2 * Copyright (c) 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
41 #include "opt_compat.h"
42 #include "opt_netgraph.h"
44 #include <sys/types.h>
45 #include <sys/param.h>
47 #include <sys/rwlock.h>
48 #include <sys/systm.h>
50 #include <sys/fcntl.h>
52 #include <sys/malloc.h>
57 #include <sys/signalvar.h>
58 #include <sys/filio.h>
59 #include <sys/sockio.h>
60 #include <sys/ttycom.h>
63 #include <sys/event.h>
68 #include <sys/socket.h>
73 #include <net/bpf_buffer.h>
75 #include <net/bpf_jitter.h>
77 #include <net/bpf_zerocopy.h>
78 #include <net/bpfdesc.h>
81 #include <netinet/in.h>
82 #include <netinet/if_ether.h>
83 #include <sys/kernel.h>
84 #include <sys/sysctl.h>
86 #include <net80211/ieee80211_freebsd.h>
88 #include <security/mac/mac_framework.h>
90 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
92 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
94 #define PRINET 26 /* interruptible */
96 #ifdef COMPAT_FREEBSD32
97 #include <sys/mount.h>
98 #include <compat/freebsd32/freebsd32.h>
99 #define BPF_ALIGNMENT32 sizeof(int32_t)
100 #define BPF_WORDALIGN32(x) (((x)+(BPF_ALIGNMENT32-1))&~(BPF_ALIGNMENT32-1))
103 * 32-bit version of structure prepended to each packet. We use this header
104 * instead of the standard one for 32-bit streams. We mark the a stream as
105 * 32-bit the first time we see a 32-bit compat ioctl request.
108 struct timeval32 bh_tstamp; /* time stamp */
109 uint32_t bh_caplen; /* length of captured portion */
110 uint32_t bh_datalen; /* original length of packet */
111 uint16_t bh_hdrlen; /* length of bpf header (this struct
112 plus alignment padding) */
115 struct bpf_program32 {
120 struct bpf_dltlist32 {
125 #define BIOCSETF32 _IOW('B', 103, struct bpf_program32)
126 #define BIOCSRTIMEOUT32 _IOW('B',109, struct timeval32)
127 #define BIOCGRTIMEOUT32 _IOR('B',110, struct timeval32)
128 #define BIOCGDLTLIST32 _IOWR('B',121, struct bpf_dltlist32)
129 #define BIOCSETWF32 _IOW('B',123, struct bpf_program32)
130 #define BIOCSETFNR32 _IOW('B',130, struct bpf_program32)
134 * bpf_iflist is a list of BPF interface structures, each corresponding to a
135 * specific DLT. The same network interface might have several BPF interface
136 * structures registered by different layers in the stack (i.e., 802.11
137 * frames, ethernet frames, etc).
139 static LIST_HEAD(, bpf_if) bpf_iflist;
140 static struct mtx bpf_mtx; /* bpf global lock */
141 static int bpf_bpfd_cnt;
143 static void bpf_attachd(struct bpf_d *, struct bpf_if *);
144 static void bpf_detachd(struct bpf_d *);
145 static void bpf_detachd_locked(struct bpf_d *);
146 static void bpf_freed(struct bpf_d *);
147 static int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **,
148 struct sockaddr *, int *, struct bpf_insn *);
149 static int bpf_setif(struct bpf_d *, struct ifreq *);
150 static void bpf_timed_out(void *);
152 bpf_wakeup(struct bpf_d *);
153 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int,
154 void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int),
156 static void reset_d(struct bpf_d *);
157 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
158 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
159 static int bpf_setdlt(struct bpf_d *, u_int);
160 static void filt_bpfdetach(struct knote *);
161 static int filt_bpfread(struct knote *, long);
162 static void bpf_drvinit(void *);
163 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
165 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
166 int bpf_maxinsns = BPF_MAXINSNS;
167 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
168 &bpf_maxinsns, 0, "Maximum bpf program instructions");
169 static int bpf_zerocopy_enable = 0;
170 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW,
171 &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions");
172 SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW,
173 bpf_stats_sysctl, "bpf statistics portal");
175 static VNET_DEFINE(int, bpf_optimize_writers) = 0;
176 #define V_bpf_optimize_writers VNET(bpf_optimize_writers)
177 SYSCTL_VNET_INT(_net_bpf, OID_AUTO, optimize_writers,
178 CTLFLAG_RW, &VNET_NAME(bpf_optimize_writers), 0,
179 "Do not send packets until BPF program is set");
181 static d_open_t bpfopen;
182 static d_read_t bpfread;
183 static d_write_t bpfwrite;
184 static d_ioctl_t bpfioctl;
185 static d_poll_t bpfpoll;
186 static d_kqfilter_t bpfkqfilter;
188 static struct cdevsw bpf_cdevsw = {
189 .d_version = D_VERSION,
196 .d_kqfilter = bpfkqfilter,
199 static struct filterops bpfread_filtops =
200 { 1, NULL, filt_bpfdetach, filt_bpfread };
202 eventhandler_tag bpf_ifdetach_cookie = NULL;
205 * LOCKING MODEL USED BY BPF:
207 * 1) global lock (BPF_LOCK). Mutex, used to protect interface addition/removal,
208 * some global counters and every bpf_if reference.
209 * 2) Interface lock. Rwlock, used to protect list of BPF descriptors and their filters.
210 * 3) Descriptor lock. Mutex, used to protect BPF buffers and various structure fields
211 * used by bpf_mtap code.
215 * Global lock, interface lock, descriptor lock
217 * We have to acquire interface lock before descriptor main lock due to BPF_MTAP[2]
218 * working model. In many places (like bpf_detachd) we start with BPF descriptor
219 * (and we need to at least rlock it to get reliable interface pointer). This
220 * gives us potential LOR. As a result, we use global lock to protect from bpf_if
221 * change in every such place.
223 * Changing d->bd_bif is protected by 1) global lock, 2) interface lock and
224 * 3) descriptor main wlock.
225 * Reading bd_bif can be protected by any of these locks, typically global lock.
227 * Changing read/write BPF filter is protected by the same three locks,
228 * the same applies for reading.
230 * Sleeping in global lock is not allowed due to bpfdetach() using it.
234 * Wrapper functions for various buffering methods. If the set of buffer
235 * modes expands, we will probably want to introduce a switch data structure
236 * similar to protosw, et.
239 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
245 switch (d->bd_bufmode) {
246 case BPF_BUFMODE_BUFFER:
247 return (bpf_buffer_append_bytes(d, buf, offset, src, len));
249 case BPF_BUFMODE_ZBUF:
251 return (bpf_zerocopy_append_bytes(d, buf, offset, src, len));
254 panic("bpf_buf_append_bytes");
259 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
265 switch (d->bd_bufmode) {
266 case BPF_BUFMODE_BUFFER:
267 return (bpf_buffer_append_mbuf(d, buf, offset, src, len));
269 case BPF_BUFMODE_ZBUF:
271 return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len));
274 panic("bpf_buf_append_mbuf");
279 * This function gets called when the free buffer is re-assigned.
282 bpf_buf_reclaimed(struct bpf_d *d)
287 switch (d->bd_bufmode) {
288 case BPF_BUFMODE_BUFFER:
291 case BPF_BUFMODE_ZBUF:
292 bpf_zerocopy_buf_reclaimed(d);
296 panic("bpf_buf_reclaimed");
301 * If the buffer mechanism has a way to decide that a held buffer can be made
302 * free, then it is exposed via the bpf_canfreebuf() interface. (1) is
303 * returned if the buffer can be discarded, (0) is returned if it cannot.
306 bpf_canfreebuf(struct bpf_d *d)
311 switch (d->bd_bufmode) {
312 case BPF_BUFMODE_ZBUF:
313 return (bpf_zerocopy_canfreebuf(d));
319 * Allow the buffer model to indicate that the current store buffer is
320 * immutable, regardless of the appearance of space. Return (1) if the
321 * buffer is writable, and (0) if not.
324 bpf_canwritebuf(struct bpf_d *d)
328 switch (d->bd_bufmode) {
329 case BPF_BUFMODE_ZBUF:
330 return (bpf_zerocopy_canwritebuf(d));
336 * Notify buffer model that an attempt to write to the store buffer has
337 * resulted in a dropped packet, in which case the buffer may be considered
341 bpf_buffull(struct bpf_d *d)
346 switch (d->bd_bufmode) {
347 case BPF_BUFMODE_ZBUF:
348 bpf_zerocopy_buffull(d);
354 * Notify the buffer model that a buffer has moved into the hold position.
357 bpf_bufheld(struct bpf_d *d)
362 switch (d->bd_bufmode) {
363 case BPF_BUFMODE_ZBUF:
364 bpf_zerocopy_bufheld(d);
370 bpf_free(struct bpf_d *d)
373 switch (d->bd_bufmode) {
374 case BPF_BUFMODE_BUFFER:
375 return (bpf_buffer_free(d));
377 case BPF_BUFMODE_ZBUF:
378 return (bpf_zerocopy_free(d));
381 panic("bpf_buf_free");
386 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio)
389 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
391 return (bpf_buffer_uiomove(d, buf, len, uio));
395 bpf_ioctl_sblen(struct bpf_d *d, u_int *i)
398 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
400 return (bpf_buffer_ioctl_sblen(d, i));
404 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i)
407 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
409 return (bpf_zerocopy_ioctl_getzmax(td, d, i));
413 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
416 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
418 return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz));
422 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
425 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
427 return (bpf_zerocopy_ioctl_setzbuf(td, d, bz));
431 * General BPF functions.
434 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
435 struct sockaddr *sockp, int *hdrlen, struct bpf_insn *wfilter)
437 const struct ieee80211_bpf_params *p;
438 struct ether_header *eh;
446 * Build a sockaddr based on the data link layer type.
447 * We do this at this level because the ethernet header
448 * is copied directly into the data field of the sockaddr.
449 * In the case of SLIP, there is no header and the packet
450 * is forwarded as is.
451 * Also, we are careful to leave room at the front of the mbuf
452 * for the link level header.
457 sockp->sa_family = AF_INET;
462 sockp->sa_family = AF_UNSPEC;
463 /* XXX Would MAXLINKHDR be better? */
464 hlen = ETHER_HDR_LEN;
468 sockp->sa_family = AF_IMPLINK;
473 sockp->sa_family = AF_UNSPEC;
479 * null interface types require a 4 byte pseudo header which
480 * corresponds to the address family of the packet.
482 sockp->sa_family = AF_UNSPEC;
486 case DLT_ATM_RFC1483:
488 * en atm driver requires 4-byte atm pseudo header.
489 * though it isn't standard, vpi:vci needs to be
492 sockp->sa_family = AF_UNSPEC;
493 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
497 sockp->sa_family = AF_UNSPEC;
498 hlen = 4; /* This should match PPP_HDRLEN */
501 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
502 sockp->sa_family = AF_IEEE80211;
506 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */
507 sockp->sa_family = AF_IEEE80211;
508 sockp->sa_len = 12; /* XXX != 0 */
509 hlen = sizeof(struct ieee80211_bpf_params);
516 len = uio->uio_resid;
518 if (len - hlen > ifp->if_mtu)
521 if ((unsigned)len > MJUM16BYTES)
525 MGETHDR(m, M_WAIT, MT_DATA);
526 else if (len <= MCLBYTES)
527 m = m_getcl(M_WAIT, MT_DATA, M_PKTHDR);
529 m = m_getjcl(M_WAIT, MT_DATA, M_PKTHDR,
530 #if (MJUMPAGESIZE > MCLBYTES)
531 len <= MJUMPAGESIZE ? MJUMPAGESIZE :
533 (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
534 m->m_pkthdr.len = m->m_len = len;
535 m->m_pkthdr.rcvif = NULL;
538 if (m->m_len < hlen) {
543 error = uiomove(mtod(m, u_char *), len, uio);
547 slen = bpf_filter(wfilter, mtod(m, u_char *), len, len);
553 /* Check for multicast destination */
556 eh = mtod(m, struct ether_header *);
557 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
558 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
559 ETHER_ADDR_LEN) == 0)
560 m->m_flags |= M_BCAST;
562 m->m_flags |= M_MCAST;
568 * Make room for link header, and copy it to sockaddr
571 if (sockp->sa_family == AF_IEEE80211) {
573 * Collect true length from the parameter header
574 * NB: sockp is known to be zero'd so if we do a
575 * short copy unspecified parameters will be
577 * NB: packet may not be aligned after stripping
581 p = mtod(m, const struct ieee80211_bpf_params *);
583 if (hlen > sizeof(sockp->sa_data)) {
588 bcopy(m->m_data, sockp->sa_data, hlen);
599 * Attach file to the bpf interface, i.e. make d listen on bp.
602 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
609 * Save sysctl value to protect from sysctl change
612 op_w = V_bpf_optimize_writers;
614 if (d->bd_bif != NULL)
615 bpf_detachd_locked(d);
617 * Point d at bp, and add d to the interface's list.
618 * Since there are many applicaiotns using BPF for
619 * sending raw packets only (dhcpd, cdpd are good examples)
620 * we can delay adding d to the list of active listeners until
621 * some filter is configured.
630 /* Add to writers-only list */
631 LIST_INSERT_HEAD(&bp->bif_wlist, d, bd_next);
633 * We decrement bd_writer on every filter set operation.
634 * First BIOCSETF is done by pcap_open_live() to set up
635 * snap length. After that appliation usually sets its own filter
639 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
646 CTR3(KTR_NET, "%s: bpf_attach called by pid %d, adding to %s list",
647 __func__, d->bd_pid, d->bd_writer ? "writer" : "active");
650 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
654 * Add d to the list of active bp filters.
655 * Reuqires bpf_attachd() to be called before
658 bpf_upgraded(struct bpf_d *d)
667 * Filter can be set several times without specifying interface.
668 * Mark d as reader and exit.
680 /* Remove from writers-only list */
681 LIST_REMOVE(d, bd_next);
682 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
683 /* Mark d as reader */
689 CTR2(KTR_NET, "%s: upgrade required by pid %d", __func__, d->bd_pid);
691 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
695 * Detach a file from its interface.
698 bpf_detachd(struct bpf_d *d)
701 bpf_detachd_locked(d);
706 bpf_detachd_locked(struct bpf_d *d)
712 CTR2(KTR_NET, "%s: detach required by pid %d", __func__, d->bd_pid);
716 /* Check if descriptor is attached */
717 if ((bp = d->bd_bif) == NULL)
723 /* Save bd_writer value */
724 error = d->bd_writer;
727 * Remove d from the interface's descriptor list.
729 LIST_REMOVE(d, bd_next);
738 /* Call event handler iff d is attached */
740 EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0);
743 * Check if this descriptor had requested promiscuous mode.
744 * If so, turn it off.
748 CURVNET_SET(ifp->if_vnet);
749 error = ifpromisc(ifp, 0);
751 if (error != 0 && error != ENXIO) {
753 * ENXIO can happen if a pccard is unplugged
754 * Something is really wrong if we were able to put
755 * the driver into promiscuous mode, but can't
758 if_printf(bp->bif_ifp,
759 "bpf_detach: ifpromisc failed (%d)\n", error);
765 * Close the descriptor by detaching it from its interface,
766 * deallocating its buffers, and marking it free.
771 struct bpf_d *d = data;
774 if (d->bd_state == BPF_WAITING)
775 callout_stop(&d->bd_callout);
776 d->bd_state = BPF_IDLE;
778 funsetown(&d->bd_sigio);
781 mac_bpfdesc_destroy(d);
783 seldrain(&d->bd_sel);
784 knlist_destroy(&d->bd_sel.si_note);
785 callout_drain(&d->bd_callout);
791 * Open ethernet device. Returns ENXIO for illegal minor device number,
792 * EBUSY if file is open by another process.
796 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
801 d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
802 error = devfs_set_cdevpriv(d, bpf_dtor);
809 * For historical reasons, perform a one-time initialization call to
810 * the buffer routines, even though we're not yet committed to a
811 * particular buffer method.
814 d->bd_bufmode = BPF_BUFMODE_BUFFER;
816 d->bd_direction = BPF_D_INOUT;
817 BPF_PID_REFRESH(d, td);
820 mac_bpfdesc_create(td->td_ucred, d);
822 mtx_init(&d->bd_lock, devtoname(dev), "bpf cdev lock", MTX_DEF);
823 callout_init_mtx(&d->bd_callout, &d->bd_lock, 0);
824 knlist_init_mtx(&d->bd_sel.si_note, &d->bd_lock);
826 /* Allocate default buffers */
827 size = d->bd_bufsize;
828 bpf_buffer_ioctl_sblen(d, &size);
834 * bpfread - read next chunk of packets from buffers
837 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
844 error = devfs_get_cdevpriv((void **)&d);
849 * Restrict application to use a buffer the same size as
852 if (uio->uio_resid != d->bd_bufsize)
855 non_block = ((ioflag & O_NONBLOCK) != 0);
858 BPF_PID_REFRESH_CUR(d);
859 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) {
863 if (d->bd_state == BPF_WAITING)
864 callout_stop(&d->bd_callout);
865 timed_out = (d->bd_state == BPF_TIMED_OUT);
866 d->bd_state = BPF_IDLE;
868 * If the hold buffer is empty, then do a timed sleep, which
869 * ends when the timeout expires or when enough packets
870 * have arrived to fill the store buffer.
872 while (d->bd_hbuf == NULL) {
873 if (d->bd_slen != 0) {
875 * A packet(s) either arrived since the previous
876 * read or arrived while we were asleep.
878 if (d->bd_immediate || non_block || timed_out) {
880 * Rotate the buffers and return what's here
881 * if we are in immediate mode, non-blocking
882 * flag is set, or this descriptor timed out.
890 * No data is available, check to see if the bpf device
891 * is still pointed at a real interface. If not, return
892 * ENXIO so that the userland process knows to rebind
893 * it before using it again.
895 if (d->bd_bif == NULL) {
902 return (EWOULDBLOCK);
904 error = msleep(d, &d->bd_lock, PRINET|PCATCH,
906 if (error == EINTR || error == ERESTART) {
910 if (error == EWOULDBLOCK) {
912 * On a timeout, return what's in the buffer,
913 * which may be nothing. If there is something
914 * in the store buffer, we can rotate the buffers.
918 * We filled up the buffer in between
919 * getting the timeout and arriving
920 * here, so we don't need to rotate.
924 if (d->bd_slen == 0) {
933 * At this point, we know we have something in the hold slot.
938 * Move data from hold buffer into user space.
939 * We know the entire buffer is transferred since
940 * we checked above that the read buffer is bpf_bufsize bytes.
942 * XXXRW: More synchronization needed here: what if a second thread
943 * issues a read on the same fd at the same time? Don't want this
944 * getting invalidated.
946 error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio);
949 d->bd_fbuf = d->bd_hbuf;
952 bpf_buf_reclaimed(d);
959 * If there are processes sleeping on this descriptor, wake them up.
962 bpf_wakeup(struct bpf_d *d)
966 if (d->bd_state == BPF_WAITING) {
967 callout_stop(&d->bd_callout);
968 d->bd_state = BPF_IDLE;
971 if (d->bd_async && d->bd_sig && d->bd_sigio)
972 pgsigio(&d->bd_sigio, d->bd_sig, 0);
974 selwakeuppri(&d->bd_sel, PRINET);
975 KNOTE_LOCKED(&d->bd_sel.si_note, 0);
979 bpf_timed_out(void *arg)
981 struct bpf_d *d = (struct bpf_d *)arg;
985 if (callout_pending(&d->bd_callout) || !callout_active(&d->bd_callout))
987 if (d->bd_state == BPF_WAITING) {
988 d->bd_state = BPF_TIMED_OUT;
995 bpf_ready(struct bpf_d *d)
1000 if (!bpf_canfreebuf(d) && d->bd_hlen != 0)
1002 if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1009 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
1013 struct mbuf *m, *mc;
1014 struct sockaddr dst;
1017 error = devfs_get_cdevpriv((void **)&d);
1021 BPF_PID_REFRESH_CUR(d);
1023 /* XXX: locking required */
1024 if (d->bd_bif == NULL) {
1029 ifp = d->bd_bif->bif_ifp;
1031 if ((ifp->if_flags & IFF_UP) == 0) {
1036 if (uio->uio_resid == 0) {
1041 bzero(&dst, sizeof(dst));
1044 /* XXX: bpf_movein() can sleep */
1045 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp,
1046 &m, &dst, &hlen, d->bd_wfilter);
1053 dst.sa_family = pseudo_AF_HDRCMPLT;
1055 if (d->bd_feedback) {
1056 mc = m_dup(m, M_DONTWAIT);
1058 mc->m_pkthdr.rcvif = ifp;
1059 /* Set M_PROMISC for outgoing packets to be discarded. */
1060 if (d->bd_direction == BPF_D_INOUT)
1061 m->m_flags |= M_PROMISC;
1065 m->m_pkthdr.len -= hlen;
1067 m->m_data += hlen; /* XXX */
1069 CURVNET_SET(ifp->if_vnet);
1072 mac_bpfdesc_create_mbuf(d, m);
1074 mac_bpfdesc_create_mbuf(d, mc);
1078 error = (*ifp->if_output)(ifp, m, &dst, NULL);
1084 (*ifp->if_input)(ifp, mc);
1094 * Reset a descriptor by flushing its packet buffer and clearing the receive
1095 * and drop counts. This is doable for kernel-only buffers, but with
1096 * zero-copy buffers, we can't write to (or rotate) buffers that are
1097 * currently owned by userspace. It would be nice if we could encapsulate
1098 * this logic in the buffer code rather than here.
1101 reset_d(struct bpf_d *d)
1104 BPFD_LOCK_ASSERT(d);
1106 if ((d->bd_hbuf != NULL) &&
1107 (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) {
1108 /* Free the hold buffer. */
1109 d->bd_fbuf = d->bd_hbuf;
1112 bpf_buf_reclaimed(d);
1114 if (bpf_canwritebuf(d))
1126 * FIONREAD Check for read packet available.
1127 * SIOCGIFADDR Get interface address - convenient hook to driver.
1128 * BIOCGBLEN Get buffer len [for read()].
1129 * BIOCSETF Set read filter.
1130 * BIOCSETFNR Set read filter without resetting descriptor.
1131 * BIOCSETWF Set write filter.
1132 * BIOCFLUSH Flush read packet buffer.
1133 * BIOCPROMISC Put interface into promiscuous mode.
1134 * BIOCGDLT Get link layer type.
1135 * BIOCGETIF Get interface name.
1136 * BIOCSETIF Set interface.
1137 * BIOCSRTIMEOUT Set read timeout.
1138 * BIOCGRTIMEOUT Get read timeout.
1139 * BIOCGSTATS Get packet stats.
1140 * BIOCIMMEDIATE Set immediate mode.
1141 * BIOCVERSION Get filter language version.
1142 * BIOCGHDRCMPLT Get "header already complete" flag
1143 * BIOCSHDRCMPLT Set "header already complete" flag
1144 * BIOCGDIRECTION Get packet direction flag
1145 * BIOCSDIRECTION Set packet direction flag
1146 * BIOCLOCK Set "locked" flag
1147 * BIOCFEEDBACK Set packet feedback mode.
1148 * BIOCSETZBUF Set current zero-copy buffer locations.
1149 * BIOCGETZMAX Get maximum zero-copy buffer size.
1150 * BIOCROTZBUF Force rotation of zero-copy buffer
1151 * BIOCSETBUFMODE Set buffer mode.
1152 * BIOCGETBUFMODE Get current buffer mode.
1156 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
1162 error = devfs_get_cdevpriv((void **)&d);
1167 * Refresh PID associated with this descriptor.
1170 BPF_PID_REFRESH(d, td);
1171 if (d->bd_state == BPF_WAITING)
1172 callout_stop(&d->bd_callout);
1173 d->bd_state = BPF_IDLE;
1176 if (d->bd_locked == 1) {
1182 #ifdef COMPAT_FREEBSD32
1183 case BIOCGDLTLIST32:
1187 #ifdef COMPAT_FREEBSD32
1188 case BIOCGRTIMEOUT32:
1198 #ifdef COMPAT_FREEBSD32
1199 case BIOCSRTIMEOUT32:
1209 #ifdef COMPAT_FREEBSD32
1211 * If we see a 32-bit compat ioctl, mark the stream as 32-bit so
1212 * that it will get 32-bit packet headers.
1218 case BIOCGDLTLIST32:
1219 case BIOCGRTIMEOUT32:
1220 case BIOCSRTIMEOUT32:
1227 CURVNET_SET(TD_TO_VNET(td));
1235 * Check for read packet available.
1255 if (d->bd_bif == NULL)
1258 ifp = d->bd_bif->bif_ifp;
1259 error = (*ifp->if_ioctl)(ifp, cmd, addr);
1265 * Get buffer len [for read()].
1269 *(u_int *)addr = d->bd_bufsize;
1274 * Set buffer length.
1277 error = bpf_ioctl_sblen(d, (u_int *)addr);
1281 * Set link layer read filter.
1286 #ifdef COMPAT_FREEBSD32
1291 error = bpf_setf(d, (struct bpf_program *)addr, cmd);
1295 * Flush read packet buffer.
1304 * Put interface into promiscuous mode.
1307 if (d->bd_bif == NULL) {
1309 * No interface attached yet.
1314 if (d->bd_promisc == 0) {
1315 error = ifpromisc(d->bd_bif->bif_ifp, 1);
1322 * Get current data link type.
1326 if (d->bd_bif == NULL)
1329 *(u_int *)addr = d->bd_bif->bif_dlt;
1334 * Get a list of supported data link types.
1336 #ifdef COMPAT_FREEBSD32
1337 case BIOCGDLTLIST32:
1339 struct bpf_dltlist32 *list32;
1340 struct bpf_dltlist dltlist;
1342 list32 = (struct bpf_dltlist32 *)addr;
1343 dltlist.bfl_len = list32->bfl_len;
1344 dltlist.bfl_list = PTRIN(list32->bfl_list);
1346 if (d->bd_bif == NULL)
1349 error = bpf_getdltlist(d, &dltlist);
1351 list32->bfl_len = dltlist.bfl_len;
1360 if (d->bd_bif == NULL)
1363 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
1368 * Set data link type.
1372 if (d->bd_bif == NULL)
1375 error = bpf_setdlt(d, *(u_int *)addr);
1380 * Get interface name.
1384 if (d->bd_bif == NULL)
1387 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1388 struct ifreq *const ifr = (struct ifreq *)addr;
1390 strlcpy(ifr->ifr_name, ifp->if_xname,
1391 sizeof(ifr->ifr_name));
1401 error = bpf_setif(d, (struct ifreq *)addr);
1409 #ifdef COMPAT_FREEBSD32
1410 case BIOCSRTIMEOUT32:
1413 struct timeval *tv = (struct timeval *)addr;
1414 #ifdef COMPAT_FREEBSD32
1415 struct timeval32 *tv32;
1416 struct timeval tv64;
1418 if (cmd == BIOCSRTIMEOUT32) {
1419 tv32 = (struct timeval32 *)addr;
1421 tv->tv_sec = tv32->tv_sec;
1422 tv->tv_usec = tv32->tv_usec;
1425 tv = (struct timeval *)addr;
1428 * Subtract 1 tick from tvtohz() since this isn't
1431 if ((error = itimerfix(tv)) == 0)
1432 d->bd_rtout = tvtohz(tv) - 1;
1440 #ifdef COMPAT_FREEBSD32
1441 case BIOCGRTIMEOUT32:
1445 #ifdef COMPAT_FREEBSD32
1446 struct timeval32 *tv32;
1447 struct timeval tv64;
1449 if (cmd == BIOCGRTIMEOUT32)
1453 tv = (struct timeval *)addr;
1455 tv->tv_sec = d->bd_rtout / hz;
1456 tv->tv_usec = (d->bd_rtout % hz) * tick;
1457 #ifdef COMPAT_FREEBSD32
1458 if (cmd == BIOCGRTIMEOUT32) {
1459 tv32 = (struct timeval32 *)addr;
1460 tv32->tv_sec = tv->tv_sec;
1461 tv32->tv_usec = tv->tv_usec;
1473 struct bpf_stat *bs = (struct bpf_stat *)addr;
1475 /* XXXCSJP overflow */
1476 bs->bs_recv = d->bd_rcount;
1477 bs->bs_drop = d->bd_dcount;
1482 * Set immediate mode.
1486 d->bd_immediate = *(u_int *)addr;
1492 struct bpf_version *bv = (struct bpf_version *)addr;
1494 bv->bv_major = BPF_MAJOR_VERSION;
1495 bv->bv_minor = BPF_MINOR_VERSION;
1500 * Get "header already complete" flag
1504 *(u_int *)addr = d->bd_hdrcmplt;
1509 * Set "header already complete" flag
1513 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1518 * Get packet direction flag
1520 case BIOCGDIRECTION:
1522 *(u_int *)addr = d->bd_direction;
1527 * Set packet direction flag
1529 case BIOCSDIRECTION:
1533 direction = *(u_int *)addr;
1534 switch (direction) {
1539 d->bd_direction = direction;
1550 d->bd_feedback = *(u_int *)addr;
1560 case FIONBIO: /* Non-blocking I/O */
1563 case FIOASYNC: /* Send signal on receive packets */
1565 d->bd_async = *(int *)addr;
1571 * XXX: Add some sort of locking here?
1572 * fsetown() can sleep.
1574 error = fsetown(*(int *)addr, &d->bd_sigio);
1579 *(int *)addr = fgetown(&d->bd_sigio);
1583 /* This is deprecated, FIOSETOWN should be used instead. */
1585 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1588 /* This is deprecated, FIOGETOWN should be used instead. */
1590 *(int *)addr = -fgetown(&d->bd_sigio);
1593 case BIOCSRSIG: /* Set receive signal */
1597 sig = *(u_int *)addr;
1610 *(u_int *)addr = d->bd_sig;
1614 case BIOCGETBUFMODE:
1616 *(u_int *)addr = d->bd_bufmode;
1620 case BIOCSETBUFMODE:
1622 * Allow the buffering mode to be changed as long as we
1623 * haven't yet committed to a particular mode. Our
1624 * definition of commitment, for now, is whether or not a
1625 * buffer has been allocated or an interface attached, since
1626 * that's the point where things get tricky.
1628 switch (*(u_int *)addr) {
1629 case BPF_BUFMODE_BUFFER:
1632 case BPF_BUFMODE_ZBUF:
1633 if (bpf_zerocopy_enable)
1643 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL ||
1644 d->bd_fbuf != NULL || d->bd_bif != NULL) {
1649 d->bd_bufmode = *(u_int *)addr;
1654 error = bpf_ioctl_getzmax(td, d, (size_t *)addr);
1658 error = bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr);
1662 error = bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr);
1670 * Set d's packet filter program to fp. If this file already has a filter,
1671 * free it and replace it. Returns EINVAL for bogus requests.
1673 * Note we need global lock here to serialize bpf_setf() and bpf_setif() calls
1674 * since reading d->bd_bif can't be protected by d or interface lock due to
1677 * Additionally, we have to acquire interface write lock due to bpf_mtap() uses
1678 * interface read lock to read all filers.
1682 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
1684 #ifdef COMPAT_FREEBSD32
1685 struct bpf_program fp_swab;
1686 struct bpf_program32 *fp32;
1688 struct bpf_insn *fcode, *old;
1690 bpf_jit_filter *jfunc, *ofunc;
1696 #ifdef COMPAT_FREEBSD32
1701 fp32 = (struct bpf_program32 *)fp;
1702 fp_swab.bf_len = fp32->bf_len;
1703 fp_swab.bf_insns = (struct bpf_insn *)(uintptr_t)fp32->bf_insns;
1719 jfunc = ofunc = NULL;
1724 * Check new filter validness before acquiring any locks.
1725 * Allocate memory for new filter, if needed.
1728 if (flen > bpf_maxinsns || (fp->bf_insns == NULL && flen != 0))
1730 size = flen * sizeof(*fp->bf_insns);
1732 /* We're setting up new filter. Copy and check actual data. */
1733 fcode = malloc(size, M_BPF, M_WAITOK);
1734 if (copyin(fp->bf_insns, fcode, size) != 0 ||
1735 !bpf_validate(fcode, flen)) {
1740 /* Filter is copied inside fcode and is perfectly valid. */
1741 jfunc = bpf_jitter(fcode, flen);
1748 * Set up new filter.
1749 * Protect filter change by interface lock.
1750 * Additionally, we are protected by global lock here.
1752 if (d->bd_bif != NULL)
1753 BPFIF_WLOCK(d->bd_bif);
1755 if (cmd == BIOCSETWF) {
1756 old = d->bd_wfilter;
1757 d->bd_wfilter = fcode;
1759 old = d->bd_rfilter;
1760 d->bd_rfilter = fcode;
1762 ofunc = d->bd_bfilter;
1763 d->bd_bfilter = jfunc;
1765 if (cmd == BIOCSETF)
1768 if (fcode != NULL) {
1770 * Do not require upgrade by first BIOCSETF
1771 * (used to set snaplen) by pcap_open_live().
1773 if (d->bd_writer != 0 && --d->bd_writer == 0)
1775 CTR4(KTR_NET, "%s: filter function set by pid %d, "
1776 "bd_writer counter %d, need_upgrade %d",
1777 __func__, d->bd_pid, d->bd_writer, need_upgrade);
1781 if (d->bd_bif != NULL)
1782 BPFIF_WUNLOCK(d->bd_bif);
1787 bpf_destroy_jit_filter(ofunc);
1790 /* Move d to active readers list. */
1799 * Detach a file from its current interface (if attached at all) and attach
1800 * to the interface indicated by the name stored in ifr.
1801 * Return an errno or 0.
1804 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
1807 struct ifnet *theywant;
1811 theywant = ifunit(ifr->ifr_name);
1812 if (theywant == NULL || theywant->if_bpf == NULL)
1815 bp = theywant->if_bpf;
1817 /* Check if interface is not being detached from BPF */
1819 if (bp->flags & BPFIF_FLAG_DYING) {
1826 * Behavior here depends on the buffering model. If we're using
1827 * kernel memory buffers, then we can allocate them here. If we're
1828 * using zero-copy, then the user process must have registered
1829 * buffers by the time we get here. If not, return an error.
1831 switch (d->bd_bufmode) {
1832 case BPF_BUFMODE_BUFFER:
1833 case BPF_BUFMODE_ZBUF:
1834 if (d->bd_sbuf == NULL)
1839 panic("bpf_setif: bufmode %d", d->bd_bufmode);
1841 if (bp != d->bd_bif)
1850 * Support for select() and poll() system calls
1852 * Return true iff the specific operation will not block indefinitely.
1853 * Otherwise, return false but make a note that a selwakeup() must be done.
1856 bpfpoll(struct cdev *dev, int events, struct thread *td)
1861 if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL)
1863 (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
1866 * Refresh PID associated with this descriptor.
1868 revents = events & (POLLOUT | POLLWRNORM);
1870 BPF_PID_REFRESH(d, td);
1871 if (events & (POLLIN | POLLRDNORM)) {
1873 revents |= events & (POLLIN | POLLRDNORM);
1875 selrecord(td, &d->bd_sel);
1876 /* Start the read timeout if necessary. */
1877 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1878 callout_reset(&d->bd_callout, d->bd_rtout,
1880 d->bd_state = BPF_WAITING;
1889 * Support for kevent() system call. Register EVFILT_READ filters and
1890 * reject all others.
1893 bpfkqfilter(struct cdev *dev, struct knote *kn)
1897 if (devfs_get_cdevpriv((void **)&d) != 0 ||
1898 kn->kn_filter != EVFILT_READ)
1902 * Refresh PID associated with this descriptor.
1905 BPF_PID_REFRESH_CUR(d);
1906 kn->kn_fop = &bpfread_filtops;
1908 knlist_add(&d->bd_sel.si_note, kn, 1);
1915 filt_bpfdetach(struct knote *kn)
1917 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1919 knlist_remove(&d->bd_sel.si_note, kn, 0);
1923 filt_bpfread(struct knote *kn, long hint)
1925 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1928 BPFD_LOCK_ASSERT(d);
1929 ready = bpf_ready(d);
1931 kn->kn_data = d->bd_slen;
1933 kn->kn_data += d->bd_hlen;
1934 } else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1935 callout_reset(&d->bd_callout, d->bd_rtout,
1937 d->bd_state = BPF_WAITING;
1944 * Incoming linkage from device drivers. Process the packet pkt, of length
1945 * pktlen, which is stored in a contiguous buffer. The packet is parsed
1946 * by each process' filter, and if accepted, stashed into the corresponding
1950 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
1964 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1966 * We are not using any locks for d here because:
1967 * 1) any filter change is protected by interface
1969 * 2) destroying/detaching d is protected by interface
1973 /* XXX: Do not protect counter for the sake of performance. */
1976 * NB: We dont call BPF_CHECK_DIRECTION() here since there is no
1977 * way for the caller to indiciate to us whether this packet
1978 * is inbound or outbound. In the bpf_mtap() routines, we use
1979 * the interface pointers on the mbuf to figure it out.
1982 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
1984 slen = (*(bf->func))(pkt, pktlen, pktlen);
1987 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
1990 * Filter matches. Let's to acquire write lock.
2000 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2002 catchpacket(d, pkt, pktlen, slen,
2003 bpf_append_bytes, &tv);
2010 #define BPF_CHECK_DIRECTION(d, r, i) \
2011 (((d)->bd_direction == BPF_D_IN && (r) != (i)) || \
2012 ((d)->bd_direction == BPF_D_OUT && (r) == (i)))
2015 * Incoming linkage from device drivers, when packet is in an mbuf chain.
2016 * Locking model is explained in bpf_tap().
2019 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2029 /* Skip outgoing duplicate packets. */
2030 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
2031 m->m_flags &= ~M_PROMISC;
2037 pktlen = m_length(m, NULL);
2041 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2042 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
2046 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
2047 /* XXX We cannot handle multiple mbufs. */
2048 if (bf != NULL && m->m_next == NULL)
2049 slen = (*(bf->func))(mtod(m, u_char *), pktlen, pktlen);
2052 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
2062 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2064 catchpacket(d, (u_char *)m, pktlen, slen,
2065 bpf_append_mbuf, &tv);
2073 * Incoming linkage from device drivers, when packet is in
2074 * an mbuf chain and to be prepended by a contiguous header.
2077 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
2085 /* Skip outgoing duplicate packets. */
2086 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
2087 m->m_flags &= ~M_PROMISC;
2093 pktlen = m_length(m, NULL);
2095 * Craft on-stack mbuf suitable for passing to bpf_filter.
2096 * Note that we cut corners here; we only setup what's
2097 * absolutely needed--this mbuf should never go anywhere else.
2107 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2108 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
2111 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
2121 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2123 catchpacket(d, (u_char *)&mb, pktlen, slen,
2124 bpf_append_mbuf, &tv);
2131 #undef BPF_CHECK_DIRECTION
2134 * Move the packet data from interface memory (pkt) into the
2135 * store buffer. "cpfn" is the routine called to do the actual data
2136 * transfer. bcopy is passed in to copy contiguous chunks, while
2137 * bpf_append_mbuf is passed in to copy mbuf chains. In the latter case,
2138 * pkt is really an mbuf.
2141 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
2142 void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int),
2146 #ifdef COMPAT_FREEBSD32
2147 struct bpf_hdr32 hdr32;
2150 int hdrlen = d->bd_bif->bif_hdrlen;
2153 BPFD_LOCK_ASSERT(d);
2156 * Detect whether user space has released a buffer back to us, and if
2157 * so, move it from being a hold buffer to a free buffer. This may
2158 * not be the best place to do it (for example, we might only want to
2159 * run this check if we need the space), but for now it's a reliable
2162 if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) {
2163 d->bd_fbuf = d->bd_hbuf;
2166 bpf_buf_reclaimed(d);
2170 * Figure out how many bytes to move. If the packet is
2171 * greater or equal to the snapshot length, transfer that
2172 * much. Otherwise, transfer the whole packet (unless
2173 * we hit the buffer size limit).
2175 totlen = hdrlen + min(snaplen, pktlen);
2176 if (totlen > d->bd_bufsize)
2177 totlen = d->bd_bufsize;
2180 * Round up the end of the previous packet to the next longword.
2182 * Drop the packet if there's no room and no hope of room
2183 * If the packet would overflow the storage buffer or the storage
2184 * buffer is considered immutable by the buffer model, try to rotate
2185 * the buffer and wakeup pending processes.
2187 #ifdef COMPAT_FREEBSD32
2189 curlen = BPF_WORDALIGN32(d->bd_slen);
2192 curlen = BPF_WORDALIGN(d->bd_slen);
2193 if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) {
2194 if (d->bd_fbuf == NULL) {
2196 * There's no room in the store buffer, and no
2197 * prospect of room, so drop the packet. Notify the
2207 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
2209 * Immediate mode is set, or the read timeout has already
2210 * expired during a select call. A packet arrived, so the
2211 * reader should be woken up.
2214 #ifdef COMPAT_FREEBSD32
2216 * If this is a 32-bit stream, then stick a 32-bit header at the
2217 * front and copy the data into the buffer.
2219 if (d->bd_compat32) {
2220 bzero(&hdr32, sizeof(hdr32));
2221 hdr32.bh_tstamp.tv_sec = tv->tv_sec;
2222 hdr32.bh_tstamp.tv_usec = tv->tv_usec;
2223 hdr32.bh_datalen = pktlen;
2224 hdr32.bh_hdrlen = hdrlen;
2225 hdr.bh_caplen = hdr32.bh_caplen = totlen - hdrlen;
2226 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr32, sizeof(hdr32));
2232 * Append the bpf header. Note we append the actual header size, but
2233 * move forward the length of the header plus padding.
2235 bzero(&hdr, sizeof(hdr));
2236 hdr.bh_tstamp = *tv;
2237 hdr.bh_datalen = pktlen;
2238 hdr.bh_hdrlen = hdrlen;
2239 hdr.bh_caplen = totlen - hdrlen;
2240 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr));
2243 * Copy the packet data into the store buffer and update its length.
2245 #ifdef COMPAT_FREEBSD32
2248 (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, hdr.bh_caplen);
2249 d->bd_slen = curlen + totlen;
2256 * Free buffers currently in use by a descriptor.
2260 bpf_freed(struct bpf_d *d)
2264 * We don't need to lock out interrupts since this descriptor has
2265 * been detached from its interface and it yet hasn't been marked
2269 if (d->bd_rfilter != NULL) {
2270 free((caddr_t)d->bd_rfilter, M_BPF);
2272 if (d->bd_bfilter != NULL)
2273 bpf_destroy_jit_filter(d->bd_bfilter);
2276 if (d->bd_wfilter != NULL)
2277 free((caddr_t)d->bd_wfilter, M_BPF);
2278 mtx_destroy(&d->bd_lock);
2282 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the
2283 * fixed size of the link header (variable length headers not yet supported).
2286 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2289 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2293 * Attach an interface to bpf. ifp is a pointer to the structure
2294 * defining the interface to be attached, dlt is the link layer type,
2295 * and hdrlen is the fixed size of the link header (variable length
2296 * headers are not yet supporrted).
2299 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
2303 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
2307 LIST_INIT(&bp->bif_dlist);
2308 LIST_INIT(&bp->bif_wlist);
2311 rw_init(&bp->bif_lock, "bpf interface lock");
2312 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
2316 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
2320 * Compute the length of the bpf header. This is not necessarily
2321 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
2322 * that the network layer header begins on a longword boundary (for
2323 * performance reasons and to alleviate alignment restrictions).
2325 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
2328 if_printf(ifp, "bpf attached\n");
2332 * Detach bpf from an interface. This involves detaching each descriptor
2333 * associated with the interface. Notify each descriptor as it's detached
2334 * so that any sleepers wake up and get ENXIO.
2337 bpfdetach(struct ifnet *ifp)
2348 /* Find all bpf_if struct's which reference ifp and detach them. */
2350 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2351 if (ifp == bp->bif_ifp)
2355 LIST_REMOVE(bp, bif_next);
2361 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
2362 bpf_detachd_locked(d);
2367 /* Free writer-only descriptors */
2368 while ((d = LIST_FIRST(&bp->bif_wlist)) != NULL) {
2369 bpf_detachd_locked(d);
2376 * Delay freing bp till interface is detached
2377 * and all routes through this interface are removed.
2378 * Mark bp as detached to restrict new consumers.
2381 bp->flags |= BPFIF_FLAG_DYING;
2384 } while (bp != NULL);
2389 printf("bpfdetach: %s was not attached\n", ifp->if_xname);
2394 * Interface departure handler.
2395 * Note departure event does not guarantee interface is going down.
2398 bpf_ifdetach(void *arg __unused, struct ifnet *ifp)
2403 if ((bp = ifp->if_bpf) == NULL) {
2408 /* Check if bpfdetach() was called previously */
2409 if ((bp->flags & BPFIF_FLAG_DYING) == 0) {
2414 CTR3(KTR_NET, "%s: freing BPF instance %p for interface %p",
2420 rw_destroy(&bp->bif_lock);
2425 * Get a list of available data link type of the interface.
2428 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
2436 ifp = d->bd_bif->bif_ifp;
2439 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2440 if (bp->bif_ifp != ifp)
2442 if (bfl->bfl_list != NULL) {
2443 if (n >= bfl->bfl_len)
2445 error = copyout(&bp->bif_dlt,
2446 bfl->bfl_list + n, sizeof(u_int));
2455 * Set the data link type of a BPF instance.
2458 bpf_setdlt(struct bpf_d *d, u_int dlt)
2460 int error, opromisc;
2466 if (d->bd_bif->bif_dlt == dlt)
2468 ifp = d->bd_bif->bif_ifp;
2470 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2471 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
2476 opromisc = d->bd_promisc;
2482 error = ifpromisc(bp->bif_ifp, 1);
2484 if_printf(bp->bif_ifp,
2485 "bpf_setdlt: ifpromisc failed (%d)\n",
2491 return (bp == NULL ? EINVAL : 0);
2495 bpf_drvinit(void *unused)
2499 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
2500 LIST_INIT(&bpf_iflist);
2502 dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf");
2503 /* For compatibility */
2504 make_dev_alias(dev, "bpf0");
2506 /* Register interface departure handler */
2507 bpf_ifdetach_cookie = EVENTHANDLER_REGISTER(
2508 ifnet_departure_event, bpf_ifdetach, NULL,
2509 EVENTHANDLER_PRI_ANY);
2513 * Zero out the various packet counters associated with all of the bpf
2514 * descriptors. At some point, we will probably want to get a bit more
2515 * granular and allow the user to specify descriptors to be zeroed.
2518 bpf_zero_counters(void)
2524 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2526 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2542 * Fill filter statistics
2545 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
2548 bzero(d, sizeof(*d));
2549 BPFD_LOCK_ASSERT(bd);
2550 d->bd_structsize = sizeof(*d);
2551 /* XXX: reading should be protected by global lock */
2552 d->bd_immediate = bd->bd_immediate;
2553 d->bd_promisc = bd->bd_promisc;
2554 d->bd_hdrcmplt = bd->bd_hdrcmplt;
2555 d->bd_direction = bd->bd_direction;
2556 d->bd_feedback = bd->bd_feedback;
2557 d->bd_async = bd->bd_async;
2558 d->bd_rcount = bd->bd_rcount;
2559 d->bd_dcount = bd->bd_dcount;
2560 d->bd_fcount = bd->bd_fcount;
2561 d->bd_sig = bd->bd_sig;
2562 d->bd_slen = bd->bd_slen;
2563 d->bd_hlen = bd->bd_hlen;
2564 d->bd_bufsize = bd->bd_bufsize;
2565 d->bd_pid = bd->bd_pid;
2566 strlcpy(d->bd_ifname,
2567 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
2568 d->bd_locked = bd->bd_locked;
2569 d->bd_wcount = bd->bd_wcount;
2570 d->bd_wdcount = bd->bd_wdcount;
2571 d->bd_wfcount = bd->bd_wfcount;
2572 d->bd_zcopy = bd->bd_zcopy;
2573 d->bd_bufmode = bd->bd_bufmode;
2577 * Handle `netstat -B' stats request
2580 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
2582 struct xbpf_d *xbdbuf, *xbd, zerostats;
2588 * XXX This is not technically correct. It is possible for non
2589 * privileged users to open bpf devices. It would make sense
2590 * if the users who opened the devices were able to retrieve
2591 * the statistics for them, too.
2593 error = priv_check(req->td, PRIV_NET_BPF);
2597 * Check to see if the user is requesting that the counters be
2598 * zeroed out. Explicitly check that the supplied data is zeroed,
2599 * as we aren't allowing the user to set the counters currently.
2601 if (req->newptr != NULL) {
2602 if (req->newlen != sizeof(zerostats))
2604 bzero(&zerostats, sizeof(zerostats));
2606 if (bcmp(xbd, &zerostats, sizeof(*xbd)) != 0)
2608 bpf_zero_counters();
2611 if (req->oldptr == NULL)
2612 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
2613 if (bpf_bpfd_cnt == 0)
2614 return (SYSCTL_OUT(req, 0, 0));
2615 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
2617 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
2619 free(xbdbuf, M_BPF);
2623 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2625 /* Send writers-only first */
2626 LIST_FOREACH(bd, &bp->bif_wlist, bd_next) {
2627 xbd = &xbdbuf[index++];
2629 bpfstats_fill_xbpf(xbd, bd);
2632 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2633 xbd = &xbdbuf[index++];
2635 bpfstats_fill_xbpf(xbd, bd);
2641 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
2642 free(xbdbuf, M_BPF);
2646 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL);
2648 #else /* !DEV_BPF && !NETGRAPH_BPF */
2650 * NOP stubs to allow bpf-using drivers to load and function.
2652 * A 'better' implementation would allow the core bpf functionality
2653 * to be loaded at runtime.
2655 static struct bpf_if bp_null;
2658 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
2663 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2668 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
2673 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2676 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2680 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
2683 *driverp = &bp_null;
2687 bpfdetach(struct ifnet *ifp)
2692 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
2694 return -1; /* "no filter" behaviour */
2698 bpf_validate(const struct bpf_insn *f, int len)
2700 return 0; /* false */
2703 #endif /* !DEV_BPF && !NETGRAPH_BPF */
projects / FreeBSD / stable / 8.git / blob