2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1990, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from the Stanford/CMU enet packet filter,
8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Berkeley Laboratory.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)bpf.c 8.4 (Berkeley) 1/9/95
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
43 #include "opt_compat.h"
45 #include "opt_netgraph.h"
47 #include <sys/types.h>
48 #include <sys/param.h>
50 #include <sys/rwlock.h>
51 #include <sys/systm.h>
53 #include <sys/fcntl.h>
55 #include <sys/malloc.h>
60 #include <sys/signalvar.h>
61 #include <sys/filio.h>
62 #include <sys/sockio.h>
63 #include <sys/ttycom.h>
66 #include <sys/event.h>
71 #include <sys/socket.h>
78 #include <net/if_var.h>
79 #include <net/if_dl.h>
81 #include <net/bpf_buffer.h>
83 #include <net/bpf_jitter.h>
85 #include <net/bpf_zerocopy.h>
86 #include <net/bpfdesc.h>
87 #include <net/route.h>
90 #include <netinet/in.h>
91 #include <netinet/if_ether.h>
92 #include <sys/kernel.h>
93 #include <sys/sysctl.h>
95 #include <net80211/ieee80211_freebsd.h>
97 #include <security/mac/mac_framework.h>
99 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
102 #define bif_next bif_ext.bif_next
103 #define bif_dlist bif_ext.bif_dlist
104 struct bpf_if_ext bif_ext; /* public members */
105 u_int bif_dlt; /* link layer type */
106 u_int bif_hdrlen; /* length of link header */
107 struct ifnet *bif_ifp; /* corresponding interface */
108 struct rwlock bif_lock; /* interface lock */
109 LIST_HEAD(, bpf_d) bif_wlist; /* writer-only list */
110 int bif_flags; /* Interface flags */
111 struct bpf_if **bif_bpf; /* Pointer to pointer to us */
114 CTASSERT(offsetof(struct bpf_if, bif_ext) == 0);
116 #if defined(DEV_BPF) || defined(NETGRAPH_BPF)
118 #define PRINET 26 /* interruptible */
120 #define SIZEOF_BPF_HDR(type) \
121 (offsetof(type, bh_hdrlen) + sizeof(((type *)0)->bh_hdrlen))
123 #ifdef COMPAT_FREEBSD32
124 #include <sys/mount.h>
125 #include <compat/freebsd32/freebsd32.h>
126 #define BPF_ALIGNMENT32 sizeof(int32_t)
127 #define BPF_WORDALIGN32(x) roundup2(x, BPF_ALIGNMENT32)
131 * 32-bit version of structure prepended to each packet. We use this header
132 * instead of the standard one for 32-bit streams. We mark the a stream as
133 * 32-bit the first time we see a 32-bit compat ioctl request.
136 struct timeval32 bh_tstamp; /* time stamp */
137 uint32_t bh_caplen; /* length of captured portion */
138 uint32_t bh_datalen; /* original length of packet */
139 uint16_t bh_hdrlen; /* length of bpf header (this struct
140 plus alignment padding) */
144 struct bpf_program32 {
149 struct bpf_dltlist32 {
154 #define BIOCSETF32 _IOW('B', 103, struct bpf_program32)
155 #define BIOCSRTIMEOUT32 _IOW('B', 109, struct timeval32)
156 #define BIOCGRTIMEOUT32 _IOR('B', 110, struct timeval32)
157 #define BIOCGDLTLIST32 _IOWR('B', 121, struct bpf_dltlist32)
158 #define BIOCSETWF32 _IOW('B', 123, struct bpf_program32)
159 #define BIOCSETFNR32 _IOW('B', 130, struct bpf_program32)
163 * bpf_iflist is a list of BPF interface structures, each corresponding to a
164 * specific DLT. The same network interface might have several BPF interface
165 * structures registered by different layers in the stack (i.e., 802.11
166 * frames, ethernet frames, etc).
168 static LIST_HEAD(, bpf_if) bpf_iflist, bpf_freelist;
169 static struct mtx bpf_mtx; /* bpf global lock */
170 static int bpf_bpfd_cnt;
172 static void bpf_attachd(struct bpf_d *, struct bpf_if *);
173 static void bpf_detachd(struct bpf_d *);
174 static void bpf_detachd_locked(struct bpf_d *);
175 static void bpf_freed(struct bpf_d *);
176 static int bpf_movein(struct uio *, int, struct ifnet *, struct mbuf **,
177 struct sockaddr *, int *, struct bpf_d *);
178 static int bpf_setif(struct bpf_d *, struct ifreq *);
179 static void bpf_timed_out(void *);
181 bpf_wakeup(struct bpf_d *);
182 static void catchpacket(struct bpf_d *, u_char *, u_int, u_int,
183 void (*)(struct bpf_d *, caddr_t, u_int, void *, u_int),
185 static void reset_d(struct bpf_d *);
186 static int bpf_setf(struct bpf_d *, struct bpf_program *, u_long cmd);
187 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
188 static int bpf_setdlt(struct bpf_d *, u_int);
189 static void filt_bpfdetach(struct knote *);
190 static int filt_bpfread(struct knote *, long);
191 static void bpf_drvinit(void *);
192 static int bpf_stats_sysctl(SYSCTL_HANDLER_ARGS);
194 SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl");
195 int bpf_maxinsns = BPF_MAXINSNS;
196 SYSCTL_INT(_net_bpf, OID_AUTO, maxinsns, CTLFLAG_RW,
197 &bpf_maxinsns, 0, "Maximum bpf program instructions");
198 static int bpf_zerocopy_enable = 0;
199 SYSCTL_INT(_net_bpf, OID_AUTO, zerocopy_enable, CTLFLAG_RW,
200 &bpf_zerocopy_enable, 0, "Enable new zero-copy BPF buffer sessions");
201 static SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW,
202 bpf_stats_sysctl, "bpf statistics portal");
204 static VNET_DEFINE(int, bpf_optimize_writers) = 0;
205 #define V_bpf_optimize_writers VNET(bpf_optimize_writers)
206 SYSCTL_INT(_net_bpf, OID_AUTO, optimize_writers, CTLFLAG_VNET | CTLFLAG_RW,
207 &VNET_NAME(bpf_optimize_writers), 0,
208 "Do not send packets until BPF program is set");
210 static d_open_t bpfopen;
211 static d_read_t bpfread;
212 static d_write_t bpfwrite;
213 static d_ioctl_t bpfioctl;
214 static d_poll_t bpfpoll;
215 static d_kqfilter_t bpfkqfilter;
217 static struct cdevsw bpf_cdevsw = {
218 .d_version = D_VERSION,
225 .d_kqfilter = bpfkqfilter,
228 static struct filterops bpfread_filtops = {
230 .f_detach = filt_bpfdetach,
231 .f_event = filt_bpfread,
234 eventhandler_tag bpf_ifdetach_cookie = NULL;
237 * LOCKING MODEL USED BY BPF:
239 * 1) global lock (BPF_LOCK). Mutex, used to protect interface addition/removal,
240 * some global counters and every bpf_if reference.
241 * 2) Interface lock. Rwlock, used to protect list of BPF descriptors and their filters.
242 * 3) Descriptor lock. Mutex, used to protect BPF buffers and various structure fields
243 * used by bpf_mtap code.
247 * Global lock, interface lock, descriptor lock
249 * We have to acquire interface lock before descriptor main lock due to BPF_MTAP[2]
250 * working model. In many places (like bpf_detachd) we start with BPF descriptor
251 * (and we need to at least rlock it to get reliable interface pointer). This
252 * gives us potential LOR. As a result, we use global lock to protect from bpf_if
253 * change in every such place.
255 * Changing d->bd_bif is protected by 1) global lock, 2) interface lock and
256 * 3) descriptor main wlock.
257 * Reading bd_bif can be protected by any of these locks, typically global lock.
259 * Changing read/write BPF filter is protected by the same three locks,
260 * the same applies for reading.
262 * Sleeping in global lock is not allowed due to bpfdetach() using it.
266 * Wrapper functions for various buffering methods. If the set of buffer
267 * modes expands, we will probably want to introduce a switch data structure
268 * similar to protosw, et.
271 bpf_append_bytes(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
277 switch (d->bd_bufmode) {
278 case BPF_BUFMODE_BUFFER:
279 return (bpf_buffer_append_bytes(d, buf, offset, src, len));
281 case BPF_BUFMODE_ZBUF:
283 return (bpf_zerocopy_append_bytes(d, buf, offset, src, len));
286 panic("bpf_buf_append_bytes");
291 bpf_append_mbuf(struct bpf_d *d, caddr_t buf, u_int offset, void *src,
297 switch (d->bd_bufmode) {
298 case BPF_BUFMODE_BUFFER:
299 return (bpf_buffer_append_mbuf(d, buf, offset, src, len));
301 case BPF_BUFMODE_ZBUF:
303 return (bpf_zerocopy_append_mbuf(d, buf, offset, src, len));
306 panic("bpf_buf_append_mbuf");
311 * This function gets called when the free buffer is re-assigned.
314 bpf_buf_reclaimed(struct bpf_d *d)
319 switch (d->bd_bufmode) {
320 case BPF_BUFMODE_BUFFER:
323 case BPF_BUFMODE_ZBUF:
324 bpf_zerocopy_buf_reclaimed(d);
328 panic("bpf_buf_reclaimed");
333 * If the buffer mechanism has a way to decide that a held buffer can be made
334 * free, then it is exposed via the bpf_canfreebuf() interface. (1) is
335 * returned if the buffer can be discarded, (0) is returned if it cannot.
338 bpf_canfreebuf(struct bpf_d *d)
343 switch (d->bd_bufmode) {
344 case BPF_BUFMODE_ZBUF:
345 return (bpf_zerocopy_canfreebuf(d));
351 * Allow the buffer model to indicate that the current store buffer is
352 * immutable, regardless of the appearance of space. Return (1) if the
353 * buffer is writable, and (0) if not.
356 bpf_canwritebuf(struct bpf_d *d)
360 switch (d->bd_bufmode) {
361 case BPF_BUFMODE_ZBUF:
362 return (bpf_zerocopy_canwritebuf(d));
368 * Notify buffer model that an attempt to write to the store buffer has
369 * resulted in a dropped packet, in which case the buffer may be considered
373 bpf_buffull(struct bpf_d *d)
378 switch (d->bd_bufmode) {
379 case BPF_BUFMODE_ZBUF:
380 bpf_zerocopy_buffull(d);
386 * Notify the buffer model that a buffer has moved into the hold position.
389 bpf_bufheld(struct bpf_d *d)
394 switch (d->bd_bufmode) {
395 case BPF_BUFMODE_ZBUF:
396 bpf_zerocopy_bufheld(d);
402 bpf_free(struct bpf_d *d)
405 switch (d->bd_bufmode) {
406 case BPF_BUFMODE_BUFFER:
407 return (bpf_buffer_free(d));
409 case BPF_BUFMODE_ZBUF:
410 return (bpf_zerocopy_free(d));
413 panic("bpf_buf_free");
418 bpf_uiomove(struct bpf_d *d, caddr_t buf, u_int len, struct uio *uio)
421 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
423 return (bpf_buffer_uiomove(d, buf, len, uio));
427 bpf_ioctl_sblen(struct bpf_d *d, u_int *i)
430 if (d->bd_bufmode != BPF_BUFMODE_BUFFER)
432 return (bpf_buffer_ioctl_sblen(d, i));
436 bpf_ioctl_getzmax(struct thread *td, struct bpf_d *d, size_t *i)
439 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
441 return (bpf_zerocopy_ioctl_getzmax(td, d, i));
445 bpf_ioctl_rotzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
448 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
450 return (bpf_zerocopy_ioctl_rotzbuf(td, d, bz));
454 bpf_ioctl_setzbuf(struct thread *td, struct bpf_d *d, struct bpf_zbuf *bz)
457 if (d->bd_bufmode != BPF_BUFMODE_ZBUF)
459 return (bpf_zerocopy_ioctl_setzbuf(td, d, bz));
463 * General BPF functions.
466 bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
467 struct sockaddr *sockp, int *hdrlen, struct bpf_d *d)
469 const struct ieee80211_bpf_params *p;
470 struct ether_header *eh;
478 * Build a sockaddr based on the data link layer type.
479 * We do this at this level because the ethernet header
480 * is copied directly into the data field of the sockaddr.
481 * In the case of SLIP, there is no header and the packet
482 * is forwarded as is.
483 * Also, we are careful to leave room at the front of the mbuf
484 * for the link level header.
489 sockp->sa_family = AF_INET;
494 sockp->sa_family = AF_UNSPEC;
495 /* XXX Would MAXLINKHDR be better? */
496 hlen = ETHER_HDR_LEN;
500 sockp->sa_family = AF_IMPLINK;
505 sockp->sa_family = AF_UNSPEC;
511 * null interface types require a 4 byte pseudo header which
512 * corresponds to the address family of the packet.
514 sockp->sa_family = AF_UNSPEC;
518 case DLT_ATM_RFC1483:
520 * en atm driver requires 4-byte atm pseudo header.
521 * though it isn't standard, vpi:vci needs to be
524 sockp->sa_family = AF_UNSPEC;
525 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
529 sockp->sa_family = AF_UNSPEC;
530 hlen = 4; /* This should match PPP_HDRLEN */
533 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
534 sockp->sa_family = AF_IEEE80211;
538 case DLT_IEEE802_11_RADIO: /* IEEE 802.11 wireless w/ phy params */
539 sockp->sa_family = AF_IEEE80211;
540 sockp->sa_len = 12; /* XXX != 0 */
541 hlen = sizeof(struct ieee80211_bpf_params);
548 len = uio->uio_resid;
549 if (len < hlen || len - hlen > ifp->if_mtu)
552 m = m_get2(len, M_WAITOK, MT_DATA, M_PKTHDR);
555 m->m_pkthdr.len = m->m_len = len;
558 error = uiomove(mtod(m, u_char *), len, uio);
562 slen = bpf_filter(d->bd_wfilter, mtod(m, u_char *), len, len);
568 /* Check for multicast destination */
571 eh = mtod(m, struct ether_header *);
572 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
573 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
574 ETHER_ADDR_LEN) == 0)
575 m->m_flags |= M_BCAST;
577 m->m_flags |= M_MCAST;
579 if (d->bd_hdrcmplt == 0) {
580 memcpy(eh->ether_shost, IF_LLADDR(ifp),
581 sizeof(eh->ether_shost));
587 * Make room for link header, and copy it to sockaddr
590 if (sockp->sa_family == AF_IEEE80211) {
592 * Collect true length from the parameter header
593 * NB: sockp is known to be zero'd so if we do a
594 * short copy unspecified parameters will be
596 * NB: packet may not be aligned after stripping
600 p = mtod(m, const struct ieee80211_bpf_params *);
602 if (hlen > sizeof(sockp->sa_data)) {
607 bcopy(mtod(m, const void *), sockp->sa_data, hlen);
618 * Attach file to the bpf interface, i.e. make d listen on bp.
621 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
628 * Save sysctl value to protect from sysctl change
631 op_w = V_bpf_optimize_writers || d->bd_writer;
633 if (d->bd_bif != NULL)
634 bpf_detachd_locked(d);
636 * Point d at bp, and add d to the interface's list.
637 * Since there are many applications using BPF for
638 * sending raw packets only (dhcpd, cdpd are good examples)
639 * we can delay adding d to the list of active listeners until
640 * some filter is configured.
649 /* Add to writers-only list */
650 LIST_INSERT_HEAD(&bp->bif_wlist, d, bd_next);
652 * We decrement bd_writer on every filter set operation.
653 * First BIOCSETF is done by pcap_open_live() to set up
654 * snap length. After that appliation usually sets its own filter
658 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
665 CTR3(KTR_NET, "%s: bpf_attach called by pid %d, adding to %s list",
666 __func__, d->bd_pid, d->bd_writer ? "writer" : "active");
669 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
673 * Check if we need to upgrade our descriptor @d from write-only mode.
676 bpf_check_upgrade(u_long cmd, struct bpf_d *d, struct bpf_insn *fcode, int flen)
678 int is_snap, need_upgrade;
681 * Check if we've already upgraded or new filter is empty.
683 if (d->bd_writer == 0 || fcode == NULL)
689 * Check if cmd looks like snaplen setting from
690 * pcap_bpf.c:pcap_open_live().
691 * Note we're not checking .k value here:
692 * while pcap_open_live() definitely sets to to non-zero value,
693 * we'd prefer to treat k=0 (deny ALL) case the same way: e.g.
694 * do not consider upgrading immediately
696 if (cmd == BIOCSETF && flen == 1 && fcode[0].code == (BPF_RET | BPF_K))
703 * We're setting first filter and it doesn't look like
704 * setting snaplen. We're probably using bpf directly.
705 * Upgrade immediately.
710 * Do not require upgrade by first BIOCSETF
711 * (used to set snaplen) by pcap_open_live().
714 if (--d->bd_writer == 0) {
716 * First snaplen filter has already
717 * been set. This is probably catch-all
725 "%s: filter function set by pid %d, "
726 "bd_writer counter %d, snap %d upgrade %d",
727 __func__, d->bd_pid, d->bd_writer,
728 is_snap, need_upgrade);
730 return (need_upgrade);
734 * Add d to the list of active bp filters.
735 * Requires bpf_attachd() to be called before.
738 bpf_upgraded(struct bpf_d *d)
747 * Filter can be set several times without specifying interface.
748 * Mark d as reader and exit.
760 /* Remove from writers-only list */
761 LIST_REMOVE(d, bd_next);
762 LIST_INSERT_HEAD(&bp->bif_dlist, d, bd_next);
763 /* Mark d as reader */
769 CTR2(KTR_NET, "%s: upgrade required by pid %d", __func__, d->bd_pid);
771 EVENTHANDLER_INVOKE(bpf_track, bp->bif_ifp, bp->bif_dlt, 1);
775 * Detach a file from its interface.
778 bpf_detachd(struct bpf_d *d)
781 bpf_detachd_locked(d);
786 bpf_detachd_locked(struct bpf_d *d)
792 CTR2(KTR_NET, "%s: detach required by pid %d", __func__, d->bd_pid);
796 /* Check if descriptor is attached */
797 if ((bp = d->bd_bif) == NULL)
803 /* Save bd_writer value */
804 error = d->bd_writer;
807 * Remove d from the interface's descriptor list.
809 LIST_REMOVE(d, bd_next);
818 /* Call event handler iff d is attached */
820 EVENTHANDLER_INVOKE(bpf_track, ifp, bp->bif_dlt, 0);
823 * Check if this descriptor had requested promiscuous mode.
824 * If so, turn it off.
828 CURVNET_SET(ifp->if_vnet);
829 error = ifpromisc(ifp, 0);
831 if (error != 0 && error != ENXIO) {
833 * ENXIO can happen if a pccard is unplugged
834 * Something is really wrong if we were able to put
835 * the driver into promiscuous mode, but can't
838 if_printf(bp->bif_ifp,
839 "bpf_detach: ifpromisc failed (%d)\n", error);
845 * Close the descriptor by detaching it from its interface,
846 * deallocating its buffers, and marking it free.
851 struct bpf_d *d = data;
854 if (d->bd_state == BPF_WAITING)
855 callout_stop(&d->bd_callout);
856 d->bd_state = BPF_IDLE;
858 funsetown(&d->bd_sigio);
861 mac_bpfdesc_destroy(d);
863 seldrain(&d->bd_sel);
864 knlist_destroy(&d->bd_sel.si_note);
865 callout_drain(&d->bd_callout);
871 * Open ethernet device. Returns ENXIO for illegal minor device number,
872 * EBUSY if file is open by another process.
876 bpfopen(struct cdev *dev, int flags, int fmt, struct thread *td)
881 d = malloc(sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
882 error = devfs_set_cdevpriv(d, bpf_dtor);
889 * For historical reasons, perform a one-time initialization call to
890 * the buffer routines, even though we're not yet committed to a
891 * particular buffer method.
894 if ((flags & FREAD) == 0)
896 d->bd_hbuf_in_use = 0;
897 d->bd_bufmode = BPF_BUFMODE_BUFFER;
899 d->bd_direction = BPF_D_INOUT;
900 BPF_PID_REFRESH(d, td);
903 mac_bpfdesc_create(td->td_ucred, d);
905 mtx_init(&d->bd_lock, devtoname(dev), "bpf cdev lock", MTX_DEF);
906 callout_init_mtx(&d->bd_callout, &d->bd_lock, 0);
907 knlist_init_mtx(&d->bd_sel.si_note, &d->bd_lock);
913 * bpfread - read next chunk of packets from buffers
916 bpfread(struct cdev *dev, struct uio *uio, int ioflag)
923 error = devfs_get_cdevpriv((void **)&d);
928 * Restrict application to use a buffer the same size as
931 if (uio->uio_resid != d->bd_bufsize)
934 non_block = ((ioflag & O_NONBLOCK) != 0);
937 BPF_PID_REFRESH_CUR(d);
938 if (d->bd_bufmode != BPF_BUFMODE_BUFFER) {
942 if (d->bd_state == BPF_WAITING)
943 callout_stop(&d->bd_callout);
944 timed_out = (d->bd_state == BPF_TIMED_OUT);
945 d->bd_state = BPF_IDLE;
946 while (d->bd_hbuf_in_use) {
947 error = mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock,
948 PRINET|PCATCH, "bd_hbuf", 0);
955 * If the hold buffer is empty, then do a timed sleep, which
956 * ends when the timeout expires or when enough packets
957 * have arrived to fill the store buffer.
959 while (d->bd_hbuf == NULL) {
960 if (d->bd_slen != 0) {
962 * A packet(s) either arrived since the previous
963 * read or arrived while we were asleep.
965 if (d->bd_immediate || non_block || timed_out) {
967 * Rotate the buffers and return what's here
968 * if we are in immediate mode, non-blocking
969 * flag is set, or this descriptor timed out.
977 * No data is available, check to see if the bpf device
978 * is still pointed at a real interface. If not, return
979 * ENXIO so that the userland process knows to rebind
980 * it before using it again.
982 if (d->bd_bif == NULL) {
989 return (EWOULDBLOCK);
991 error = msleep(d, &d->bd_lock, PRINET|PCATCH,
993 if (error == EINTR || error == ERESTART) {
997 if (error == EWOULDBLOCK) {
999 * On a timeout, return what's in the buffer,
1000 * which may be nothing. If there is something
1001 * in the store buffer, we can rotate the buffers.
1005 * We filled up the buffer in between
1006 * getting the timeout and arriving
1007 * here, so we don't need to rotate.
1011 if (d->bd_slen == 0) {
1020 * At this point, we know we have something in the hold slot.
1022 d->bd_hbuf_in_use = 1;
1026 * Move data from hold buffer into user space.
1027 * We know the entire buffer is transferred since
1028 * we checked above that the read buffer is bpf_bufsize bytes.
1030 * We do not have to worry about simultaneous reads because
1031 * we waited for sole access to the hold buffer above.
1033 error = bpf_uiomove(d, d->bd_hbuf, d->bd_hlen, uio);
1036 KASSERT(d->bd_hbuf != NULL, ("bpfread: lost bd_hbuf"));
1037 d->bd_fbuf = d->bd_hbuf;
1040 bpf_buf_reclaimed(d);
1041 d->bd_hbuf_in_use = 0;
1042 wakeup(&d->bd_hbuf_in_use);
1049 * If there are processes sleeping on this descriptor, wake them up.
1051 static __inline void
1052 bpf_wakeup(struct bpf_d *d)
1055 BPFD_LOCK_ASSERT(d);
1056 if (d->bd_state == BPF_WAITING) {
1057 callout_stop(&d->bd_callout);
1058 d->bd_state = BPF_IDLE;
1061 if (d->bd_async && d->bd_sig && d->bd_sigio)
1062 pgsigio(&d->bd_sigio, d->bd_sig, 0);
1064 selwakeuppri(&d->bd_sel, PRINET);
1065 KNOTE_LOCKED(&d->bd_sel.si_note, 0);
1069 bpf_timed_out(void *arg)
1071 struct bpf_d *d = (struct bpf_d *)arg;
1073 BPFD_LOCK_ASSERT(d);
1075 if (callout_pending(&d->bd_callout) || !callout_active(&d->bd_callout))
1077 if (d->bd_state == BPF_WAITING) {
1078 d->bd_state = BPF_TIMED_OUT;
1079 if (d->bd_slen != 0)
1085 bpf_ready(struct bpf_d *d)
1088 BPFD_LOCK_ASSERT(d);
1090 if (!bpf_canfreebuf(d) && d->bd_hlen != 0)
1092 if ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1099 bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
1103 struct mbuf *m, *mc;
1104 struct sockaddr dst;
1108 error = devfs_get_cdevpriv((void **)&d);
1112 BPF_PID_REFRESH_CUR(d);
1114 /* XXX: locking required */
1115 if (d->bd_bif == NULL) {
1120 ifp = d->bd_bif->bif_ifp;
1122 if ((ifp->if_flags & IFF_UP) == 0) {
1127 if (uio->uio_resid == 0) {
1132 bzero(&dst, sizeof(dst));
1135 /* XXX: bpf_movein() can sleep */
1136 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, ifp,
1137 &m, &dst, &hlen, d);
1144 dst.sa_family = pseudo_AF_HDRCMPLT;
1146 if (d->bd_feedback) {
1147 mc = m_dup(m, M_NOWAIT);
1149 mc->m_pkthdr.rcvif = ifp;
1150 /* Set M_PROMISC for outgoing packets to be discarded. */
1151 if (d->bd_direction == BPF_D_INOUT)
1152 m->m_flags |= M_PROMISC;
1156 m->m_pkthdr.len -= hlen;
1158 m->m_data += hlen; /* XXX */
1160 CURVNET_SET(ifp->if_vnet);
1163 mac_bpfdesc_create_mbuf(d, m);
1165 mac_bpfdesc_create_mbuf(d, mc);
1169 bzero(&ro, sizeof(ro));
1171 ro.ro_prepend = (u_char *)&dst.sa_data;
1173 ro.ro_flags = RT_HAS_HEADER;
1176 error = (*ifp->if_output)(ifp, m, &dst, &ro);
1182 (*ifp->if_input)(ifp, mc);
1192 * Reset a descriptor by flushing its packet buffer and clearing the receive
1193 * and drop counts. This is doable for kernel-only buffers, but with
1194 * zero-copy buffers, we can't write to (or rotate) buffers that are
1195 * currently owned by userspace. It would be nice if we could encapsulate
1196 * this logic in the buffer code rather than here.
1199 reset_d(struct bpf_d *d)
1202 BPFD_LOCK_ASSERT(d);
1204 while (d->bd_hbuf_in_use)
1205 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock, PRINET,
1207 if ((d->bd_hbuf != NULL) &&
1208 (d->bd_bufmode != BPF_BUFMODE_ZBUF || bpf_canfreebuf(d))) {
1209 /* Free the hold buffer. */
1210 d->bd_fbuf = d->bd_hbuf;
1213 bpf_buf_reclaimed(d);
1215 if (bpf_canwritebuf(d))
1227 * FIONREAD Check for read packet available.
1228 * BIOCGBLEN Get buffer len [for read()].
1229 * BIOCSETF Set read filter.
1230 * BIOCSETFNR Set read filter without resetting descriptor.
1231 * BIOCSETWF Set write filter.
1232 * BIOCFLUSH Flush read packet buffer.
1233 * BIOCPROMISC Put interface into promiscuous mode.
1234 * BIOCGDLT Get link layer type.
1235 * BIOCGETIF Get interface name.
1236 * BIOCSETIF Set interface.
1237 * BIOCSRTIMEOUT Set read timeout.
1238 * BIOCGRTIMEOUT Get read timeout.
1239 * BIOCGSTATS Get packet stats.
1240 * BIOCIMMEDIATE Set immediate mode.
1241 * BIOCVERSION Get filter language version.
1242 * BIOCGHDRCMPLT Get "header already complete" flag
1243 * BIOCSHDRCMPLT Set "header already complete" flag
1244 * BIOCGDIRECTION Get packet direction flag
1245 * BIOCSDIRECTION Set packet direction flag
1246 * BIOCGTSTAMP Get time stamp format and resolution.
1247 * BIOCSTSTAMP Set time stamp format and resolution.
1248 * BIOCLOCK Set "locked" flag
1249 * BIOCFEEDBACK Set packet feedback mode.
1250 * BIOCSETZBUF Set current zero-copy buffer locations.
1251 * BIOCGETZMAX Get maximum zero-copy buffer size.
1252 * BIOCROTZBUF Force rotation of zero-copy buffer
1253 * BIOCSETBUFMODE Set buffer mode.
1254 * BIOCGETBUFMODE Get current buffer mode.
1258 bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
1264 error = devfs_get_cdevpriv((void **)&d);
1269 * Refresh PID associated with this descriptor.
1272 BPF_PID_REFRESH(d, td);
1273 if (d->bd_state == BPF_WAITING)
1274 callout_stop(&d->bd_callout);
1275 d->bd_state = BPF_IDLE;
1278 if (d->bd_locked == 1) {
1284 #ifdef COMPAT_FREEBSD32
1285 case BIOCGDLTLIST32:
1289 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1290 case BIOCGRTIMEOUT32:
1301 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1302 case BIOCSRTIMEOUT32:
1312 #ifdef COMPAT_FREEBSD32
1314 * If we see a 32-bit compat ioctl, mark the stream as 32-bit so
1315 * that it will get 32-bit packet headers.
1321 case BIOCGDLTLIST32:
1322 case BIOCGRTIMEOUT32:
1323 case BIOCSRTIMEOUT32:
1330 CURVNET_SET(TD_TO_VNET(td));
1338 * Check for read packet available.
1346 while (d->bd_hbuf_in_use)
1347 mtx_sleep(&d->bd_hbuf_in_use, &d->bd_lock,
1348 PRINET, "bd_hbuf", 0);
1358 * Get buffer len [for read()].
1362 *(u_int *)addr = d->bd_bufsize;
1367 * Set buffer length.
1370 error = bpf_ioctl_sblen(d, (u_int *)addr);
1374 * Set link layer read filter.
1379 #ifdef COMPAT_FREEBSD32
1384 error = bpf_setf(d, (struct bpf_program *)addr, cmd);
1388 * Flush read packet buffer.
1397 * Put interface into promiscuous mode.
1400 if (d->bd_bif == NULL) {
1402 * No interface attached yet.
1407 if (d->bd_promisc == 0) {
1408 error = ifpromisc(d->bd_bif->bif_ifp, 1);
1415 * Get current data link type.
1419 if (d->bd_bif == NULL)
1422 *(u_int *)addr = d->bd_bif->bif_dlt;
1427 * Get a list of supported data link types.
1429 #ifdef COMPAT_FREEBSD32
1430 case BIOCGDLTLIST32:
1432 struct bpf_dltlist32 *list32;
1433 struct bpf_dltlist dltlist;
1435 list32 = (struct bpf_dltlist32 *)addr;
1436 dltlist.bfl_len = list32->bfl_len;
1437 dltlist.bfl_list = PTRIN(list32->bfl_list);
1439 if (d->bd_bif == NULL)
1442 error = bpf_getdltlist(d, &dltlist);
1444 list32->bfl_len = dltlist.bfl_len;
1453 if (d->bd_bif == NULL)
1456 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
1461 * Set data link type.
1465 if (d->bd_bif == NULL)
1468 error = bpf_setdlt(d, *(u_int *)addr);
1473 * Get interface name.
1477 if (d->bd_bif == NULL)
1480 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1481 struct ifreq *const ifr = (struct ifreq *)addr;
1483 strlcpy(ifr->ifr_name, ifp->if_xname,
1484 sizeof(ifr->ifr_name));
1494 int alloc_buf, size;
1497 * Behavior here depends on the buffering model. If
1498 * we're using kernel memory buffers, then we can
1499 * allocate them here. If we're using zero-copy,
1500 * then the user process must have registered buffers
1501 * by the time we get here.
1505 if (d->bd_bufmode == BPF_BUFMODE_BUFFER &&
1510 size = d->bd_bufsize;
1511 error = bpf_buffer_ioctl_sblen(d, &size);
1516 error = bpf_setif(d, (struct ifreq *)addr);
1525 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1526 case BIOCSRTIMEOUT32:
1529 struct timeval *tv = (struct timeval *)addr;
1530 #if defined(COMPAT_FREEBSD32) && !defined(__mips__)
1531 struct timeval32 *tv32;
1532 struct timeval tv64;
1534 if (cmd == BIOCSRTIMEOUT32) {
1535 tv32 = (struct timeval32 *)addr;
1537 tv->tv_sec = tv32->tv_sec;
1538 tv->tv_usec = tv32->tv_usec;
1541 tv = (struct timeval *)addr;
1544 * Subtract 1 tick from tvtohz() since this isn't
1547 if ((error = itimerfix(tv)) == 0)
1548 d->bd_rtout = tvtohz(tv) - 1;
1556 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1557 case BIOCGRTIMEOUT32:
1561 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1562 struct timeval32 *tv32;
1563 struct timeval tv64;
1565 if (cmd == BIOCGRTIMEOUT32)
1569 tv = (struct timeval *)addr;
1571 tv->tv_sec = d->bd_rtout / hz;
1572 tv->tv_usec = (d->bd_rtout % hz) * tick;
1573 #if defined(COMPAT_FREEBSD32) && defined(__amd64__)
1574 if (cmd == BIOCGRTIMEOUT32) {
1575 tv32 = (struct timeval32 *)addr;
1576 tv32->tv_sec = tv->tv_sec;
1577 tv32->tv_usec = tv->tv_usec;
1589 struct bpf_stat *bs = (struct bpf_stat *)addr;
1591 /* XXXCSJP overflow */
1592 bs->bs_recv = d->bd_rcount;
1593 bs->bs_drop = d->bd_dcount;
1598 * Set immediate mode.
1602 d->bd_immediate = *(u_int *)addr;
1608 struct bpf_version *bv = (struct bpf_version *)addr;
1610 bv->bv_major = BPF_MAJOR_VERSION;
1611 bv->bv_minor = BPF_MINOR_VERSION;
1616 * Get "header already complete" flag
1620 *(u_int *)addr = d->bd_hdrcmplt;
1625 * Set "header already complete" flag
1629 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1634 * Get packet direction flag
1636 case BIOCGDIRECTION:
1638 *(u_int *)addr = d->bd_direction;
1643 * Set packet direction flag
1645 case BIOCSDIRECTION:
1649 direction = *(u_int *)addr;
1650 switch (direction) {
1655 d->bd_direction = direction;
1665 * Get packet timestamp format and resolution.
1669 *(u_int *)addr = d->bd_tstamp;
1674 * Set packet timestamp format and resolution.
1680 func = *(u_int *)addr;
1681 if (BPF_T_VALID(func))
1682 d->bd_tstamp = func;
1690 d->bd_feedback = *(u_int *)addr;
1700 case FIONBIO: /* Non-blocking I/O */
1703 case FIOASYNC: /* Send signal on receive packets */
1705 d->bd_async = *(int *)addr;
1711 * XXX: Add some sort of locking here?
1712 * fsetown() can sleep.
1714 error = fsetown(*(int *)addr, &d->bd_sigio);
1719 *(int *)addr = fgetown(&d->bd_sigio);
1723 /* This is deprecated, FIOSETOWN should be used instead. */
1725 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1728 /* This is deprecated, FIOGETOWN should be used instead. */
1730 *(int *)addr = -fgetown(&d->bd_sigio);
1733 case BIOCSRSIG: /* Set receive signal */
1737 sig = *(u_int *)addr;
1750 *(u_int *)addr = d->bd_sig;
1754 case BIOCGETBUFMODE:
1756 *(u_int *)addr = d->bd_bufmode;
1760 case BIOCSETBUFMODE:
1762 * Allow the buffering mode to be changed as long as we
1763 * haven't yet committed to a particular mode. Our
1764 * definition of commitment, for now, is whether or not a
1765 * buffer has been allocated or an interface attached, since
1766 * that's the point where things get tricky.
1768 switch (*(u_int *)addr) {
1769 case BPF_BUFMODE_BUFFER:
1772 case BPF_BUFMODE_ZBUF:
1773 if (bpf_zerocopy_enable)
1783 if (d->bd_sbuf != NULL || d->bd_hbuf != NULL ||
1784 d->bd_fbuf != NULL || d->bd_bif != NULL) {
1789 d->bd_bufmode = *(u_int *)addr;
1794 error = bpf_ioctl_getzmax(td, d, (size_t *)addr);
1798 error = bpf_ioctl_setzbuf(td, d, (struct bpf_zbuf *)addr);
1802 error = bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr);
1810 * Set d's packet filter program to fp. If this file already has a filter,
1811 * free it and replace it. Returns EINVAL for bogus requests.
1813 * Note we need global lock here to serialize bpf_setf() and bpf_setif() calls
1814 * since reading d->bd_bif can't be protected by d or interface lock due to
1817 * Additionally, we have to acquire interface write lock due to bpf_mtap() uses
1818 * interface read lock to read all filers.
1822 bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
1824 #ifdef COMPAT_FREEBSD32
1825 struct bpf_program fp_swab;
1826 struct bpf_program32 *fp32;
1828 struct bpf_insn *fcode, *old;
1830 bpf_jit_filter *jfunc, *ofunc;
1836 #ifdef COMPAT_FREEBSD32
1841 fp32 = (struct bpf_program32 *)fp;
1842 fp_swab.bf_len = fp32->bf_len;
1843 fp_swab.bf_insns = (struct bpf_insn *)(uintptr_t)fp32->bf_insns;
1859 jfunc = ofunc = NULL;
1864 * Check new filter validness before acquiring any locks.
1865 * Allocate memory for new filter, if needed.
1868 if (flen > bpf_maxinsns || (fp->bf_insns == NULL && flen != 0))
1870 size = flen * sizeof(*fp->bf_insns);
1872 /* We're setting up new filter. Copy and check actual data. */
1873 fcode = malloc(size, M_BPF, M_WAITOK);
1874 if (copyin(fp->bf_insns, fcode, size) != 0 ||
1875 !bpf_validate(fcode, flen)) {
1880 /* Filter is copied inside fcode and is perfectly valid. */
1881 jfunc = bpf_jitter(fcode, flen);
1888 * Set up new filter.
1889 * Protect filter change by interface lock.
1890 * Additionally, we are protected by global lock here.
1892 if (d->bd_bif != NULL)
1893 BPFIF_WLOCK(d->bd_bif);
1895 if (cmd == BIOCSETWF) {
1896 old = d->bd_wfilter;
1897 d->bd_wfilter = fcode;
1899 old = d->bd_rfilter;
1900 d->bd_rfilter = fcode;
1902 ofunc = d->bd_bfilter;
1903 d->bd_bfilter = jfunc;
1905 if (cmd == BIOCSETF)
1908 need_upgrade = bpf_check_upgrade(cmd, d, fcode, flen);
1911 if (d->bd_bif != NULL)
1912 BPFIF_WUNLOCK(d->bd_bif);
1917 bpf_destroy_jit_filter(ofunc);
1920 /* Move d to active readers list. */
1921 if (need_upgrade != 0)
1929 * Detach a file from its current interface (if attached at all) and attach
1930 * to the interface indicated by the name stored in ifr.
1931 * Return an errno or 0.
1934 bpf_setif(struct bpf_d *d, struct ifreq *ifr)
1937 struct ifnet *theywant;
1941 theywant = ifunit(ifr->ifr_name);
1942 if (theywant == NULL || theywant->if_bpf == NULL)
1945 bp = theywant->if_bpf;
1947 /* Check if interface is not being detached from BPF */
1949 if (bp->bif_flags & BPFIF_FLAG_DYING) {
1956 * At this point, we expect the buffer is already allocated. If not,
1959 switch (d->bd_bufmode) {
1960 case BPF_BUFMODE_BUFFER:
1961 case BPF_BUFMODE_ZBUF:
1962 if (d->bd_sbuf == NULL)
1967 panic("bpf_setif: bufmode %d", d->bd_bufmode);
1969 if (bp != d->bd_bif)
1978 * Support for select() and poll() system calls
1980 * Return true iff the specific operation will not block indefinitely.
1981 * Otherwise, return false but make a note that a selwakeup() must be done.
1984 bpfpoll(struct cdev *dev, int events, struct thread *td)
1989 if (devfs_get_cdevpriv((void **)&d) != 0 || d->bd_bif == NULL)
1991 (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
1994 * Refresh PID associated with this descriptor.
1996 revents = events & (POLLOUT | POLLWRNORM);
1998 BPF_PID_REFRESH(d, td);
1999 if (events & (POLLIN | POLLRDNORM)) {
2001 revents |= events & (POLLIN | POLLRDNORM);
2003 selrecord(td, &d->bd_sel);
2004 /* Start the read timeout if necessary. */
2005 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
2006 callout_reset(&d->bd_callout, d->bd_rtout,
2008 d->bd_state = BPF_WAITING;
2017 * Support for kevent() system call. Register EVFILT_READ filters and
2018 * reject all others.
2021 bpfkqfilter(struct cdev *dev, struct knote *kn)
2025 if (devfs_get_cdevpriv((void **)&d) != 0 ||
2026 kn->kn_filter != EVFILT_READ)
2030 * Refresh PID associated with this descriptor.
2033 BPF_PID_REFRESH_CUR(d);
2034 kn->kn_fop = &bpfread_filtops;
2036 knlist_add(&d->bd_sel.si_note, kn, 1);
2043 filt_bpfdetach(struct knote *kn)
2045 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
2047 knlist_remove(&d->bd_sel.si_note, kn, 0);
2051 filt_bpfread(struct knote *kn, long hint)
2053 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
2056 BPFD_LOCK_ASSERT(d);
2057 ready = bpf_ready(d);
2059 kn->kn_data = d->bd_slen;
2061 * Ignore the hold buffer if it is being copied to user space.
2063 if (!d->bd_hbuf_in_use && d->bd_hbuf)
2064 kn->kn_data += d->bd_hlen;
2065 } else if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
2066 callout_reset(&d->bd_callout, d->bd_rtout,
2068 d->bd_state = BPF_WAITING;
2074 #define BPF_TSTAMP_NONE 0
2075 #define BPF_TSTAMP_FAST 1
2076 #define BPF_TSTAMP_NORMAL 2
2077 #define BPF_TSTAMP_EXTERN 3
2080 bpf_ts_quality(int tstype)
2083 if (tstype == BPF_T_NONE)
2084 return (BPF_TSTAMP_NONE);
2085 if ((tstype & BPF_T_FAST) != 0)
2086 return (BPF_TSTAMP_FAST);
2088 return (BPF_TSTAMP_NORMAL);
2092 bpf_gettime(struct bintime *bt, int tstype, struct mbuf *m)
2097 quality = bpf_ts_quality(tstype);
2098 if (quality == BPF_TSTAMP_NONE)
2102 tag = m_tag_locate(m, MTAG_BPF, MTAG_BPF_TIMESTAMP, NULL);
2104 *bt = *(struct bintime *)(tag + 1);
2105 return (BPF_TSTAMP_EXTERN);
2108 if (quality == BPF_TSTAMP_NORMAL)
2117 * Incoming linkage from device drivers. Process the packet pkt, of length
2118 * pktlen, which is stored in a contiguous buffer. The packet is parsed
2119 * by each process' filter, and if accepted, stashed into the corresponding
2123 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
2133 gottime = BPF_TSTAMP_NONE;
2137 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2139 * We are not using any locks for d here because:
2140 * 1) any filter change is protected by interface
2142 * 2) destroying/detaching d is protected by interface
2146 /* XXX: Do not protect counter for the sake of performance. */
2149 * NB: We dont call BPF_CHECK_DIRECTION() here since there is no
2150 * way for the caller to indiciate to us whether this packet
2151 * is inbound or outbound. In the bpf_mtap() routines, we use
2152 * the interface pointers on the mbuf to figure it out.
2155 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
2157 slen = (*(bf->func))(pkt, pktlen, pktlen);
2160 slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen);
2163 * Filter matches. Let's to acquire write lock.
2168 if (gottime < bpf_ts_quality(d->bd_tstamp))
2169 gottime = bpf_gettime(&bt, d->bd_tstamp, NULL);
2171 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2173 catchpacket(d, pkt, pktlen, slen,
2174 bpf_append_bytes, &bt);
2181 #define BPF_CHECK_DIRECTION(d, r, i) \
2182 (((d)->bd_direction == BPF_D_IN && (r) != (i)) || \
2183 ((d)->bd_direction == BPF_D_OUT && (r) == (i)))
2186 * Incoming linkage from device drivers, when packet is in an mbuf chain.
2187 * Locking model is explained in bpf_tap().
2190 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2200 /* Skip outgoing duplicate packets. */
2201 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
2202 m->m_flags &= ~M_PROMISC;
2206 pktlen = m_length(m, NULL);
2207 gottime = BPF_TSTAMP_NONE;
2211 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2212 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
2216 bf = bpf_jitter_enable != 0 ? d->bd_bfilter : NULL;
2217 /* XXX We cannot handle multiple mbufs. */
2218 if (bf != NULL && m->m_next == NULL)
2219 slen = (*(bf->func))(mtod(m, u_char *), pktlen, pktlen);
2222 slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0);
2227 if (gottime < bpf_ts_quality(d->bd_tstamp))
2228 gottime = bpf_gettime(&bt, d->bd_tstamp, m);
2230 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2232 catchpacket(d, (u_char *)m, pktlen, slen,
2233 bpf_append_mbuf, &bt);
2241 * Incoming linkage from device drivers, when packet is in
2242 * an mbuf chain and to be prepended by a contiguous header.
2245 bpf_mtap2(struct bpf_if *bp, void *data, u_int dlen, struct mbuf *m)
2253 /* Skip outgoing duplicate packets. */
2254 if ((m->m_flags & M_PROMISC) != 0 && m->m_pkthdr.rcvif == NULL) {
2255 m->m_flags &= ~M_PROMISC;
2259 pktlen = m_length(m, NULL);
2261 * Craft on-stack mbuf suitable for passing to bpf_filter.
2262 * Note that we cut corners here; we only setup what's
2263 * absolutely needed--this mbuf should never go anywhere else.
2270 gottime = BPF_TSTAMP_NONE;
2274 LIST_FOREACH(d, &bp->bif_dlist, bd_next) {
2275 if (BPF_CHECK_DIRECTION(d, m->m_pkthdr.rcvif, bp->bif_ifp))
2278 slen = bpf_filter(d->bd_rfilter, (u_char *)&mb, pktlen, 0);
2283 if (gottime < bpf_ts_quality(d->bd_tstamp))
2284 gottime = bpf_gettime(&bt, d->bd_tstamp, m);
2286 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) == 0)
2288 catchpacket(d, (u_char *)&mb, pktlen, slen,
2289 bpf_append_mbuf, &bt);
2296 #undef BPF_CHECK_DIRECTION
2298 #undef BPF_TSTAMP_NONE
2299 #undef BPF_TSTAMP_FAST
2300 #undef BPF_TSTAMP_NORMAL
2301 #undef BPF_TSTAMP_EXTERN
2304 bpf_hdrlen(struct bpf_d *d)
2308 hdrlen = d->bd_bif->bif_hdrlen;
2309 #ifndef BURN_BRIDGES
2310 if (d->bd_tstamp == BPF_T_NONE ||
2311 BPF_T_FORMAT(d->bd_tstamp) == BPF_T_MICROTIME)
2312 #ifdef COMPAT_FREEBSD32
2314 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr32);
2317 hdrlen += SIZEOF_BPF_HDR(struct bpf_hdr);
2320 hdrlen += SIZEOF_BPF_HDR(struct bpf_xhdr);
2321 #ifdef COMPAT_FREEBSD32
2323 hdrlen = BPF_WORDALIGN32(hdrlen);
2326 hdrlen = BPF_WORDALIGN(hdrlen);
2328 return (hdrlen - d->bd_bif->bif_hdrlen);
2332 bpf_bintime2ts(struct bintime *bt, struct bpf_ts *ts, int tstype)
2334 struct bintime bt2, boottimebin;
2336 struct timespec tsn;
2338 if ((tstype & BPF_T_MONOTONIC) == 0) {
2340 getboottimebin(&boottimebin);
2341 bintime_add(&bt2, &boottimebin);
2344 switch (BPF_T_FORMAT(tstype)) {
2345 case BPF_T_MICROTIME:
2346 bintime2timeval(bt, &tsm);
2347 ts->bt_sec = tsm.tv_sec;
2348 ts->bt_frac = tsm.tv_usec;
2350 case BPF_T_NANOTIME:
2351 bintime2timespec(bt, &tsn);
2352 ts->bt_sec = tsn.tv_sec;
2353 ts->bt_frac = tsn.tv_nsec;
2356 ts->bt_sec = bt->sec;
2357 ts->bt_frac = bt->frac;
2363 * Move the packet data from interface memory (pkt) into the
2364 * store buffer. "cpfn" is the routine called to do the actual data
2365 * transfer. bcopy is passed in to copy contiguous chunks, while
2366 * bpf_append_mbuf is passed in to copy mbuf chains. In the latter case,
2367 * pkt is really an mbuf.
2370 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
2371 void (*cpfn)(struct bpf_d *, caddr_t, u_int, void *, u_int),
2374 struct bpf_xhdr hdr;
2375 #ifndef BURN_BRIDGES
2376 struct bpf_hdr hdr_old;
2377 #ifdef COMPAT_FREEBSD32
2378 struct bpf_hdr32 hdr32_old;
2381 int caplen, curlen, hdrlen, totlen;
2386 BPFD_LOCK_ASSERT(d);
2389 * Detect whether user space has released a buffer back to us, and if
2390 * so, move it from being a hold buffer to a free buffer. This may
2391 * not be the best place to do it (for example, we might only want to
2392 * run this check if we need the space), but for now it's a reliable
2395 if (d->bd_fbuf == NULL && bpf_canfreebuf(d)) {
2396 d->bd_fbuf = d->bd_hbuf;
2399 bpf_buf_reclaimed(d);
2403 * Figure out how many bytes to move. If the packet is
2404 * greater or equal to the snapshot length, transfer that
2405 * much. Otherwise, transfer the whole packet (unless
2406 * we hit the buffer size limit).
2408 hdrlen = bpf_hdrlen(d);
2409 totlen = hdrlen + min(snaplen, pktlen);
2410 if (totlen > d->bd_bufsize)
2411 totlen = d->bd_bufsize;
2414 * Round up the end of the previous packet to the next longword.
2416 * Drop the packet if there's no room and no hope of room
2417 * If the packet would overflow the storage buffer or the storage
2418 * buffer is considered immutable by the buffer model, try to rotate
2419 * the buffer and wakeup pending processes.
2421 #ifdef COMPAT_FREEBSD32
2423 curlen = BPF_WORDALIGN32(d->bd_slen);
2426 curlen = BPF_WORDALIGN(d->bd_slen);
2427 if (curlen + totlen > d->bd_bufsize || !bpf_canwritebuf(d)) {
2428 if (d->bd_fbuf == NULL) {
2430 * There's no room in the store buffer, and no
2431 * prospect of room, so drop the packet. Notify the
2438 KASSERT(!d->bd_hbuf_in_use, ("hold buffer is in use"));
2442 } else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
2444 * Immediate mode is set, or the read timeout has already
2445 * expired during a select call. A packet arrived, so the
2446 * reader should be woken up.
2449 caplen = totlen - hdrlen;
2450 tstype = d->bd_tstamp;
2451 do_timestamp = tstype != BPF_T_NONE;
2452 #ifndef BURN_BRIDGES
2453 if (tstype == BPF_T_NONE || BPF_T_FORMAT(tstype) == BPF_T_MICROTIME) {
2456 bpf_bintime2ts(bt, &ts, tstype);
2457 #ifdef COMPAT_FREEBSD32
2458 if (d->bd_compat32) {
2459 bzero(&hdr32_old, sizeof(hdr32_old));
2461 hdr32_old.bh_tstamp.tv_sec = ts.bt_sec;
2462 hdr32_old.bh_tstamp.tv_usec = ts.bt_frac;
2464 hdr32_old.bh_datalen = pktlen;
2465 hdr32_old.bh_hdrlen = hdrlen;
2466 hdr32_old.bh_caplen = caplen;
2467 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr32_old,
2472 bzero(&hdr_old, sizeof(hdr_old));
2474 hdr_old.bh_tstamp.tv_sec = ts.bt_sec;
2475 hdr_old.bh_tstamp.tv_usec = ts.bt_frac;
2477 hdr_old.bh_datalen = pktlen;
2478 hdr_old.bh_hdrlen = hdrlen;
2479 hdr_old.bh_caplen = caplen;
2480 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr_old,
2487 * Append the bpf header. Note we append the actual header size, but
2488 * move forward the length of the header plus padding.
2490 bzero(&hdr, sizeof(hdr));
2492 bpf_bintime2ts(bt, &hdr.bh_tstamp, tstype);
2493 hdr.bh_datalen = pktlen;
2494 hdr.bh_hdrlen = hdrlen;
2495 hdr.bh_caplen = caplen;
2496 bpf_append_bytes(d, d->bd_sbuf, curlen, &hdr, sizeof(hdr));
2499 * Copy the packet data into the store buffer and update its length.
2501 #ifndef BURN_BRIDGES
2504 (*cpfn)(d, d->bd_sbuf, curlen + hdrlen, pkt, caplen);
2505 d->bd_slen = curlen + totlen;
2512 * Free buffers currently in use by a descriptor.
2516 bpf_freed(struct bpf_d *d)
2520 * We don't need to lock out interrupts since this descriptor has
2521 * been detached from its interface and it yet hasn't been marked
2525 if (d->bd_rfilter != NULL) {
2526 free((caddr_t)d->bd_rfilter, M_BPF);
2528 if (d->bd_bfilter != NULL)
2529 bpf_destroy_jit_filter(d->bd_bfilter);
2532 if (d->bd_wfilter != NULL)
2533 free((caddr_t)d->bd_wfilter, M_BPF);
2534 mtx_destroy(&d->bd_lock);
2538 * Attach an interface to bpf. dlt is the link layer type; hdrlen is the
2539 * fixed size of the link header (variable length headers not yet supported).
2542 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2545 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2549 * Attach an interface to bpf. ifp is a pointer to the structure
2550 * defining the interface to be attached, dlt is the link layer type,
2551 * and hdrlen is the fixed size of the link header (variable length
2552 * headers are not yet supporrted).
2555 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
2559 bp = malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
2563 LIST_INIT(&bp->bif_dlist);
2564 LIST_INIT(&bp->bif_wlist);
2567 rw_init(&bp->bif_lock, "bpf interface lock");
2568 KASSERT(*driverp == NULL, ("bpfattach2: driverp already initialized"));
2569 bp->bif_bpf = driverp;
2573 LIST_INSERT_HEAD(&bpf_iflist, bp, bif_next);
2576 bp->bif_hdrlen = hdrlen;
2578 if (bootverbose && IS_DEFAULT_VNET(curvnet))
2579 if_printf(ifp, "bpf attached\n");
2584 * When moving interfaces between vnet instances we need a way to
2585 * query the dlt and hdrlen before detach so we can re-attch the if_bpf
2586 * after the vmove. We unfortunately have no device driver infrastructure
2587 * to query the interface for these values after creation/attach, thus
2588 * add this as a workaround.
2591 bpf_get_bp_params(struct bpf_if *bp, u_int *bif_dlt, u_int *bif_hdrlen)
2596 if (bif_dlt == NULL && bif_hdrlen == NULL)
2599 if (bif_dlt != NULL)
2600 *bif_dlt = bp->bif_dlt;
2601 if (bif_hdrlen != NULL)
2602 *bif_hdrlen = bp->bif_hdrlen;
2609 * Detach bpf from an interface. This involves detaching each descriptor
2610 * associated with the interface. Notify each descriptor as it's detached
2611 * so that any sleepers wake up and get ENXIO.
2614 bpfdetach(struct ifnet *ifp)
2616 struct bpf_if *bp, *bp_temp;
2623 /* Find all bpf_if struct's which reference ifp and detach them. */
2624 LIST_FOREACH_SAFE(bp, &bpf_iflist, bif_next, bp_temp) {
2625 if (ifp != bp->bif_ifp)
2628 LIST_REMOVE(bp, bif_next);
2629 /* Add to to-be-freed list */
2630 LIST_INSERT_HEAD(&bpf_freelist, bp, bif_next);
2634 * Delay freeing bp till interface is detached
2635 * and all routes through this interface are removed.
2636 * Mark bp as detached to restrict new consumers.
2639 bp->bif_flags |= BPFIF_FLAG_DYING;
2640 *bp->bif_bpf = NULL;
2643 CTR4(KTR_NET, "%s: sheduling free for encap %d (%p) for if %p",
2644 __func__, bp->bif_dlt, bp, ifp);
2646 /* Free common descriptors */
2647 while ((d = LIST_FIRST(&bp->bif_dlist)) != NULL) {
2648 bpf_detachd_locked(d);
2654 /* Free writer-only descriptors */
2655 while ((d = LIST_FIRST(&bp->bif_wlist)) != NULL) {
2656 bpf_detachd_locked(d);
2666 printf("bpfdetach: %s was not attached\n", ifp->if_xname);
2671 * Interface departure handler.
2672 * Note departure event does not guarantee interface is going down.
2673 * Interface renaming is currently done via departure/arrival event set.
2675 * Departure handled is called after all routes pointing to
2676 * given interface are removed and interface is in down state
2677 * restricting any packets to be sent/received. We assume it is now safe
2678 * to free data allocated by BPF.
2681 bpf_ifdetach(void *arg __unused, struct ifnet *ifp)
2683 struct bpf_if *bp, *bp_temp;
2686 /* Ignore ifnet renaming. */
2687 if (ifp->if_flags & IFF_RENAMING)
2692 * Find matching entries in free list.
2693 * Nothing should be found if bpfdetach() was not called.
2695 LIST_FOREACH_SAFE(bp, &bpf_freelist, bif_next, bp_temp) {
2696 if (ifp != bp->bif_ifp)
2699 CTR3(KTR_NET, "%s: freeing BPF instance %p for interface %p",
2702 LIST_REMOVE(bp, bif_next);
2704 rw_destroy(&bp->bif_lock);
2713 * Get a list of available data link type of the interface.
2716 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl)
2725 ifp = d->bd_bif->bif_ifp;
2728 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2729 if (bp->bif_ifp == ifp)
2732 if (bfl->bfl_list == NULL) {
2736 if (n1 > bfl->bfl_len)
2739 lst = malloc(n1 * sizeof(u_int), M_TEMP, M_WAITOK);
2742 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2743 if (bp->bif_ifp != ifp)
2749 lst[n] = bp->bif_dlt;
2753 error = copyout(lst, bfl->bfl_list, sizeof(u_int) * n);
2761 * Set the data link type of a BPF instance.
2764 bpf_setdlt(struct bpf_d *d, u_int dlt)
2766 int error, opromisc;
2772 if (d->bd_bif->bif_dlt == dlt)
2774 ifp = d->bd_bif->bif_ifp;
2776 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2777 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
2782 opromisc = d->bd_promisc;
2788 error = ifpromisc(bp->bif_ifp, 1);
2790 if_printf(bp->bif_ifp,
2791 "bpf_setdlt: ifpromisc failed (%d)\n",
2797 return (bp == NULL ? EINVAL : 0);
2801 bpf_drvinit(void *unused)
2805 mtx_init(&bpf_mtx, "bpf global lock", NULL, MTX_DEF);
2806 LIST_INIT(&bpf_iflist);
2807 LIST_INIT(&bpf_freelist);
2809 dev = make_dev(&bpf_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "bpf");
2810 /* For compatibility */
2811 make_dev_alias(dev, "bpf0");
2813 /* Register interface departure handler */
2814 bpf_ifdetach_cookie = EVENTHANDLER_REGISTER(
2815 ifnet_departure_event, bpf_ifdetach, NULL,
2816 EVENTHANDLER_PRI_ANY);
2820 * Zero out the various packet counters associated with all of the bpf
2821 * descriptors. At some point, we will probably want to get a bit more
2822 * granular and allow the user to specify descriptors to be zeroed.
2825 bpf_zero_counters(void)
2831 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2833 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2849 * Fill filter statistics
2852 bpfstats_fill_xbpf(struct xbpf_d *d, struct bpf_d *bd)
2855 bzero(d, sizeof(*d));
2856 BPFD_LOCK_ASSERT(bd);
2857 d->bd_structsize = sizeof(*d);
2858 /* XXX: reading should be protected by global lock */
2859 d->bd_immediate = bd->bd_immediate;
2860 d->bd_promisc = bd->bd_promisc;
2861 d->bd_hdrcmplt = bd->bd_hdrcmplt;
2862 d->bd_direction = bd->bd_direction;
2863 d->bd_feedback = bd->bd_feedback;
2864 d->bd_async = bd->bd_async;
2865 d->bd_rcount = bd->bd_rcount;
2866 d->bd_dcount = bd->bd_dcount;
2867 d->bd_fcount = bd->bd_fcount;
2868 d->bd_sig = bd->bd_sig;
2869 d->bd_slen = bd->bd_slen;
2870 d->bd_hlen = bd->bd_hlen;
2871 d->bd_bufsize = bd->bd_bufsize;
2872 d->bd_pid = bd->bd_pid;
2873 strlcpy(d->bd_ifname,
2874 bd->bd_bif->bif_ifp->if_xname, IFNAMSIZ);
2875 d->bd_locked = bd->bd_locked;
2876 d->bd_wcount = bd->bd_wcount;
2877 d->bd_wdcount = bd->bd_wdcount;
2878 d->bd_wfcount = bd->bd_wfcount;
2879 d->bd_zcopy = bd->bd_zcopy;
2880 d->bd_bufmode = bd->bd_bufmode;
2884 * Handle `netstat -B' stats request
2887 bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
2889 static const struct xbpf_d zerostats;
2890 struct xbpf_d *xbdbuf, *xbd, tempstats;
2896 * XXX This is not technically correct. It is possible for non
2897 * privileged users to open bpf devices. It would make sense
2898 * if the users who opened the devices were able to retrieve
2899 * the statistics for them, too.
2901 error = priv_check(req->td, PRIV_NET_BPF);
2905 * Check to see if the user is requesting that the counters be
2906 * zeroed out. Explicitly check that the supplied data is zeroed,
2907 * as we aren't allowing the user to set the counters currently.
2909 if (req->newptr != NULL) {
2910 if (req->newlen != sizeof(tempstats))
2912 memset(&tempstats, 0, sizeof(tempstats));
2913 error = SYSCTL_IN(req, &tempstats, sizeof(tempstats));
2916 if (bcmp(&tempstats, &zerostats, sizeof(tempstats)) != 0)
2918 bpf_zero_counters();
2921 if (req->oldptr == NULL)
2922 return (SYSCTL_OUT(req, 0, bpf_bpfd_cnt * sizeof(*xbd)));
2923 if (bpf_bpfd_cnt == 0)
2924 return (SYSCTL_OUT(req, 0, 0));
2925 xbdbuf = malloc(req->oldlen, M_BPF, M_WAITOK);
2927 if (req->oldlen < (bpf_bpfd_cnt * sizeof(*xbd))) {
2929 free(xbdbuf, M_BPF);
2933 LIST_FOREACH(bp, &bpf_iflist, bif_next) {
2935 /* Send writers-only first */
2936 LIST_FOREACH(bd, &bp->bif_wlist, bd_next) {
2937 xbd = &xbdbuf[index++];
2939 bpfstats_fill_xbpf(xbd, bd);
2942 LIST_FOREACH(bd, &bp->bif_dlist, bd_next) {
2943 xbd = &xbdbuf[index++];
2945 bpfstats_fill_xbpf(xbd, bd);
2951 error = SYSCTL_OUT(req, xbdbuf, index * sizeof(*xbd));
2952 free(xbdbuf, M_BPF);
2956 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,bpf_drvinit,NULL);
2958 #else /* !DEV_BPF && !NETGRAPH_BPF */
2960 * NOP stubs to allow bpf-using drivers to load and function.
2962 * A 'better' implementation would allow the core bpf functionality
2963 * to be loaded at runtime.
2965 static struct bpf_if bp_null;
2968 bpf_tap(struct bpf_if *bp, u_char *pkt, u_int pktlen)
2973 bpf_mtap(struct bpf_if *bp, struct mbuf *m)
2978 bpf_mtap2(struct bpf_if *bp, void *d, u_int l, struct mbuf *m)
2983 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2986 bpfattach2(ifp, dlt, hdrlen, &ifp->if_bpf);
2990 bpfattach2(struct ifnet *ifp, u_int dlt, u_int hdrlen, struct bpf_if **driverp)
2993 *driverp = &bp_null;
2997 bpfdetach(struct ifnet *ifp)
3002 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
3004 return -1; /* "no filter" behaviour */
3008 bpf_validate(const struct bpf_insn *f, int len)
3010 return 0; /* false */
3013 #endif /* !DEV_BPF && !NETGRAPH_BPF */
3017 bpf_show_bpf_if(struct bpf_if *bpf_if)
3022 db_printf("%p:\n", bpf_if);
3023 #define BPF_DB_PRINTF(f, e) db_printf(" %s = " f "\n", #e, bpf_if->e);
3024 /* bif_ext.bif_next */
3025 /* bif_ext.bif_dlist */
3026 BPF_DB_PRINTF("%#x", bif_dlt);
3027 BPF_DB_PRINTF("%u", bif_hdrlen);
3028 BPF_DB_PRINTF("%p", bif_ifp);
3031 BPF_DB_PRINTF("%#x", bif_flags);
3034 DB_SHOW_COMMAND(bpf_if, db_show_bpf_if)
3038 db_printf("usage: show bpf_if <struct bpf_if *>\n");
3042 bpf_show_bpf_if((struct bpf_if *)addr);
projects / FreeBSD / FreeBSD.git / blob