = NULL; /* for good measure */ 466 if (hook->node->numhooks == 0) 467 ng_rmnode(hook->node); 468 return (0); 469 } 470 471 /************************************************************************ 472 HELPER STUFF 473 ************************************************************************/ 474 475 /* 476 * Set the BPF program associated with a hook 477 */ 478 static int 479 ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp0) 480 { 481 const hinfo_p hip = hook->private; 482 struct ng_bpf_hookprog *hp; 483 int size; 484 485 /* Check program for validity */ 486 if (!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len)) 487 return (EINVAL); 488 489 /* Make a copy of the program */ 490 size = NG_BPF_HOOKPROG_SIZE(hp0->bpf_prog_len); 491 MALLOC(hp, struct ng_bpf_hookprog *, size, M_NETGRAPH, M_WAITOK); 492 if (hp == NULL) 493 return (ENOMEM); 494 bcopy(hp0, hp, size); 495 496 /* Free previous program, if any, and assign new one */ 497 if (hip->prog != NULL) 498 FREE(hip->prog, M_NETGRAPH); 499 hip->prog = hp; 500 return (0); 501 } 502
Cache object: 5228d6ebb1abd7150b0ab313cdcc4f6d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]