2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1990, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * Copyright (c) 2019 Andrey V. Elsukov <ae@FreeBSD.org>
8 * This code is derived from the Stanford/CMU enet packet filter,
9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
11 * Berkeley Laboratory.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * @(#)bpf.c 8.4 (Berkeley) 1/9/95
40 #include <sys/cdefs.h>
41 __FBSDID("$FreeBSD$");
45 #include "opt_netgraph.h"
47 #include <sys/param.h>
49 #include <sys/eventhandler.h>
50 #include <sys/fcntl.h>
54 #include <sys/malloc.h>
56 #include <sys/mutex.h>
60 #include <sys/signalvar.h>
61 #include <sys/filio.h>
62 #include <sys/sockio.h>
63 #include <sys/ttycom.h>
65 #include <sys/sysent.h>
66 #include <sys/systm.h>
68 #include <sys/event.h>
73 #include <sys/socket.h>
80 #include <net/if_var.h>
81 #include <net/if_private.h>
82 #include <net/if_vlan_var.h>
83 #include <net/if_dl.h>
85 #include <net/bpf_buffer.h>
87 #include <net/bpf_jitter.h>
89 #include <net/bpf_zerocopy.h>
90 #include <net/bpfdesc.h>
91 #include <net/route.h>
94 #include <netinet/in.h>
95 #include <netinet/if_ether.h>
96 #include <sys/kernel.h>
97 #include <sys/sysctl.h>
99 #include <net80211/ieee80211_freebsd.h>
101 #include <security/mac/mac_framework.h>
103 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
105 static struct bpf_if_ext dead_bpf_if = {
106 .bif_dlist = CK_LIST_HEAD_INITIALIZER()
110 #define bif_next bif_ext.bif_next
111 #define bif_dlist bif_ext.bif_dlist
112 struct bpf_if_ext bif_ext; /* public members */
113 u_int bif_dlt; /* link layer type */
114 u_int bif_hdrlen; /* length of link header */
115 struct bpfd_list bif_wlist; /* writer-only list */
116 struct ifnet *bif_ifp; /* corresponding interface */
117 struct bpf_if **bif_bpf; /* Pointer to pointer to us */
118 volatile u_int bif_refcnt;
119 struct epoch_context epoch_ctx;
122 CTASSERT(offsetof(struct bpf_if, bif_ext) == 0);
124 struct bpf_program_buffer {
125 struct epoch_context epoch_ctx;
127 bpf_jit_filter *func;
132 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
134 #define PRINET 26 /* interruptible */
135 #define BPF_PRIO_MAX 7
137 #define SIZEOF_BPF_HDR(type) \
138 (offsetof(type, bh_hdrlen) + sizeof(((type *)0)->bh_hdrlen))
140 #ifdef COMPAT_FREEBSD32
141 #include <sys/mount.h>
142 #include <compat/freebsd32/freebsd32.h>
143 #define BPF_ALIGNMENT32 sizeof(int32_t)
144 #define BPF_WORDALIGN32(x) roundup2(x, BPF_ALIGNMENT32)
148 * 32-bit version of structure prepended to each packet. We use this header
149 * instead of the standard one for 32-bit streams. We mark the a stream as
150 * 32-bit the first time we see a 32-bit compat ioctl request.
153 struct timeval32 bh_tstamp; /* time stamp */
154 uint32_t bh_caplen; /* length of captured portion */
155 uint32_t bh_datalen; /* original length of packet */
156 uint16_t bh_hdrlen; /* length of bpf header (this struct
157 plus alignment padding) */
161 struct bpf_program32 {
166 struct bpf_dltlist32 {
171 #define BIOCSETF32 _IOW('B', 103, struct bpf_program32)
172 #define BIOCSRTIMEOUT32 _IOW('B', 109, struct timeval32)
173 #define BIOCGRTIMEOUT32 _IOR('B', 110, struct timeval32)
174 #define BIOCGDLTLIST32 _IOWR('B', 121, struct bpf_dltlist32)
175 #define BIOCSETWF32 _IOW('B', 123, struct bpf_program32)
176 #define BIOCSETFNR32 _IOW('B', 130, struct bpf_program32)
179 #define BPF_LOCK() sx_xlock(&bpf_sx)
180 #define BPF_UNLOCK() sx_xunlock(&bpf_sx)
181 #define BPF_LOCK_ASSERT() sx_assert(&bpf_sx, SA_XLOCKED)
183 * bpf_iflist is a list of BPF interface structures, each corresponding to a
184 * specific DLT. The same network interface might have several BPF interface
185 * structures registered by different layers in the stack (i.e., 802.11
186 * frames, ethernet frames, etc).
188 CK_LIST_HEAD(bpf_iflist, bpf_if);
189 static struct bpf_iflist bpf_iflist;
190 static struct sx bpf_sx; /* bpf global lock */
191 static int bpf_bpfd_cnt;
193 static void bpfif_ref(struct bpf_if *);
194 static void bpfif_rele(struct bpf_if *);
196 static void bpfd_ref(struct bpf_d *);
197 static void bpfd_rele(struct bpf_d *);
198 static void bpf_attachd(struct bpf_d *, struct bpf_if *);
199 static void bpf_detachd(struct bpf_d *);
200 static void bpf_detachd_locked(struct bpf_d *, bool);
201 static void bpfd_free(epoch_context_t);
202 static int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **,
203 struct sockaddr *, int *, struct bpf_d *);
204 static int bpf_setif(struct bpf_d *, struct ifreq *);
205 static void bpf_timed_out(void *);
207 bpf_wakeup(struct bpf_d *);
208 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int,
209 void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int),
211 static void reset_d(struct bpf_d *);
212 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
213 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
214 static int bpf_setdlt(struct bpf_d *, u_int);
215 static void filt_bpfdetach(struct knote *);
216 static int filt_bpfread(struct knote *, long);
217 static int filt_bpfwrite(struct knote *, long);
218 static void bpf_drvinit(void *);
219 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
221 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
223 int bpf_maxinsns = BPF_MAXINSNS;
224 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
225 &bpf_maxinsns, 0, "Maximum bpf program instructions");
226 static int bpf_zerocopy_enable = 0;
227 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW,
228 &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions");
229 static SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW,
230 bpf_stats_sysctl, "bpf statistics portal");
232 VNET_DEFINE_STATIC(int, bpf_optimize_writers) = 0;
233 #define V_bpf_optimize_writers VNET(bpf_optimize_writers)
234 SYSCTL_INT(_net_bpf, OID_AUTO, optimize_writers, CTLFLAG_VNET | CTLFLAG_RWTUN,
235 &VNET_NAME(bpf_optimize_writers), 0,
236 "Do not send packets until BPF program is set");
238 static d_open_t bpfopen;
239 static d_read_t bpfread;
240 static d_write_t bpfwrite;
241 static d_ioctl_t bpfioctl;
242 static d_poll_t bpfpoll;
243 static d_kqfilter_t bpfkqfilter;
245 static struct cdevsw bpf_cdevsw = {
246 .d_version = D_VERSION,
253 .d_kqfilter = bpfkqfilter,
256 static struct filterops bpfread_filtops = {
258 .f_detach = filt_bpfdetach,
259 .f_event = filt_bpfread,
262 static struct filterops bpfwrite_filtops = {
264 .f_detach = filt_bpfdetach,
265 .f_event = filt_bpfwrite,
269 * LOCKING MODEL USED BY BPF
272 * 1) global lock (BPF_LOCK). Sx, used to protect some global counters,
273 * every bpf_iflist changes, serializes ioctl access to bpf descriptors.
274 * 2) Descriptor lock. Mutex, used to protect BPF buffers and various
275 * structure fields used by bpf_*tap* code.
277 * Lock order: global lock, then descriptor lock.
279 * There are several possible consumers:
281 * 1. The kernel registers interface pointer with bpfattach().
282 * Each call allocates new bpf_if structure, references ifnet pointer
283 * and links bpf_if into bpf_iflist chain. This is protected with global
286 * 2. An userland application uses ioctl() call to bpf_d descriptor.
287 * All such call are serialized with global lock. BPF filters can be
288 * changed, but pointer to old filter will be freed using NET_EPOCH_CALL().
289 * Thus it should be safe for bpf_tap/bpf_mtap* code to do access to
290 * filter pointers, even if change will happen during bpf_tap execution.
291 * Destroying of bpf_d descriptor also is doing using NET_EPOCH_CALL().
293 * 3. An userland application can write packets into bpf_d descriptor.
294 * There we need to be sure, that ifnet won't disappear during bpfwrite().
296 * 4. The kernel invokes bpf_tap/bpf_mtap* functions. The access to
297 * bif_dlist is protected with net_epoch_preempt section. So, it should
298 * be safe to make access to bpf_d descriptor inside the section.
300 * 5. The kernel invokes bpfdetach() on interface destroying. All lists
301 * are modified with global lock held and actual free() is done using
306 bpfif_free(epoch_context_t ctx)
310 bp = __containerof(ctx, struct bpf_if, epoch_ctx);
311 if_rele(bp->bif_ifp);
316 bpfif_ref(struct bpf_if *bp)
319 refcount_acquire(&bp->bif_refcnt);
323 bpfif_rele(struct bpf_if *bp)
326 if (!refcount_release(&bp->bif_refcnt))
328 NET_EPOCH_CALL(bpfif_free, &bp->epoch_ctx);
332 bpfd_ref(struct bpf_d *d)
335 refcount_acquire(&d->bd_refcnt);
339 bpfd_rele(struct bpf_d *d)
342 if (!refcount_release(&d->bd_refcnt))
344 NET_EPOCH_CALL(bpfd_free, &d->epoch_ctx);
347 static struct bpf_program_buffer*
348 bpf_program_buffer_alloc(size_t size, int flags)
351 return (malloc(sizeof(struct bpf_program_buffer) + size,
356 bpf_program_buffer_free(epoch_context_t ctx)
358 struct bpf_program_buffer *ptr;
360 ptr = __containerof(ctx, struct bpf_program_buffer, epoch_ctx);
362 if (ptr->func != NULL)
363 bpf_destroy_jit_filter(ptr->func);
369 * Wrapper functions for various buffering methods. If the set of buffer
370 * modes expands, we will probably want to introduce a switch data structure
371 * similar to protosw, et.
374 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
380 switch (d->bd_bufmode) {
381 case BPF_BUFMODE_BUFFER:
382 return (bpf_buffer_append_bytes(d, buf, offset, src, len));
384 case BPF_BUFMODE_ZBUF:
385 counter_u64_add(d->bd_zcopy, 1);
386 return (bpf_zerocopy_append_bytes(d, buf, offset, src, len));
389 panic("bpf_buf_append_bytes");
394 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
400 switch (d->bd_bufmode) {
401 case BPF_BUFMODE_BUFFER:
402 return (bpf_buffer_append_mbuf(d, buf, offset, src, len));
404 case BPF_BUFMODE_ZBUF:
405 counter_u64_add(d->bd_zcopy, 1);
406 return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len));
409 panic("bpf_buf_append_mbuf");
414 * This function gets called when the free buffer is re-assigned.
417 bpf_buf_reclaimed(struct bpf_d *d)
422 switch (d->bd_bufmode) {
423 case BPF_BUFMODE_BUFFER:
426 case BPF_BUFMODE_ZBUF:
427 bpf_zerocopy_buf_reclaimed(d);
431 panic("bpf_buf_reclaimed");
436 * If the buffer mechanism has a way to decide that a held buffer can be made
437 * free, then it is exposed via the bpf_canfreebuf() interface. (1) is
438 * returned if the buffer can be discarded, (0) is returned if it cannot.
441 bpf_canfreebuf(struct bpf_d *d)
446 switch (d->bd_bufmode) {
447 case BPF_BUFMODE_ZBUF:
448 return (bpf_zerocopy_canfreebuf(d));
454 * Allow the buffer model to indicate that the current store buffer is
455 * immutable, regardless of the appearance of space. Return (1) if the
456 * buffer is writable, and (0) if not.
459 bpf_canwritebuf(struct bpf_d *d)
463 switch (d->bd_bufmode) {
464 case BPF_BUFMODE_ZBUF:
465 return (bpf_zerocopy_canwritebuf(d));
471 * Notify buffer model that an attempt to write to the store buffer has
472 * resulted in a dropped packet, in which case the buffer may be considered
476 bpf_buffull(struct bpf_d *d)
481 switch (d->bd_bufmode) {
482 case BPF_BUFMODE_ZBUF:
483 bpf_zerocopy_buffull(d);
489 * Notify the buffer model that a buffer has moved into the hold position.
492 bpf_bufheld(struct bpf_d *d)
497 switch (d->bd_bufmode) {
498 case BPF_BUFMODE_ZBUF:
499 bpf_zerocopy_bufheld(d);
505 bpf_free(struct bpf_d *d)
508 switch (d->bd_bufmode) {
509 case BPF_BUFMODE_BUFFER:
510 return (bpf_buffer_free(d));
512 case BPF_BUFMODE_ZBUF:
513 return (bpf_zerocopy_free(d));
516 panic("bpf_buf_free");
521 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio)
524 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
526 return (bpf_buffer_uiomove(d, buf, len, uio));
530 bpf_ioctl_sblen(struct bpf_d *d, u_int *i)
533 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
535 return (bpf_buffer_ioctl_sblen(d, i));
539 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i)
542 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
544 return (bpf_zerocopy_ioctl_getzmax(td, d, i));
548 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
551 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
553 return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz));
557 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
560 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
562 return (bpf_zerocopy_ioctl_setzbuf(td, d, bz));
566 * General BPF functions.
569 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
570 struct sockaddr *sockp, int *hdrlen, struct bpf_d *d)
572 const struct ieee80211_bpf_params *p;
573 struct ether_header *eh;
581 * Build a sockaddr based on the data link layer type.
582 * We do this at this level because the ethernet header
583 * is copied directly into the data field of the sockaddr.
584 * In the case of SLIP, there is no header and the packet
585 * is forwarded as is.
586 * Also, we are careful to leave room at the front of the mbuf
587 * for the link level header.
591 sockp->sa_family = AF_INET;
596 sockp->sa_family = AF_UNSPEC;
597 /* XXX Would MAXLINKHDR be better? */
598 hlen = ETHER_HDR_LEN;
602 sockp->sa_family = AF_IMPLINK;
607 sockp->sa_family = AF_UNSPEC;
613 * null interface types require a 4 byte pseudo header which
614 * corresponds to the address family of the packet.
616 sockp->sa_family = AF_UNSPEC;
620 case DLT_ATM_RFC1483:
622 * en atm driver requires 4-byte atm pseudo header.
623 * though it isn't standard, vpi:vci needs to be
626 sockp->sa_family = AF_UNSPEC;
627 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
631 sockp->sa_family = AF_UNSPEC;
632 hlen = 4; /* This should match PPP_HDRLEN */
635 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
636 sockp->sa_family = AF_IEEE80211;
640 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */
641 sockp->sa_family = AF_IEEE80211;
642 sockp->sa_len = 12; /* XXX != 0 */
643 hlen = sizeof(struct ieee80211_bpf_params);
650 len = uio->uio_resid;
651 if (len < hlen || len - hlen > ifp->if_mtu)
654 /* Allocate a mbuf for our write, since m_get2 fails if len >= to MJUMPAGESIZE, use m_getjcl for bigger buffers */
655 m = m_get3(len, M_WAITOK, MT_DATA, M_PKTHDR);
658 m->m_pkthdr.len = m->m_len = len;
661 error = uiomove(mtod(m, u_char *), len, uio);
665 slen = bpf_filter(d->bd_wfilter, mtod(m, u_char *), len, len);
671 /* Check for multicast destination */
674 eh = mtod(m, struct ether_header *);
675 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
676 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
677 ETHER_ADDR_LEN) == 0)
678 m->m_flags |= M_BCAST;
680 m->m_flags |= M_MCAST;
682 if (d->bd_hdrcmplt == 0) {
683 memcpy(eh->ether_shost, IF_LLADDR(ifp),
684 sizeof(eh->ether_shost));
690 * Make room for link header, and copy it to sockaddr
693 if (sockp->sa_family == AF_IEEE80211) {
695 * Collect true length from the parameter header
696 * NB: sockp is known to be zero'd so if we do a
697 * short copy unspecified parameters will be
699 * NB: packet may not be aligned after stripping
703 p = mtod(m, const struct ieee80211_bpf_params *);
705 if (hlen > sizeof(sockp->sa_data)) {
710 bcopy(mtod(m, const void *), sockp->sa_data, hlen);
721 * Attach descriptor to the bpf interface, i.e. make d listen on bp,
722 * then reset its buffers and counters with reset_d().
725 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
732 * Save sysctl value to protect from sysctl change
735 op_w = V_bpf_optimize_writers || d->bd_writer;
737 if (d->bd_bif != NULL)
738 bpf_detachd_locked(d, false);
740 * Point d at bp, and add d to the interface's list.
741 * Since there are many applications using BPF for
742 * sending raw packets only (dhcpd, cdpd are good examples)
743 * we can delay adding d to the list of active listeners until
744 * some filter is configured.
749 * Hold reference to bpif while descriptor uses this interface.
754 /* Add to writers-only list */
755 CK_LIST_INSERT_HEAD(&bp->bif_wlist, d, bd_next);
757 * We decrement bd_writer on every filter set operation.
758 * First BIOCSETF is done by pcap_open_live() to set up
759 * snap length. After that appliation usually sets its own
764 CK_LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
768 /* Trigger EVFILT_WRITE events. */
774 CTR3(KTR_NET, "%s: bpf_attach called by pid %d, adding to %s list",
775 __func__, d->bd_pid, d->bd_writer ? "writer" : "active");
778 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
782 * Check if we need to upgrade our descriptor @d from write-only mode.
785 bpf_check_upgrade(u_long cmd, struct bpf_d *d, struct bpf_insn *fcode,
788 int is_snap, need_upgrade;
791 * Check if we've already upgraded or new filter is empty.
793 if (d->bd_writer == 0 || fcode == NULL)
799 * Check if cmd looks like snaplen setting from
800 * pcap_bpf.c:pcap_open_live().
801 * Note we're not checking .k value here:
802 * while pcap_open_live() definitely sets to non-zero value,
803 * we'd prefer to treat k=0 (deny ALL) case the same way: e.g.
804 * do not consider upgrading immediately
806 if (cmd == BIOCSETF && flen == 1 &&
807 fcode[0].code == (BPF_RET | BPF_K))
814 * We're setting first filter and it doesn't look like
815 * setting snaplen. We're probably using bpf directly.
816 * Upgrade immediately.
821 * Do not require upgrade by first BIOCSETF
822 * (used to set snaplen) by pcap_open_live().
825 if (--d->bd_writer == 0) {
827 * First snaplen filter has already
828 * been set. This is probably catch-all
836 "%s: filter function set by pid %d, "
837 "bd_writer counter %d, snap %d upgrade %d",
838 __func__, d->bd_pid, d->bd_writer,
839 is_snap, need_upgrade);
841 return (need_upgrade);
845 * Detach a file from its interface.
848 bpf_detachd(struct bpf_d *d)
851 bpf_detachd_locked(d, false);
856 bpf_detachd_locked(struct bpf_d *d, bool detached_ifp)
863 CTR2(KTR_NET, "%s: detach required by pid %d", __func__, d->bd_pid);
865 /* Check if descriptor is attached */
866 if ((bp = d->bd_bif) == NULL)
870 /* Remove d from the interface's descriptor list. */
871 CK_LIST_REMOVE(d, bd_next);
872 /* Save bd_writer value */
873 error = d->bd_writer;
878 * Notify descriptor as it's detached, so that any
879 * sleepers wake up and get ENXIO.
886 /* Call event handler iff d is attached */
888 EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0);
891 * Check if this descriptor had requested promiscuous mode.
892 * If so and ifnet is not detached, turn it off.
894 if (d->bd_promisc && !detached_ifp) {
896 CURVNET_SET(ifp->if_vnet);
897 error = ifpromisc(ifp, 0);
899 if (error != 0 && error != ENXIO) {
901 * ENXIO can happen if a pccard is unplugged
902 * Something is really wrong if we were able to put
903 * the driver into promiscuous mode, but can't
906 if_printf(bp->bif_ifp,
907 "bpf_detach: ifpromisc failed (%d)\n", error);
914 * Close the descriptor by detaching it from its interface,
915 * deallocating its buffers, and marking it free.
920 struct bpf_d *d = data;
923 if (d->bd_state == BPF_WAITING)
924 callout_stop(&d->bd_callout);
925 d->bd_state = BPF_IDLE;
927 funsetown(&d->bd_sigio);
930 mac_bpfdesc_destroy(d);
932 seldrain(&d->bd_sel);
933 knlist_destroy(&d->bd_sel.si_note);
934 callout_drain(&d->bd_callout);
939 * Open ethernet device. Returns ENXIO for illegal minor device number,
940 * EBUSY if file is open by another process.
944 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
949 d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
950 error = devfs_set_cdevpriv(d, bpf_dtor);
957 d->bd_rcount = counter_u64_alloc(M_WAITOK);
958 d->bd_dcount = counter_u64_alloc(M_WAITOK);
959 d->bd_fcount = counter_u64_alloc(M_WAITOK);
960 d->bd_wcount = counter_u64_alloc(M_WAITOK);
961 d->bd_wfcount = counter_u64_alloc(M_WAITOK);
962 d->bd_wdcount = counter_u64_alloc(M_WAITOK);
963 d->bd_zcopy = counter_u64_alloc(M_WAITOK);
966 * For historical reasons, perform a one-time initialization call to
967 * the buffer routines, even though we're not yet committed to a
968 * particular buffer method.
971 if ((flags & FREAD) == 0)
973 d->bd_hbuf_in_use = 0;
974 d->bd_bufmode = BPF_BUFMODE_BUFFER;
976 d->bd_direction = BPF_D_INOUT;
977 refcount_init(&d->bd_refcnt, 1);
978 BPF_PID_REFRESH(d, td);
981 mac_bpfdesc_create(td->td_ucred, d);
983 mtx_init(&d->bd_lock, devtoname(dev), "bpf cdev lock", MTX_DEF);
984 callout_init_mtx(&d->bd_callout, &d->bd_lock, 0);
985 knlist_init_mtx(&d->bd_sel.si_note, &d->bd_lock);
987 /* Disable VLAN pcp tagging. */
994 * bpfread - read next chunk of packets from buffers
997 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
1004 error = devfs_get_cdevpriv((void **)&d);
1009 * Restrict application to use a buffer the same size as
1010 * as kernel buffers.
1012 if (uio->uio_resid != d->bd_bufsize)
1015 non_block = ((ioflag & O_NONBLOCK) != 0);
1018 BPF_PID_REFRESH_CUR(d);
1019 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) {
1021 return (EOPNOTSUPP);
1023 if (d->bd_state == BPF_WAITING)
1024 callout_stop(&d->bd_callout);
1025 timed_out = (d->bd_state == BPF_TIMED_OUT);
1026 d->bd_state = BPF_IDLE;
1027 while (d->bd_hbuf_in_use) {
1028 error = mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock,
1029 PRINET|PCATCH, "bd_hbuf", 0);
1036 * If the hold buffer is empty, then do a timed sleep, which
1037 * ends when the timeout expires or when enough packets
1038 * have arrived to fill the store buffer.
1040 while (d->bd_hbuf == NULL) {
1041 if (d->bd_slen != 0) {
1043 * A packet(s) either arrived since the previous
1044 * read or arrived while we were asleep.
1046 if (d->bd_immediate || non_block || timed_out) {
1048 * Rotate the buffers and return what's here
1049 * if we are in immediate mode, non-blocking
1050 * flag is set, or this descriptor timed out.
1058 * No data is available, check to see if the bpf device
1059 * is still pointed at a real interface. If not, return
1060 * ENXIO so that the userland process knows to rebind
1061 * it before using it again.
1063 if (d->bd_bif == NULL) {
1070 return (EWOULDBLOCK);
1072 error = msleep(d, &d->bd_lock, PRINET|PCATCH,
1073 "bpf", d->bd_rtout);
1074 if (error == EINTR || error == ERESTART) {
1078 if (error == EWOULDBLOCK) {
1080 * On a timeout, return what's in the buffer,
1081 * which may be nothing. If there is something
1082 * in the store buffer, we can rotate the buffers.
1086 * We filled up the buffer in between
1087 * getting the timeout and arriving
1088 * here, so we don't need to rotate.
1092 if (d->bd_slen == 0) {
1101 * At this point, we know we have something in the hold slot.
1103 d->bd_hbuf_in_use = 1;
1107 * Move data from hold buffer into user space.
1108 * We know the entire buffer is transferred since
1109 * we checked above that the read buffer is bpf_bufsize bytes.
1111 * We do not have to worry about simultaneous reads because
1112 * we waited for sole access to the hold buffer above.
1114 error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio);
1117 KASSERT(d->bd_hbuf != NULL, ("bpfread: lost bd_hbuf"));
1118 d->bd_fbuf = d->bd_hbuf;
1121 bpf_buf_reclaimed(d);
1122 d->bd_hbuf_in_use = 0;
1123 wakeup(&d->bd_hbuf_in_use);
1130 * If there are processes sleeping on this descriptor, wake them up.
1132 static __inline void
1133 bpf_wakeup(struct bpf_d *d)
1136 BPFD_LOCK_ASSERT(d);
1137 if (d->bd_state == BPF_WAITING) {
1138 callout_stop(&d->bd_callout);
1139 d->bd_state = BPF_IDLE;
1142 if (d->bd_async && d->bd_sig && d->bd_sigio)
1143 pgsigio(&d->bd_sigio, d->bd_sig, 0);
1145 selwakeuppri(&d->bd_sel, PRINET);
1146 KNOTE_LOCKED(&d->bd_sel.si_note, 0);
1150 bpf_timed_out(void *arg)
1152 struct bpf_d *d = (struct bpf_d *)arg;
1154 BPFD_LOCK_ASSERT(d);
1156 if (callout_pending(&d->bd_callout) ||
1157 !callout_active(&d->bd_callout))
1159 if (d->bd_state == BPF_WAITING) {
1160 d->bd_state = BPF_TIMED_OUT;
1161 if (d->bd_slen != 0)
1167 bpf_ready(struct bpf_d *d)
1170 BPFD_LOCK_ASSERT(d);
1172 if (!bpf_canfreebuf(d) && d->bd_hlen != 0)
1174 if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1181 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
1184 struct sockaddr dst;
1185 struct epoch_tracker et;
1189 struct mbuf *m, *mc;
1192 error = devfs_get_cdevpriv((void **)&d);
1196 NET_EPOCH_ENTER(et);
1198 BPF_PID_REFRESH_CUR(d);
1199 counter_u64_add(d->bd_wcount, 1);
1200 if ((bp = d->bd_bif) == NULL) {
1206 if ((ifp->if_flags & IFF_UP) == 0) {
1211 if (uio->uio_resid == 0)
1214 bzero(&dst, sizeof(dst));
1219 * Take extra reference, unlock d and exit from epoch section,
1220 * since bpf_movein() can sleep.
1226 error = bpf_movein(uio, (int)bp->bif_dlt, ifp,
1227 &m, &dst, &hlen, d);
1230 counter_u64_add(d->bd_wdcount, 1);
1237 * Check that descriptor is still attached to the interface.
1238 * This can happen on bpfdetach(). To avoid access to detached
1239 * ifnet, free mbuf and return ENXIO.
1241 if (d->bd_bif == NULL) {
1242 counter_u64_add(d->bd_wdcount, 1);
1248 counter_u64_add(d->bd_wfcount, 1);
1250 dst.sa_family = pseudo_AF_HDRCMPLT;
1252 if (d->bd_feedback) {
1253 mc = m_dup(m, M_NOWAIT);
1255 mc->m_pkthdr.rcvif = ifp;
1256 /* Set M_PROMISC for outgoing packets to be discarded. */
1257 if (d->bd_direction == BPF_D_INOUT)
1258 m->m_flags |= M_PROMISC;
1262 m->m_pkthdr.len -= hlen;
1264 m->m_data += hlen; /* XXX */
1266 CURVNET_SET(ifp->if_vnet);
1268 mac_bpfdesc_create_mbuf(d, m);
1270 mac_bpfdesc_create_mbuf(d, mc);
1273 bzero(&ro, sizeof(ro));
1275 ro.ro_prepend = (u_char *)&dst.sa_data;
1277 ro.ro_flags = RT_HAS_HEADER;
1281 vlan_set_pcp(m, d->bd_pcp);
1283 /* Avoid possible recursion on BPFD_LOCK(). */
1284 NET_EPOCH_ENTER(et);
1286 error = (*ifp->if_output)(ifp, m, &dst, &ro);
1288 counter_u64_add(d->bd_wdcount, 1);
1292 (*ifp->if_input)(ifp, mc);
1302 counter_u64_add(d->bd_wdcount, 1);
1309 * Reset a descriptor by flushing its packet buffer and clearing the receive
1310 * and drop counts. This is doable for kernel-only buffers, but with
1311 * zero-copy buffers, we can't write to (or rotate) buffers that are
1312 * currently owned by userspace. It would be nice if we could encapsulate
1313 * this logic in the buffer code rather than here.
1316 reset_d(struct bpf_d *d)
1319 BPFD_LOCK_ASSERT(d);
1321 while (d->bd_hbuf_in_use)
1322 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock, PRINET,
1324 if ((d->bd_hbuf != NULL) &&
1325 (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) {
1326 /* Free the hold buffer. */
1327 d->bd_fbuf = d->bd_hbuf;
1330 bpf_buf_reclaimed(d);
1332 if (bpf_canwritebuf(d))
1334 counter_u64_zero(d->bd_rcount);
1335 counter_u64_zero(d->bd_dcount);
1336 counter_u64_zero(d->bd_fcount);
1337 counter_u64_zero(d->bd_wcount);
1338 counter_u64_zero(d->bd_wfcount);
1339 counter_u64_zero(d->bd_wdcount);
1340 counter_u64_zero(d->bd_zcopy);
1344 * FIONREAD Check for read packet available.
1345 * BIOCGBLEN Get buffer len [for read()].
1346 * BIOCSETF Set read filter.
1347 * BIOCSETFNR Set read filter without resetting descriptor.
1348 * BIOCSETWF Set write filter.
1349 * BIOCFLUSH Flush read packet buffer.
1350 * BIOCPROMISC Put interface into promiscuous mode.
1351 * BIOCGDLT Get link layer type.
1352 * BIOCGETIF Get interface name.
1353 * BIOCSETIF Set interface.
1354 * BIOCSRTIMEOUT Set read timeout.
1355 * BIOCGRTIMEOUT Get read timeout.
1356 * BIOCGSTATS Get packet stats.
1357 * BIOCIMMEDIATE Set immediate mode.
1358 * BIOCVERSION Get filter language version.
1359 * BIOCGHDRCMPLT Get "header already complete" flag
1360 * BIOCSHDRCMPLT Set "header already complete" flag
1361 * BIOCGDIRECTION Get packet direction flag
1362 * BIOCSDIRECTION Set packet direction flag
1363 * BIOCGTSTAMP Get time stamp format and resolution.
1364 * BIOCSTSTAMP Set time stamp format and resolution.
1365 * BIOCLOCK Set "locked" flag
1366 * BIOCFEEDBACK Set packet feedback mode.
1367 * BIOCSETZBUF Set current zero-copy buffer locations.
1368 * BIOCGETZMAX Get maximum zero-copy buffer size.
1369 * BIOCROTZBUF Force rotation of zero-copy buffer
1370 * BIOCSETBUFMODE Set buffer mode.
1371 * BIOCGETBUFMODE Get current buffer mode.
1372 * BIOCSETVLANPCP Set VLAN PCP tag.
1376 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
1382 error = devfs_get_cdevpriv((void **)&d);
1387 * Refresh PID associated with this descriptor.
1390 BPF_PID_REFRESH(d, td);
1391 if (d->bd_state == BPF_WAITING)
1392 callout_stop(&d->bd_callout);
1393 d->bd_state = BPF_IDLE;
1396 if (d->bd_locked == 1) {
1402 #ifdef COMPAT_FREEBSD32
1403 case BIOCGDLTLIST32:
1407 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1408 case BIOCGRTIMEOUT32:
1419 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1420 case BIOCSRTIMEOUT32:
1430 #ifdef COMPAT_FREEBSD32
1432 * If we see a 32-bit compat ioctl, mark the stream as 32-bit so
1433 * that it will get 32-bit packet headers.
1439 case BIOCGDLTLIST32:
1440 case BIOCGRTIMEOUT32:
1441 case BIOCSRTIMEOUT32:
1442 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
1450 CURVNET_SET(TD_TO_VNET(td));
1457 * Check for read packet available.
1465 while (d->bd_hbuf_in_use)
1466 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock,
1467 PRINET, "bd_hbuf", 0);
1477 * Get buffer len [for read()].
1481 *(u_int *)addr = d->bd_bufsize;
1486 * Set buffer length.
1489 error = bpf_ioctl_sblen(d, (u_int *)addr);
1493 * Set link layer read filter.
1498 #ifdef COMPAT_FREEBSD32
1503 error = bpf_setf(d, (struct bpf_program *)addr, cmd);
1507 * Flush read packet buffer.
1516 * Put interface into promiscuous mode.
1520 if (d->bd_bif == NULL) {
1522 * No interface attached yet.
1525 } else if (d->bd_promisc == 0) {
1526 error = ifpromisc(d->bd_bif->bif_ifp, 1);
1534 * Get current data link type.
1538 if (d->bd_bif == NULL)
1541 *(u_int *)addr = d->bd_bif->bif_dlt;
1546 * Get a list of supported data link types.
1548 #ifdef COMPAT_FREEBSD32
1549 case BIOCGDLTLIST32:
1551 struct bpf_dltlist32 *list32;
1552 struct bpf_dltlist dltlist;
1554 list32 = (struct bpf_dltlist32 *)addr;
1555 dltlist.bfl_len = list32->bfl_len;
1556 dltlist.bfl_list = PTRIN(list32->bfl_list);
1558 if (d->bd_bif == NULL)
1561 error = bpf_getdltlist(d, &dltlist);
1563 list32->bfl_len = dltlist.bfl_len;
1572 if (d->bd_bif == NULL)
1575 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
1580 * Set data link type.
1584 if (d->bd_bif == NULL)
1587 error = bpf_setdlt(d, *(u_int *)addr);
1592 * Get interface name.
1596 if (d->bd_bif == NULL)
1599 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1600 struct ifreq *const ifr = (struct ifreq *)addr;
1602 strlcpy(ifr->ifr_name, ifp->if_xname,
1603 sizeof(ifr->ifr_name));
1613 int alloc_buf, size;
1616 * Behavior here depends on the buffering model. If
1617 * we're using kernel memory buffers, then we can
1618 * allocate them here. If we're using zero-copy,
1619 * then the user process must have registered buffers
1620 * by the time we get here.
1624 if (d->bd_bufmode == BPF_BUFMODE_BUFFER &&
1629 size = d->bd_bufsize;
1630 error = bpf_buffer_ioctl_sblen(d, &size);
1635 error = bpf_setif(d, (struct ifreq *)addr);
1644 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1645 case BIOCSRTIMEOUT32:
1648 struct timeval *tv = (struct timeval *)addr;
1649 #if defined(COMPAT_FREEBSD32)
1650 struct timeval32 *tv32;
1651 struct timeval tv64;
1653 if (cmd == BIOCSRTIMEOUT32) {
1654 tv32 = (struct timeval32 *)addr;
1656 tv->tv_sec = tv32->tv_sec;
1657 tv->tv_usec = tv32->tv_usec;
1660 tv = (struct timeval *)addr;
1663 * Subtract 1 tick from tvtohz() since this isn't
1666 if ((error = itimerfix(tv)) == 0)
1667 d->bd_rtout = tvtohz(tv) - 1;
1675 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1676 case BIOCGRTIMEOUT32:
1680 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1681 struct timeval32 *tv32;
1682 struct timeval tv64;
1684 if (cmd == BIOCGRTIMEOUT32)
1688 tv = (struct timeval *)addr;
1690 tv->tv_sec = d->bd_rtout / hz;
1691 tv->tv_usec = (d->bd_rtout % hz) * tick;
1692 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1693 if (cmd == BIOCGRTIMEOUT32) {
1694 tv32 = (struct timeval32 *)addr;
1695 tv32->tv_sec = tv->tv_sec;
1696 tv32->tv_usec = tv->tv_usec;
1708 struct bpf_stat *bs = (struct bpf_stat *)addr;
1710 /* XXXCSJP overflow */
1711 bs->bs_recv = (u_int)counter_u64_fetch(d->bd_rcount);
1712 bs->bs_drop = (u_int)counter_u64_fetch(d->bd_dcount);
1717 * Set immediate mode.
1721 d->bd_immediate = *(u_int *)addr;
1727 struct bpf_version *bv = (struct bpf_version *)addr;
1729 bv->bv_major = BPF_MAJOR_VERSION;
1730 bv->bv_minor = BPF_MINOR_VERSION;
1735 * Get "header already complete" flag
1739 *(u_int *)addr = d->bd_hdrcmplt;
1744 * Set "header already complete" flag
1748 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1753 * Get packet direction flag
1755 case BIOCGDIRECTION:
1757 *(u_int *)addr = d->bd_direction;
1762 * Set packet direction flag
1764 case BIOCSDIRECTION:
1768 direction = *(u_int *)addr;
1769 switch (direction) {
1774 d->bd_direction = direction;
1784 * Get packet timestamp format and resolution.
1788 *(u_int *)addr = d->bd_tstamp;
1793 * Set packet timestamp format and resolution.
1799 func = *(u_int *)addr;
1800 if (BPF_T_VALID(func))
1801 d->bd_tstamp = func;
1809 d->bd_feedback = *(u_int *)addr;
1819 case FIONBIO: /* Non-blocking I/O */
1822 case FIOASYNC: /* Send signal on receive packets */
1824 d->bd_async = *(int *)addr;
1830 * XXX: Add some sort of locking here?
1831 * fsetown() can sleep.
1833 error = fsetown(*(int *)addr, &d->bd_sigio);
1838 *(int *)addr = fgetown(&d->bd_sigio);
1842 /* This is deprecated, FIOSETOWN should be used instead. */
1844 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1847 /* This is deprecated, FIOGETOWN should be used instead. */
1849 *(int *)addr = -fgetown(&d->bd_sigio);
1852 case BIOCSRSIG: /* Set receive signal */
1856 sig = *(u_int *)addr;
1869 *(u_int *)addr = d->bd_sig;
1873 case BIOCGETBUFMODE:
1875 *(u_int *)addr = d->bd_bufmode;
1879 case BIOCSETBUFMODE:
1881 * Allow the buffering mode to be changed as long as we
1882 * haven't yet committed to a particular mode. Our
1883 * definition of commitment, for now, is whether or not a
1884 * buffer has been allocated or an interface attached, since
1885 * that's the point where things get tricky.
1887 switch (*(u_int *)addr) {
1888 case BPF_BUFMODE_BUFFER:
1891 case BPF_BUFMODE_ZBUF:
1892 if (bpf_zerocopy_enable)
1902 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL ||
1903 d->bd_fbuf != NULL || d->bd_bif != NULL) {
1908 d->bd_bufmode = *(u_int *)addr;
1913 error = bpf_ioctl_getzmax(td, d, (size_t *)addr);
1917 error = bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr);
1921 error = bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr);
1924 case BIOCSETVLANPCP:
1928 pcp = *(u_int *)addr;
1929 if (pcp > BPF_PRIO_MAX || pcp < 0) {
1942 * Set d's packet filter program to fp. If this file already has a filter,
1943 * free it and replace it. Returns EINVAL for bogus requests.
1945 * Note we use global lock here to serialize bpf_setf() and bpf_setif()
1949 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
1951 #ifdef COMPAT_FREEBSD32
1952 struct bpf_program fp_swab;
1953 struct bpf_program32 *fp32;
1955 struct bpf_program_buffer *fcode;
1956 struct bpf_insn *filter;
1958 bpf_jit_filter *jfunc;
1964 #ifdef COMPAT_FREEBSD32
1969 fp32 = (struct bpf_program32 *)fp;
1970 fp_swab.bf_len = fp32->bf_len;
1972 (struct bpf_insn *)(uintptr_t)fp32->bf_insns;
1991 * Check new filter validness before acquiring any locks.
1992 * Allocate memory for new filter, if needed.
1995 if (flen > bpf_maxinsns || (fp->bf_insns == NULL && flen != 0))
1997 size = flen * sizeof(*fp->bf_insns);
1999 /* We're setting up new filter. Copy and check actual data. */
2000 fcode = bpf_program_buffer_alloc(size, M_WAITOK);
2001 filter = (struct bpf_insn *)fcode->buffer;
2002 if (copyin(fp->bf_insns, filter, size) != 0 ||
2003 !bpf_validate(filter, flen)) {
2008 if (cmd != BIOCSETWF) {
2010 * Filter is copied inside fcode and is
2013 jfunc = bpf_jitter(filter, flen);
2018 track_event = false;
2023 /* Set up new filter. */
2024 if (cmd == BIOCSETWF) {
2025 if (d->bd_wfilter != NULL) {
2026 fcode = __containerof((void *)d->bd_wfilter,
2027 struct bpf_program_buffer, buffer);
2032 d->bd_wfilter = filter;
2034 if (d->bd_rfilter != NULL) {
2035 fcode = __containerof((void *)d->bd_rfilter,
2036 struct bpf_program_buffer, buffer);
2038 fcode->func = d->bd_bfilter;
2041 d->bd_rfilter = filter;
2043 d->bd_bfilter = jfunc;
2045 if (cmd == BIOCSETF)
2048 if (bpf_check_upgrade(cmd, d, filter, flen) != 0) {
2050 * Filter can be set several times without
2051 * specifying interface. In this case just mark d
2055 if (d->bd_bif != NULL) {
2057 * Remove descriptor from writers-only list
2058 * and add it to active readers list.
2060 CK_LIST_REMOVE(d, bd_next);
2061 CK_LIST_INSERT_HEAD(&d->bd_bif->bif_dlist,
2064 "%s: upgrade required by pid %d",
2065 __func__, d->bd_pid);
2073 NET_EPOCH_CALL(bpf_program_buffer_free, &fcode->epoch_ctx);
2076 EVENTHANDLER_INVOKE(bpf_track,
2077 d->bd_bif->bif_ifp, d->bd_bif->bif_dlt, 1);
2084 * Detach a file from its current interface (if attached at all) and attach
2085 * to the interface indicated by the name stored in ifr.
2086 * Return an errno or 0.
2089 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
2092 struct ifnet *theywant;
2096 theywant = ifunit(ifr->ifr_name);
2097 if (theywant == NULL || theywant->if_bpf == NULL)
2100 bp = theywant->if_bpf;
2102 * At this point, we expect the buffer is already allocated. If not,
2105 switch (d->bd_bufmode) {
2106 case BPF_BUFMODE_BUFFER:
2107 case BPF_BUFMODE_ZBUF:
2108 if (d->bd_sbuf == NULL)
2113 panic("bpf_setif: bufmode %d", d->bd_bufmode);
2115 if (bp != d->bd_bif)
2126 * Support for select() and poll() system calls
2128 * Return true iff the specific operation will not block indefinitely.
2129 * Otherwise, return false but make a note that a selwakeup() must be done.
2132 bpfpoll(struct cdev *dev, int events, struct thread *td)
2137 if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL)
2139 (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
2142 * Refresh PID associated with this descriptor.
2144 revents = events & (POLLOUT | POLLWRNORM);
2146 BPF_PID_REFRESH(d, td);
2147 if (events & (POLLIN | POLLRDNORM)) {
2149 revents |= events & (POLLIN | POLLRDNORM);
2151 selrecord(td, &d->bd_sel);
2152 /* Start the read timeout if necessary. */
2153 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
2154 callout_reset(&d->bd_callout, d->bd_rtout,
2156 d->bd_state = BPF_WAITING;
2165 * Support for kevent() system call. Register EVFILT_READ filters and
2166 * reject all others.
2169 bpfkqfilter(struct cdev *dev, struct knote *kn)
2173 if (devfs_get_cdevpriv((void **)&d) != 0)
2176 switch (kn->kn_filter) {
2178 kn->kn_fop = &bpfread_filtops;
2182 kn->kn_fop = &bpfwrite_filtops;
2190 * Refresh PID associated with this descriptor.
2193 BPF_PID_REFRESH_CUR(d);
2195 knlist_add(&d->bd_sel.si_note, kn, 1);
2202 filt_bpfdetach(struct knote *kn)
2204 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
2206 knlist_remove(&d->bd_sel.si_note, kn, 0);
2210 filt_bpfread(struct knote *kn, long hint)
2212 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
2215 BPFD_LOCK_ASSERT(d);
2216 ready = bpf_ready(d);
2218 kn->kn_data = d->bd_slen;
2220 * Ignore the hold buffer if it is being copied to user space.
2222 if (!d->bd_hbuf_in_use && d->bd_hbuf)
2223 kn->kn_data += d->bd_hlen;
2224 } else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
2225 callout_reset(&d->bd_callout, d->bd_rtout,
2227 d->bd_state = BPF_WAITING;
2234 filt_bpfwrite(struct knote *kn, long hint)
2236 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
2238 BPFD_LOCK_ASSERT(d);
2240 if (d->bd_bif == NULL) {
2244 kn->kn_data = d->bd_bif->bif_ifp->if_mtu;
2249 #define BPF_TSTAMP_NONE 0
2250 #define BPF_TSTAMP_FAST 1
2251 #define BPF_TSTAMP_NORMAL 2
2252 #define BPF_TSTAMP_EXTERN 3
2255 bpf_ts_quality(int tstype)
2258 if (tstype == BPF_T_NONE)
2259 return (BPF_TSTAMP_NONE);
2260 if ((tstype & BPF_T_FAST) != 0)
2261 return (BPF_TSTAMP_FAST);
2263 return (BPF_TSTAMP_NORMAL);
2267 bpf_gettime(struct bintime *bt, int tstype, struct mbuf *m)
2273 quality = bpf_ts_quality(tstype);
2274 if (quality == BPF_TSTAMP_NONE)
2278 if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR | M_TSTMP)) {
2279 mbuf_tstmp2timespec(m, &ts);
2280 timespec2bintime(&ts, bt);
2281 return (BPF_TSTAMP_EXTERN);
2283 tag = m_tag_locate(m, MTAG_BPF, MTAG_BPF_TIMESTAMP, NULL);
2285 *bt = *(struct bintime *)(tag + 1);
2286 return (BPF_TSTAMP_EXTERN);
2289 if (quality == BPF_TSTAMP_NORMAL)
2298 * Incoming linkage from device drivers. Process the packet pkt, of length
2299 * pktlen, which is stored in a contiguous buffer. The packet is parsed
2300 * by each process' filter, and if accepted, stashed into the corresponding
2304 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
2306 struct epoch_tracker et;
2315 gottime = BPF_TSTAMP_NONE;
2316 NET_EPOCH_ENTER(et);
2317 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2318 counter_u64_add(d->bd_rcount, 1);
2320 * NB: We dont call BPF_CHECK_DIRECTION() here since there
2321 * is no way for the caller to indiciate to us whether this
2322 * packet is inbound or outbound. In the bpf_mtap() routines,
2323 * we use the interface pointers on the mbuf to figure it out.
2326 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
2328 slen = (*(bf->func))(pkt, pktlen, pktlen);
2331 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
2334 * Filter matches. Let's to acquire write lock.
2337 counter_u64_add(d->bd_fcount, 1);
2338 if (gottime < bpf_ts_quality(d->bd_tstamp))
2339 gottime = bpf_gettime(&bt, d->bd_tstamp,
2342 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2344 catchpacket(d, pkt, pktlen, slen,
2345 bpf_append_bytes, &bt);
2353 bpf_tap_if(if_t ifp, u_char *pkt, u_int pktlen)
2355 if (bpf_peers_present(ifp->if_bpf))
2356 bpf_tap(ifp->if_bpf, pkt, pktlen);
2359 #define BPF_CHECK_DIRECTION(d, r, i) \
2360 (((d)->bd_direction == BPF_D_IN && (r) != (i)) || \
2361 ((d)->bd_direction == BPF_D_OUT && (r) == (i)))
2364 * Incoming linkage from device drivers, when packet is in an mbuf chain.
2365 * Locking model is explained in bpf_tap().
2368 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2370 struct epoch_tracker et;
2379 /* Skip outgoing duplicate packets. */
2380 if ((m->m_flags & M_PROMISC) != 0 && m_rcvif(m) == NULL) {
2381 m->m_flags &= ~M_PROMISC;
2385 pktlen = m_length(m, NULL);
2386 gottime = BPF_TSTAMP_NONE;
2388 NET_EPOCH_ENTER(et);
2389 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2390 if (BPF_CHECK_DIRECTION(d, m_rcvif(m), bp->bif_ifp))
2392 counter_u64_add(d->bd_rcount, 1);
2394 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
2395 /* XXX We cannot handle multiple mbufs. */
2396 if (bf != NULL && m->m_next == NULL)
2397 slen = (*(bf->func))(mtod(m, u_char *), pktlen,
2401 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
2405 counter_u64_add(d->bd_fcount, 1);
2406 if (gottime < bpf_ts_quality(d->bd_tstamp))
2407 gottime = bpf_gettime(&bt, d->bd_tstamp, m);
2409 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2411 catchpacket(d, (u_char *)m, pktlen, slen,
2412 bpf_append_mbuf, &bt);
2420 bpf_mtap_if(if_t ifp, struct mbuf *m)
2422 if (bpf_peers_present(ifp->if_bpf)) {
2424 bpf_mtap(ifp->if_bpf, m);
2429 * Incoming linkage from device drivers, when packet is in
2430 * an mbuf chain and to be prepended by a contiguous header.
2433 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
2435 struct epoch_tracker et;
2442 /* Skip outgoing duplicate packets. */
2443 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
2444 m->m_flags &= ~M_PROMISC;
2448 pktlen = m_length(m, NULL);
2450 * Craft on-stack mbuf suitable for passing to bpf_filter.
2451 * Note that we cut corners here; we only setup what's
2452 * absolutely needed--this mbuf should never go anywhere else.
2460 gottime = BPF_TSTAMP_NONE;
2462 NET_EPOCH_ENTER(et);
2463 CK_LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2464 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
2466 counter_u64_add(d->bd_rcount, 1);
2467 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
2471 counter_u64_add(d->bd_fcount, 1);
2472 if (gottime < bpf_ts_quality(d->bd_tstamp))
2473 gottime = bpf_gettime(&bt, d->bd_tstamp, m);
2475 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2477 catchpacket(d, (u_char *)&mb, pktlen, slen,
2478 bpf_append_mbuf, &bt);
2486 bpf_mtap2_if(if_t ifp, void *data, u_int dlen, struct mbuf *m)
2488 if (bpf_peers_present(ifp->if_bpf)) {
2490 bpf_mtap2(ifp->if_bpf, data, dlen, m);
2494 #undef BPF_CHECK_DIRECTION
2495 #undef BPF_TSTAMP_NONE
2496 #undef BPF_TSTAMP_FAST
2497 #undef BPF_TSTAMP_NORMAL
2498 #undef BPF_TSTAMP_EXTERN
2501 bpf_hdrlen(struct bpf_d *d)
2505 hdrlen = d->bd_bif->bif_hdrlen;
2506 #ifndef BURN_BRIDGES
2507 if (d->bd_tstamp == BPF_T_NONE ||
2508 BPF_T_FORMAT(d->bd_tstamp) == BPF_T_MICROTIME)
2509 #ifdef COMPAT_FREEBSD32
2511 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr32);
2514 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr);
2517 hdrlen += SIZEOF_BPF_HDR(struct bpf_xhdr);
2518 #ifdef COMPAT_FREEBSD32
2520 hdrlen = BPF_WORDALIGN32(hdrlen);
2523 hdrlen = BPF_WORDALIGN(hdrlen);
2525 return (hdrlen - d->bd_bif->bif_hdrlen);
2529 bpf_bintime2ts(struct bintime *bt, struct bpf_ts *ts, int tstype)
2531 struct bintime bt2, boottimebin;
2533 struct timespec tsn;
2535 if ((tstype & BPF_T_MONOTONIC) == 0) {
2537 getboottimebin(&boottimebin);
2538 bintime_add(&bt2, &boottimebin);
2541 switch (BPF_T_FORMAT(tstype)) {
2542 case BPF_T_MICROTIME:
2543 bintime2timeval(bt, &tsm);
2544 ts->bt_sec = tsm.tv_sec;
2545 ts->bt_frac = tsm.tv_usec;
2547 case BPF_T_NANOTIME:
2548 bintime2timespec(bt, &tsn);
2549 ts->bt_sec = tsn.tv_sec;
2550 ts->bt_frac = tsn.tv_nsec;
2553 ts->bt_sec = bt->sec;
2554 ts->bt_frac = bt->frac;
2560 * Move the packet data from interface memory (pkt) into the
2561 * store buffer. "cpfn" is the routine called to do the actual data
2562 * transfer. bcopy is passed in to copy contiguous chunks, while
2563 * bpf_append_mbuf is passed in to copy mbuf chains. In the latter case,
2564 * pkt is really an mbuf.
2567 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
2568 void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int),
2571 static char zeroes[BPF_ALIGNMENT];
2572 struct bpf_xhdr hdr;
2573 #ifndef BURN_BRIDGES
2574 struct bpf_hdr hdr_old;
2575 #ifdef COMPAT_FREEBSD32
2576 struct bpf_hdr32 hdr32_old;
2579 int caplen, curlen, hdrlen, pad, totlen;
2584 BPFD_LOCK_ASSERT(d);
2585 if (d->bd_bif == NULL) {
2586 /* Descriptor was detached in concurrent thread */
2587 counter_u64_add(d->bd_dcount, 1);
2592 * Detect whether user space has released a buffer back to us, and if
2593 * so, move it from being a hold buffer to a free buffer. This may
2594 * not be the best place to do it (for example, we might only want to
2595 * run this check if we need the space), but for now it's a reliable
2598 if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) {
2599 d->bd_fbuf = d->bd_hbuf;
2602 bpf_buf_reclaimed(d);
2606 * Figure out how many bytes to move. If the packet is
2607 * greater or equal to the snapshot length, transfer that
2608 * much. Otherwise, transfer the whole packet (unless
2609 * we hit the buffer size limit).
2611 hdrlen = bpf_hdrlen(d);
2612 totlen = hdrlen + min(snaplen, pktlen);
2613 if (totlen > d->bd_bufsize)
2614 totlen = d->bd_bufsize;
2617 * Round up the end of the previous packet to the next longword.
2619 * Drop the packet if there's no room and no hope of room
2620 * If the packet would overflow the storage buffer or the storage
2621 * buffer is considered immutable by the buffer model, try to rotate
2622 * the buffer and wakeup pending processes.
2624 #ifdef COMPAT_FREEBSD32
2626 curlen = BPF_WORDALIGN32(d->bd_slen);
2629 curlen = BPF_WORDALIGN(d->bd_slen);
2630 if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) {
2631 if (d->bd_fbuf == NULL) {
2633 * There's no room in the store buffer, and no
2634 * prospect of room, so drop the packet. Notify the
2638 counter_u64_add(d->bd_dcount, 1);
2641 KASSERT(!d->bd_hbuf_in_use, ("hold buffer is in use"));
2646 if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT) {
2648 * Immediate mode is set, or the read timeout has
2649 * already expired during a select call. A packet
2650 * arrived, so the reader should be woken up.
2654 pad = curlen - d->bd_slen;
2655 KASSERT(pad >= 0 && pad <= sizeof(zeroes),
2656 ("%s: invalid pad byte count %d", __func__, pad));
2658 /* Zero pad bytes. */
2659 bpf_append_bytes(d, d->bd_sbuf, d->bd_slen, zeroes,
2664 caplen = totlen - hdrlen;
2665 tstype = d->bd_tstamp;
2666 do_timestamp = tstype != BPF_T_NONE;
2667 #ifndef BURN_BRIDGES
2668 if (tstype == BPF_T_NONE || BPF_T_FORMAT(tstype) == BPF_T_MICROTIME) {
2671 bpf_bintime2ts(bt, &ts, tstype);
2672 #ifdef COMPAT_FREEBSD32
2673 if (d->bd_compat32) {
2674 bzero(&hdr32_old, sizeof(hdr32_old));
2676 hdr32_old.bh_tstamp.tv_sec = ts.bt_sec;
2677 hdr32_old.bh_tstamp.tv_usec = ts.bt_frac;
2679 hdr32_old.bh_datalen = pktlen;
2680 hdr32_old.bh_hdrlen = hdrlen;
2681 hdr32_old.bh_caplen = caplen;
2682 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr32_old,
2687 bzero(&hdr_old, sizeof(hdr_old));
2689 hdr_old.bh_tstamp.tv_sec = ts.bt_sec;
2690 hdr_old.bh_tstamp.tv_usec = ts.bt_frac;
2692 hdr_old.bh_datalen = pktlen;
2693 hdr_old.bh_hdrlen = hdrlen;
2694 hdr_old.bh_caplen = caplen;
2695 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr_old,
2702 * Append the bpf header. Note we append the actual header size, but
2703 * move forward the length of the header plus padding.
2705 bzero(&hdr, sizeof(hdr));
2707 bpf_bintime2ts(bt, &hdr.bh_tstamp, tstype);
2708 hdr.bh_datalen = pktlen;
2709 hdr.bh_hdrlen = hdrlen;
2710 hdr.bh_caplen = caplen;
2711 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr));
2714 * Copy the packet data into the store buffer and update its length.
2716 #ifndef BURN_BRIDGES
2719 (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, caplen);
2720 d->bd_slen = curlen + totlen;
2727 * Free buffers currently in use by a descriptor.
2731 bpfd_free(epoch_context_t ctx)
2734 struct bpf_program_buffer *p;
2737 * We don't need to lock out interrupts since this descriptor has
2738 * been detached from its interface and it yet hasn't been marked
2741 d = __containerof(ctx, struct bpf_d, epoch_ctx);
2743 if (d->bd_rfilter != NULL) {
2744 p = __containerof((void *)d->bd_rfilter,
2745 struct bpf_program_buffer, buffer);
2747 p->func = d->bd_bfilter;
2749 bpf_program_buffer_free(&p->epoch_ctx);
2751 if (d->bd_wfilter != NULL) {
2752 p = __containerof((void *)d->bd_wfilter,
2753 struct bpf_program_buffer, buffer);
2757 bpf_program_buffer_free(&p->epoch_ctx);
2760 mtx_destroy(&d->bd_lock);
2761 counter_u64_free(d->bd_rcount);
2762 counter_u64_free(d->bd_dcount);
2763 counter_u64_free(d->bd_fcount);
2764 counter_u64_free(d->bd_wcount);
2765 counter_u64_free(d->bd_wfcount);
2766 counter_u64_free(d->bd_wdcount);
2767 counter_u64_free(d->bd_zcopy);
2772 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the
2773 * fixed size of the link header (variable length headers not yet supported).
2776 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2779 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2783 * Attach an interface to bpf. ifp is a pointer to the structure
2784 * defining the interface to be attached, dlt is the link layer type,
2785 * and hdrlen is the fixed size of the link header (variable length
2786 * headers are not yet supporrted).
2789 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen,
2790 struct bpf_if **driverp)
2794 KASSERT(*driverp == NULL,
2795 ("bpfattach2: driverp already initialized"));
2797 bp = malloc(sizeof(*bp), M_BPF, M_WAITOK | M_ZERO);
2799 CK_LIST_INIT(&bp->bif_dlist);
2800 CK_LIST_INIT(&bp->bif_wlist);
2803 bp->bif_hdrlen = hdrlen;
2804 bp->bif_bpf = driverp;
2805 refcount_init(&bp->bif_refcnt, 1);
2808 * Reference ifnet pointer, so it won't freed until
2813 CK_LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
2816 if (bootverbose && IS_DEFAULT_VNET(curvnet))
2817 if_printf(ifp, "bpf attached\n");
2822 * When moving interfaces between vnet instances we need a way to
2823 * query the dlt and hdrlen before detach so we can re-attch the if_bpf
2824 * after the vmove. We unfortunately have no device driver infrastructure
2825 * to query the interface for these values after creation/attach, thus
2826 * add this as a workaround.
2829 bpf_get_bp_params(struct bpf_if *bp, u_int *bif_dlt, u_int *bif_hdrlen)
2834 if (bif_dlt == NULL && bif_hdrlen == NULL)
2837 if (bif_dlt != NULL)
2838 *bif_dlt = bp->bif_dlt;
2839 if (bif_hdrlen != NULL)
2840 *bif_hdrlen = bp->bif_hdrlen;
2847 * Detach bpf from an interface. This involves detaching each descriptor
2848 * associated with the interface. Notify each descriptor as it's detached
2849 * so that any sleepers wake up and get ENXIO.
2852 bpfdetach(struct ifnet *ifp)
2854 struct bpf_if *bp, *bp_temp;
2858 /* Find all bpf_if struct's which reference ifp and detach them. */
2859 CK_LIST_FOREACH_SAFE(bp, &bpf_iflist, bif_next, bp_temp) {
2860 if (ifp != bp->bif_ifp)
2863 CK_LIST_REMOVE(bp, bif_next);
2864 *bp->bif_bpf = (struct bpf_if *)&dead_bpf_if;
2867 "%s: sheduling free for encap %d (%p) for if %p",
2868 __func__, bp->bif_dlt, bp, ifp);
2870 /* Detach common descriptors */
2871 while ((d = CK_LIST_FIRST(&bp->bif_dlist)) != NULL) {
2872 bpf_detachd_locked(d, true);
2875 /* Detach writer-only descriptors */
2876 while ((d = CK_LIST_FIRST(&bp->bif_wlist)) != NULL) {
2877 bpf_detachd_locked(d, true);
2885 * Get a list of available data link type of the interface.
2888 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
2897 ifp = d->bd_bif->bif_ifp;
2899 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2900 if (bp->bif_ifp == ifp)
2903 if (bfl->bfl_list == NULL) {
2907 if (n1 > bfl->bfl_len)
2910 lst = malloc(n1 * sizeof(u_int), M_TEMP, M_WAITOK);
2912 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2913 if (bp->bif_ifp != ifp)
2915 lst[n++] = bp->bif_dlt;
2917 error = copyout(lst, bfl->bfl_list, sizeof(u_int) * n);
2924 * Set the data link type of a BPF instance.
2927 bpf_setdlt(struct bpf_d *d, u_int dlt)
2929 int error, opromisc;
2934 MPASS(d->bd_bif != NULL);
2937 * It is safe to check bd_bif without BPFD_LOCK, it can not be
2938 * changed while we hold global lock.
2940 if (d->bd_bif->bif_dlt == dlt)
2943 ifp = d->bd_bif->bif_ifp;
2944 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2945 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
2951 opromisc = d->bd_promisc;
2954 error = ifpromisc(bp->bif_ifp, 1);
2956 if_printf(bp->bif_ifp, "%s: ifpromisc failed (%d)\n",
2965 bpf_drvinit(void *unused)
2969 sx_init(&bpf_sx, "bpf global lock");
2970 CK_LIST_INIT(&bpf_iflist);
2972 dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf");
2973 /* For compatibility */
2974 make_dev_alias(dev, "bpf0");
2978 * Zero out the various packet counters associated with all of the bpf
2979 * descriptors. At some point, we will probably want to get a bit more
2980 * granular and allow the user to specify descriptors to be zeroed.
2983 bpf_zero_counters(void)
2990 * We are protected by global lock here, interfaces and
2991 * descriptors can not be deleted while we hold it.
2993 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2994 CK_LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2995 counter_u64_zero(bd->bd_rcount);
2996 counter_u64_zero(bd->bd_dcount);
2997 counter_u64_zero(bd->bd_fcount);
2998 counter_u64_zero(bd->bd_wcount);
2999 counter_u64_zero(bd->bd_wfcount);
3000 counter_u64_zero(bd->bd_zcopy);
3007 * Fill filter statistics
3010 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
3014 bzero(d, sizeof(*d));
3015 d->bd_structsize = sizeof(*d);
3016 d->bd_immediate = bd->bd_immediate;
3017 d->bd_promisc = bd->bd_promisc;
3018 d->bd_hdrcmplt = bd->bd_hdrcmplt;
3019 d->bd_direction = bd->bd_direction;
3020 d->bd_feedback = bd->bd_feedback;
3021 d->bd_async = bd->bd_async;
3022 d->bd_rcount = counter_u64_fetch(bd->bd_rcount);
3023 d->bd_dcount = counter_u64_fetch(bd->bd_dcount);
3024 d->bd_fcount = counter_u64_fetch(bd->bd_fcount);
3025 d->bd_sig = bd->bd_sig;
3026 d->bd_slen = bd->bd_slen;
3027 d->bd_hlen = bd->bd_hlen;
3028 d->bd_bufsize = bd->bd_bufsize;
3029 d->bd_pid = bd->bd_pid;
3030 strlcpy(d->bd_ifname,
3031 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
3032 d->bd_locked = bd->bd_locked;
3033 d->bd_wcount = counter_u64_fetch(bd->bd_wcount);
3034 d->bd_wdcount = counter_u64_fetch(bd->bd_wdcount);
3035 d->bd_wfcount = counter_u64_fetch(bd->bd_wfcount);
3036 d->bd_zcopy = counter_u64_fetch(bd->bd_zcopy);
3037 d->bd_bufmode = bd->bd_bufmode;
3041 * Handle `netstat -B' stats request
3044 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
3046 static const struct xbpf_d zerostats;
3047 struct xbpf_d *xbdbuf, *xbd, tempstats;
3053 * XXX This is not technically correct. It is possible for non
3054 * privileged users to open bpf devices. It would make sense
3055 * if the users who opened the devices were able to retrieve
3056 * the statistics for them, too.
3058 error = priv_check(req->td, PRIV_NET_BPF);
3062 * Check to see if the user is requesting that the counters be
3063 * zeroed out. Explicitly check that the supplied data is zeroed,
3064 * as we aren't allowing the user to set the counters currently.
3066 if (req->newptr != NULL) {
3067 if (req->newlen != sizeof(tempstats))
3069 memset(&tempstats, 0, sizeof(tempstats));
3070 error = SYSCTL_IN(req, &tempstats, sizeof(tempstats));
3073 if (bcmp(&tempstats, &zerostats, sizeof(tempstats)) != 0)
3075 bpf_zero_counters();
3078 if (req->oldptr == NULL)
3079 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
3080 if (bpf_bpfd_cnt == 0)
3081 return (SYSCTL_OUT(req, 0, 0));
3082 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
3084 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
3086 free(xbdbuf, M_BPF);
3090 CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
3091 /* Send writers-only first */
3092 CK_LIST_FOREACH(bd, &bp->bif_wlist, bd_next) {
3093 xbd = &xbdbuf[index++];
3094 bpfstats_fill_xbpf(xbd, bd);
3096 CK_LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
3097 xbd = &xbdbuf[index++];
3098 bpfstats_fill_xbpf(xbd, bd);
3102 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
3103 free(xbdbuf, M_BPF);
3107 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL);
3109 #else /* !DEV_BPF && !NETGRAPH_BPF */
3112 * NOP stubs to allow bpf-using drivers to load and function.
3114 * A 'better' implementation would allow the core bpf functionality
3115 * to be loaded at runtime.
3119 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
3124 bpf_tap_if(if_t ifp, u_char *pkt, u_int pktlen)
3129 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
3134 bpf_mtap_if(if_t ifp, struct mbuf *m)
3139 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
3144 bpf_mtap2_if(if_t ifp, void *data, u_int dlen, struct mbuf *m)
3149 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
3152 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
3156 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
3159 *driverp = (struct bpf_if *)&dead_bpf_if;
3163 bpfdetach(struct ifnet *ifp)
3168 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
3170 return -1; /* "no filter" behaviour */
3174 bpf_validate(const struct bpf_insn *f, int len)
3176 return 0; /* false */
3179 #endif /* !DEV_BPF && !NETGRAPH_BPF */
3183 bpf_show_bpf_if(struct bpf_if *bpf_if)
3188 db_printf("%p:\n", bpf_if);
3189 #define BPF_DB_PRINTF(f, e) db_printf(" %s = " f "\n", #e, bpf_if->e);
3190 #define BPF_DB_PRINTF_RAW(f, e) db_printf(" %s = " f "\n", #e, e);
3191 /* bif_ext.bif_next */
3192 /* bif_ext.bif_dlist */
3193 BPF_DB_PRINTF("%#x", bif_dlt);
3194 BPF_DB_PRINTF("%u", bif_hdrlen);
3196 BPF_DB_PRINTF("%p", bif_ifp);
3197 BPF_DB_PRINTF("%p", bif_bpf);
3198 BPF_DB_PRINTF_RAW("%u", refcount_load(&bpf_if->bif_refcnt));
3201 DB_SHOW_COMMAND(bpf_if, db_show_bpf_if)
3205 db_printf("usage: show bpf_if <struct bpf_if *>\n");
3209 bpf_show_bpf_if((struct bpf_if *)addr);