2 * Copyright (c) 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)bpf.c 8.4 (Berkeley) 1/9/95
41 #include "opt_netgraph.h"
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/systm.h>
47 #include <sys/fcntl.h>
49 #include <sys/malloc.h>
53 #include <sys/signalvar.h>
54 #include <sys/filio.h>
55 #include <sys/sockio.h>
56 #include <sys/ttycom.h>
59 #include <sys/event.h>
64 #include <sys/socket.h>
68 #include <net/bpfdesc.h>
70 #include <netinet/in.h>
71 #include <netinet/if_ether.h>
72 #include <sys/kernel.h>
73 #include <sys/sysctl.h>
75 static MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
77 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
79 #define PRINET 26 /* interruptible */
82 * The default read buffer size is patchable.
84 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
85 static int bpf_bufsize = 4096;
86 SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW,
88 static int bpf_maxbufsize = BPF_MAXBUFSIZE;
89 SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW,
90 &bpf_maxbufsize, 0, "");
93 * bpf_iflist is a list of BPF interface structures, each corresponding to a
94 * specific DLT. The same network interface might have several BPF interface
95 * structures registered by different layers in the stack (i.e., 802.11
96 * frames, ethernet frames, etc).
98 static LIST_HEAD(, bpf_if) bpf_iflist;
99 static struct mtx bpf_mtx; /* bpf global lock */
101 static int bpf_allocbufs(struct bpf_d *);
102 static void bpf_attachd(struct bpf_d *d, struct bpf_if *bp);
103 static void bpf_detachd(struct bpf_d *d);
104 static void bpf_freed(struct bpf_d *);
105 static void bpf_mcopy(const void *, void *, size_t);
106 static int bpf_movein(struct uio *, int,
107 struct mbuf **, struct sockaddr *, int *);
108 static int bpf_setif(struct bpf_d *, struct ifreq *);
109 static void bpf_timed_out(void *);
111 bpf_wakeup(struct bpf_d *);
112 static void catchpacket(struct bpf_d *, u_char *, u_int,
113 u_int, void (*)(const void *, void *, size_t));
114 static void reset_d(struct bpf_d *);
115 static int bpf_setf(struct bpf_d *, struct bpf_program *);
116 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
117 static int bpf_setdlt(struct bpf_d *, u_int);
118 static void filt_bpfdetach(struct knote *);
119 static int filt_bpfread(struct knote *, long);
120 static void bpf_drvinit(void *);
121 static void bpf_clone(void *, char *, int, struct cdev **);
123 static d_open_t bpfopen;
124 static d_close_t bpfclose;
125 static d_read_t bpfread;
126 static d_write_t bpfwrite;
127 static d_ioctl_t bpfioctl;
128 static d_poll_t bpfpoll;
129 static d_kqfilter_t bpfkqfilter;
131 static struct cdevsw bpf_cdevsw = {
132 .d_version = D_VERSION,
133 .d_flags = D_NEEDGIANT,
141 .d_kqfilter = bpfkqfilter,
144 static struct filterops bpfread_filtops =
145 { 1, NULL, filt_bpfdetach, filt_bpfread };
148 bpf_movein(uio, linktype, mp, sockp, datlen)
150 int linktype, *datlen;
152 struct sockaddr *sockp;
160 * Build a sockaddr based on the data link layer type.
161 * We do this at this level because the ethernet header
162 * is copied directly into the data field of the sockaddr.
163 * In the case of SLIP, there is no header and the packet
164 * is forwarded as is.
165 * Also, we are careful to leave room at the front of the mbuf
166 * for the link level header.
171 sockp->sa_family = AF_INET;
176 sockp->sa_family = AF_UNSPEC;
177 /* XXX Would MAXLINKHDR be better? */
178 hlen = ETHER_HDR_LEN;
182 sockp->sa_family = AF_IMPLINK;
188 sockp->sa_family = AF_UNSPEC;
192 case DLT_ATM_RFC1483:
194 * en atm driver requires 4-byte atm pseudo header.
195 * though it isn't standard, vpi:vci needs to be
198 sockp->sa_family = AF_UNSPEC;
199 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
203 sockp->sa_family = AF_UNSPEC;
204 hlen = 4; /* This should match PPP_HDRLEN */
211 len = uio->uio_resid;
212 *datlen = len - hlen;
213 if ((unsigned)len > MCLBYTES)
217 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
219 MGETHDR(m, M_TRYWAIT, MT_DATA);
223 m->m_pkthdr.len = m->m_len = len;
224 m->m_pkthdr.rcvif = NULL;
228 * Make room for link header.
231 m->m_pkthdr.len -= hlen;
234 m->m_data += hlen; /* XXX */
238 error = uiomove(sockp->sa_data, hlen, uio);
242 error = uiomove(mtod(m, void *), len - hlen, uio);
251 * Attach file to the bpf interface, i.e. make d listen on bp.
259 * Point d at bp, and add d to the interface's list of listeners.
260 * Finally, point the driver's bpf cookie at the interface so
261 * it will divert packets to bpf.
265 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
267 *bp->bif_driverp = bp;
272 * Detach a file from its interface.
285 ifp = d->bd_bif->bif_ifp;
288 * Remove d from the interface's descriptor list.
290 LIST_REMOVE(d, bd_next);
293 * Let the driver know that there are no more listeners.
295 if (LIST_EMPTY(&bp->bif_dlist))
296 *bp->bif_driverp = NULL;
303 * Check if this descriptor had requested promiscuous mode.
304 * If so, turn it off.
308 error = ifpromisc(ifp, 0);
309 if (error != 0 && error != ENXIO) {
311 * ENXIO can happen if a pccard is unplugged
312 * Something is really wrong if we were able to put
313 * the driver into promiscuous mode, but can't
316 if_printf(bp->bif_ifp,
317 "bpf_detach: ifpromisc failed (%d)\n", error);
323 * Open ethernet device. Returns ENXIO for illegal minor device number,
324 * EBUSY if file is open by another process.
328 bpfopen(dev, flags, fmt, td)
339 * Each minor can be opened by only one process. If the requested
340 * minor is in use, return EBUSY.
343 mtx_unlock(&bpf_mtx);
346 dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */
347 mtx_unlock(&bpf_mtx);
349 if ((dev->si_flags & SI_NAMED) == 0)
350 make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600,
351 "bpf%d", dev2unit(dev));
352 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
354 d->bd_bufsize = bpf_bufsize;
359 mac_create_bpfdesc(td->td_ucred, d);
361 mtx_init(&d->bd_mtx, devtoname(dev), "bpf cdev lock", MTX_DEF);
362 callout_init(&d->bd_callout, NET_CALLOUT_MPSAFE);
363 knlist_init(&d->bd_sel.si_note, &d->bd_mtx);
369 * Close the descriptor by detaching it from its interface,
370 * deallocating its buffers, and marking it free.
374 bpfclose(dev, flags, fmt, td)
380 struct bpf_d *d = dev->si_drv1;
383 if (d->bd_state == BPF_WAITING)
384 callout_stop(&d->bd_callout);
385 d->bd_state = BPF_IDLE;
387 funsetown(&d->bd_sigio);
391 mtx_unlock(&bpf_mtx);
392 selwakeuppri(&d->bd_sel, PRINET);
394 mac_destroy_bpfdesc(d);
396 knlist_destroy(&d->bd_sel.si_note);
406 * Rotate the packet buffers in descriptor d. Move the store buffer
407 * into the hold slot, and the free buffer into the store slot.
408 * Zero the length of the new store buffer.
410 #define ROTATE_BUFFERS(d) \
411 (d)->bd_hbuf = (d)->bd_sbuf; \
412 (d)->bd_hlen = (d)->bd_slen; \
413 (d)->bd_sbuf = (d)->bd_fbuf; \
417 * bpfread - read next chunk of packets from buffers
420 bpfread(dev, uio, ioflag)
425 struct bpf_d *d = dev->si_drv1;
430 * Restrict application to use a buffer the same size as
433 if (uio->uio_resid != d->bd_bufsize)
437 if (d->bd_state == BPF_WAITING)
438 callout_stop(&d->bd_callout);
439 timed_out = (d->bd_state == BPF_TIMED_OUT);
440 d->bd_state = BPF_IDLE;
442 * If the hold buffer is empty, then do a timed sleep, which
443 * ends when the timeout expires or when enough packets
444 * have arrived to fill the store buffer.
446 while (d->bd_hbuf == NULL) {
447 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
449 * A packet(s) either arrived since the previous
450 * read or arrived while we were asleep.
451 * Rotate the buffers and return what's here.
458 * No data is available, check to see if the bpf device
459 * is still pointed at a real interface. If not, return
460 * ENXIO so that the userland process knows to rebind
461 * it before using it again.
463 if (d->bd_bif == NULL) {
468 if (ioflag & O_NONBLOCK) {
470 return (EWOULDBLOCK);
472 error = msleep(d, &d->bd_mtx, PRINET|PCATCH,
474 if (error == EINTR || error == ERESTART) {
478 if (error == EWOULDBLOCK) {
480 * On a timeout, return what's in the buffer,
481 * which may be nothing. If there is something
482 * in the store buffer, we can rotate the buffers.
486 * We filled up the buffer in between
487 * getting the timeout and arriving
488 * here, so we don't need to rotate.
492 if (d->bd_slen == 0) {
501 * At this point, we know we have something in the hold slot.
506 * Move data from hold buffer into user space.
507 * We know the entire buffer is transferred since
508 * we checked above that the read buffer is bpf_bufsize bytes.
510 error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
513 d->bd_fbuf = d->bd_hbuf;
523 * If there are processes sleeping on this descriptor, wake them up.
531 if (d->bd_state == BPF_WAITING) {
532 callout_stop(&d->bd_callout);
533 d->bd_state = BPF_IDLE;
536 if (d->bd_async && d->bd_sig && d->bd_sigio)
537 pgsigio(&d->bd_sigio, d->bd_sig, 0);
539 selwakeuppri(&d->bd_sel, PRINET);
540 KNOTE_LOCKED(&d->bd_sel.si_note, 0);
547 struct bpf_d *d = (struct bpf_d *)arg;
550 if (d->bd_state == BPF_WAITING) {
551 d->bd_state = BPF_TIMED_OUT;
559 bpfwrite(dev, uio, ioflag)
564 struct bpf_d *d = dev->si_drv1;
571 if (d->bd_bif == NULL)
574 ifp = d->bd_bif->bif_ifp;
576 if ((ifp->if_flags & IFF_UP) == 0)
579 if (uio->uio_resid == 0)
582 bzero(&dst, sizeof(dst));
583 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
587 if (datlen > ifp->if_mtu) {
593 dst.sa_family = pseudo_AF_HDRCMPLT;
597 mac_create_mbuf_from_bpfdesc(d, m);
601 error = (*ifp->if_output)(ifp, m, &dst, NULL);
604 * The driver frees the mbuf.
610 * Reset a descriptor by flushing its packet buffer and clearing the
611 * receive and drop counts.
618 mtx_assert(&d->bd_mtx, MA_OWNED);
620 /* Free the hold buffer. */
621 d->bd_fbuf = d->bd_hbuf;
631 * FIONREAD Check for read packet available.
632 * SIOCGIFADDR Get interface address - convenient hook to driver.
633 * BIOCGBLEN Get buffer len [for read()].
634 * BIOCSETF Set ethernet read filter.
635 * BIOCFLUSH Flush read packet buffer.
636 * BIOCPROMISC Put interface into promiscuous mode.
637 * BIOCGDLT Get link layer type.
638 * BIOCGETIF Get interface name.
639 * BIOCSETIF Set interface.
640 * BIOCSRTIMEOUT Set read timeout.
641 * BIOCGRTIMEOUT Get read timeout.
642 * BIOCGSTATS Get packet stats.
643 * BIOCIMMEDIATE Set immediate mode.
644 * BIOCVERSION Get filter language version.
645 * BIOCGHDRCMPLT Get "header already complete" flag
646 * BIOCSHDRCMPLT Set "header already complete" flag
647 * BIOCGSEESENT Get "see packets sent" flag
648 * BIOCSSEESENT Set "see packets sent" flag
652 bpfioctl(dev, cmd, addr, flags, td)
659 struct bpf_d *d = dev->si_drv1;
663 if (d->bd_state == BPF_WAITING)
664 callout_stop(&d->bd_callout);
665 d->bd_state = BPF_IDLE;
675 * Check for read packet available.
695 if (d->bd_bif == NULL)
698 ifp = d->bd_bif->bif_ifp;
699 error = (*ifp->if_ioctl)(ifp, cmd, addr);
705 * Get buffer len [for read()].
708 *(u_int *)addr = d->bd_bufsize;
715 if (d->bd_bif != NULL)
718 u_int size = *(u_int *)addr;
720 if (size > bpf_maxbufsize)
721 *(u_int *)addr = size = bpf_maxbufsize;
722 else if (size < BPF_MINBUFSIZE)
723 *(u_int *)addr = size = BPF_MINBUFSIZE;
724 d->bd_bufsize = size;
729 * Set link layer read filter.
732 error = bpf_setf(d, (struct bpf_program *)addr);
736 * Flush read packet buffer.
745 * Put interface into promiscuous mode.
748 if (d->bd_bif == NULL) {
750 * No interface attached yet.
755 if (d->bd_promisc == 0) {
757 error = ifpromisc(d->bd_bif->bif_ifp, 1);
765 * Get current data link type.
768 if (d->bd_bif == NULL)
771 *(u_int *)addr = d->bd_bif->bif_dlt;
775 * Get a list of supported data link types.
778 if (d->bd_bif == NULL)
781 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
785 * Set data link type.
788 if (d->bd_bif == NULL)
791 error = bpf_setdlt(d, *(u_int *)addr);
795 * Get interface name.
798 if (d->bd_bif == NULL)
801 struct ifnet *const ifp = d->bd_bif->bif_ifp;
802 struct ifreq *const ifr = (struct ifreq *)addr;
804 strlcpy(ifr->ifr_name, ifp->if_xname,
805 sizeof(ifr->ifr_name));
813 error = bpf_setif(d, (struct ifreq *)addr);
821 struct timeval *tv = (struct timeval *)addr;
824 * Subtract 1 tick from tvtohz() since this isn't
827 if ((error = itimerfix(tv)) == 0)
828 d->bd_rtout = tvtohz(tv) - 1;
837 struct timeval *tv = (struct timeval *)addr;
839 tv->tv_sec = d->bd_rtout / hz;
840 tv->tv_usec = (d->bd_rtout % hz) * tick;
849 struct bpf_stat *bs = (struct bpf_stat *)addr;
851 bs->bs_recv = d->bd_rcount;
852 bs->bs_drop = d->bd_dcount;
857 * Set immediate mode.
860 d->bd_immediate = *(u_int *)addr;
865 struct bpf_version *bv = (struct bpf_version *)addr;
867 bv->bv_major = BPF_MAJOR_VERSION;
868 bv->bv_minor = BPF_MINOR_VERSION;
873 * Get "header already complete" flag
876 *(u_int *)addr = d->bd_hdrcmplt;
880 * Set "header already complete" flag
883 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
887 * Get "see sent packets" flag
890 *(u_int *)addr = d->bd_seesent;
894 * Set "see sent packets" flag
897 d->bd_seesent = *(u_int *)addr;
900 case FIONBIO: /* Non-blocking I/O */
903 case FIOASYNC: /* Send signal on receive packets */
904 d->bd_async = *(int *)addr;
908 error = fsetown(*(int *)addr, &d->bd_sigio);
912 *(int *)addr = fgetown(&d->bd_sigio);
915 /* This is deprecated, FIOSETOWN should be used instead. */
917 error = fsetown(-(*(int *)addr), &d->bd_sigio);
920 /* This is deprecated, FIOGETOWN should be used instead. */
922 *(int *)addr = -fgetown(&d->bd_sigio);
925 case BIOCSRSIG: /* Set receive signal */
929 sig = *(u_int *)addr;
938 *(u_int *)addr = d->bd_sig;
945 * Set d's packet filter program to fp. If this file already has a filter,
946 * free it and replace it. Returns EINVAL for bogus requests.
951 struct bpf_program *fp;
953 struct bpf_insn *fcode, *old;
956 if (fp->bf_insns == NULL) {
965 free((caddr_t)old, M_BPF);
969 if (flen > BPF_MAXINSNS)
972 size = flen * sizeof(*fp->bf_insns);
973 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
974 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
975 bpf_validate(fcode, (int)flen)) {
978 d->bd_filter = fcode;
982 free((caddr_t)old, M_BPF);
986 free((caddr_t)fcode, M_BPF);
991 * Detach a file from its current interface (if attached at all) and attach
992 * to the interface indicated by the name stored in ifr.
993 * Return an errno or 0.
1002 struct ifnet *theywant;
1004 theywant = ifunit(ifr->ifr_name);
1005 if (theywant == NULL)
1009 * Look through attached interfaces for the named one.
1012 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1013 struct ifnet *ifp = bp->bif_ifp;
1015 if (ifp == NULL || ifp != theywant)
1017 /* skip additional entry */
1018 if (bp->bif_driverp != (struct bpf_if **)&ifp->if_bpf)
1021 mtx_unlock(&bpf_mtx);
1023 * We found the requested interface.
1024 * Allocate the packet buffers if we need to.
1025 * If we're already attached to requested interface,
1026 * just flush the buffer.
1028 if (d->bd_sbuf == NULL) {
1029 error = bpf_allocbufs(d);
1033 if (bp != d->bd_bif) {
1036 * Detach if attached to something else.
1047 mtx_unlock(&bpf_mtx);
1053 * Support for select() and poll() system calls
1055 * Return true iff the specific operation will not block indefinitely.
1056 * Otherwise, return false but make a note that a selwakeup() must be done.
1059 bpfpoll(dev, events, td)
1068 if (d->bd_bif == NULL)
1071 revents = events & (POLLOUT | POLLWRNORM);
1073 if (events & (POLLIN | POLLRDNORM)) {
1075 revents |= events & (POLLIN | POLLRDNORM);
1077 selrecord(td, &d->bd_sel);
1078 /* Start the read timeout if necessary. */
1079 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1080 callout_reset(&d->bd_callout, d->bd_rtout,
1082 d->bd_state = BPF_WAITING;
1091 * Support for kevent() system call. Register EVFILT_READ filters and
1092 * reject all others.
1095 bpfkqfilter(dev, kn)
1099 struct bpf_d *d = (struct bpf_d *)dev->si_drv1;
1101 if (kn->kn_filter != EVFILT_READ)
1104 kn->kn_fop = &bpfread_filtops;
1106 knlist_add(&d->bd_sel.si_note, kn, 0);
1115 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1117 knlist_remove(&d->bd_sel.si_note, kn, 0);
1121 filt_bpfread(kn, hint)
1125 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1128 BPFD_LOCK_ASSERT(d);
1129 ready = bpf_ready(d);
1131 kn->kn_data = d->bd_slen;
1133 kn->kn_data += d->bd_hlen;
1135 else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1136 callout_reset(&d->bd_callout, d->bd_rtout,
1138 d->bd_state = BPF_WAITING;
1145 * Incoming linkage from device drivers. Process the packet pkt, of length
1146 * pktlen, which is stored in a contiguous buffer. The packet is parsed
1147 * by each process' filter, and if accepted, stashed into the corresponding
1151 bpf_tap(bp, pkt, pktlen)
1160 * Lockless read to avoid cost of locking the interface if there are
1161 * no descriptors attached.
1163 if (LIST_EMPTY(&bp->bif_dlist))
1167 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1170 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
1173 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1175 catchpacket(d, pkt, pktlen, slen, bcopy);
1183 * Copy data from an mbuf chain into a buffer. This code is derived
1184 * from m_copydata in sys/uipc_mbuf.c.
1187 bpf_mcopy(src_arg, dst_arg, len)
1188 const void *src_arg;
1192 const struct mbuf *m;
1201 count = min(m->m_len, len);
1202 bcopy(mtod(m, void *), dst, count);
1210 * Incoming linkage from device drivers, when packet is in an mbuf chain.
1221 * Lockless read to avoid cost of locking the interface if there are
1222 * no descriptors attached.
1224 if (LIST_EMPTY(&bp->bif_dlist))
1227 pktlen = m_length(m, NULL);
1228 if (pktlen == m->m_len) {
1229 bpf_tap(bp, mtod(m, u_char *), pktlen);
1234 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1235 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1239 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1242 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1244 catchpacket(d, (u_char *)m, pktlen, slen,
1252 * Incoming linkage from device drivers, when packet is in
1253 * an mbuf chain and to be prepended by a contiguous header.
1256 bpf_mtap2(bp, data, dlen, m)
1267 * Lockless read to avoid cost of locking the interface if there are
1268 * no descriptors attached.
1270 if (LIST_EMPTY(&bp->bif_dlist))
1273 pktlen = m_length(m, NULL);
1275 * Craft on-stack mbuf suitable for passing to bpf_filter.
1276 * Note that we cut corners here; we only setup what's
1277 * absolutely needed--this mbuf should never go anywhere else.
1285 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
1286 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1290 slen = bpf_filter(d->bd_filter, (u_char *)&mb, pktlen, 0);
1293 if (mac_check_bpfdesc_receive(d, bp->bif_ifp) == 0)
1295 catchpacket(d, (u_char *)&mb, pktlen, slen,
1303 * Move the packet data from interface memory (pkt) into the
1304 * store buffer. "cpfn" is the routine called to do the actual data
1305 * transfer. bcopy is passed in to copy contiguous chunks, while
1306 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1307 * pkt is really an mbuf.
1310 catchpacket(d, pkt, pktlen, snaplen, cpfn)
1313 u_int pktlen, snaplen;
1314 void (*cpfn)(const void *, void *, size_t);
1318 int hdrlen = d->bd_bif->bif_hdrlen;
1321 BPFD_LOCK_ASSERT(d);
1323 * Figure out how many bytes to move. If the packet is
1324 * greater or equal to the snapshot length, transfer that
1325 * much. Otherwise, transfer the whole packet (unless
1326 * we hit the buffer size limit).
1328 totlen = hdrlen + min(snaplen, pktlen);
1329 if (totlen > d->bd_bufsize)
1330 totlen = d->bd_bufsize;
1333 * Round up the end of the previous packet to the next longword.
1335 curlen = BPF_WORDALIGN(d->bd_slen);
1336 if (curlen + totlen > d->bd_bufsize) {
1338 * This packet will overflow the storage buffer.
1339 * Rotate the buffers if we can, then wakeup any
1342 if (d->bd_fbuf == NULL) {
1344 * We haven't completed the previous read yet,
1345 * so drop the packet.
1354 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
1356 * Immediate mode is set, or the read timeout has
1357 * already expired during a select call. A packet
1358 * arrived, so the reader should be woken up.
1363 * Append the bpf header.
1365 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1366 microtime(&hp->bh_tstamp);
1367 hp->bh_datalen = pktlen;
1368 hp->bh_hdrlen = hdrlen;
1370 * Copy the packet data into the store buffer and update its length.
1372 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1373 d->bd_slen = curlen + totlen;
1380 * Initialize all nonzero fields of a descriptor.
1386 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1387 if (d->bd_fbuf == NULL)
1390 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1391 if (d->bd_sbuf == NULL) {
1392 free(d->bd_fbuf, M_BPF);
1401 * Free buffers currently in use by a descriptor.
1409 * We don't need to lock out interrupts since this descriptor has
1410 * been detached from its interface and it yet hasn't been marked
1413 if (d->bd_sbuf != NULL) {
1414 free(d->bd_sbuf, M_BPF);
1415 if (d->bd_hbuf != NULL)
1416 free(d->bd_hbuf, M_BPF);
1417 if (d->bd_fbuf != NULL)
1418 free(d->bd_fbuf, M_BPF);
1421 free((caddr_t)d->bd_filter, M_BPF);
1422 mtx_destroy(&d->bd_mtx);
1426 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the
1427 * fixed size of the link header (variable length headers not yet supported).
1430 bpfattach(ifp, dlt, hdrlen)
1435 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
1439 * Attach an interface to bpf. ifp is a pointer to the structure
1440 * defining the interface to be attached, dlt is the link layer type,
1441 * and hdrlen is the fixed size of the link header (variable length
1442 * headers are not yet supporrted).
1445 bpfattach2(ifp, dlt, hdrlen, driverp)
1448 struct bpf_if **driverp;
1451 bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
1455 LIST_INIT(&bp->bif_dlist);
1456 bp->bif_driverp = driverp;
1459 mtx_init(&bp->bif_mtx, "bpf interface lock", NULL, MTX_DEF);
1462 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
1463 mtx_unlock(&bpf_mtx);
1465 *bp->bif_driverp = NULL;
1468 * Compute the length of the bpf header. This is not necessarily
1469 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1470 * that the network layer header begins on a longword boundary (for
1471 * performance reasons and to alleviate alignment restrictions).
1473 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1476 if_printf(ifp, "bpf attached\n");
1480 * Detach bpf from an interface. This involves detaching each descriptor
1481 * associated with the interface, and leaving bd_bif NULL. Notify each
1482 * descriptor as it's detached so that any sleepers wake up and get
1492 /* Locate BPF interface information */
1494 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1495 if (ifp == bp->bif_ifp)
1499 /* Interface wasn't attached */
1500 if ((bp == NULL) || (bp->bif_ifp == NULL)) {
1501 mtx_unlock(&bpf_mtx);
1502 printf("bpfdetach: %s was not attached\n", ifp->if_xname);
1506 LIST_REMOVE(bp, bif_next);
1507 mtx_unlock(&bpf_mtx);
1509 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
1516 mtx_destroy(&bp->bif_mtx);
1521 * Get a list of available data link type of the interface.
1524 bpf_getdltlist(d, bfl)
1526 struct bpf_dltlist *bfl;
1532 ifp = d->bd_bif->bif_ifp;
1536 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1537 if (bp->bif_ifp != ifp)
1539 if (bfl->bfl_list != NULL) {
1540 if (n >= bfl->bfl_len) {
1541 mtx_unlock(&bpf_mtx);
1544 error = copyout(&bp->bif_dlt,
1545 bfl->bfl_list + n, sizeof(u_int));
1549 mtx_unlock(&bpf_mtx);
1555 * Set the data link type of a BPF instance.
1562 int error, opromisc;
1566 if (d->bd_bif->bif_dlt == dlt)
1568 ifp = d->bd_bif->bif_ifp;
1570 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
1571 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1574 mtx_unlock(&bpf_mtx);
1576 opromisc = d->bd_promisc;
1583 error = ifpromisc(bp->bif_ifp, 1);
1585 if_printf(bp->bif_ifp,
1586 "bpf_setdlt: ifpromisc failed (%d)\n",
1592 return (bp == NULL ? EINVAL : 0);
1596 bpf_clone(arg, name, namelen, dev)
1606 if (dev_stdclone(name, NULL, "bpf", &u) != 1)
1608 *dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600,
1611 (*dev)->si_flags |= SI_CHEAPCLONE;
1620 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
1621 LIST_INIT(&bpf_iflist);
1622 EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000);
1625 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL)
1627 #else /* !DEV_BPF && !NETGRAPH_BPF */
1629 * NOP stubs to allow bpf-using drivers to load and function.
1631 * A 'better' implementation would allow the core bpf functionality
1632 * to be loaded at runtime.
1636 bpf_tap(bp, pkt, pktlen)
1651 bpf_mtap2(bp, d, l, m)
1660 bpfattach(ifp, dlt, hdrlen)
1667 bpfattach2(ifp, dlt, hdrlen, driverp)
1670 struct bpf_if **driverp;
1681 bpf_filter(pc, p, wirelen, buflen)
1682 const struct bpf_insn *pc;
1687 return -1; /* "no filter" behaviour */
1691 bpf_validate(f, len)
1692 const struct bpf_insn *f;
1695 return 0; /* false */
1698 #endif /* !DEV_BPF && !NETGRAPH_BPF */