The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netgraph/ng_bpf.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 
    2 /*
    3  * ng_bpf.c
    4  *
    5  * Copyright (c) 1999 Whistle Communications, Inc.
    6  * All rights reserved.
    7  * 
    8  * Subject to the following obligations and disclaimer of warranty, use and
    9  * redistribution of this software, in source or object code forms, with or
   10  * without modifications are expressly permitted by Whistle Communications;
   11  * provided, however, that:
   12  * 1. Any and all reproductions of the source or object code must include the
   13  *    copyright notice above and the following disclaimer of warranties; and
   14  * 2. No rights are granted, in any manner or form, to use Whistle
   15  *    Communications, Inc. trademarks, including the mark "WHISTLE
   16  *    COMMUNICATIONS" on advertising, endorsements, or otherwise except as
   17  *    such appears in the above copyright notice or in the software.
   18  * 
   19  * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
   20  * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
   21  * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
   22  * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
   23  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
   24  * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
   25  * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
   26  * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
   27  * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
   28  * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
   29  * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
   30  * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
   31  * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
   32  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   33  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   34  * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
   35  * OF SUCH DAMAGE.
   36  *
   37  * Author: Archie Cobbs <archie@freebsd.org>
   38  *
   39  * $FreeBSD: releng/5.2/sys/netgraph/ng_bpf.c 97685 2002-05-31 23:48:03Z archie $
   40  * $Whistle: ng_bpf.c,v 1.3 1999/12/03 20:30:23 archie Exp $
   41  */
   42 
   43 /*
   44  * BPF NETGRAPH NODE TYPE
   45  *
   46  * This node type accepts any number of hook connections.  With each hook
   47  * is associated a bpf(4) filter program, and two hook names (each possibly
   48  * the empty string).  Incoming packets are compared against the filter;
   49  * matching packets are delivered out the first named hook (or dropped if
   50  * the empty string), and non-matching packets are delivered out the second
   51  * named hook (or dropped if the empty string).
   52  *
   53  * Each hook also keeps statistics about how many packets have matched, etc.
   54  */
   55 
   56 #include <sys/param.h>
   57 #include <sys/systm.h>
   58 #include <sys/errno.h>
   59 #include <sys/kernel.h>
   60 #include <sys/malloc.h>
   61 #include <sys/mbuf.h>
   62 
   63 #include <net/bpf.h>
   64 
   65 #include <netgraph/ng_message.h>
   66 #include <netgraph/netgraph.h>
   67 #include <netgraph/ng_parse.h>
   68 #include <netgraph/ng_bpf.h>
   69 
   70 #ifdef NG_SEPARATE_MALLOC
   71 MALLOC_DEFINE(M_NETGRAPH_BPF, "netgraph_bpf", "netgraph bpf node ");
   72 #else
   73 #define M_NETGRAPH_BPF M_NETGRAPH
   74 #endif
   75 
   76 #define OFFSETOF(s, e) ((char *)&((s *)0)->e - (char *)((s *)0))
   77 
   78 #define ERROUT(x)       do { error = (x); goto done; } while (0)
   79 
   80 /* Per hook private info */
   81 struct ng_bpf_hookinfo {
   82         node_p                  node;
   83         hook_p                  hook;
   84         struct ng_bpf_hookprog  *prog;
   85         struct ng_bpf_hookstat  stats;
   86 };
   87 typedef struct ng_bpf_hookinfo *hinfo_p;
   88 
   89 /* Netgraph methods */
   90 static ng_constructor_t ng_bpf_constructor;
   91 static ng_rcvmsg_t      ng_bpf_rcvmsg;
   92 static ng_shutdown_t    ng_bpf_shutdown;
   93 static ng_newhook_t     ng_bpf_newhook;
   94 static ng_rcvdata_t     ng_bpf_rcvdata;
   95 static ng_disconnect_t  ng_bpf_disconnect;
   96 
   97 /* Internal helper functions */
   98 static int      ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp);
   99 
  100 /* Parse type for one struct bfp_insn */
  101 static const struct ng_parse_struct_field ng_bpf_insn_type_fields[] = {
  102         { "code",       &ng_parse_hint16_type   },
  103         { "jt",         &ng_parse_uint8_type    },
  104         { "jf",         &ng_parse_uint8_type    },
  105         { "k",          &ng_parse_uint32_type   },
  106         { NULL }
  107 };
  108 static const struct ng_parse_type ng_bpf_insn_type = {
  109         &ng_parse_struct_type,
  110         &ng_bpf_insn_type_fields
  111 };
  112 
  113 /* Parse type for the field 'bpf_prog' in struct ng_bpf_hookprog */
  114 static int
  115 ng_bpf_hookprogary_getLength(const struct ng_parse_type *type,
  116         const u_char *start, const u_char *buf)
  117 {
  118         const struct ng_bpf_hookprog *hp;
  119 
  120         hp = (const struct ng_bpf_hookprog *)
  121             (buf - OFFSETOF(struct ng_bpf_hookprog, bpf_prog));
  122         return hp->bpf_prog_len;
  123 }
  124 
  125 static const struct ng_parse_array_info ng_bpf_hookprogary_info = {
  126         &ng_bpf_insn_type,
  127         &ng_bpf_hookprogary_getLength,
  128         NULL
  129 };
  130 static const struct ng_parse_type ng_bpf_hookprogary_type = {
  131         &ng_parse_array_type,
  132         &ng_bpf_hookprogary_info
  133 };
  134 
  135 /* Parse type for struct ng_bpf_hookprog */
  136 static const struct ng_parse_struct_field ng_bpf_hookprog_type_fields[]
  137         = NG_BPF_HOOKPROG_TYPE_INFO(&ng_bpf_hookprogary_type);
  138 static const struct ng_parse_type ng_bpf_hookprog_type = {
  139         &ng_parse_struct_type,
  140         &ng_bpf_hookprog_type_fields
  141 };
  142 
  143 /* Parse type for struct ng_bpf_hookstat */
  144 static const struct ng_parse_struct_field ng_bpf_hookstat_type_fields[]
  145         = NG_BPF_HOOKSTAT_TYPE_INFO;
  146 static const struct ng_parse_type ng_bpf_hookstat_type = {
  147         &ng_parse_struct_type,
  148         &ng_bpf_hookstat_type_fields
  149 };
  150 
  151 /* List of commands and how to convert arguments to/from ASCII */
  152 static const struct ng_cmdlist ng_bpf_cmdlist[] = {
  153         {
  154           NGM_BPF_COOKIE,
  155           NGM_BPF_SET_PROGRAM,
  156           "setprogram",
  157           &ng_bpf_hookprog_type,
  158           NULL
  159         },
  160         {
  161           NGM_BPF_COOKIE,
  162           NGM_BPF_GET_PROGRAM,
  163           "getprogram",
  164           &ng_parse_hookbuf_type,
  165           &ng_bpf_hookprog_type
  166         },
  167         {
  168           NGM_BPF_COOKIE,
  169           NGM_BPF_GET_STATS,
  170           "getstats",
  171           &ng_parse_hookbuf_type,
  172           &ng_bpf_hookstat_type
  173         },
  174         {
  175           NGM_BPF_COOKIE,
  176           NGM_BPF_CLR_STATS,
  177           "clrstats",
  178           &ng_parse_hookbuf_type,
  179           NULL
  180         },
  181         {
  182           NGM_BPF_COOKIE,
  183           NGM_BPF_GETCLR_STATS,
  184           "getclrstats",
  185           &ng_parse_hookbuf_type,
  186           &ng_bpf_hookstat_type
  187         },
  188         { 0 }
  189 };
  190 
  191 /* Netgraph type descriptor */
  192 static struct ng_type typestruct = {
  193         NG_ABI_VERSION,
  194         NG_BPF_NODE_TYPE,
  195         NULL,
  196         ng_bpf_constructor,
  197         ng_bpf_rcvmsg,
  198         ng_bpf_shutdown,
  199         ng_bpf_newhook,
  200         NULL,
  201         NULL,
  202         ng_bpf_rcvdata,
  203         ng_bpf_disconnect,
  204         ng_bpf_cmdlist
  205 };
  206 NETGRAPH_INIT(bpf, &typestruct);
  207 
  208 /* Default BPF program for a hook that matches nothing */
  209 static const struct ng_bpf_hookprog ng_bpf_default_prog = {
  210         { '\0' },               /* to be filled in at hook creation time */
  211         { '\0' },
  212         { '\0' },
  213         1,
  214         { BPF_STMT(BPF_RET+BPF_K, 0) }
  215 };
  216 
  217 /*
  218  * Node constructor
  219  *
  220  * We don't keep any per-node private data
  221  * We go via the hooks.
  222  */
  223 static int
  224 ng_bpf_constructor(node_p node)
  225 {
  226         NG_NODE_SET_PRIVATE(node, NULL);
  227         return (0);
  228 }
  229 
  230 /*
  231  * Add a hook
  232  */
  233 static int
  234 ng_bpf_newhook(node_p node, hook_p hook, const char *name)
  235 {
  236         hinfo_p hip;
  237         int error;
  238 
  239         /* Create hook private structure */
  240         MALLOC(hip, hinfo_p, sizeof(*hip), M_NETGRAPH_BPF, M_NOWAIT | M_ZERO);
  241         if (hip == NULL)
  242                 return (ENOMEM);
  243         hip->hook = hook;
  244         NG_HOOK_SET_PRIVATE(hook, hip);
  245         hip->node = node;
  246 
  247         /* Attach the default BPF program */
  248         if ((error = ng_bpf_setprog(hook, &ng_bpf_default_prog)) != 0) {
  249                 FREE(hip, M_NETGRAPH_BPF);
  250                 NG_HOOK_SET_PRIVATE(hook, NULL);
  251                 return (error);
  252         }
  253 
  254         /* Set hook name */
  255         strncpy(hip->prog->thisHook, name, sizeof(hip->prog->thisHook) - 1);
  256         hip->prog->thisHook[sizeof(hip->prog->thisHook) - 1] = '\0';
  257         return (0);
  258 }
  259 
  260 /*
  261  * Receive a control message
  262  */
  263 static int
  264 ng_bpf_rcvmsg(node_p node, item_p item, hook_p lasthook)
  265 {
  266         struct ng_mesg *msg;
  267         struct ng_mesg *resp = NULL;
  268         int error = 0;
  269 
  270         NGI_GET_MSG(item, msg);
  271         switch (msg->header.typecookie) {
  272         case NGM_BPF_COOKIE:
  273                 switch (msg->header.cmd) {
  274                 case NGM_BPF_SET_PROGRAM:
  275                     {
  276                         struct ng_bpf_hookprog *const
  277                             hp = (struct ng_bpf_hookprog *)msg->data;
  278                         hook_p hook;
  279 
  280                         /* Sanity check */
  281                         if (msg->header.arglen < sizeof(*hp)
  282                             || msg->header.arglen
  283                               != NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len))
  284                                 ERROUT(EINVAL);
  285 
  286                         /* Find hook */
  287                         if ((hook = ng_findhook(node, hp->thisHook)) == NULL)
  288                                 ERROUT(ENOENT);
  289 
  290                         /* Set new program */
  291                         if ((error = ng_bpf_setprog(hook, hp)) != 0)
  292                                 ERROUT(error);
  293                         break;
  294                     }
  295 
  296                 case NGM_BPF_GET_PROGRAM:
  297                     {
  298                         struct ng_bpf_hookprog *hp;
  299                         hook_p hook;
  300 
  301                         /* Sanity check */
  302                         if (msg->header.arglen == 0)
  303                                 ERROUT(EINVAL);
  304                         msg->data[msg->header.arglen - 1] = '\0';
  305 
  306                         /* Find hook */
  307                         if ((hook = ng_findhook(node, msg->data)) == NULL)
  308                                 ERROUT(ENOENT);
  309 
  310                         /* Build response */
  311                         hp = ((hinfo_p)NG_HOOK_PRIVATE(hook))->prog;
  312                         NG_MKRESPONSE(resp, msg,
  313                             NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len), M_NOWAIT);
  314                         if (resp == NULL)
  315                                 ERROUT(ENOMEM);
  316                         bcopy(hp, resp->data,
  317                            NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len));
  318                         break;
  319                     }
  320 
  321                 case NGM_BPF_GET_STATS:
  322                 case NGM_BPF_CLR_STATS:
  323                 case NGM_BPF_GETCLR_STATS:
  324                     {
  325                         struct ng_bpf_hookstat *stats;
  326                         hook_p hook;
  327 
  328                         /* Sanity check */
  329                         if (msg->header.arglen == 0)
  330                                 ERROUT(EINVAL);
  331                         msg->data[msg->header.arglen - 1] = '\0';
  332 
  333                         /* Find hook */
  334                         if ((hook = ng_findhook(node, msg->data)) == NULL)
  335                                 ERROUT(ENOENT);
  336                         stats = &((hinfo_p)NG_HOOK_PRIVATE(hook))->stats;
  337 
  338                         /* Build response (if desired) */
  339                         if (msg->header.cmd != NGM_BPF_CLR_STATS) {
  340                                 NG_MKRESPONSE(resp,
  341                                     msg, sizeof(*stats), M_NOWAIT);
  342                                 if (resp == NULL)
  343                                         ERROUT(ENOMEM);
  344                                 bcopy(stats, resp->data, sizeof(*stats));
  345                         }
  346 
  347                         /* Clear stats (if desired) */
  348                         if (msg->header.cmd != NGM_BPF_GET_STATS)
  349                                 bzero(stats, sizeof(*stats));
  350                         break;
  351                     }
  352 
  353                 default:
  354                         error = EINVAL;
  355                         break;
  356                 }
  357                 break;
  358         default:
  359                 error = EINVAL;
  360                 break;
  361         }
  362 done:
  363         NG_RESPOND_MSG(error, node, item, resp);
  364         NG_FREE_MSG(msg);
  365         return (error);
  366 }
  367 
  368 /*
  369  * Receive data on a hook
  370  *
  371  * Apply the filter, and then drop or forward packet as appropriate.
  372  */
  373 static int
  374 ng_bpf_rcvdata(hook_p hook, item_p item)
  375 {
  376         const hinfo_p hip = NG_HOOK_PRIVATE(hook);
  377         int totlen;
  378         int needfree = 0, error = 0;
  379         u_char *data, buf[256];
  380         hinfo_p dhip;
  381         hook_p dest;
  382         u_int len;
  383         struct mbuf *m;
  384 
  385         m = NGI_M(item);        /* 'item' still owns it.. we are peeking */ 
  386         totlen = m->m_pkthdr.len;
  387         /* Update stats on incoming hook. XXX Can we do 64 bits atomically? */
  388         /* atomic_add_int64(&hip->stats.recvFrames, 1); */
  389         /* atomic_add_int64(&hip->stats.recvOctets, totlen); */
  390         hip->stats.recvFrames++; 
  391         hip->stats.recvOctets += totlen;
  392 
  393         /* Need to put packet in contiguous memory for bpf */
  394         if (m->m_next != NULL) {
  395                 if (totlen > sizeof(buf)) {
  396                         MALLOC(data, u_char *, totlen, M_NETGRAPH_BPF, M_NOWAIT);
  397                         if (data == NULL) {
  398                                 NG_FREE_ITEM(item);
  399                                 return (ENOMEM);
  400                         }
  401                         needfree = 1;
  402                 } else
  403                         data = buf;
  404                 m_copydata(m, 0, totlen, (caddr_t)data);
  405         } else
  406                 data = mtod(m, u_char *);
  407 
  408         /* Run packet through filter */
  409         len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
  410         if (needfree)
  411                 FREE(data, M_NETGRAPH_BPF);
  412 
  413         /* See if we got a match and find destination hook */
  414         if (len > 0) {
  415 
  416                 /* Update stats */
  417                 /* XXX atomically? */
  418                 hip->stats.recvMatchFrames++;
  419                 hip->stats.recvMatchOctets += totlen;
  420 
  421                 /* Truncate packet length if required by the filter */
  422                 /* Assume this never changes m */
  423                 if (len < totlen) {
  424                         m_adj(m, -(totlen - len));
  425                         totlen -= len;
  426                 }
  427                 dest = ng_findhook(hip->node, hip->prog->ifMatch);
  428         } else
  429                 dest = ng_findhook(hip->node, hip->prog->ifNotMatch);
  430         if (dest == NULL) {
  431                 NG_FREE_ITEM(item);
  432                 return (0);
  433         }
  434 
  435         /* Deliver frame out destination hook */
  436         dhip = NG_HOOK_PRIVATE(dest);
  437         dhip->stats.xmitOctets += totlen;
  438         dhip->stats.xmitFrames++;
  439         NG_FWD_ITEM_HOOK(error, item, dest);
  440         return (error);
  441 }
  442 
  443 /*
  444  * Shutdown processing
  445  */
  446 static int
  447 ng_bpf_shutdown(node_p node)
  448 {
  449         NG_NODE_UNREF(node);
  450         return (0);
  451 }
  452 
  453 /*
  454  * Hook disconnection
  455  */
  456 static int
  457 ng_bpf_disconnect(hook_p hook)
  458 {
  459         const hinfo_p hip = NG_HOOK_PRIVATE(hook);
  460 
  461         KASSERT(hip != NULL, ("%s: null info", __func__));
  462         FREE(hip->prog, M_NETGRAPH_BPF);
  463         bzero(hip, sizeof(*hip));
  464         FREE(hip, M_NETGRAPH_BPF);
  465         NG_HOOK_SET_PRIVATE(hook, NULL);                        /* for good measure */
  466         if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0)
  467         && (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))) {
  468                 ng_rmnode_self(NG_HOOK_NODE(hook));
  469         }
  470         return (0);
  471 }
  472 
  473 /************************************************************************
  474                         HELPER STUFF
  475  ************************************************************************/
  476 
  477 /*
  478  * Set the BPF program associated with a hook
  479  */
  480 static int
  481 ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp0)
  482 {
  483         const hinfo_p hip = NG_HOOK_PRIVATE(hook);
  484         struct ng_bpf_hookprog *hp;
  485         int size;
  486 
  487         /* Check program for validity */
  488         if (!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len))
  489                 return (EINVAL);
  490 
  491         /* Make a copy of the program */
  492         size = NG_BPF_HOOKPROG_SIZE(hp0->bpf_prog_len);
  493         MALLOC(hp, struct ng_bpf_hookprog *, size, M_NETGRAPH_BPF, M_NOWAIT);
  494         if (hp == NULL)
  495                 return (ENOMEM);
  496         bcopy(hp0, hp, size);
  497 
  498         /* Free previous program, if any, and assign new one */
  499         if (hip->prog != NULL)
  500                 FREE(hip->prog, M_NETGRAPH_BPF);
  501         hip->prog = hp;
  502         return (0);
  503 }
  504 

Cache object: 31d092fe0402ab91df9a50761123d182


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.