]> git.saurik.com Git - apple/xnu.git/blame - bsd/net/bpf.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-1699.32.7.tar.gz
[apple/xnu.git] / bsd / net / bpf.c
CommitLineData
1c79356b 1/*
6d2010ae 2 * Copyright (c) 2000-2010 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
66 *
9bccf70c 67 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.5 2001/01/05 04:49:09 jdp Exp $
1c79356b 68 */
2d21ac55
A		 69/*
70 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
71 * support for mandatory and extensible security protections. This notice
72 * is included in support of clause 2.2 (b) of the Apple Public License,
73 * Version 2.0.
74 */
1c79356b 75
9bccf70c 76#include "bpf.h"
1c79356b
A		 77
78#ifndef __GNUC__
79#define inline
80#else
81#define inline __inline
82#endif
83
84#include <sys/param.h>
85#include <sys/systm.h>
86#include <sys/conf.h>
87#include <sys/malloc.h>
88#include <sys/mbuf.h>
89#include <sys/time.h>
90#include <sys/proc.h>
1c79356b
A		 91#include <sys/signalvar.h>
92#include <sys/filio.h>
93#include <sys/sockio.h>
94#include <sys/ttycom.h>
95#include <sys/filedesc.h>
91447636 96#include <sys/uio_internal.h>
b0d623f7
A		 97#include <sys/file_internal.h>
98#include <sys/event.h>
1c79356b 99
9bccf70c
A		 100#if defined(sparc) && BSD < 199103
101#include <sys/stream.h>
102#endif
103#include <sys/poll.h>
104
1c79356b
A		 105#include <sys/socket.h>
106#include <sys/vnode.h>
107
108#include <net/if.h>
109#include <net/bpf.h>
110#include <net/bpfdesc.h>
111
112#include <netinet/in.h>
113#include <netinet/if_ether.h>
114#include <sys/kernel.h>
115#include <sys/sysctl.h>
55e303ae 116#include <net/firewire.h>
1c79356b 117
1c79356b
A		 118#include <miscfs/devfs/devfs.h>
119#include <net/dlil.h>
120
91447636 121#include <kern/locks.h>
6d2010ae 122#include <kern/thread_call.h>
91447636 123
2d21ac55
A		 124#if CONFIG_MACF_NET
125#include <security/mac_framework.h>
126#endif /* MAC_NET */
91447636 127
2d21ac55 128extern int tvtohz(struct timeval *);
9bccf70c 129
1c79356b
A		 130/*
131 * Older BSDs don't have kernel malloc.
132 */
133#if BSD < 199103
134extern bcopy();
135static caddr_t bpf_alloc();
9bccf70c 136#include <net/bpf_compat.h>
1c79356b
A		 137#define BPF_BUFSIZE (MCLBYTES-8)
138#define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
139#else
140#define BPF_BUFSIZE 4096
141#define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
142#endif
143
55e303ae 144
1c79356b
A		 145#define PRINET 26 /* interruptible */
146
147/*
148 * The default read buffer size is patchable.
149 */
91447636 150static unsigned int bpf_bufsize = BPF_BUFSIZE;
6d2010ae 151SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
1c79356b 152 &bpf_bufsize, 0, "");
6d2010ae
A		 153__private_extern__ unsigned int bpf_maxbufsize = BPF_MAXBUFSIZE;
154SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
9bccf70c 155 &bpf_maxbufsize, 0, "");
91447636 156static unsigned int bpf_maxdevices = 256;
6d2010ae 157SYSCTL_UINT(_debug, OID_AUTO, bpf_maxdevices, CTLFLAG_RW | CTLFLAG_LOCKED,
91447636 158 &bpf_maxdevices, 0, "");
1c79356b
A		 159
160/*
161 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
55e303ae 162 * bpf_dtab holds pointer to the descriptors, indexed by minor device #
1c79356b
A		 163 */
164static struct bpf_if *bpf_iflist;
9bccf70c
A		 165#ifdef __APPLE__
166/*
167 * BSD now stores the bpf_d in the dev_t which is a struct
168 * on their system. Our dev_t is an int, so we still store
169 * the bpf_d in a separate table indexed by minor device #.
91447636
A		 170 *
171 * The value stored in bpf_dtab[n] represent three states:
172 * 0: device not opened
173 * 1: device opening or closing
174 * other: device <n> opened with pointer to storage
9bccf70c 175 */
55e303ae 176static struct bpf_d **bpf_dtab = NULL;
91447636
A		 177static unsigned int bpf_dtab_size = 0;
178static unsigned int nbpfilter = 0;
179
180static lck_mtx_t *bpf_mlock;
181static lck_grp_t *bpf_mlock_grp;
182static lck_grp_attr_t *bpf_mlock_grp_attr;
183static lck_attr_t *bpf_mlock_attr;
55e303ae
A		 184
185/*
186 * Mark a descriptor free by making it point to itself.
187 * This is probably cheaper than marking with a constant since
188 * the address should be in a register anyway.
189 */
55e303ae 190#endif /* __APPLE__ */
1c79356b 191
91447636 192static int bpf_allocbufs(struct bpf_d *);
2d21ac55 193static errno_t bpf_attachd(struct bpf_d *d, struct bpf_if *bp);
91447636
A		 194static void bpf_detachd(struct bpf_d *d);
195static void bpf_freed(struct bpf_d *);
196static void bpf_mcopy(const void *, void *, size_t);
197static int bpf_movein(struct uio *, int,
198 struct mbuf **, struct sockaddr *, int *);
2d21ac55 199static int bpf_setif(struct bpf_d *, ifnet_t ifp, u_int32_t dlt);
6d2010ae 200static void bpf_timed_out(void *, void *);
91447636
A		 201static void bpf_wakeup(struct bpf_d *);
202static void catchpacket(struct bpf_d *, u_char *, u_int,
203 u_int, void (*)(const void *, void *, size_t));
204static void reset_d(struct bpf_d *);
2d21ac55 205static int bpf_setf(struct bpf_d *, u_int bf_len, user_addr_t bf_insns);
b0d623f7
A		 206static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *,
207 struct proc *);
2d21ac55 208static int bpf_setdlt(struct bpf_d *, u_int);
1c79356b 209
55e303ae
A		 210/*static void *bpf_devfs_token[MAXBPFILTER];*/
211
212static int bpf_devsw_installed;
213
91447636 214void bpf_init(void *unused);
2d21ac55 215static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m);
55e303ae 216
9bccf70c
A		 217/*
218 * Darwin differs from BSD here, the following are static
219 * on BSD and not static on Darwin.
220 */
6d2010ae
A		 221 d_open_t bpfopen;
222 d_close_t bpfclose;
223 d_read_t bpfread;
224 d_write_t bpfwrite;
225 ioctl_fcn_t bpfioctl;
226 select_fcn_t bpfselect;
1c79356b 227
1c79356b 228
9bccf70c
A		 229/* Darwin's cdevsw struct differs slightly from BSDs */
230#define CDEV_MAJOR 23
1c79356b 231static struct cdevsw bpf_cdevsw = {
6d2010ae
A		 232 /* open */ bpfopen,
233 /* close */ bpfclose,
234 /* read */ bpfread,
235 /* write */ bpfwrite,
236 /* ioctl */ bpfioctl,
91447636
A		 237 /* stop */ eno_stop,
238 /* reset */ eno_reset,
239 /* tty */ NULL,
6d2010ae 240 /* select */ bpfselect,
91447636 241 /* mmap */ eno_mmap,
9bccf70c 242 /* strategy*/ eno_strat,
91447636
A		 243 /* getc */ eno_getc,
244 /* putc */ eno_putc,
245 /* type */ 0
1c79356b
A		 246};
247
55e303ae 248#define SOCKADDR_HDR_LEN offsetof(struct sockaddr, sa_data)
9bccf70c 249
1c79356b 250static int
91447636 251bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, struct sockaddr *sockp, int *datlen)
1c79356b
A		 252{
253 struct mbuf *m;
254 int error;
255 int len;
2d21ac55 256 uint8_t sa_family;
1c79356b
A		 257 int hlen;
258
2d21ac55 259 switch (linktype) {
91447636 260
2d21ac55
A		 261#if SLIP
262 case DLT_SLIP:
263 sa_family = AF_INET;
264 hlen = 0;
265 break;
266#endif /* SLIP */
91447636 267
2d21ac55
A		 268 case DLT_EN10MB:
269 sa_family = AF_UNSPEC;
270 /* XXX Would MAXLINKHDR be better? */
271 hlen = sizeof(struct ether_header);
272 break;
91447636 273
2d21ac55
A		 274#if FDDI
275 case DLT_FDDI:
91447636 276 #if defined(__FreeBSD__) || defined(__bsdi__)
2d21ac55
A		 277 sa_family = AF_IMPLINK;
278 hlen = 0;
91447636 279 #else
2d21ac55
A		 280 sa_family = AF_UNSPEC;
281 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
282 hlen = 24;
91447636 283 #endif
2d21ac55
A		 284 break;
285#endif /* FDDI */
91447636 286
2d21ac55
A		 287 case DLT_RAW:
288 case DLT_NULL:
289 sa_family = AF_UNSPEC;
290 hlen = 0;
291 break;
91447636
A		 292
293 #ifdef __FreeBSD__
2d21ac55
A		 294 case DLT_ATM_RFC1483:
295 /*
296 * en atm driver requires 4-byte atm pseudo header.
297 * though it isn't standard, vpi:vci needs to be
298 * specified anyway.
299 */
300 sa_family = AF_UNSPEC;
301 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
302 break;
91447636 303 #endif
2d21ac55
A		 304
305 case DLT_PPP:
306 sa_family = AF_UNSPEC;
307 hlen = 4; /* This should match PPP_HDRLEN */
308 break;
91447636 309
2d21ac55
A		 310 case DLT_APPLE_IP_OVER_IEEE1394:
311 sa_family = AF_UNSPEC;
312 hlen = sizeof(struct firewire_header);
313 break;
b0d623f7
A		 314
315 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
316 sa_family = AF_IEEE80211;
317 hlen = 0;
318 break;
6d2010ae
A		 319
320 case DLT_IEEE802_11_RADIO:
321 sa_family = AF_IEEE80211;
322 hlen = 0;
323 break;
b0d623f7 324
2d21ac55
A		 325 default:
326 return (EIO);
55e303ae 327 }
2d21ac55 328
91447636
A		 329 // LP64todo - fix this!
330 len = uio_resid(uio);
1c79356b
A		 331 *datlen = len - hlen;
332 if ((unsigned)len > MCLBYTES)
333 return (EIO);
334
2d21ac55
A		 335 if (sockp) {
336 /*
337 * Build a sockaddr based on the data link layer type.
338 * We do this at this level because the ethernet header
339 * is copied directly into the data field of the sockaddr.
340 * In the case of SLIP, there is no header and the packet
341 * is forwarded as is.
342 * Also, we are careful to leave room at the front of the mbuf
343 * for the link level header.
344 */
345 if ((hlen + SOCKADDR_HDR_LEN) > sockp->sa_len) {
346 return (EIO);
347 }
348 sockp->sa_family = sa_family;
349 } else {
350 /*
351 * We're directly sending the packet data supplied by
352 * the user; we don't need to make room for the link
353 * header, and don't need the header length value any
354 * more, so set it to 0.
355 */
356 hlen = 0;
357 }
358
1c79356b
A		 359 MGETHDR(m, M_WAIT, MT_DATA);
360 if (m == 0)
361 return (ENOBUFS);
91447636 362 if ((unsigned)len > MHLEN) {
1c79356b
A		 363#if BSD >= 199103
364 MCLGET(m, M_WAIT);
365 if ((m->m_flags & M_EXT) == 0) {
366#else
367 MCLGET(m);
368 if (m->m_len != MCLBYTES) {
369#endif
370 error = ENOBUFS;
371 goto bad;
372 }
373 }
374 m->m_pkthdr.len = m->m_len = len;
375 m->m_pkthdr.rcvif = NULL;
376 *mp = m;
6d2010ae 377
1c79356b
A		 378 /*
379 * Make room for link header.
380 */
381 if (hlen != 0) {
382 m->m_pkthdr.len -= hlen;
383 m->m_len -= hlen;
384#if BSD >= 199103
385 m->m_data += hlen; /* XXX */
386#else
387 m->m_off += hlen;
388#endif
389 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
390 if (error)
391 goto bad;
392 }
393 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
6d2010ae
A		 394 if (error)
395 goto bad;
396
397 /* Check for multicast destination */
398 switch (linktype) {
399 case DLT_EN10MB: {
400 struct ether_header *eh = mtod(m, struct ether_header *);
401
402 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
403 if (_ether_cmp(etherbroadcastaddr, eh->ether_dhost) == 0)
404 m->m_flags |= M_BCAST;
405 else
406 m->m_flags |= M_MCAST;
407 }
408 break;
409 }
410 }
411
412 return 0;
1c79356b
A		 413 bad:
414 m_freem(m);
415 return (error);
416}
417
9bccf70c 418#ifdef __APPLE__
55e303ae
A		 419
420/*
91447636
A		 421 * The dynamic addition of a new device node must block all processes that are opening
422 * the last device so that no process will get an unexpected ENOENT
55e303ae 423 */
91447636
A		 424static void
425bpf_make_dev_t(int maj)
55e303ae 426{
91447636
A		 427 static int bpf_growing = 0;
428 unsigned int cur_size = nbpfilter, i;
55e303ae 429
91447636
A		 430 if (nbpfilter >= bpf_maxdevices)
431 return;
55e303ae 432
91447636
A		 433 while (bpf_growing) {
434 /* Wait until new device has been created */
435 (void)tsleep((caddr_t)&bpf_growing, PZERO, "bpf_growing", 0);
436 }
437 if (nbpfilter > cur_size) {
438 /* other thread grew it already */
439 return;
440 }
441 bpf_growing = 1;
55e303ae 442
91447636
A		 443 /* need to grow bpf_dtab first */
444 if (nbpfilter == bpf_dtab_size) {
445 int new_dtab_size;
446 struct bpf_d **new_dtab = NULL;
447 struct bpf_d **old_dtab = NULL;
448
449 new_dtab_size = bpf_dtab_size + NBPFILTER;
450 new_dtab = (struct bpf_d **)_MALLOC(sizeof(struct bpf_d *) * new_dtab_size, M_DEVBUF, M_WAIT);
451 if (new_dtab == 0) {
452 printf("bpf_make_dev_t: malloc bpf_dtab failed\n");
453 goto done;
454 }
455 if (bpf_dtab) {
456 bcopy(bpf_dtab, new_dtab,
457 sizeof(struct bpf_d *) * bpf_dtab_size);
458 }
459 bzero(new_dtab + bpf_dtab_size,
460 sizeof(struct bpf_d *) * NBPFILTER);
461 old_dtab = bpf_dtab;
462 bpf_dtab = new_dtab;
463 bpf_dtab_size = new_dtab_size;
464 if (old_dtab != NULL)
465 _FREE(old_dtab, M_DEVBUF);
55e303ae 466 }
91447636
A		 467 i = nbpfilter++;
468 (void) devfs_make_node(makedev(maj, i),
469 DEVFS_CHAR, UID_ROOT, GID_WHEEL, 0600,
470 "bpf%d", i);
471done:
472 bpf_growing = 0;
473 wakeup((caddr_t)&bpf_growing);
55e303ae
A		 474}
475
9bccf70c 476#endif
1c79356b
A		 477
478/*
479 * Attach file to the bpf interface, i.e. make d listen on bp.
1c79356b 480 */
2d21ac55 481static errno_t
91447636 482bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
1c79356b 483{
2d21ac55
A		 484 int first = bp->bif_dlist == NULL;
485 int error = 0;
486
1c79356b
A		 487 /*
488 * Point d at bp, and add d to the interface's list of listeners.
489 * Finally, point the driver's bpf cookie at the interface so
490 * it will divert packets to bpf.
491 */
492 d->bd_bif = bp;
493 d->bd_next = bp->bif_dlist;
494 bp->bif_dlist = d;
2d21ac55
A		 495
496 if (first) {
497 /* Find the default bpf entry for this ifp */
498 if (bp->bif_ifp->if_bpf == NULL) {
499 struct bpf_if *primary;
500
501 for (primary = bpf_iflist; primary && primary->bif_ifp != bp->bif_ifp;
502 primary = primary->bif_next)
503 ;
504
505 bp->bif_ifp->if_bpf = primary;
506 }
507
508 /* Only call dlil_set_bpf_tap for primary dlt */
509 if (bp->bif_ifp->if_bpf == bp)
7e4a7d39 510 dlil_set_bpf_tap(bp->bif_ifp, BPF_TAP_INPUT_OUTPUT, bpf_tap_callback);
2d21ac55
A		 511
512 if (bp->bif_tap)
7e4a7d39 513 error = bp->bif_tap(bp->bif_ifp, bp->bif_dlt, BPF_TAP_INPUT_OUTPUT);
2d21ac55 514 }
1c79356b 515
2d21ac55 516 return error;
1c79356b
A		 517}
518
519/*
520 * Detach a file from its interface.
521 */
522static void
91447636 523bpf_detachd(struct bpf_d *d)
1c79356b
A		 524{
525 struct bpf_d **p;
526 struct bpf_if *bp;
527 struct ifnet *ifp;
528
529 ifp = d->bd_bif->bif_ifp;
1c79356b 530 bp = d->bd_bif;
2d21ac55
A		 531
532 /* Remove d from the interface's descriptor list. */
533 p = &bp->bif_dlist;
534 while (*p != d) {
535 p = &(*p)->bd_next;
536 if (*p == 0)
537 panic("bpf_detachd: descriptor not in list");
538 }
539 *p = (*p)->bd_next;
540 if (bp->bif_dlist == 0) {
541 /*
542 * Let the driver know that there are no more listeners.
543 */
544 /* Only call dlil_set_bpf_tap for primary dlt */
545 if (bp->bif_ifp->if_bpf == bp)
546 dlil_set_bpf_tap(ifp, BPF_TAP_DISABLE, NULL);
547 if (bp->bif_tap)
548 bp->bif_tap(ifp, bp->bif_dlt, BPF_TAP_DISABLE);
549
550 for (bp = bpf_iflist; bp; bp = bp->bif_next)
551 if (bp->bif_ifp == ifp && bp->bif_dlist != 0)
552 break;
553 if (bp == NULL)
554 ifp->if_bpf = NULL;
555 }
556 d->bd_bif = NULL;
1c79356b
A		 557 /*
558 * Check if this descriptor had requested promiscuous mode.
559 * If so, turn it off.
560 */
561 if (d->bd_promisc) {
562 d->bd_promisc = 0;
2d21ac55
A		 563 lck_mtx_unlock(bpf_mlock);
564 if (ifnet_set_promiscuous(ifp, 0)) {
1c79356b
A		 565 /*
566 * Something is really wrong if we were able to put
567 * the driver into promiscuous mode, but can't
568 * take it out.
9bccf70c 569 * Most likely the network interface is gone.
1c79356b 570 */
91447636 571 printf("bpf: ifnet_set_promiscuous failed");
2d21ac55
A		 572 }
573 lck_mtx_lock(bpf_mlock);
1c79356b 574 }
1c79356b
A		 575}
576
577
6d2010ae
A		 578/*
579 * Start asynchronous timer, if necessary.
580 * Must be called with bpf_mlock held.
581 */
582static void
583bpf_start_timer(struct bpf_d *d)
584{
585 uint64_t deadline;
586 struct timeval tv;
587
588 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
589 tv.tv_sec = d->bd_rtout / hz;
590 tv.tv_usec = (d->bd_rtout % hz) * tick;
591
592 clock_interval_to_deadline((uint64_t)tv.tv_sec * USEC_PER_SEC + tv.tv_usec,
593 NSEC_PER_USEC,
594 &deadline);
595 /*
596 * The state is BPF_IDLE, so the timer hasn't
597 * been started yet, and hasn't gone off yet;
598 * there is no thread call scheduled, so this
599 * won't change the schedule.
600 *
601 * XXX - what if, by the time it gets entered,
602 * the deadline has already passed?
603 */
604 thread_call_enter_delayed(d->bd_thread_call, deadline);
605 d->bd_state = BPF_WAITING;
606 }
607}
608
609/*
610 * Cancel asynchronous timer.
611 * Must be called with bpf_mlock held.
612 */
613static boolean_t
614bpf_stop_timer(struct bpf_d *d)
615{
616 /*
617 * If the timer has already gone off, this does nothing.
618 * Our caller is expected to set d->bd_state to BPF_IDLE,
619 * with the bpf_mlock, after we are called. bpf_timed_out()
620 * also grabs bpf_mlock, so, if the timer has gone off and
621 * bpf_timed_out() hasn't finished, it's waiting for the
622 * lock; when this thread releases the lock, it will
623 * find the state is BPF_IDLE, and just release the
624 * lock and return.
625 */
626 return (thread_call_cancel(d->bd_thread_call));
627}
628
629
630
1c79356b
A		 631/*
632 * Open ethernet device. Returns ENXIO for illegal minor device number,
633 * EBUSY if file is open by another process.
634 */
635/* ARGSUSED */
2d21ac55 636int
b0d623f7 637bpfopen(dev_t dev, int flags, __unused int fmt,
2d21ac55 638 __unused struct proc *p)
1c79356b 639{
2d21ac55 640 struct bpf_d *d;
1c79356b 641
2d21ac55
A		 642 lck_mtx_lock(bpf_mlock);
643 if ((unsigned int) minor(dev) >= nbpfilter) {
644 lck_mtx_unlock(bpf_mlock);
1c79356b 645 return (ENXIO);
2d21ac55 646 }
91447636
A		 647 /*
648 * New device nodes are created on demand when opening the last one.
649 * The programming model is for processes to loop on the minor starting at 0
650 * as long as EBUSY is returned. The loop stops when either the open succeeds or
651 * an error other that EBUSY is returned. That means that bpf_make_dev_t() must
652 * block all processes that are opening the last node. If not all
653 * processes are blocked, they could unexpectedly get ENOENT and abort their
654 * opening loop.
655 */
656 if ((unsigned int) minor(dev) == (nbpfilter - 1))
657 bpf_make_dev_t(major(dev));
9bccf70c 658
1c79356b 659 /*
9bccf70c 660 * Each minor can be opened by only one process. If the requested
1c79356b 661 * minor is in use, return EBUSY.
91447636
A		 662 *
663 * Important: bpfopen() and bpfclose() have to check and set the status of a device
664 * in the same lockin context otherwise the device may be leaked because the vnode use count
665 * will be unpextectly greater than 1 when close() is called.
1c79356b 666 */
2d21ac55 667 if (bpf_dtab[minor(dev)] == 0) {
91447636 668 bpf_dtab[minor(dev)] = (void *)1; /* Mark opening */
2d21ac55
A		 669 } else {
670 lck_mtx_unlock(bpf_mlock);
91447636 671 return (EBUSY);
2d21ac55 672 }
91447636
A		 673 d = (struct bpf_d *)_MALLOC(sizeof(struct bpf_d), M_DEVBUF, M_WAIT);
674 if (d == NULL) {
675 /* this really is a catastrophic failure */
676 printf("bpfopen: malloc bpf_d failed\n");
2d21ac55
A		 677 bpf_dtab[minor(dev)] = NULL;
678 lck_mtx_unlock(bpf_mlock);
91447636 679 return ENOMEM;
1c79356b 680 }
91447636 681 bzero(d, sizeof(struct bpf_d));
9bccf70c 682
91447636
A		 683 /*
684 * It is not necessary to take the BPF lock here because no other
685 * thread can access the device until it is marked opened...
686 */
687
688 /* Mark "in use" and do most initialization. */
1c79356b
A		 689 d->bd_bufsize = bpf_bufsize;
690 d->bd_sig = SIGIO;
9bccf70c 691 d->bd_seesent = 1;
b0d623f7 692 d->bd_oflags = flags;
6d2010ae
A		 693 d->bd_state = BPF_IDLE;
694 d->bd_thread_call = thread_call_allocate(bpf_timed_out, d);
695
696 if (d->bd_thread_call == NULL) {
697 printf("bpfopen: malloc thread call failed\n");
698 bpf_dtab[minor(dev)] = NULL;
699 lck_mtx_unlock(bpf_mlock);
700 _FREE(d, M_DEVBUF);
701 return ENOMEM;
702 }
2d21ac55
A		 703#if CONFIG_MACF_NET
704 mac_bpfdesc_label_init(d);
705 mac_bpfdesc_label_associate(kauth_cred_get(), d);
706#endif
91447636 707 bpf_dtab[minor(dev)] = d; /* Mark opened */
2d21ac55 708 lck_mtx_unlock(bpf_mlock);
55e303ae 709
1c79356b
A		 710 return (0);
711}
712
713/*
714 * Close the descriptor by detaching it from its interface,
715 * deallocating its buffers, and marking it free.
716 */
717/* ARGSUSED */
2d21ac55
A		 718int
719bpfclose(dev_t dev, __unused int flags, __unused int fmt,
720 __unused struct proc *p)
1c79356b 721{
2d21ac55
A		 722 struct bpf_d *d;
723
724 /* Take BPF lock to ensure no other thread is using the device */
725 lck_mtx_lock(bpf_mlock);
1c79356b 726
55e303ae 727 d = bpf_dtab[minor(dev)];
2d21ac55
A		 728 if (d == 0 || d == (void *)1) {
729 lck_mtx_unlock(bpf_mlock);
91447636 730 return (ENXIO);
2d21ac55 731 }
91447636 732 bpf_dtab[minor(dev)] = (void *)1; /* Mark closing */
55e303ae 733
6d2010ae
A		 734 /*
735 * Deal with any in-progress timeouts.
736 */
737 switch (d->bd_state) {
738 case BPF_IDLE:
739 /*
740 * Not waiting for a timeout, and no timeout happened.
741 */
742 break;
743
744 case BPF_WAITING:
745 /*
746 * Waiting for a timeout.
747 * Cancel any timer that has yet to go off,
748 * and mark the state as "closing".
749 * Then drop the lock to allow any timers that
750 * *have* gone off to run to completion, and wait
751 * for them to finish.
752 */
753 if (!bpf_stop_timer(d)) {
754 /*
755 * There was no pending call, so the call must
756 * have been in progress. Wait for the call to
757 * complete; we have to drop the lock while
758 * waiting. to let the in-progrss call complete
759 */
760 d->bd_state = BPF_DRAINING;
761 while (d->bd_state == BPF_DRAINING)
762 msleep((caddr_t)d, bpf_mlock, PRINET,
763 "bpfdraining", NULL);
764 }
765 d->bd_state = BPF_IDLE;
766 break;
767
768 case BPF_TIMED_OUT:
769 /*
770 * Timer went off, and the timeout routine finished.
771 */
772 d->bd_state = BPF_IDLE;
773 break;
774
775 case BPF_DRAINING:
776 /*
777 * Another thread is blocked on a close waiting for
778 * a timeout to finish.
779 * This "shouldn't happen", as the first thread to enter
780 * bpfclose() will set bpf_dtab[minor(dev)] to 1, and
781 * all subsequent threads should see that and fail with
782 * ENXIO.
783 */
784 panic("Two threads blocked in a BPF close");
785 break;
786 }
787
1c79356b
A		 788 if (d->bd_bif)
789 bpf_detachd(d);
0b4e3aa0 790 selthreadclear(&d->bd_sel);
2d21ac55
A		 791#if CONFIG_MACF_NET
792 mac_bpfdesc_label_destroy(d);
793#endif
6d2010ae 794 thread_call_free(d->bd_thread_call);
1c79356b 795 bpf_freed(d);
91447636 796
2d21ac55
A		 797 /* Mark free in same context as bpfopen comes to check */
798 bpf_dtab[minor(dev)] = NULL; /* Mark closed */
91447636
A		 799 lck_mtx_unlock(bpf_mlock);
800
91447636
A		 801 _FREE(d, M_DEVBUF);
802
1c79356b
A		 803 return (0);
804}
805
1c79356b 806
91447636 807#define BPF_SLEEP bpf_sleep
1c79356b 808
91447636
A		 809static int
810bpf_sleep(struct bpf_d *d, int pri, const char *wmesg, int timo)
1c79356b 811{
6d2010ae 812 u_int64_t abstime = 0;
1c79356b 813
6d2010ae
A		 814 if(timo)
815 clock_interval_to_deadline(timo, NSEC_PER_SEC / hz, &abstime);
91447636 816
6d2010ae 817 return msleep1((caddr_t)d, bpf_mlock, pri, wmesg, abstime);
1c79356b 818}
1c79356b
A		 819
820/*
821 * Rotate the packet buffers in descriptor d. Move the store buffer
822 * into the hold slot, and the free buffer into the store slot.
823 * Zero the length of the new store buffer.
824 */
825#define ROTATE_BUFFERS(d) \
826 (d)->bd_hbuf = (d)->bd_sbuf; \
827 (d)->bd_hlen = (d)->bd_slen; \
828 (d)->bd_sbuf = (d)->bd_fbuf; \
829 (d)->bd_slen = 0; \
2d21ac55 830 (d)->bd_fbuf = NULL;
1c79356b
A		 831/*
832 * bpfread - read next chunk of packets from buffers
833 */
2d21ac55 834int
91447636 835bpfread(dev_t dev, struct uio *uio, int ioflag)
1c79356b 836{
2d21ac55 837 struct bpf_d *d;
6d2010ae 838 int timed_out;
1c79356b 839 int error;
2d21ac55
A		 840
841 lck_mtx_lock(bpf_mlock);
1c79356b 842
55e303ae 843 d = bpf_dtab[minor(dev)];
2d21ac55
A		 844 if (d == 0 || d == (void *)1) {
845 lck_mtx_unlock(bpf_mlock);
91447636 846 return (ENXIO);
2d21ac55 847 }
55e303ae 848
1c79356b
A		 849 /*
850 * Restrict application to use a buffer the same size as
851 * as kernel buffers.
852 */
b0d623f7 853 if (uio_resid(uio) != d->bd_bufsize) {
91447636 854 lck_mtx_unlock(bpf_mlock);
1c79356b
A		 855 return (EINVAL);
856 }
6d2010ae
A		 857
858 if (d->bd_state == BPF_WAITING)
859 bpf_stop_timer(d);
860
861 timed_out = (d->bd_state == BPF_TIMED_OUT);
862 d->bd_state = BPF_IDLE;
1c79356b 863
1c79356b
A		 864 /*
865 * If the hold buffer is empty, then do a timed sleep, which
866 * ends when the timeout expires or when enough packets
867 * have arrived to fill the store buffer.
868 */
869 while (d->bd_hbuf == 0) {
6d2010ae
A		 870 if ((d->bd_immediate || timed_out || (ioflag & IO_NDELAY))
871 && d->bd_slen != 0) {
1c79356b 872 /*
6d2010ae
A		 873 * We're in immediate mode, or are reading
874 * in non-blocking mode, or a timer was
875 * started before the read (e.g., by select()
876 * or poll()) and has expired and a packet(s)
877 * either arrived since the previous
1c79356b
A		 878 * read or arrived while we were asleep.
879 * Rotate the buffers and return what's here.
880 */
881 ROTATE_BUFFERS(d);
882 break;
883 }
9bccf70c
A		 884
885 /*
886 * No data is available, check to see if the bpf device
887 * is still pointed at a real interface. If not, return
888 * ENXIO so that the userland process knows to rebind
889 * it before using it again.
890 */
891 if (d->bd_bif == NULL) {
91447636 892 lck_mtx_unlock(bpf_mlock);
9bccf70c
A		 893 return (ENXIO);
894 }
b0d623f7
A		 895 if (ioflag & IO_NDELAY) {
896 lck_mtx_unlock(bpf_mlock);
897 return (EWOULDBLOCK);
898 }
899 error = BPF_SLEEP(d, PRINET|PCATCH, "bpf",
900 d->bd_rtout);
2d21ac55
A		 901 /*
902 * Make sure device is still opened
903 */
904 d = bpf_dtab[minor(dev)];
905 if (d == 0 || d == (void *)1) {
906 lck_mtx_unlock(bpf_mlock);
907 return (ENXIO);
908 }
1c79356b 909 if (error == EINTR || error == ERESTART) {
91447636 910 lck_mtx_unlock(bpf_mlock);
1c79356b
A		 911 return (error);
912 }
913 if (error == EWOULDBLOCK) {
914 /*
915 * On a timeout, return what's in the buffer,
916 * which may be nothing. If there is something
917 * in the store buffer, we can rotate the buffers.
918 */
919 if (d->bd_hbuf)
920 /*
921 * We filled up the buffer in between
922 * getting the timeout and arriving
923 * here, so we don't need to rotate.
924 */
925 break;
926
927 if (d->bd_slen == 0) {
91447636 928 lck_mtx_unlock(bpf_mlock);
1c79356b
A		 929 return (0);
930 }
931 ROTATE_BUFFERS(d);
932 break;
933 }
934 }
935 /*
936 * At this point, we know we have something in the hold slot.
937 */
1c79356b
A		 938
939 /*
940 * Move data from hold buffer into user space.
941 * We know the entire buffer is transferred since
942 * we checked above that the read buffer is bpf_bufsize bytes.
943 */
944 error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
945
1c79356b 946 d->bd_fbuf = d->bd_hbuf;
2d21ac55 947 d->bd_hbuf = NULL;
1c79356b 948 d->bd_hlen = 0;
91447636 949 lck_mtx_unlock(bpf_mlock);
1c79356b
A		 950 return (error);
951}
952
953
954/*
955 * If there are processes sleeping on this descriptor, wake them up.
956 */
91447636
A		 957static void
958bpf_wakeup(struct bpf_d *d)
1c79356b 959{
6d2010ae
A		 960 if (d->bd_state == BPF_WAITING) {
961 bpf_stop_timer(d);
962 d->bd_state = BPF_IDLE;
963 }
1c79356b
A		 964 wakeup((caddr_t)d);
965 if (d->bd_async && d->bd_sig && d->bd_sigio)
2d21ac55 966 pgsigio(d->bd_sigio, d->bd_sig);
1c79356b
A		 967
968#if BSD >= 199103
1c79356b 969 selwakeup(&d->bd_sel);
b0d623f7 970 KNOTE(&d->bd_sel.si_note, 1);
9bccf70c
A		 971#ifndef __APPLE__
972 /* XXX */
973 d->bd_sel.si_pid = 0;
974#endif
1c79356b
A		 975#else
976 if (d->bd_selproc) {
1c79356b 977 selwakeup(d->bd_selproc, (int)d->bd_selcoll);
1c79356b
A		 978 d->bd_selcoll = 0;
979 d->bd_selproc = 0;
980 }
981#endif
982}
983
6d2010ae
A		 984
985static void
986bpf_timed_out(void *arg, __unused void *dummy)
987{
988 struct bpf_d *d = (struct bpf_d *)arg;
989
990 lck_mtx_lock(bpf_mlock);
991 if (d->bd_state == BPF_WAITING) {
992 /*
993 * There's a select or kqueue waiting for this; if there's
994 * now stuff to read, wake it up.
995 */
996 d->bd_state = BPF_TIMED_OUT;
997 if (d->bd_slen != 0)
998 bpf_wakeup(d);
999 } else if (d->bd_state == BPF_DRAINING) {
1000 /*
1001 * A close is waiting for this to finish.
1002 * Mark it as finished, and wake the close up.
1003 */
1004 d->bd_state = BPF_IDLE;
1005 bpf_wakeup(d);
1006 }
1007 lck_mtx_unlock(bpf_mlock);
1008}
1009
1010
1011
1012
1013
55e303ae
A		 1014/* keep in sync with bpf_movein above: */
1015#define MAX_DATALINK_HDR_LEN (sizeof(struct firewire_header))
1016
2d21ac55 1017int
91447636 1018bpfwrite(dev_t dev, struct uio *uio, __unused int ioflag)
1c79356b 1019{
2d21ac55 1020 struct bpf_d *d;
1c79356b 1021 struct ifnet *ifp;
2d21ac55 1022 struct mbuf *m = NULL;
91447636 1023 int error;
55e303ae 1024 char dst_buf[SOCKADDR_HDR_LEN + MAX_DATALINK_HDR_LEN];
b0d623f7 1025 int datlen = 0;
6d2010ae
A		 1026 int bif_dlt;
1027 int bd_hdrcmplt;
1c79356b 1028
2d21ac55
A		 1029 lck_mtx_lock(bpf_mlock);
1030
55e303ae 1031 d = bpf_dtab[minor(dev)];
2d21ac55
A		 1032 if (d == 0 || d == (void *)1) {
1033 lck_mtx_unlock(bpf_mlock);
91447636 1034 return (ENXIO);
2d21ac55 1035 }
1c79356b 1036 if (d->bd_bif == 0) {
91447636 1037 lck_mtx_unlock(bpf_mlock);
2d21ac55 1038 return (ENXIO);
1c79356b
A		 1039 }
1040
1041 ifp = d->bd_bif->bif_ifp;
1042
6d2010ae
A		 1043 if ((ifp->if_flags & IFF_UP) == 0) {
1044 lck_mtx_unlock(bpf_mlock);
1045 return (ENETDOWN);
1046 }
b0d623f7 1047 if (uio_resid(uio) == 0) {
91447636 1048 lck_mtx_unlock(bpf_mlock);
2d21ac55 1049 return (0);
1c79356b 1050 }
55e303ae 1051 ((struct sockaddr *)dst_buf)->sa_len = sizeof(dst_buf);
6d2010ae
A		 1052
1053 /*
1054 * fix for PR-6849527
1055 * geting variables onto stack before dropping lock for bpf_movein()
1056 */
1057 bif_dlt = (int)d->bd_bif->bif_dlt;
1058 bd_hdrcmplt = d->bd_hdrcmplt;
1059
1060 /* bpf_movein allocating mbufs; drop lock */
1061 lck_mtx_unlock(bpf_mlock);
1062
1063 error = bpf_movein(uio, bif_dlt, &m,
1064 bd_hdrcmplt ? NULL : (struct sockaddr *)dst_buf,
1065 &datlen);
1066
1067 if (error) {
2d21ac55 1068 return (error);
1c79356b
A		 1069 }
1070
6d2010ae
A		 1071 /* taking the lock again and verifying whether device is open */
1072 lck_mtx_lock(bpf_mlock);
1073 d = bpf_dtab[minor(dev)];
1074 if (d == 0 || d == (void *)1) {
91447636 1075 lck_mtx_unlock(bpf_mlock);
2d21ac55 1076 m_freem(m);
6d2010ae 1077 return (ENXIO);
2d21ac55 1078 }
6d2010ae
A		 1079
1080 if (d->bd_bif == NULL) {
1081 lck_mtx_unlock(bpf_mlock);
1082 m_free(m);
1083 return (ENXIO);
1084 }
1085
1086 if ((unsigned)datlen > ifp->if_mtu) {
2d21ac55
A		 1087 lck_mtx_unlock(bpf_mlock);
1088 m_freem(m);
6d2010ae 1089 return (EMSGSIZE);
1c79356b
A		 1090 }
1091
6d2010ae 1092
2d21ac55
A		 1093#if CONFIG_MACF_NET
1094 mac_mbuf_label_associate_bpfdesc(d, m);
1095#endif
91447636
A		 1096 lck_mtx_unlock(bpf_mlock);
1097
55e303ae 1098 if (d->bd_hdrcmplt) {
2d21ac55
A		 1099 if (d->bd_bif->bif_send)
1100 error = d->bd_bif->bif_send(ifp, d->bd_bif->bif_dlt, m);
1101 else
1102 error = dlil_output(ifp, 0, m, NULL, NULL, 1);
55e303ae 1103 }
91447636
A		 1104 else {
1105 error = dlil_output(ifp, PF_INET, m, NULL, (struct sockaddr *)dst_buf, 0);
1106 }
6d2010ae 1107
1c79356b
A		 1108 /*
1109 * The driver frees the mbuf.
1110 */
1111 return (error);
1112}
1113
1114/*
1115 * Reset a descriptor by flushing its packet buffer and clearing the
2d21ac55 1116 * receive and drop counts.
1c79356b
A		 1117 */
1118static void
91447636 1119reset_d(struct bpf_d *d)
1c79356b
A		 1120{
1121 if (d->bd_hbuf) {
1122 /* Free the hold buffer. */
1123 d->bd_fbuf = d->bd_hbuf;
2d21ac55 1124 d->bd_hbuf = NULL;
1c79356b
A		 1125 }
1126 d->bd_slen = 0;
1127 d->bd_hlen = 0;
1128 d->bd_rcount = 0;
1129 d->bd_dcount = 0;
1130}
1131
1132/*
1133 * FIONREAD Check for read packet available.
1134 * SIOCGIFADDR Get interface address - convenient hook to driver.
1135 * BIOCGBLEN Get buffer len [for read()].
1136 * BIOCSETF Set ethernet read filter.
1137 * BIOCFLUSH Flush read packet buffer.
1138 * BIOCPROMISC Put interface into promiscuous mode.
1139 * BIOCGDLT Get link layer type.
1140 * BIOCGETIF Get interface name.
1141 * BIOCSETIF Set interface.
1142 * BIOCSRTIMEOUT Set read timeout.
1143 * BIOCGRTIMEOUT Get read timeout.
1144 * BIOCGSTATS Get packet stats.
1145 * BIOCIMMEDIATE Set immediate mode.
1146 * BIOCVERSION Get filter language version.
9bccf70c
A		 1147 * BIOCGHDRCMPLT Get "header already complete" flag
1148 * BIOCSHDRCMPLT Set "header already complete" flag
1149 * BIOCGSEESENT Get "see packets sent" flag
1150 * BIOCSSEESENT Set "see packets sent" flag
1c79356b
A		 1151 */
1152/* ARGSUSED */
9bccf70c 1153int
2d21ac55 1154bpfioctl(dev_t dev, u_long cmd, caddr_t addr, __unused int flags,
b0d623f7 1155 struct proc *p)
1c79356b 1156{
2d21ac55
A		 1157 struct bpf_d *d;
1158 int error = 0;
1159
1160 lck_mtx_lock(bpf_mlock);
1c79356b 1161
55e303ae 1162 d = bpf_dtab[minor(dev)];
2d21ac55
A		 1163 if (d == 0 || d == (void *)1) {
1164 lck_mtx_unlock(bpf_mlock);
91447636 1165 return (ENXIO);
2d21ac55 1166 }
1c79356b 1167
6d2010ae
A		 1168 if (d->bd_state == BPF_WAITING)
1169 bpf_stop_timer(d);
1170 d->bd_state = BPF_IDLE;
1171
1c79356b
A		 1172 switch (cmd) {
1173
1174 default:
1175 error = EINVAL;
1176 break;
1177
1178 /*
1179 * Check for read packet available.
1180 */
1181 case FIONREAD:
1182 {
1183 int n;
1184
1c79356b
A		 1185 n = d->bd_slen;
1186 if (d->bd_hbuf)
1187 n += d->bd_hlen;
1c79356b
A		 1188
1189 *(int *)addr = n;
1190 break;
1191 }
1192
1193 case SIOCGIFADDR:
1194 {
1195 struct ifnet *ifp;
1196
1197 if (d->bd_bif == 0)
1198 error = EINVAL;
1199 else {
1200 ifp = d->bd_bif->bif_ifp;
2d21ac55 1201 error = ifnet_ioctl(ifp, 0, cmd, addr);
1c79356b
A		 1202 }
1203 break;
1204 }
1205
1206 /*
1207 * Get buffer len [for read()].
1208 */
1209 case BIOCGBLEN:
1210 *(u_int *)addr = d->bd_bufsize;
1211 break;
1212
1213 /*
1214 * Set buffer length.
1215 */
1216 case BIOCSBLEN:
1217#if BSD < 199103
1218 error = EINVAL;
1219#else
1220 if (d->bd_bif != 0)
1221 error = EINVAL;
1222 else {
2d21ac55 1223 u_int size = *(u_int *)addr;
1c79356b 1224
9bccf70c
A		 1225 if (size > bpf_maxbufsize)
1226 *(u_int *)addr = size = bpf_maxbufsize;
1c79356b
A		 1227 else if (size < BPF_MINBUFSIZE)
1228 *(u_int *)addr = size = BPF_MINBUFSIZE;
1229 d->bd_bufsize = size;
1230 }
1231#endif
1232 break;
1233
1234 /*
1235 * Set link layer read filter.
1236 */
b0d623f7
A		 1237 case BIOCSETF32: {
1238 struct bpf_program32 *prg32 = (struct bpf_program32 *)addr;
1239 error = bpf_setf(d, prg32->bf_len,
1240 CAST_USER_ADDR_T(prg32->bf_insns));
1c79356b 1241 break;
2d21ac55 1242 }
b0d623f7
A		 1243
1244 case BIOCSETF64: {
1245 struct bpf_program64 *prg64 = (struct bpf_program64 *)addr;
1246 error = bpf_setf(d, prg64->bf_len, prg64->bf_insns);
1247 break;
1248 }
1249
1c79356b
A		 1250 /*
1251 * Flush read packet buffer.
1252 */
1253 case BIOCFLUSH:
1c79356b 1254 reset_d(d);
1c79356b
A		 1255 break;
1256
1257 /*
1258 * Put interface into promiscuous mode.
1259 */
1260 case BIOCPROMISC:
1261 if (d->bd_bif == 0) {
1262 /*
1263 * No interface attached yet.
1264 */
1265 error = EINVAL;
1266 break;
1267 }
1c79356b 1268 if (d->bd_promisc == 0) {
2d21ac55 1269 lck_mtx_unlock(bpf_mlock);
91447636 1270 error = ifnet_set_promiscuous(d->bd_bif->bif_ifp, 1);
2d21ac55 1271 lck_mtx_lock(bpf_mlock);
1c79356b
A		 1272 if (error == 0)
1273 d->bd_promisc = 1;
1274 }
1c79356b
A		 1275 break;
1276
1277 /*
1278 * Get device parameters.
1279 */
1280 case BIOCGDLT:
1281 if (d->bd_bif == 0)
1282 error = EINVAL;
1283 else
1284 *(u_int *)addr = d->bd_bif->bif_dlt;
1285 break;
1286
2d21ac55
A		 1287 /*
1288 * Get a list of supported data link types.
1289 */
1290 case BIOCGDLTLIST:
b0d623f7
A		 1291 if (d->bd_bif == NULL) {
1292 error = EINVAL;
1293 } else {
1294 error = bpf_getdltlist(d,
1295 (struct bpf_dltlist *)addr, p);
1296 }
1297 break;
2d21ac55
A		 1298
1299 /*
1300 * Set data link type.
1301 */
1302 case BIOCSDLT:
1303 if (d->bd_bif == NULL)
1304 error = EINVAL;
1305 else
1306 error = bpf_setdlt(d, *(u_int *)addr);
1307 break;
1308
1c79356b 1309 /*
9bccf70c 1310 * Get interface name.
1c79356b
A		 1311 */
1312 case BIOCGETIF:
1313 if (d->bd_bif == 0)
1314 error = EINVAL;
9bccf70c
A		 1315 else {
1316 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1317 struct ifreq *const ifr = (struct ifreq *)addr;
1318
1319 snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
1320 "%s%d", ifp->if_name, ifp->if_unit);
1321 }
1c79356b
A		 1322 break;
1323
1324 /*
1325 * Set interface.
1326 */
2d21ac55
A		 1327 case BIOCSETIF: {
1328 ifnet_t ifp;
1329 ifp = ifunit(((struct ifreq *)addr)->ifr_name);
1330 if (ifp == NULL)
1331 error = ENXIO;
1332 else
1333 error = bpf_setif(d, ifp, 0);
1c79356b 1334 break;
2d21ac55 1335 }
1c79356b
A		 1336
1337 /*
1338 * Set read timeout.
1339 */
6d2010ae
A		 1340 case BIOCSRTIMEOUT32:
1341 {
1342 struct user32_timeval *_tv = (struct user32_timeval *)addr;
b0d623f7
A		 1343 struct timeval tv;
1344
1345 tv.tv_sec = _tv->tv_sec;
1346 tv.tv_usec = _tv->tv_usec;
1c79356b 1347
6d2010ae 1348 /*
1c79356b
A		 1349 * Subtract 1 tick from tvtohz() since this isn't
1350 * a one-shot timer.
1351 */
b0d623f7
A		 1352 if ((error = itimerfix(&tv)) == 0)
1353 d->bd_rtout = tvtohz(&tv) - 1;
1c79356b 1354 break;
6d2010ae 1355 }
1c79356b 1356
6d2010ae
A		 1357 case BIOCSRTIMEOUT64:
1358 {
1359 struct user64_timeval *_tv = (struct user64_timeval *)addr;
1360 struct timeval tv;
1361
1362 tv.tv_sec = _tv->tv_sec;
1363 tv.tv_usec = _tv->tv_usec;
1364
1365 /*
1366 * Subtract 1 tick from tvtohz() since this isn't
1367 * a one-shot timer.
1368 */
1369 if ((error = itimerfix(&tv)) == 0)
1370 d->bd_rtout = tvtohz(&tv) - 1;
1371 break;
1372 }
1373
1374 /*
1c79356b
A		 1375 * Get read timeout.
1376 */
6d2010ae 1377 case BIOCGRTIMEOUT32:
1c79356b 1378 {
6d2010ae 1379 struct user32_timeval *tv = (struct user32_timeval *)addr;
1c79356b
A		 1380
1381 tv->tv_sec = d->bd_rtout / hz;
1382 tv->tv_usec = (d->bd_rtout % hz) * tick;
1383 break;
6d2010ae
A		 1384 }
1385
1386 case BIOCGRTIMEOUT64:
1387 {
1388 struct user64_timeval *tv = (struct user64_timeval *)addr;
1389
1390 tv->tv_sec = d->bd_rtout / hz;
1391 tv->tv_usec = (d->bd_rtout % hz) * tick;
1392 break;
1393 }
1c79356b
A		 1394
1395 /*
1396 * Get packet stats.
1397 */
1398 case BIOCGSTATS:
1399 {
1400 struct bpf_stat *bs = (struct bpf_stat *)addr;
1401
1402 bs->bs_recv = d->bd_rcount;
1403 bs->bs_drop = d->bd_dcount;
1404 break;
1405 }
1406
1407 /*
1408 * Set immediate mode.
1409 */
1410 case BIOCIMMEDIATE:
1411 d->bd_immediate = *(u_int *)addr;
1412 break;
1413
1414 case BIOCVERSION:
1415 {
1416 struct bpf_version *bv = (struct bpf_version *)addr;
1417
1418 bv->bv_major = BPF_MAJOR_VERSION;
1419 bv->bv_minor = BPF_MINOR_VERSION;
1420 break;
1421 }
1422
9bccf70c
A		 1423 /*
1424 * Get "header already complete" flag
1425 */
1426 case BIOCGHDRCMPLT:
1427 *(u_int *)addr = d->bd_hdrcmplt;
1428 break;
1429
1430 /*
1431 * Set "header already complete" flag
1432 */
1433 case BIOCSHDRCMPLT:
1434 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1435 break;
1436
1437 /*
1438 * Get "see sent packets" flag
1439 */
1440 case BIOCGSEESENT:
1441 *(u_int *)addr = d->bd_seesent;
1442 break;
1443
1444 /*
1445 * Set "see sent packets" flag
1446 */
1447 case BIOCSSEESENT:
1448 d->bd_seesent = *(u_int *)addr;
1449 break;
1450
1c79356b
A		 1451 case FIONBIO: /* Non-blocking I/O */
1452 break;
1453
1454 case FIOASYNC: /* Send signal on receive packets */
1455 d->bd_async = *(int *)addr;
1456 break;
9bccf70c 1457#ifndef __APPLE__
1c79356b
A		 1458 case FIOSETOWN:
1459 error = fsetown(*(int *)addr, &d->bd_sigio);
1460 break;
1461
1462 case FIOGETOWN:
1463 *(int *)addr = fgetown(d->bd_sigio);
1464 break;
1465
1466 /* This is deprecated, FIOSETOWN should be used instead. */
1467 case TIOCSPGRP:
1468 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1469 break;
1470
1471 /* This is deprecated, FIOGETOWN should be used instead. */
1472 case TIOCGPGRP:
1473 *(int *)addr = -fgetown(d->bd_sigio);
1474 break;
1475#endif
1476 case BIOCSRSIG: /* Set receive signal */
1477 {
1478 u_int sig;
1479
1480 sig = *(u_int *)addr;
1481
1482 if (sig >= NSIG)
1483 error = EINVAL;
1484 else
1485 d->bd_sig = sig;
1486 break;
1487 }
1488 case BIOCGRSIG:
1489 *(u_int *)addr = d->bd_sig;
1490 break;
1491 }
91447636
A		 1492
1493 lck_mtx_unlock(bpf_mlock);
b0d623f7 1494
1c79356b
A		 1495 return (error);
1496}
1497
1498/*
1499 * Set d's packet filter program to fp. If this file already has a filter,
1500 * free it and replace it. Returns EINVAL for bogus requests.
1501 */
1502static int
2d21ac55 1503bpf_setf(struct bpf_d *d, u_int bf_len, user_addr_t bf_insns)
1c79356b
A		 1504{
1505 struct bpf_insn *fcode, *old;
1506 u_int flen, size;
1c79356b
A		 1507
1508 old = d->bd_filter;
2d21ac55
A		 1509 if (bf_insns == USER_ADDR_NULL) {
1510 if (bf_len != 0)
1c79356b 1511 return (EINVAL);
2d21ac55 1512 d->bd_filter = NULL;
1c79356b 1513 reset_d(d);
1c79356b
A		 1514 if (old != 0)
1515 FREE((caddr_t)old, M_DEVBUF);
1516 return (0);
1517 }
2d21ac55 1518 flen = bf_len;
1c79356b
A		 1519 if (flen > BPF_MAXINSNS)
1520 return (EINVAL);
1521
91447636 1522 size = flen * sizeof(struct bpf_insn);
1c79356b 1523 fcode = (struct bpf_insn *) _MALLOC(size, M_DEVBUF, M_WAIT);
9bccf70c 1524#ifdef __APPLE__
0b4e3aa0
A		 1525 if (fcode == NULL)
1526 return (ENOBUFS);
9bccf70c 1527#endif
2d21ac55 1528 if (copyin(bf_insns, (caddr_t)fcode, size) == 0 &&
1c79356b 1529 bpf_validate(fcode, (int)flen)) {
1c79356b
A		 1530 d->bd_filter = fcode;
1531 reset_d(d);
1c79356b
A		 1532 if (old != 0)
1533 FREE((caddr_t)old, M_DEVBUF);
1534
1535 return (0);
1536 }
1537 FREE((caddr_t)fcode, M_DEVBUF);
1538 return (EINVAL);
1539}
1540
1541/*
1542 * Detach a file from its current interface (if attached at all) and attach
1543 * to the interface indicated by the name stored in ifr.
1544 * Return an errno or 0.
1545 */
1546static int
2d21ac55 1547bpf_setif(struct bpf_d *d, ifnet_t theywant, u_int32_t dlt)
1c79356b
A		 1548{
1549 struct bpf_if *bp;
2d21ac55
A		 1550 int error;
1551
1c79356b
A		 1552 /*
1553 * Look through attached interfaces for the named one.
1554 */
1555 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1556 struct ifnet *ifp = bp->bif_ifp;
1557
2d21ac55 1558 if (ifp == 0 || ifp != theywant || (dlt != 0 && dlt != bp->bif_dlt))
1c79356b
A		 1559 continue;
1560 /*
1561 * We found the requested interface.
1c79356b
A		 1562 * Allocate the packet buffers if we need to.
1563 * If we're already attached to requested interface,
1564 * just flush the buffer.
1565 */
1c79356b
A		 1566 if (d->bd_sbuf == 0) {
1567 error = bpf_allocbufs(d);
1568 if (error != 0)
1569 return (error);
1570 }
1c79356b
A		 1571 if (bp != d->bd_bif) {
1572 if (d->bd_bif)
1573 /*
1574 * Detach if attached to something else.
1575 */
1576 bpf_detachd(d);
1577
2d21ac55
A		 1578 if (bpf_attachd(d, bp) != 0) {
1579 return ENXIO;
1580 }
1c79356b
A		 1581 }
1582 reset_d(d);
1c79356b
A		 1583 return (0);
1584 }
1585 /* Not found. */
1586 return (ENXIO);
1587}
1588
2d21ac55
A		 1589
1590
1591/*
1592 * Get a list of available data link type of the interface.
1593 */
1594static int
b0d623f7 1595bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl, struct proc *p)
2d21ac55 1596{
b0d623f7
A		 1597 u_int n;
1598 int error;
2d21ac55
A		 1599 struct ifnet *ifp;
1600 struct bpf_if *bp;
b0d623f7
A		 1601 user_addr_t dlist;
1602
1603 if (proc_is64bit(p)) {
1604 dlist = (user_addr_t)bfl->bfl_u.bflu_pad;
1605 } else {
2d21ac55
A		 1606 dlist = CAST_USER_ADDR_T(bfl->bfl_u.bflu_list);
1607 }
b0d623f7 1608
2d21ac55
A		 1609 ifp = d->bd_bif->bif_ifp;
1610 n = 0;
1611 error = 0;
1612 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1613 if (bp->bif_ifp != ifp)
1614 continue;
b0d623f7 1615 if (dlist != USER_ADDR_NULL) {
2d21ac55
A		 1616 if (n >= bfl->bfl_len) {
1617 return (ENOMEM);
1618 }
b0d623f7
A		 1619 error = copyout(&bp->bif_dlt, dlist,
1620 sizeof (bp->bif_dlt));
1621 dlist += sizeof (bp->bif_dlt);
2d21ac55
A		 1622 }
1623 n++;
1624 }
1625 bfl->bfl_len = n;
1626 return (error);
1627}
1628
1629/*
1630 * Set the data link type of a BPF instance.
1631 */
1632static int
1633bpf_setdlt(struct bpf_d *d, uint32_t dlt)
1634
1635
1636{
1637 int error, opromisc;
1638 struct ifnet *ifp;
1639 struct bpf_if *bp;
1640
1641 if (d->bd_bif->bif_dlt == dlt)
1642 return (0);
1643 ifp = d->bd_bif->bif_ifp;
1644 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1645 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1646 break;
1647 }
1648 if (bp != NULL) {
1649 opromisc = d->bd_promisc;
1650 bpf_detachd(d);
1651 error = bpf_attachd(d, bp);
1652 if (error) {
1653 printf("bpf_setdlt: bpf_attachd %s%d failed (%d)\n",
1654 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1655 return error;
1656 }
1657 reset_d(d);
1658 if (opromisc) {
1659 lck_mtx_unlock(bpf_mlock);
1660 error = ifnet_set_promiscuous(bp->bif_ifp, 1);
1661 lck_mtx_lock(bpf_mlock);
1662 if (error)
1663 printf("bpf_setdlt: ifpromisc %s%d failed (%d)\n",
1664 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1665 else
1666 d->bd_promisc = 1;
1667 }
1668 }
1669 return (bp == NULL ? EINVAL : 0);
1670}
1671
1c79356b 1672/*
b0d623f7 1673 * Support for select()
1c79356b
A		 1674 *
1675 * Return true iff the specific operation will not block indefinitely.
1676 * Otherwise, return false but make a note that a selwakeup() must be done.
1677 */
1678int
6d2010ae 1679bpfselect(dev_t dev, int which, void * wql, struct proc *p)
1c79356b 1680{
2d21ac55 1681 struct bpf_d *d;
6d2010ae 1682 int ret = 0;
1c79356b 1683
2d21ac55
A		 1684 lck_mtx_lock(bpf_mlock);
1685
55e303ae 1686 d = bpf_dtab[minor(dev)];
2d21ac55
A		 1687 if (d == 0 || d == (void *)1) {
1688 lck_mtx_unlock(bpf_mlock);
91447636 1689 return (ENXIO);
2d21ac55 1690 }
55e303ae 1691
9bccf70c 1692 if (d->bd_bif == NULL) {
91447636 1693 lck_mtx_unlock(bpf_mlock);
9bccf70c
A		 1694 return (ENXIO);
1695 }
1696
6d2010ae
A		 1697 switch (which) {
1698 case FREAD:
1699 if (d->bd_hlen != 0 ||
1700 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1701 d->bd_slen != 0))
1702 ret = 1; /* read has data to return */
1703 else {
1704 /*
1705 * Read has no data to return.
1706 * Make the select wait, and start a timer if
1707 * necessary.
1708 */
1709 selrecord(p, &d->bd_sel, wql);
1710 bpf_start_timer(d);
1711 }
1712 break;
1713
1714 case FWRITE:
1715 ret = 1; /* can't determine whether a write would block */
1716 break;
9bccf70c 1717 }
91447636
A		 1718
1719 lck_mtx_unlock(bpf_mlock);
6d2010ae 1720 return (ret);
1c79356b
A		 1721}
1722
6d2010ae 1723
b0d623f7
A		 1724/*
1725 * Support for kevent() system call. Register EVFILT_READ filters and
1726 * reject all others.
1727 */
1728int bpfkqfilter(dev_t dev, struct knote *kn);
1729static void filt_bpfdetach(struct knote *);
1730static int filt_bpfread(struct knote *, long);
1731
1732static struct filterops bpfread_filtops = {
1733 .f_isfd = 1,
1734 .f_detach = filt_bpfdetach,
1735 .f_event = filt_bpfread,
1736};
1737
1738int
1739bpfkqfilter(dev_t dev, struct knote *kn)
1740{
1741 struct bpf_d *d;
1742
1743 /*
1744 * Is this device a bpf?
1745 */
1746 if (major(dev) != CDEV_MAJOR) {
1747 return (EINVAL);
1748 }
1749
1750 if (kn->kn_filter != EVFILT_READ) {
1751 return (EINVAL);
1752 }
1753
1754 lck_mtx_lock(bpf_mlock);
1755
1756 d = bpf_dtab[minor(dev)];
1757 if (d == 0 || d == (void *)1) {
1758 lck_mtx_unlock(bpf_mlock);
1759 return (ENXIO);
1760 }
1761
b0d623f7
A		 1762 if (d->bd_bif == NULL) {
1763 lck_mtx_unlock(bpf_mlock);
1764 return (ENXIO);
1765 }
1766
1767 kn->kn_hook = d;
1768 kn->kn_fop = &bpfread_filtops;
1769 KNOTE_ATTACH(&d->bd_sel.si_note, kn);
1770 lck_mtx_unlock(bpf_mlock);
1771 return 0;
1772}
1773
1774static void
1775filt_bpfdetach(struct knote *kn)
1776{
1777 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1778
1779 lck_mtx_lock(bpf_mlock);
1780 KNOTE_DETACH(&d->bd_sel.si_note, kn);
1781 lck_mtx_unlock(bpf_mlock);
1782}
1783
1784static int
1785filt_bpfread(struct knote *kn, long hint)
1786{
1787 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1788 int ready = 0;
1789
1790 if (hint == 0)
1791 lck_mtx_lock(bpf_mlock);
1792
1793 if (d->bd_immediate) {
6d2010ae
A		 1794 /*
1795 * If there's data in the hold buffer, it's the
1796 * amount of data a read will return.
1797 *
1798 * If there's no data in the hold buffer, but
1799 * there's data in the store buffer, a read will
1800 * immediately rotate the store buffer to the
1801 * hold buffer, the amount of data in the store
1802 * buffer is the amount of data a read will
1803 * return.
1804 *
1805 * If there's no data in either buffer, we're not
1806 * ready to read.
1807 */
b0d623f7 1808 kn->kn_data = (d->bd_hlen == 0 ? d->bd_slen : d->bd_hlen);
6d2010ae
A		 1809 int64_t lowwat = 1;
1810 if (kn->kn_sfflags & NOTE_LOWAT)
1811 {
1812 if (kn->kn_sdata > d->bd_bufsize)
1813 lowwat = d->bd_bufsize;
1814 else if (kn->kn_sdata > lowwat)
1815 lowwat = kn->kn_sdata;
1816 }
1817 ready = (kn->kn_data >= lowwat);
b0d623f7 1818 } else {
6d2010ae
A		 1819 /*
1820 * If there's data in the hold buffer, it's the
1821 * amount of data a read will return.
1822 *
1823 * If there's no data in the hold buffer, but
1824 * there's data in the store buffer, if the
1825 * timer has expired a read will immediately
1826 * rotate the store buffer to the hold buffer,
1827 * so the amount of data in the store buffer is
1828 * the amount of data a read will return.
1829 *
1830 * If there's no data in either buffer, or there's
1831 * no data in the hold buffer and the timer hasn't
1832 * expired, we're not ready to read.
1833 */
1834 kn->kn_data = (d->bd_hlen == 0 && d->bd_state == BPF_TIMED_OUT ?
1835 d->bd_slen : d->bd_hlen);
b0d623f7
A		 1836 ready = (kn->kn_data > 0);
1837 }
6d2010ae
A		 1838 if (!ready)
1839 bpf_start_timer(d);
b0d623f7
A		 1840
1841 if (hint == 0)
1842 lck_mtx_unlock(bpf_mlock);
1843 return (ready);
1844}
1845
2d21ac55
A		 1846static inline void*
1847_cast_non_const(const void * ptr) {
1848 union {
1849 const void* cval;
1850 void* val;
1851 } ret;
91447636 1852
2d21ac55
A		 1853 ret.cval = ptr;
1854 return (ret.val);
1c79356b
A		 1855}
1856
1857/*
1858 * Copy data from an mbuf chain into a buffer. This code is derived
1859 * from m_copydata in sys/uipc_mbuf.c.
1860 */
1861static void
91447636 1862bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
1c79356b 1863{
2d21ac55 1864 struct mbuf *m = _cast_non_const(src_arg);
91447636 1865 u_int count;
1c79356b
A		 1866 u_char *dst;
1867
1c79356b
A		 1868 dst = dst_arg;
1869 while (len > 0) {
1870 if (m == 0)
1871 panic("bpf_mcopy");
1872 count = min(m->m_len, len);
2d21ac55 1873 bcopy(mbuf_data(m), dst, count);
1c79356b
A		 1874 m = m->m_next;
1875 dst += count;
1876 len -= count;
1877 }
1878}
1879
2d21ac55
A		 1880static inline void
1881bpf_tap_imp(
1882 ifnet_t ifp,
1883 u_int32_t dlt,
1884 mbuf_t m,
1885 void* hdr,
1886 size_t hlen,
1887 int outbound)
1c79356b 1888{
91447636 1889 struct bpf_if *bp;
1c79356b 1890
2d21ac55
A		 1891 /*
1892 * It's possible that we get here after the bpf descriptor has been
1893 * detached from the interface; in such a case we simply return.
1894 * Lock ordering is important since we can be called asynchronously
1895 * (from the IOKit) to process an inbound packet; when that happens
1896 * we would have been holding its "gateLock" and will be acquiring
1897 * "bpf_mlock" upon entering this routine. Due to that, we release
1898 * "bpf_mlock" prior to calling ifnet_set_promiscuous (which will
1899 * acquire "gateLock" in the IOKit), in order to avoid a deadlock
1900 * when a ifnet_set_promiscuous request simultaneously collides with
1901 * an inbound packet being passed into the tap callback.
1902 */
91447636 1903 lck_mtx_lock(bpf_mlock);
2d21ac55
A		 1904 if (ifp->if_bpf == NULL) {
1905 lck_mtx_unlock(bpf_mlock);
1906 return;
1907 }
91447636 1908 bp = ifp->if_bpf;
2d21ac55
A		 1909 for (bp = ifp->if_bpf; bp && bp->bif_ifp == ifp &&
1910 (dlt != 0 && bp->bif_dlt != dlt); bp = bp->bif_next)
1911 ;
1912 if (bp && bp->bif_ifp == ifp && bp->bif_dlist != NULL) {
1913 struct bpf_d *d;
1914 struct m_hdr hack_hdr;
1915 u_int pktlen = 0;
1916 u_int slen = 0;
1917 struct mbuf *m0;
1918
1919 if (hdr) {
1920 /*
1921 * This is gross. We mock up an mbuf that points to the
1922 * header buffer. This means we don't have to copy the
1923 * header. A number of interfaces prepended headers just
1924 * for bpf by allocating an mbuf on the stack. We want to
1925 * give developers an easy way to prepend a header for bpf.
1926 * Since a developer allocating an mbuf on the stack is bad,
1927 * we do even worse here, allocating only a header to point
1928 * to a buffer the developer supplied. This makes assumptions
1929 * that bpf_filter and catchpacket will not look at anything
1930 * in the mbuf other than the header. This was true at the
1931 * time this code was written.
1932 */
1933 hack_hdr.mh_next = m;
1934 hack_hdr.mh_nextpkt = NULL;
1935 hack_hdr.mh_len = hlen;
1936 hack_hdr.mh_data = hdr;
1937 hack_hdr.mh_type = m->m_type;
1938 hack_hdr.mh_flags = 0;
1939
1940 m = (mbuf_t)&hack_hdr;
1941 }
1942
1943 for (m0 = m; m0 != 0; m0 = m0->m_next)
1944 pktlen += m0->m_len;
1945
1946 for (d = bp->bif_dlist; d; d = d->bd_next) {
1947 if (outbound && !d->bd_seesent)
91447636
A		 1948 continue;
1949 ++d->bd_rcount;
1950 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
2d21ac55
A		 1951 if (slen != 0) {
1952#if CONFIG_MACF_NET
1953 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) != 0)
1954 continue;
1955#endif
91447636 1956 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
2d21ac55 1957 }
91447636 1958 }
1c79356b 1959 }
91447636 1960 lck_mtx_unlock(bpf_mlock);
1c79356b
A		 1961}
1962
2d21ac55
A		 1963void
1964bpf_tap_out(
1965 ifnet_t ifp,
1966 u_int32_t dlt,
1967 mbuf_t m,
1968 void* hdr,
1969 size_t hlen)
1970{
1971 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 1);
1972}
1973
1974void
1975bpf_tap_in(
1976 ifnet_t ifp,
1977 u_int32_t dlt,
1978 mbuf_t m,
1979 void* hdr,
1980 size_t hlen)
1981{
1982 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 0);
1983}
1984
1985/* Callback registered with Ethernet driver. */
1986static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m)
1987{
1988 bpf_tap_imp(ifp, 0, m, NULL, 0, mbuf_pkthdr_rcvif(m) == NULL);
1989
1990 return 0;
1991}
1992
1c79356b
A		 1993/*
1994 * Move the packet data from interface memory (pkt) into the
1995 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
1996 * otherwise 0. "copy" is the routine called to do the actual data
1997 * transfer. bcopy is passed in to copy contiguous chunks, while
1998 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1999 * pkt is really an mbuf.
2000 */
2001static void
91447636
A		 2002catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
2003 void (*cpfn)(const void *, void *, size_t))
1c79356b 2004{
2d21ac55
A		 2005 struct bpf_hdr *hp;
2006 int totlen, curlen;
2007 int hdrlen = d->bd_bif->bif_hdrlen;
6d2010ae 2008 int do_wakeup = 0;
1c79356b
A		 2009 /*
2010 * Figure out how many bytes to move. If the packet is
2011 * greater or equal to the snapshot length, transfer that
2012 * much. Otherwise, transfer the whole packet (unless
2013 * we hit the buffer size limit).
2014 */
2015 totlen = hdrlen + min(snaplen, pktlen);
2016 if (totlen > d->bd_bufsize)
2017 totlen = d->bd_bufsize;
2018
2019 /*
2020 * Round up the end of the previous packet to the next longword.
2021 */
2022 curlen = BPF_WORDALIGN(d->bd_slen);
2023 if (curlen + totlen > d->bd_bufsize) {
2024 /*
2025 * This packet will overflow the storage buffer.
2026 * Rotate the buffers if we can, then wakeup any
2027 * pending reads.
2028 */
6d2010ae 2029 if (d->bd_fbuf == NULL) {
1c79356b
A		 2030 /*
2031 * We haven't completed the previous read yet,
2032 * so drop the packet.
2033 */
2034 ++d->bd_dcount;
2035 return;
2036 }
2037 ROTATE_BUFFERS(d);
6d2010ae 2038 do_wakeup = 1;
1c79356b
A		 2039 curlen = 0;
2040 }
6d2010ae 2041 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
1c79356b 2042 /*
6d2010ae
A		 2043 * Immediate mode is set, or the read timeout has
2044 * already expired during a select call. A packet
2045 * arrived, so the reader should be woken up.
1c79356b 2046 */
6d2010ae 2047 do_wakeup = 1;
1c79356b
A		 2048
2049 /*
2050 * Append the bpf header.
2051 */
2052 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
b0d623f7
A		 2053 struct timeval tv;
2054 microtime(&tv);
2055 hp->bh_tstamp.tv_sec = tv.tv_sec;
2056 hp->bh_tstamp.tv_usec = tv.tv_usec;
1c79356b
A		 2057 hp->bh_datalen = pktlen;
2058 hp->bh_hdrlen = hdrlen;
2059 /*
2060 * Copy the packet data into the store buffer and update its length.
2061 */
2062 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
2063 d->bd_slen = curlen + totlen;
6d2010ae
A		 2064
2065 if (do_wakeup)
2066 bpf_wakeup(d);
1c79356b
A		 2067}
2068
2069/*
2070 * Initialize all nonzero fields of a descriptor.
2071 */
2072static int
91447636 2073bpf_allocbufs(struct bpf_d *d)
1c79356b
A		 2074{
2075 d->bd_fbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2076 if (d->bd_fbuf == 0)
2077 return (ENOBUFS);
2078
2079 d->bd_sbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2080 if (d->bd_sbuf == 0) {
2081 FREE(d->bd_fbuf, M_DEVBUF);
2082 return (ENOBUFS);
2083 }
2084 d->bd_slen = 0;
2085 d->bd_hlen = 0;
2086 return (0);
2087}
2088
2089/*
2090 * Free buffers currently in use by a descriptor.
2091 * Called on close.
2092 */
2093static void
91447636 2094bpf_freed(struct bpf_d *d)
1c79356b
A		 2095{
2096 /*
2097 * We don't need to lock out interrupts since this descriptor has
2098 * been detached from its interface and it yet hasn't been marked
2099 * free.
2100 */
2101 if (d->bd_sbuf != 0) {
2102 FREE(d->bd_sbuf, M_DEVBUF);
2103 if (d->bd_hbuf != 0)
2104 FREE(d->bd_hbuf, M_DEVBUF);
2105 if (d->bd_fbuf != 0)
2106 FREE(d->bd_fbuf, M_DEVBUF);
2107 }
2108 if (d->bd_filter)
2109 FREE((caddr_t)d->bd_filter, M_DEVBUF);
1c79356b
A		 2110}
2111
2112/*
2113 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
2114 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
2115 * size of the link header (variable length headers not yet supported).
2116 */
2117void
91447636 2118bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
1c79356b 2119{
2d21ac55
A		 2120 bpf_attach(ifp, dlt, hdrlen, NULL, NULL);
2121}
2122
2123errno_t
2124bpf_attach(
2125 ifnet_t ifp,
2126 u_int32_t dlt,
2127 u_int32_t hdrlen,
2128 bpf_send_func send,
2129 bpf_tap_func tap)
2130{
2131 struct bpf_if *bp_new;
2132 struct bpf_if *bp_temp;
2133 struct bpf_if *bp_first = NULL;
2134
2135 bp_new = (struct bpf_if *) _MALLOC(sizeof(*bp_new), M_DEVBUF, M_WAIT);
2136 if (bp_new == 0)
1c79356b
A		 2137 panic("bpfattach");
2138
91447636
A		 2139 lck_mtx_lock(bpf_mlock);
2140
2d21ac55
A		 2141 /*
2142 * Check if this interface/dlt is already attached, record first
2143 * attachment for this interface.
2144 */
2145 for (bp_temp = bpf_iflist; bp_temp && (bp_temp->bif_ifp != ifp ||
2146 bp_temp->bif_dlt != dlt); bp_temp = bp_temp->bif_next) {
2147 if (bp_temp->bif_ifp == ifp && bp_first == NULL)
2148 bp_first = bp_temp;
2149 }
2150
2151 if (bp_temp != NULL) {
2152 printf("bpfattach - %s%d with dlt %d is already attached\n",
2153 ifp->if_name, ifp->if_unit, dlt);
2154 FREE(bp_new, M_DEVBUF);
2155 lck_mtx_unlock(bpf_mlock);
2156 return EEXIST;
2157 }
2158
2159 bzero(bp_new, sizeof(*bp_new));
2160 bp_new->bif_ifp = ifp;
2161 bp_new->bif_dlt = dlt;
2162 bp_new->bif_send = send;
2163 bp_new->bif_tap = tap;
2164
2165 if (bp_first == NULL) {
2166 /* No other entries for this ifp */
2167 bp_new->bif_next = bpf_iflist;
2168 bpf_iflist = bp_new;
2169 }
2170 else {
2171 /* Add this after the first entry for this interface */
2172 bp_new->bif_next = bp_first->bif_next;
2173 bp_first->bif_next = bp_new;
2174 }
2175
1c79356b
A		 2176 /*
2177 * Compute the length of the bpf header. This is not necessarily
2178 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
2179 * that the network layer header begins on a longword boundary (for
2180 * performance reasons and to alleviate alignment restrictions).
2181 */
2d21ac55 2182 bp_new->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
91447636
A		 2183
2184 /* Take a reference on the interface */
2d21ac55 2185 ifnet_reference(ifp);
91447636
A		 2186
2187 lck_mtx_unlock(bpf_mlock);
1c79356b 2188
55e303ae 2189#ifndef __APPLE__
1c79356b
A		 2190 if (bootverbose)
2191 printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
2192#endif
2d21ac55
A		 2193
2194 return 0;
1c79356b
A		 2195}
2196
9bccf70c
A		 2197/*
2198 * Detach bpf from an interface. This involves detaching each descriptor
2199 * associated with the interface, and leaving bd_bif NULL. Notify each
2200 * descriptor as it's detached so that any sleepers wake up and get
2201 * ENXIO.
2202 */
2203void
91447636 2204bpfdetach(struct ifnet *ifp)
9bccf70c 2205{
2d21ac55
A		 2206 struct bpf_if *bp, *bp_prev, *bp_next;
2207 struct bpf_if *bp_free = NULL;
9bccf70c 2208 struct bpf_d *d;
9bccf70c 2209
91447636
A		 2210
2211 lck_mtx_lock(bpf_mlock);
9bccf70c
A		 2212
2213 /* Locate BPF interface information */
2214 bp_prev = NULL;
2d21ac55
A		 2215 for (bp = bpf_iflist; bp != NULL; bp = bp_next) {
2216 bp_next = bp->bif_next;
2217 if (ifp != bp->bif_ifp) {
2218 bp_prev = bp;
2219 continue;
2220 }
2221
2222 while ((d = bp->bif_dlist) != NULL) {
2223 bpf_detachd(d);
2224 bpf_wakeup(d);
2225 }
2226
2227 if (bp_prev) {
2228 bp_prev->bif_next = bp->bif_next;
2229 } else {
2230 bpf_iflist = bp->bif_next;
2231 }
2232
2233 bp->bif_next = bp_free;
2234 bp_free = bp;
2235
2236 ifnet_release(ifp);
9bccf70c
A		 2237 }
2238
91447636 2239 lck_mtx_unlock(bpf_mlock);
9bccf70c
A		 2240
2241 FREE(bp, M_DEVBUF);
2242
9bccf70c
A		 2243}
2244
1c79356b 2245void
91447636 2246bpf_init(__unused void *unused)
1c79356b 2247{
9bccf70c 2248#ifdef __APPLE__
1c79356b 2249 int i;
9bccf70c 2250 int maj;
1c79356b 2251
91447636 2252 if (bpf_devsw_installed == 0) {
9bccf70c 2253 bpf_devsw_installed = 1;
91447636
A		 2254
2255 bpf_mlock_grp_attr = lck_grp_attr_alloc_init();
91447636
A		 2256
2257 bpf_mlock_grp = lck_grp_alloc_init("bpf", bpf_mlock_grp_attr);
2258
2259 bpf_mlock_attr = lck_attr_alloc_init();
91447636
A		 2260
2261 bpf_mlock = lck_mtx_alloc_init(bpf_mlock_grp, bpf_mlock_attr);
2262
2263 if (bpf_mlock == 0) {
2264 printf("bpf_init: failed to allocate bpf_mlock\n");
2265 bpf_devsw_installed = 0;
2266 return;
2267 }
2268
9bccf70c
A		 2269 maj = cdevsw_add(CDEV_MAJOR, &bpf_cdevsw);
2270 if (maj == -1) {
91447636
A		 2271 if (bpf_mlock)
2272 lck_mtx_free(bpf_mlock, bpf_mlock_grp);
2273 if (bpf_mlock_attr)
2274 lck_attr_free(bpf_mlock_attr);
2275 if (bpf_mlock_grp)
2276 lck_grp_free(bpf_mlock_grp);
2277 if (bpf_mlock_grp_attr)
2278 lck_grp_attr_free(bpf_mlock_grp_attr);
2279
2d21ac55
A		 2280 bpf_mlock = NULL;
2281 bpf_mlock_attr = NULL;
2282 bpf_mlock_grp = NULL;
2283 bpf_mlock_grp_attr = NULL;
91447636 2284 bpf_devsw_installed = 0;
9bccf70c 2285 printf("bpf_init: failed to allocate a major number!\n");
55e303ae 2286 return;
9bccf70c 2287 }
91447636 2288
55e303ae
A		 2289 for (i = 0 ; i < NBPFILTER; i++)
2290 bpf_make_dev_t(maj);
9bccf70c
A		 2291 }
2292#else
2293 cdevsw_add(&bpf_cdevsw);
2294#endif
1c79356b
A		 2295}
2296
9bccf70c 2297#ifndef __APPLE__
1c79356b 2298SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
1c79356b 2299#endif
9bccf70c 2300
2d21ac55
A		 2301#if CONFIG_MACF_NET
2302struct label *
2303mac_bpfdesc_label_get(struct bpf_d *d)
9bccf70c 2304{
9bccf70c 2305
2d21ac55 2306 return (d->bd_label);
9bccf70c
A		 2307}
2308
2309void
2d21ac55 2310mac_bpfdesc_label_set(struct bpf_d *d, struct label *label)
9bccf70c 2311{
9bccf70c 2312
2d21ac55 2313 d->bd_label = label;
9bccf70c 2314}
2d21ac55 2315#endif
mirror of XNU