]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/bpf.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2422.115.4.tar.gz
[apple/xnu.git] / bsd / net / bpf.c
1 /*
2 * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
66 *
67 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.5 2001/01/05 04:49:09 jdp Exp $
68 */
69 /*
70 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
71 * support for mandatory and extensible security protections. This notice
72 * is included in support of clause 2.2 (b) of the Apple Public License,
73 * Version 2.0.
74 */
75
76 #include "bpf.h"
77
78 #ifndef __GNUC__
79 #define inline
80 #else
81 #define inline __inline
82 #endif
83
84 #include <sys/param.h>
85 #include <sys/systm.h>
86 #include <sys/conf.h>
87 #include <sys/malloc.h>
88 #include <sys/mbuf.h>
89 #include <sys/time.h>
90 #include <sys/proc.h>
91 #include <sys/signalvar.h>
92 #include <sys/filio.h>
93 #include <sys/sockio.h>
94 #include <sys/ttycom.h>
95 #include <sys/filedesc.h>
96 #include <sys/uio_internal.h>
97 #include <sys/file_internal.h>
98 #include <sys/event.h>
99
100 #include <sys/poll.h>
101
102 #include <sys/socket.h>
103 #include <sys/socketvar.h>
104 #include <sys/vnode.h>
105
106 #include <net/if.h>
107 #include <net/bpf.h>
108 #include <net/bpfdesc.h>
109
110 #include <netinet/in.h>
111 #include <netinet/in_pcb.h>
112 #include <netinet/in_var.h>
113 #include <netinet/ip_var.h>
114 #include <netinet/tcp.h>
115 #include <netinet/tcp_var.h>
116 #include <netinet/udp.h>
117 #include <netinet/udp_var.h>
118 #include <netinet/if_ether.h>
119 #include <sys/kernel.h>
120 #include <sys/sysctl.h>
121 #include <net/firewire.h>
122
123 #include <miscfs/devfs/devfs.h>
124 #include <net/dlil.h>
125
126 #include <kern/locks.h>
127 #include <kern/thread_call.h>
128
129 #if CONFIG_MACF_NET
130 #include <security/mac_framework.h>
131 #endif /* MAC_NET */
132
133 extern int tvtohz(struct timeval *);
134
135 #define BPF_BUFSIZE 4096
136 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
137
138
139 #define PRINET 26 /* interruptible */
140
141 /*
142 * The default read buffer size is patchable.
143 */
144 static unsigned int bpf_bufsize = BPF_BUFSIZE;
145 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
146 &bpf_bufsize, 0, "");
147 __private_extern__ unsigned int bpf_maxbufsize = BPF_MAXBUFSIZE;
148 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
149 &bpf_maxbufsize, 0, "");
150 static unsigned int bpf_maxdevices = 256;
151 SYSCTL_UINT(_debug, OID_AUTO, bpf_maxdevices, CTLFLAG_RW | CTLFLAG_LOCKED,
152 &bpf_maxdevices, 0, "");
153
154 /*
155 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
156 * bpf_dtab holds pointer to the descriptors, indexed by minor device #
157 */
158 static struct bpf_if *bpf_iflist;
159 #ifdef __APPLE__
160 /*
161 * BSD now stores the bpf_d in the dev_t which is a struct
162 * on their system. Our dev_t is an int, so we still store
163 * the bpf_d in a separate table indexed by minor device #.
164 *
165 * The value stored in bpf_dtab[n] represent three states:
166 * 0: device not opened
167 * 1: device opening or closing
168 * other: device <n> opened with pointer to storage
169 */
170 static struct bpf_d **bpf_dtab = NULL;
171 static unsigned int bpf_dtab_size = 0;
172 static unsigned int nbpfilter = 0;
173
174 decl_lck_mtx_data(static, bpf_mlock_data);
175 static lck_mtx_t *bpf_mlock = &bpf_mlock_data;
176 static lck_grp_t *bpf_mlock_grp;
177 static lck_grp_attr_t *bpf_mlock_grp_attr;
178 static lck_attr_t *bpf_mlock_attr;
179
180 static mbuf_tag_id_t bpf_mtag_id;
181 #endif /* __APPLE__ */
182
183 static int bpf_allocbufs(struct bpf_d *);
184 static errno_t bpf_attachd(struct bpf_d *d, struct bpf_if *bp);
185 static void bpf_detachd(struct bpf_d *d);
186 static void bpf_freed(struct bpf_d *);
187 static void bpf_mcopy(const void *, void *, size_t);
188 static int bpf_movein(struct uio *, int,
189 struct mbuf **, struct sockaddr *, int *);
190 static int bpf_setif(struct bpf_d *, ifnet_t ifp, u_int32_t dlt, dev_t);
191 static void bpf_timed_out(void *, void *);
192 static void bpf_wakeup(struct bpf_d *);
193 static void catchpacket(struct bpf_d *, u_char *, struct mbuf *, u_int,
194 u_int, int, void (*)(const void *, void *, size_t));
195 static void reset_d(struct bpf_d *);
196 static int bpf_setf(struct bpf_d *, u_int , user_addr_t , dev_t, u_long);
197 static int bpf_getdltlist(struct bpf_d *, caddr_t, struct proc *);
198 static int bpf_setdlt(struct bpf_d *, u_int, dev_t);
199 static int bpf_set_traffic_class(struct bpf_d *, int);
200 static void bpf_set_packet_service_class(struct mbuf *, int);
201
202 /*static void *bpf_devfs_token[MAXBPFILTER];*/
203
204 static int bpf_devsw_installed;
205
206 void bpf_init(void *unused);
207 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m);
208
209 /*
210 * Darwin differs from BSD here, the following are static
211 * on BSD and not static on Darwin.
212 */
213 d_open_t bpfopen;
214 d_close_t bpfclose;
215 d_read_t bpfread;
216 d_write_t bpfwrite;
217 ioctl_fcn_t bpfioctl;
218 select_fcn_t bpfselect;
219
220
221 /* Darwin's cdevsw struct differs slightly from BSDs */
222 #define CDEV_MAJOR 23
223 static struct cdevsw bpf_cdevsw = {
224 /* open */ bpfopen,
225 /* close */ bpfclose,
226 /* read */ bpfread,
227 /* write */ bpfwrite,
228 /* ioctl */ bpfioctl,
229 /* stop */ eno_stop,
230 /* reset */ eno_reset,
231 /* tty */ NULL,
232 /* select */ bpfselect,
233 /* mmap */ eno_mmap,
234 /* strategy*/ eno_strat,
235 /* getc */ eno_getc,
236 /* putc */ eno_putc,
237 /* type */ 0
238 };
239
240 #define SOCKADDR_HDR_LEN offsetof(struct sockaddr, sa_data)
241
242 static int
243 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, struct sockaddr *sockp, int *datlen)
244 {
245 struct mbuf *m;
246 int error;
247 int len;
248 uint8_t sa_family;
249 int hlen;
250
251 switch (linktype) {
252
253 #if SLIP
254 case DLT_SLIP:
255 sa_family = AF_INET;
256 hlen = 0;
257 break;
258 #endif /* SLIP */
259
260 case DLT_EN10MB:
261 sa_family = AF_UNSPEC;
262 /* XXX Would MAXLINKHDR be better? */
263 hlen = sizeof(struct ether_header);
264 break;
265
266 #if FDDI
267 case DLT_FDDI:
268 #if defined(__FreeBSD__) || defined(__bsdi__)
269 sa_family = AF_IMPLINK;
270 hlen = 0;
271 #else
272 sa_family = AF_UNSPEC;
273 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
274 hlen = 24;
275 #endif
276 break;
277 #endif /* FDDI */
278
279 case DLT_RAW:
280 case DLT_NULL:
281 sa_family = AF_UNSPEC;
282 hlen = 0;
283 break;
284
285 #ifdef __FreeBSD__
286 case DLT_ATM_RFC1483:
287 /*
288 * en atm driver requires 4-byte atm pseudo header.
289 * though it isn't standard, vpi:vci needs to be
290 * specified anyway.
291 */
292 sa_family = AF_UNSPEC;
293 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
294 break;
295 #endif
296
297 case DLT_PPP:
298 sa_family = AF_UNSPEC;
299 hlen = 4; /* This should match PPP_HDRLEN */
300 break;
301
302 case DLT_APPLE_IP_OVER_IEEE1394:
303 sa_family = AF_UNSPEC;
304 hlen = sizeof(struct firewire_header);
305 break;
306
307 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
308 sa_family = AF_IEEE80211;
309 hlen = 0;
310 break;
311
312 case DLT_IEEE802_11_RADIO:
313 sa_family = AF_IEEE80211;
314 hlen = 0;
315 break;
316
317 default:
318 return (EIO);
319 }
320
321 // LP64todo - fix this!
322 len = uio_resid(uio);
323 *datlen = len - hlen;
324 if ((unsigned)len > MCLBYTES)
325 return (EIO);
326
327 if (sockp) {
328 /*
329 * Build a sockaddr based on the data link layer type.
330 * We do this at this level because the ethernet header
331 * is copied directly into the data field of the sockaddr.
332 * In the case of SLIP, there is no header and the packet
333 * is forwarded as is.
334 * Also, we are careful to leave room at the front of the mbuf
335 * for the link level header.
336 */
337 if ((hlen + SOCKADDR_HDR_LEN) > sockp->sa_len) {
338 return (EIO);
339 }
340 sockp->sa_family = sa_family;
341 } else {
342 /*
343 * We're directly sending the packet data supplied by
344 * the user; we don't need to make room for the link
345 * header, and don't need the header length value any
346 * more, so set it to 0.
347 */
348 hlen = 0;
349 }
350
351 MGETHDR(m, M_WAIT, MT_DATA);
352 if (m == 0)
353 return (ENOBUFS);
354 if ((unsigned)len > MHLEN) {
355 MCLGET(m, M_WAIT);
356 if ((m->m_flags & M_EXT) == 0) {
357 error = ENOBUFS;
358 goto bad;
359 }
360 }
361 m->m_pkthdr.len = m->m_len = len;
362 m->m_pkthdr.rcvif = NULL;
363 *mp = m;
364
365 /*
366 * Make room for link header.
367 */
368 if (hlen != 0) {
369 m->m_pkthdr.len -= hlen;
370 m->m_len -= hlen;
371 m->m_data += hlen; /* XXX */
372 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
373 if (error)
374 goto bad;
375 }
376 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
377 if (error)
378 goto bad;
379
380 /* Check for multicast destination */
381 switch (linktype) {
382 case DLT_EN10MB: {
383 struct ether_header *eh = mtod(m, struct ether_header *);
384
385 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
386 if (_ether_cmp(etherbroadcastaddr, eh->ether_dhost) == 0)
387 m->m_flags |= M_BCAST;
388 else
389 m->m_flags |= M_MCAST;
390 }
391 break;
392 }
393 }
394
395 return 0;
396 bad:
397 m_freem(m);
398 return (error);
399 }
400
401 #ifdef __APPLE__
402
403 /*
404 * The dynamic addition of a new device node must block all processes that
405 * are opening the last device so that no process will get an unexpected
406 * ENOENT
407 */
408 static void
409 bpf_make_dev_t(int maj)
410 {
411 static int bpf_growing = 0;
412 unsigned int cur_size = nbpfilter, i;
413
414 if (nbpfilter >= bpf_maxdevices)
415 return;
416
417 while (bpf_growing) {
418 /* Wait until new device has been created */
419 (void)tsleep((caddr_t)&bpf_growing, PZERO, "bpf_growing", 0);
420 }
421 if (nbpfilter > cur_size) {
422 /* other thread grew it already */
423 return;
424 }
425 bpf_growing = 1;
426
427 /* need to grow bpf_dtab first */
428 if (nbpfilter == bpf_dtab_size) {
429 int new_dtab_size;
430 struct bpf_d **new_dtab = NULL;
431 struct bpf_d **old_dtab = NULL;
432
433 new_dtab_size = bpf_dtab_size + NBPFILTER;
434 new_dtab = (struct bpf_d **)_MALLOC(sizeof(struct bpf_d *) * new_dtab_size, M_DEVBUF, M_WAIT);
435 if (new_dtab == 0) {
436 printf("bpf_make_dev_t: malloc bpf_dtab failed\n");
437 goto done;
438 }
439 if (bpf_dtab) {
440 bcopy(bpf_dtab, new_dtab,
441 sizeof(struct bpf_d *) * bpf_dtab_size);
442 }
443 bzero(new_dtab + bpf_dtab_size,
444 sizeof(struct bpf_d *) * NBPFILTER);
445 old_dtab = bpf_dtab;
446 bpf_dtab = new_dtab;
447 bpf_dtab_size = new_dtab_size;
448 if (old_dtab != NULL)
449 _FREE(old_dtab, M_DEVBUF);
450 }
451 i = nbpfilter++;
452 (void) devfs_make_node(makedev(maj, i),
453 DEVFS_CHAR, UID_ROOT, GID_WHEEL, 0600,
454 "bpf%d", i);
455 done:
456 bpf_growing = 0;
457 wakeup((caddr_t)&bpf_growing);
458 }
459
460 #endif
461
462 /*
463 * Attach file to the bpf interface, i.e. make d listen on bp.
464 */
465 static errno_t
466 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
467 {
468 int first = bp->bif_dlist == NULL;
469 int error = 0;
470
471 /*
472 * Point d at bp, and add d to the interface's list of listeners.
473 * Finally, point the driver's bpf cookie at the interface so
474 * it will divert packets to bpf.
475 */
476 d->bd_bif = bp;
477 d->bd_next = bp->bif_dlist;
478 bp->bif_dlist = d;
479
480 if (first) {
481 /* Find the default bpf entry for this ifp */
482 if (bp->bif_ifp->if_bpf == NULL) {
483 struct bpf_if *primary;
484
485 for (primary = bpf_iflist; primary && primary->bif_ifp != bp->bif_ifp;
486 primary = primary->bif_next)
487 ;
488
489 bp->bif_ifp->if_bpf = primary;
490 }
491
492 /* Only call dlil_set_bpf_tap for primary dlt */
493 if (bp->bif_ifp->if_bpf == bp)
494 dlil_set_bpf_tap(bp->bif_ifp, BPF_TAP_INPUT_OUTPUT, bpf_tap_callback);
495
496 if (bp->bif_tap)
497 error = bp->bif_tap(bp->bif_ifp, bp->bif_dlt, BPF_TAP_INPUT_OUTPUT);
498 }
499
500 return error;
501 }
502
503 /*
504 * Detach a file from its interface.
505 */
506 static void
507 bpf_detachd(struct bpf_d *d)
508 {
509 struct bpf_d **p;
510 struct bpf_if *bp;
511 struct ifnet *ifp;
512
513 ifp = d->bd_bif->bif_ifp;
514 bp = d->bd_bif;
515
516 /* Remove d from the interface's descriptor list. */
517 p = &bp->bif_dlist;
518 while (*p != d) {
519 p = &(*p)->bd_next;
520 if (*p == 0)
521 panic("bpf_detachd: descriptor not in list");
522 }
523 *p = (*p)->bd_next;
524 if (bp->bif_dlist == 0) {
525 /*
526 * Let the driver know that there are no more listeners.
527 */
528 /* Only call dlil_set_bpf_tap for primary dlt */
529 if (bp->bif_ifp->if_bpf == bp)
530 dlil_set_bpf_tap(ifp, BPF_TAP_DISABLE, NULL);
531 if (bp->bif_tap)
532 bp->bif_tap(ifp, bp->bif_dlt, BPF_TAP_DISABLE);
533
534 for (bp = bpf_iflist; bp; bp = bp->bif_next)
535 if (bp->bif_ifp == ifp && bp->bif_dlist != 0)
536 break;
537 if (bp == NULL)
538 ifp->if_bpf = NULL;
539 }
540 d->bd_bif = NULL;
541 /*
542 * Check if this descriptor had requested promiscuous mode.
543 * If so, turn it off.
544 */
545 if (d->bd_promisc) {
546 d->bd_promisc = 0;
547 lck_mtx_unlock(bpf_mlock);
548 if (ifnet_set_promiscuous(ifp, 0)) {
549 /*
550 * Something is really wrong if we were able to put
551 * the driver into promiscuous mode, but can't
552 * take it out.
553 * Most likely the network interface is gone.
554 */
555 printf("bpf: ifnet_set_promiscuous failed");
556 }
557 lck_mtx_lock(bpf_mlock);
558 }
559 }
560
561
562 /*
563 * Start asynchronous timer, if necessary.
564 * Must be called with bpf_mlock held.
565 */
566 static void
567 bpf_start_timer(struct bpf_d *d)
568 {
569 uint64_t deadline;
570 struct timeval tv;
571
572 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
573 tv.tv_sec = d->bd_rtout / hz;
574 tv.tv_usec = (d->bd_rtout % hz) * tick;
575
576 clock_interval_to_deadline(
577 (uint64_t)tv.tv_sec * USEC_PER_SEC + tv.tv_usec,
578 NSEC_PER_USEC, &deadline);
579 /*
580 * The state is BPF_IDLE, so the timer hasn't
581 * been started yet, and hasn't gone off yet;
582 * there is no thread call scheduled, so this
583 * won't change the schedule.
584 *
585 * XXX - what if, by the time it gets entered,
586 * the deadline has already passed?
587 */
588 thread_call_enter_delayed(d->bd_thread_call, deadline);
589 d->bd_state = BPF_WAITING;
590 }
591 }
592
593 /*
594 * Cancel asynchronous timer.
595 * Must be called with bpf_mlock held.
596 */
597 static boolean_t
598 bpf_stop_timer(struct bpf_d *d)
599 {
600 /*
601 * If the timer has already gone off, this does nothing.
602 * Our caller is expected to set d->bd_state to BPF_IDLE,
603 * with the bpf_mlock, after we are called. bpf_timed_out()
604 * also grabs bpf_mlock, so, if the timer has gone off and
605 * bpf_timed_out() hasn't finished, it's waiting for the
606 * lock; when this thread releases the lock, it will
607 * find the state is BPF_IDLE, and just release the
608 * lock and return.
609 */
610 return (thread_call_cancel(d->bd_thread_call));
611 }
612
613
614
615 /*
616 * Open ethernet device. Returns ENXIO for illegal minor device number,
617 * EBUSY if file is open by another process.
618 */
619 /* ARGSUSED */
620 int
621 bpfopen(dev_t dev, int flags, __unused int fmt,
622 __unused struct proc *p)
623 {
624 struct bpf_d *d;
625
626 lck_mtx_lock(bpf_mlock);
627 if ((unsigned int) minor(dev) >= nbpfilter) {
628 lck_mtx_unlock(bpf_mlock);
629 return (ENXIO);
630 }
631 /*
632 * New device nodes are created on demand when opening the last one.
633 * The programming model is for processes to loop on the minor starting at 0
634 * as long as EBUSY is returned. The loop stops when either the open succeeds or
635 * an error other that EBUSY is returned. That means that bpf_make_dev_t() must
636 * block all processes that are opening the last node. If not all
637 * processes are blocked, they could unexpectedly get ENOENT and abort their
638 * opening loop.
639 */
640 if ((unsigned int) minor(dev) == (nbpfilter - 1))
641 bpf_make_dev_t(major(dev));
642
643 /*
644 * Each minor can be opened by only one process. If the requested
645 * minor is in use, return EBUSY.
646 *
647 * Important: bpfopen() and bpfclose() have to check and set the status of a device
648 * in the same lockin context otherwise the device may be leaked because the vnode use count
649 * will be unpextectly greater than 1 when close() is called.
650 */
651 if (bpf_dtab[minor(dev)] == 0) {
652 bpf_dtab[minor(dev)] = (void *)1; /* Mark opening */
653 } else {
654 lck_mtx_unlock(bpf_mlock);
655 return (EBUSY);
656 }
657 d = (struct bpf_d *)_MALLOC(sizeof(struct bpf_d), M_DEVBUF, M_WAIT);
658 if (d == NULL) {
659 /* this really is a catastrophic failure */
660 printf("bpfopen: malloc bpf_d failed\n");
661 bpf_dtab[minor(dev)] = NULL;
662 lck_mtx_unlock(bpf_mlock);
663 return ENOMEM;
664 }
665 bzero(d, sizeof(struct bpf_d));
666
667 /*
668 * It is not necessary to take the BPF lock here because no other
669 * thread can access the device until it is marked opened...
670 */
671
672 /* Mark "in use" and do most initialization. */
673 d->bd_bufsize = bpf_bufsize;
674 d->bd_sig = SIGIO;
675 d->bd_seesent = 1;
676 d->bd_oflags = flags;
677 d->bd_state = BPF_IDLE;
678 d->bd_thread_call = thread_call_allocate(bpf_timed_out, d);
679 d->bd_traffic_class = SO_TC_BE;
680
681 if (d->bd_thread_call == NULL) {
682 printf("bpfopen: malloc thread call failed\n");
683 bpf_dtab[minor(dev)] = NULL;
684 lck_mtx_unlock(bpf_mlock);
685 _FREE(d, M_DEVBUF);
686 return ENOMEM;
687 }
688 #if CONFIG_MACF_NET
689 mac_bpfdesc_label_init(d);
690 mac_bpfdesc_label_associate(kauth_cred_get(), d);
691 #endif
692 bpf_dtab[minor(dev)] = d; /* Mark opened */
693 lck_mtx_unlock(bpf_mlock);
694
695 return (0);
696 }
697
698 /*
699 * Close the descriptor by detaching it from its interface,
700 * deallocating its buffers, and marking it free.
701 */
702 /* ARGSUSED */
703 int
704 bpfclose(dev_t dev, __unused int flags, __unused int fmt,
705 __unused struct proc *p)
706 {
707 struct bpf_d *d;
708
709 /* Take BPF lock to ensure no other thread is using the device */
710 lck_mtx_lock(bpf_mlock);
711
712 d = bpf_dtab[minor(dev)];
713 if (d == 0 || d == (void *)1) {
714 lck_mtx_unlock(bpf_mlock);
715 return (ENXIO);
716 }
717 bpf_dtab[minor(dev)] = (void *)1; /* Mark closing */
718
719 /*
720 * Deal with any in-progress timeouts.
721 */
722 switch (d->bd_state) {
723 case BPF_IDLE:
724 /*
725 * Not waiting for a timeout, and no timeout happened.
726 */
727 break;
728
729 case BPF_WAITING:
730 /*
731 * Waiting for a timeout.
732 * Cancel any timer that has yet to go off,
733 * and mark the state as "closing".
734 * Then drop the lock to allow any timers that
735 * *have* gone off to run to completion, and wait
736 * for them to finish.
737 */
738 if (!bpf_stop_timer(d)) {
739 /*
740 * There was no pending call, so the call must
741 * have been in progress. Wait for the call to
742 * complete; we have to drop the lock while
743 * waiting. to let the in-progrss call complete
744 */
745 d->bd_state = BPF_DRAINING;
746 while (d->bd_state == BPF_DRAINING)
747 msleep((caddr_t)d, bpf_mlock, PRINET,
748 "bpfdraining", NULL);
749 }
750 d->bd_state = BPF_IDLE;
751 break;
752
753 case BPF_TIMED_OUT:
754 /*
755 * Timer went off, and the timeout routine finished.
756 */
757 d->bd_state = BPF_IDLE;
758 break;
759
760 case BPF_DRAINING:
761 /*
762 * Another thread is blocked on a close waiting for
763 * a timeout to finish.
764 * This "shouldn't happen", as the first thread to enter
765 * bpfclose() will set bpf_dtab[minor(dev)] to 1, and
766 * all subsequent threads should see that and fail with
767 * ENXIO.
768 */
769 panic("Two threads blocked in a BPF close");
770 break;
771 }
772
773 if (d->bd_bif)
774 bpf_detachd(d);
775 selthreadclear(&d->bd_sel);
776 #if CONFIG_MACF_NET
777 mac_bpfdesc_label_destroy(d);
778 #endif
779 thread_call_free(d->bd_thread_call);
780
781 while (d->bd_hbuf_read)
782 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
783
784 bpf_freed(d);
785
786 /* Mark free in same context as bpfopen comes to check */
787 bpf_dtab[minor(dev)] = NULL; /* Mark closed */
788 lck_mtx_unlock(bpf_mlock);
789
790 _FREE(d, M_DEVBUF);
791
792 return (0);
793 }
794
795
796 #define BPF_SLEEP bpf_sleep
797
798 static int
799 bpf_sleep(struct bpf_d *d, int pri, const char *wmesg, int timo)
800 {
801 u_int64_t abstime = 0;
802
803 if(timo)
804 clock_interval_to_deadline(timo, NSEC_PER_SEC / hz, &abstime);
805
806 return msleep1((caddr_t)d, bpf_mlock, pri, wmesg, abstime);
807 }
808
809 /*
810 * Rotate the packet buffers in descriptor d. Move the store buffer
811 * into the hold slot, and the free buffer into the store slot.
812 * Zero the length of the new store buffer.
813 */
814 #define ROTATE_BUFFERS(d) \
815 if (d->bd_hbuf_read) \
816 panic("rotating bpf buffers during read"); \
817 (d)->bd_hbuf = (d)->bd_sbuf; \
818 (d)->bd_hlen = (d)->bd_slen; \
819 (d)->bd_sbuf = (d)->bd_fbuf; \
820 (d)->bd_slen = 0; \
821 (d)->bd_fbuf = NULL;
822 /*
823 * bpfread - read next chunk of packets from buffers
824 */
825 int
826 bpfread(dev_t dev, struct uio *uio, int ioflag)
827 {
828 struct bpf_d *d;
829 caddr_t hbuf;
830 int timed_out, hbuf_len;
831 int error;
832
833 lck_mtx_lock(bpf_mlock);
834
835 d = bpf_dtab[minor(dev)];
836 if (d == 0 || d == (void *)1) {
837 lck_mtx_unlock(bpf_mlock);
838 return (ENXIO);
839 }
840
841 /*
842 * Restrict application to use a buffer the same size as
843 * as kernel buffers.
844 */
845 if (uio_resid(uio) != d->bd_bufsize) {
846 lck_mtx_unlock(bpf_mlock);
847 return (EINVAL);
848 }
849
850 if (d->bd_state == BPF_WAITING)
851 bpf_stop_timer(d);
852
853 timed_out = (d->bd_state == BPF_TIMED_OUT);
854 d->bd_state = BPF_IDLE;
855
856 while (d->bd_hbuf_read)
857 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
858
859 d = bpf_dtab[minor(dev)];
860 if (d == 0 || d == (void *)1) {
861 lck_mtx_unlock(bpf_mlock);
862 return (ENXIO);
863 }
864 /*
865 * If the hold buffer is empty, then do a timed sleep, which
866 * ends when the timeout expires or when enough packets
867 * have arrived to fill the store buffer.
868 */
869 while (d->bd_hbuf == 0) {
870 if ((d->bd_immediate || timed_out || (ioflag & IO_NDELAY))
871 && d->bd_slen != 0) {
872 /*
873 * We're in immediate mode, or are reading
874 * in non-blocking mode, or a timer was
875 * started before the read (e.g., by select()
876 * or poll()) and has expired and a packet(s)
877 * either arrived since the previous
878 * read or arrived while we were asleep.
879 * Rotate the buffers and return what's here.
880 */
881 ROTATE_BUFFERS(d);
882 break;
883 }
884
885 /*
886 * No data is available, check to see if the bpf device
887 * is still pointed at a real interface. If not, return
888 * ENXIO so that the userland process knows to rebind
889 * it before using it again.
890 */
891 if (d->bd_bif == NULL) {
892 lck_mtx_unlock(bpf_mlock);
893 return (ENXIO);
894 }
895 if (ioflag & IO_NDELAY) {
896 lck_mtx_unlock(bpf_mlock);
897 return (EWOULDBLOCK);
898 }
899 error = BPF_SLEEP(d, PRINET|PCATCH, "bpf",
900 d->bd_rtout);
901 /*
902 * Make sure device is still opened
903 */
904 d = bpf_dtab[minor(dev)];
905 if (d == 0 || d == (void *)1) {
906 lck_mtx_unlock(bpf_mlock);
907 return (ENXIO);
908 }
909
910 while (d->bd_hbuf_read)
911 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
912
913 d = bpf_dtab[minor(dev)];
914 if (d == 0 || d == (void *)1) {
915 lck_mtx_unlock(bpf_mlock);
916 return (ENXIO);
917 }
918
919 if (error == EINTR || error == ERESTART) {
920 if (d->bd_slen) {
921 /*
922 * Sometimes we may be interrupted often and
923 * the sleep above will not timeout.
924 * Regardless, we should rotate the buffers
925 * if there's any new data pending and
926 * return it.
927 */
928 ROTATE_BUFFERS(d);
929 break;
930 }
931 lck_mtx_unlock(bpf_mlock);
932 return (error);
933 }
934 if (error == EWOULDBLOCK) {
935 /*
936 * On a timeout, return what's in the buffer,
937 * which may be nothing. If there is something
938 * in the store buffer, we can rotate the buffers.
939 */
940 if (d->bd_hbuf)
941 /*
942 * We filled up the buffer in between
943 * getting the timeout and arriving
944 * here, so we don't need to rotate.
945 */
946 break;
947
948 if (d->bd_slen == 0) {
949 lck_mtx_unlock(bpf_mlock);
950 return (0);
951 }
952 ROTATE_BUFFERS(d);
953 break;
954 }
955 }
956 /*
957 * At this point, we know we have something in the hold slot.
958 */
959
960 #ifdef __APPLE__
961 /*
962 * Before we move data to userland, we fill out the extended
963 * header fields.
964 */
965 if (d->bd_extendedhdr) {
966 char *p;
967
968 p = d->bd_hbuf;
969 while (p < d->bd_hbuf + d->bd_hlen) {
970 struct bpf_hdr_ext *ehp;
971 uint32_t flowid;
972 struct so_procinfo soprocinfo;
973 int found = 0;
974
975 ehp = (struct bpf_hdr_ext *)(void *)p;
976 if ((flowid = ehp->bh_flowid)) {
977 if (ehp->bh_proto == IPPROTO_TCP)
978 found = inp_findinpcb_procinfo(&tcbinfo,
979 flowid, &soprocinfo);
980 else if (ehp->bh_proto == IPPROTO_UDP)
981 found = inp_findinpcb_procinfo(&udbinfo,
982 flowid, &soprocinfo);
983 if (found != 0) {
984 ehp->bh_pid = soprocinfo.spi_pid;
985 proc_name(ehp->bh_pid, ehp->bh_comm, MAXCOMLEN);
986 }
987 ehp->bh_flowid = 0;
988 }
989 p += BPF_WORDALIGN(ehp->bh_hdrlen + ehp->bh_caplen);
990 }
991 }
992 #endif
993 /*
994 * Set the hold buffer read. So we do not
995 * rotate the buffers until the hold buffer
996 * read is complete. Also to avoid issues resulting
997 * from page faults during disk sleep (<rdar://problem/13436396>).
998 */
999 d->bd_hbuf_read = 1;
1000 hbuf = d->bd_hbuf;
1001 hbuf_len = d->bd_hlen;
1002 lck_mtx_unlock(bpf_mlock);
1003
1004 /*
1005 * Move data from hold buffer into user space.
1006 * We know the entire buffer is transferred since
1007 * we checked above that the read buffer is bpf_bufsize bytes.
1008 */
1009 error = UIOMOVE(hbuf, hbuf_len, UIO_READ, uio);
1010
1011 lck_mtx_lock(bpf_mlock);
1012 /*
1013 * Make sure device is still opened
1014 */
1015 d = bpf_dtab[minor(dev)];
1016 if (d == 0 || d == (void *)1) {
1017 lck_mtx_unlock(bpf_mlock);
1018 return (ENXIO);
1019 }
1020
1021 d->bd_hbuf_read = 0;
1022 d->bd_fbuf = d->bd_hbuf;
1023 d->bd_hbuf = NULL;
1024 d->bd_hlen = 0;
1025 wakeup((caddr_t)d);
1026 lck_mtx_unlock(bpf_mlock);
1027 return (error);
1028
1029 }
1030
1031
1032 /*
1033 * If there are processes sleeping on this descriptor, wake them up.
1034 */
1035 static void
1036 bpf_wakeup(struct bpf_d *d)
1037 {
1038 if (d->bd_state == BPF_WAITING) {
1039 bpf_stop_timer(d);
1040 d->bd_state = BPF_IDLE;
1041 }
1042 wakeup((caddr_t)d);
1043 if (d->bd_async && d->bd_sig && d->bd_sigio)
1044 pgsigio(d->bd_sigio, d->bd_sig);
1045
1046 selwakeup(&d->bd_sel);
1047 KNOTE(&d->bd_sel.si_note, 1);
1048 #ifndef __APPLE__
1049 /* XXX */
1050 d->bd_sel.si_pid = 0;
1051 #endif
1052 }
1053
1054
1055 static void
1056 bpf_timed_out(void *arg, __unused void *dummy)
1057 {
1058 struct bpf_d *d = (struct bpf_d *)arg;
1059
1060 lck_mtx_lock(bpf_mlock);
1061 if (d->bd_state == BPF_WAITING) {
1062 /*
1063 * There's a select or kqueue waiting for this; if there's
1064 * now stuff to read, wake it up.
1065 */
1066 d->bd_state = BPF_TIMED_OUT;
1067 if (d->bd_slen != 0)
1068 bpf_wakeup(d);
1069 } else if (d->bd_state == BPF_DRAINING) {
1070 /*
1071 * A close is waiting for this to finish.
1072 * Mark it as finished, and wake the close up.
1073 */
1074 d->bd_state = BPF_IDLE;
1075 bpf_wakeup(d);
1076 }
1077 lck_mtx_unlock(bpf_mlock);
1078 }
1079
1080
1081
1082
1083
1084 /* keep in sync with bpf_movein above: */
1085 #define MAX_DATALINK_HDR_LEN (sizeof(struct firewire_header))
1086
1087 int
1088 bpfwrite(dev_t dev, struct uio *uio, __unused int ioflag)
1089 {
1090 struct bpf_d *d;
1091 struct ifnet *ifp;
1092 struct mbuf *m = NULL;
1093 int error;
1094 char dst_buf[SOCKADDR_HDR_LEN + MAX_DATALINK_HDR_LEN];
1095 int datlen = 0;
1096 int bif_dlt;
1097 int bd_hdrcmplt;
1098
1099 lck_mtx_lock(bpf_mlock);
1100
1101 d = bpf_dtab[minor(dev)];
1102 if (d == 0 || d == (void *)1) {
1103 lck_mtx_unlock(bpf_mlock);
1104 return (ENXIO);
1105 }
1106 if (d->bd_bif == 0) {
1107 lck_mtx_unlock(bpf_mlock);
1108 return (ENXIO);
1109 }
1110
1111 ifp = d->bd_bif->bif_ifp;
1112
1113 if ((ifp->if_flags & IFF_UP) == 0) {
1114 lck_mtx_unlock(bpf_mlock);
1115 return (ENETDOWN);
1116 }
1117 if (uio_resid(uio) == 0) {
1118 lck_mtx_unlock(bpf_mlock);
1119 return (0);
1120 }
1121 ((struct sockaddr *)dst_buf)->sa_len = sizeof(dst_buf);
1122
1123 /*
1124 * fix for PR-6849527
1125 * geting variables onto stack before dropping lock for bpf_movein()
1126 */
1127 bif_dlt = (int)d->bd_bif->bif_dlt;
1128 bd_hdrcmplt = d->bd_hdrcmplt;
1129
1130 /* bpf_movein allocating mbufs; drop lock */
1131 lck_mtx_unlock(bpf_mlock);
1132
1133 error = bpf_movein(uio, bif_dlt, &m,
1134 bd_hdrcmplt ? NULL : (struct sockaddr *)dst_buf,
1135 &datlen);
1136
1137 if (error) {
1138 return (error);
1139 }
1140
1141 /* taking the lock again and verifying whether device is open */
1142 lck_mtx_lock(bpf_mlock);
1143 d = bpf_dtab[minor(dev)];
1144 if (d == 0 || d == (void *)1) {
1145 lck_mtx_unlock(bpf_mlock);
1146 m_freem(m);
1147 return (ENXIO);
1148 }
1149
1150 if (d->bd_bif == NULL) {
1151 lck_mtx_unlock(bpf_mlock);
1152 m_free(m);
1153 return (ENXIO);
1154 }
1155
1156 if ((unsigned)datlen > ifp->if_mtu) {
1157 lck_mtx_unlock(bpf_mlock);
1158 m_freem(m);
1159 return (EMSGSIZE);
1160 }
1161
1162
1163 #if CONFIG_MACF_NET
1164 mac_mbuf_label_associate_bpfdesc(d, m);
1165 #endif
1166
1167 bpf_set_packet_service_class(m, d->bd_traffic_class);
1168
1169 lck_mtx_unlock(bpf_mlock);
1170
1171 if (d->bd_hdrcmplt) {
1172 if (d->bd_bif->bif_send)
1173 error = d->bd_bif->bif_send(ifp, d->bd_bif->bif_dlt, m);
1174 else
1175 error = dlil_output(ifp, 0, m, NULL, NULL, 1, NULL);
1176 } else {
1177 error = dlil_output(ifp, PF_INET, m, NULL,
1178 (struct sockaddr *)dst_buf, 0, NULL);
1179 }
1180
1181 /*
1182 * The driver frees the mbuf.
1183 */
1184 return (error);
1185 }
1186
1187 /*
1188 * Reset a descriptor by flushing its packet buffer and clearing the
1189 * receive and drop counts.
1190 */
1191 static void
1192 reset_d(struct bpf_d *d)
1193 {
1194 if (d->bd_hbuf_read)
1195 panic("resetting buffers during read");
1196
1197 if (d->bd_hbuf) {
1198 /* Free the hold buffer. */
1199 d->bd_fbuf = d->bd_hbuf;
1200 d->bd_hbuf = NULL;
1201 }
1202 d->bd_slen = 0;
1203 d->bd_hlen = 0;
1204 d->bd_rcount = 0;
1205 d->bd_dcount = 0;
1206 }
1207
1208 /*
1209 * FIONREAD Check for read packet available.
1210 * SIOCGIFADDR Get interface address - convenient hook to driver.
1211 * BIOCGBLEN Get buffer len [for read()].
1212 * BIOCSETF Set ethernet read filter.
1213 * BIOCFLUSH Flush read packet buffer.
1214 * BIOCPROMISC Put interface into promiscuous mode.
1215 * BIOCGDLT Get link layer type.
1216 * BIOCGETIF Get interface name.
1217 * BIOCSETIF Set interface.
1218 * BIOCSRTIMEOUT Set read timeout.
1219 * BIOCGRTIMEOUT Get read timeout.
1220 * BIOCGSTATS Get packet stats.
1221 * BIOCIMMEDIATE Set immediate mode.
1222 * BIOCVERSION Get filter language version.
1223 * BIOCGHDRCMPLT Get "header already complete" flag
1224 * BIOCSHDRCMPLT Set "header already complete" flag
1225 * BIOCGSEESENT Get "see packets sent" flag
1226 * BIOCSSEESENT Set "see packets sent" flag
1227 * BIOCSETTC Set traffic class.
1228 * BIOCGETTC Get traffic class.
1229 * BIOCSEXTHDR Set "extended header" flag
1230 */
1231 /* ARGSUSED */
1232 int
1233 bpfioctl(dev_t dev, u_long cmd, caddr_t addr, __unused int flags,
1234 struct proc *p)
1235 {
1236 struct bpf_d *d;
1237 int error = 0, int_arg;
1238 struct ifreq ifr;
1239
1240 lck_mtx_lock(bpf_mlock);
1241
1242 d = bpf_dtab[minor(dev)];
1243 if (d == 0 || d == (void *)1) {
1244 lck_mtx_unlock(bpf_mlock);
1245 return (ENXIO);
1246 }
1247
1248 if (d->bd_state == BPF_WAITING)
1249 bpf_stop_timer(d);
1250 d->bd_state = BPF_IDLE;
1251
1252 switch (cmd) {
1253
1254 default:
1255 error = EINVAL;
1256 break;
1257
1258 /*
1259 * Check for read packet available.
1260 */
1261 case FIONREAD: /* int */
1262 {
1263 int n;
1264
1265 n = d->bd_slen;
1266 if (d->bd_hbuf && d->bd_hbuf_read == 0)
1267 n += d->bd_hlen;
1268
1269 bcopy(&n, addr, sizeof (n));
1270 break;
1271 }
1272
1273 case SIOCGIFADDR: /* struct ifreq */
1274 {
1275 struct ifnet *ifp;
1276
1277 if (d->bd_bif == 0)
1278 error = EINVAL;
1279 else {
1280 ifp = d->bd_bif->bif_ifp;
1281 error = ifnet_ioctl(ifp, 0, cmd, addr);
1282 }
1283 break;
1284 }
1285
1286 /*
1287 * Get buffer len [for read()].
1288 */
1289 case BIOCGBLEN: /* u_int */
1290 bcopy(&d->bd_bufsize, addr, sizeof (u_int));
1291 break;
1292
1293 /*
1294 * Set buffer length.
1295 */
1296 case BIOCSBLEN: /* u_int */
1297 if (d->bd_bif != 0)
1298 error = EINVAL;
1299 else {
1300 u_int size;
1301
1302 bcopy(addr, &size, sizeof (size));
1303
1304 if (size > bpf_maxbufsize)
1305 size = bpf_maxbufsize;
1306 else if (size < BPF_MINBUFSIZE)
1307 size = BPF_MINBUFSIZE;
1308 bcopy(&size, addr, sizeof (size));
1309 d->bd_bufsize = size;
1310 }
1311 break;
1312
1313 /*
1314 * Set link layer read filter.
1315 */
1316 case BIOCSETF32:
1317 case BIOCSETFNR32: { /* struct bpf_program32 */
1318 struct bpf_program32 prg32;
1319
1320 bcopy(addr, &prg32, sizeof (prg32));
1321 error = bpf_setf(d, prg32.bf_len,
1322 CAST_USER_ADDR_T(prg32.bf_insns), dev, cmd);
1323 break;
1324 }
1325
1326 case BIOCSETF64:
1327 case BIOCSETFNR64: { /* struct bpf_program64 */
1328 struct bpf_program64 prg64;
1329
1330 bcopy(addr, &prg64, sizeof (prg64));
1331 error = bpf_setf(d, prg64.bf_len, prg64.bf_insns, dev, cmd);
1332 break;
1333 }
1334
1335 /*
1336 * Flush read packet buffer.
1337 */
1338 case BIOCFLUSH:
1339 while (d->bd_hbuf_read) {
1340 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
1341 }
1342
1343 d = bpf_dtab[minor(dev)];
1344 if (d == 0 || d == (void *)1)
1345 return (ENXIO);
1346
1347 reset_d(d);
1348 break;
1349
1350 /*
1351 * Put interface into promiscuous mode.
1352 */
1353 case BIOCPROMISC:
1354 if (d->bd_bif == 0) {
1355 /*
1356 * No interface attached yet.
1357 */
1358 error = EINVAL;
1359 break;
1360 }
1361 if (d->bd_promisc == 0) {
1362 lck_mtx_unlock(bpf_mlock);
1363 error = ifnet_set_promiscuous(d->bd_bif->bif_ifp, 1);
1364 lck_mtx_lock(bpf_mlock);
1365 if (error == 0)
1366 d->bd_promisc = 1;
1367 }
1368 break;
1369
1370 /*
1371 * Get device parameters.
1372 */
1373 case BIOCGDLT: /* u_int */
1374 if (d->bd_bif == 0)
1375 error = EINVAL;
1376 else
1377 bcopy(&d->bd_bif->bif_dlt, addr, sizeof (u_int));
1378 break;
1379
1380 /*
1381 * Get a list of supported data link types.
1382 */
1383 case BIOCGDLTLIST: /* struct bpf_dltlist */
1384 if (d->bd_bif == NULL) {
1385 error = EINVAL;
1386 } else {
1387 error = bpf_getdltlist(d, addr, p);
1388 }
1389 break;
1390
1391 /*
1392 * Set data link type.
1393 */
1394 case BIOCSDLT: /* u_int */
1395 if (d->bd_bif == NULL) {
1396 error = EINVAL;
1397 } else {
1398 u_int dlt;
1399
1400 bcopy(addr, &dlt, sizeof (dlt));
1401 error = bpf_setdlt(d, dlt, dev);
1402 }
1403 break;
1404
1405 /*
1406 * Get interface name.
1407 */
1408 case BIOCGETIF: /* struct ifreq */
1409 if (d->bd_bif == 0)
1410 error = EINVAL;
1411 else {
1412 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1413
1414 snprintf(((struct ifreq *)(void *)addr)->ifr_name,
1415 sizeof (ifr.ifr_name), "%s", if_name(ifp));
1416 }
1417 break;
1418
1419 /*
1420 * Set interface.
1421 */
1422 case BIOCSETIF: { /* struct ifreq */
1423 ifnet_t ifp;
1424
1425 bcopy(addr, &ifr, sizeof (ifr));
1426 ifr.ifr_name[IFNAMSIZ - 1] = '\0';
1427 ifp = ifunit(ifr.ifr_name);
1428 if (ifp == NULL)
1429 error = ENXIO;
1430 else
1431 error = bpf_setif(d, ifp, 0, dev);
1432 break;
1433 }
1434
1435 /*
1436 * Set read timeout.
1437 */
1438 case BIOCSRTIMEOUT32: { /* struct user32_timeval */
1439 struct user32_timeval _tv;
1440 struct timeval tv;
1441
1442 bcopy(addr, &_tv, sizeof (_tv));
1443 tv.tv_sec = _tv.tv_sec;
1444 tv.tv_usec = _tv.tv_usec;
1445
1446 /*
1447 * Subtract 1 tick from tvtohz() since this isn't
1448 * a one-shot timer.
1449 */
1450 if ((error = itimerfix(&tv)) == 0)
1451 d->bd_rtout = tvtohz(&tv) - 1;
1452 break;
1453 }
1454
1455 case BIOCSRTIMEOUT64: { /* struct user64_timeval */
1456 struct user64_timeval _tv;
1457 struct timeval tv;
1458
1459 bcopy(addr, &_tv, sizeof (_tv));
1460 tv.tv_sec = _tv.tv_sec;
1461 tv.tv_usec = _tv.tv_usec;
1462
1463 /*
1464 * Subtract 1 tick from tvtohz() since this isn't
1465 * a one-shot timer.
1466 */
1467 if ((error = itimerfix(&tv)) == 0)
1468 d->bd_rtout = tvtohz(&tv) - 1;
1469 break;
1470 }
1471
1472 /*
1473 * Get read timeout.
1474 */
1475 case BIOCGRTIMEOUT32: { /* struct user32_timeval */
1476 struct user32_timeval tv;
1477
1478 bzero(&tv, sizeof (tv));
1479 tv.tv_sec = d->bd_rtout / hz;
1480 tv.tv_usec = (d->bd_rtout % hz) * tick;
1481 bcopy(&tv, addr, sizeof (tv));
1482 break;
1483 }
1484
1485 case BIOCGRTIMEOUT64: { /* struct user64_timeval */
1486 struct user64_timeval tv;
1487
1488 bzero(&tv, sizeof (tv));
1489 tv.tv_sec = d->bd_rtout / hz;
1490 tv.tv_usec = (d->bd_rtout % hz) * tick;
1491 bcopy(&tv, addr, sizeof (tv));
1492 break;
1493 }
1494
1495 /*
1496 * Get packet stats.
1497 */
1498 case BIOCGSTATS: { /* struct bpf_stat */
1499 struct bpf_stat bs;
1500
1501 bzero(&bs, sizeof (bs));
1502 bs.bs_recv = d->bd_rcount;
1503 bs.bs_drop = d->bd_dcount;
1504 bcopy(&bs, addr, sizeof (bs));
1505 break;
1506 }
1507
1508 /*
1509 * Set immediate mode.
1510 */
1511 case BIOCIMMEDIATE: /* u_int */
1512 bcopy(addr, &d->bd_immediate, sizeof (u_int));
1513 break;
1514
1515 case BIOCVERSION: { /* struct bpf_version */
1516 struct bpf_version bv;
1517
1518 bzero(&bv, sizeof (bv));
1519 bv.bv_major = BPF_MAJOR_VERSION;
1520 bv.bv_minor = BPF_MINOR_VERSION;
1521 bcopy(&bv, addr, sizeof (bv));
1522 break;
1523 }
1524
1525 /*
1526 * Get "header already complete" flag
1527 */
1528 case BIOCGHDRCMPLT: /* u_int */
1529 bcopy(&d->bd_hdrcmplt, addr, sizeof (u_int));
1530 break;
1531
1532 /*
1533 * Set "header already complete" flag
1534 */
1535 case BIOCSHDRCMPLT: /* u_int */
1536 bcopy(addr, &int_arg, sizeof (int_arg));
1537 d->bd_hdrcmplt = int_arg ? 1 : 0;
1538 break;
1539
1540 /*
1541 * Get "see sent packets" flag
1542 */
1543 case BIOCGSEESENT: /* u_int */
1544 bcopy(&d->bd_seesent, addr, sizeof (u_int));
1545 break;
1546
1547 /*
1548 * Set "see sent packets" flag
1549 */
1550 case BIOCSSEESENT: /* u_int */
1551 bcopy(addr, &d->bd_seesent, sizeof (u_int));
1552 break;
1553
1554 /*
1555 * Set traffic service class
1556 */
1557 case BIOCSETTC: { /* int */
1558 int tc;
1559
1560 bcopy(addr, &tc, sizeof (int));
1561 error = bpf_set_traffic_class(d, tc);
1562 break;
1563 }
1564
1565 /*
1566 * Get traffic service class
1567 */
1568 case BIOCGETTC: /* int */
1569 bcopy(&d->bd_traffic_class, addr, sizeof (int));
1570 break;
1571
1572 case FIONBIO: /* Non-blocking I/O; int */
1573 break;
1574
1575 case FIOASYNC: /* Send signal on receive packets; int */
1576 bcopy(addr, &d->bd_async, sizeof (int));
1577 break;
1578 #ifndef __APPLE__
1579 case FIOSETOWN:
1580 error = fsetown(*(int *)addr, &d->bd_sigio);
1581 break;
1582
1583 case FIOGETOWN:
1584 *(int *)addr = fgetown(d->bd_sigio);
1585 break;
1586
1587 /* This is deprecated, FIOSETOWN should be used instead. */
1588 case TIOCSPGRP:
1589 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1590 break;
1591
1592 /* This is deprecated, FIOGETOWN should be used instead. */
1593 case TIOCGPGRP:
1594 *(int *)addr = -fgetown(d->bd_sigio);
1595 break;
1596 #endif
1597 case BIOCSRSIG: { /* Set receive signal; u_int */
1598 u_int sig;
1599
1600 bcopy(addr, &sig, sizeof (u_int));
1601
1602 if (sig >= NSIG)
1603 error = EINVAL;
1604 else
1605 d->bd_sig = sig;
1606 break;
1607 }
1608 case BIOCGRSIG: /* u_int */
1609 bcopy(&d->bd_sig, addr, sizeof (u_int));
1610 break;
1611 #ifdef __APPLE__
1612 case BIOCSEXTHDR:
1613 bcopy(addr, &d->bd_extendedhdr, sizeof (u_int));
1614 break;
1615
1616 case BIOCGIFATTACHCOUNT: { /* struct ifreq */
1617 ifnet_t ifp;
1618 struct bpf_if *bp;
1619
1620 bcopy(addr, &ifr, sizeof (ifr));
1621 ifr.ifr_name[IFNAMSIZ - 1] = '\0';
1622 ifp = ifunit(ifr.ifr_name);
1623 if (ifp == NULL) {
1624 error = ENXIO;
1625 break;
1626 }
1627 ifr.ifr_intval = 0;
1628 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1629 struct bpf_d *bpf_d;
1630
1631 if (bp->bif_ifp == NULL || bp->bif_ifp != ifp)
1632 continue;
1633 for (bpf_d = bp->bif_dlist; bpf_d; bpf_d = bpf_d->bd_next) {
1634 ifr.ifr_intval += 1;
1635 }
1636 }
1637 bcopy(&ifr, addr, sizeof (ifr));
1638 break;
1639 }
1640 #endif
1641 }
1642
1643 lck_mtx_unlock(bpf_mlock);
1644
1645 return (error);
1646 }
1647
1648 /*
1649 * Set d's packet filter program to fp. If this file already has a filter,
1650 * free it and replace it. Returns EINVAL for bogus requests.
1651 */
1652 static int
1653 bpf_setf(struct bpf_d *d, u_int bf_len, user_addr_t bf_insns, dev_t dev, u_long cmd)
1654 {
1655 struct bpf_insn *fcode, *old;
1656 u_int flen, size;
1657
1658 while (d->bd_hbuf_read)
1659 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
1660
1661 d = bpf_dtab[minor(dev)];
1662 if (d == 0 || d == (void *)1)
1663 return (ENXIO);
1664
1665 old = d->bd_filter;
1666 if (bf_insns == USER_ADDR_NULL) {
1667 if (bf_len != 0)
1668 return (EINVAL);
1669 d->bd_filter = NULL;
1670 reset_d(d);
1671 if (old != 0)
1672 FREE((caddr_t)old, M_DEVBUF);
1673 return (0);
1674 }
1675 flen = bf_len;
1676 if (flen > BPF_MAXINSNS)
1677 return (EINVAL);
1678
1679 size = flen * sizeof(struct bpf_insn);
1680 fcode = (struct bpf_insn *) _MALLOC(size, M_DEVBUF, M_WAIT);
1681 #ifdef __APPLE__
1682 if (fcode == NULL)
1683 return (ENOBUFS);
1684 #endif
1685 if (copyin(bf_insns, (caddr_t)fcode, size) == 0 &&
1686 bpf_validate(fcode, (int)flen)) {
1687 d->bd_filter = fcode;
1688
1689 if (cmd == BIOCSETF32 || cmd == BIOCSETF64)
1690 reset_d(d);
1691
1692 if (old != 0)
1693 FREE((caddr_t)old, M_DEVBUF);
1694
1695 return (0);
1696 }
1697 FREE((caddr_t)fcode, M_DEVBUF);
1698 return (EINVAL);
1699 }
1700
1701 /*
1702 * Detach a file from its current interface (if attached at all) and attach
1703 * to the interface indicated by the name stored in ifr.
1704 * Return an errno or 0.
1705 */
1706 static int
1707 bpf_setif(struct bpf_d *d, ifnet_t theywant, u_int32_t dlt, dev_t dev)
1708 {
1709 struct bpf_if *bp;
1710 int error;
1711
1712 while (d->bd_hbuf_read)
1713 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
1714
1715 d = bpf_dtab[minor(dev)];
1716 if (d == 0 || d == (void *)1)
1717 return (ENXIO);
1718
1719 /*
1720 * Look through attached interfaces for the named one.
1721 */
1722 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1723 struct ifnet *ifp = bp->bif_ifp;
1724
1725 if (ifp == 0 || ifp != theywant || (dlt != 0 && dlt != bp->bif_dlt))
1726 continue;
1727 /*
1728 * We found the requested interface.
1729 * Allocate the packet buffers if we need to.
1730 * If we're already attached to requested interface,
1731 * just flush the buffer.
1732 */
1733 if (d->bd_sbuf == 0) {
1734 error = bpf_allocbufs(d);
1735 if (error != 0)
1736 return (error);
1737 }
1738 if (bp != d->bd_bif) {
1739 if (d->bd_bif)
1740 /*
1741 * Detach if attached to something else.
1742 */
1743 bpf_detachd(d);
1744
1745 if (bpf_attachd(d, bp) != 0) {
1746 return ENXIO;
1747 }
1748 }
1749 reset_d(d);
1750 return (0);
1751 }
1752 /* Not found. */
1753 return (ENXIO);
1754 }
1755
1756
1757
1758 /*
1759 * Get a list of available data link type of the interface.
1760 */
1761 static int
1762 bpf_getdltlist(struct bpf_d *d, caddr_t addr, struct proc *p)
1763 {
1764 u_int n;
1765 int error;
1766 struct ifnet *ifp;
1767 struct bpf_if *bp;
1768 user_addr_t dlist;
1769 struct bpf_dltlist bfl;
1770
1771 bcopy(addr, &bfl, sizeof (bfl));
1772 if (proc_is64bit(p)) {
1773 dlist = (user_addr_t)bfl.bfl_u.bflu_pad;
1774 } else {
1775 dlist = CAST_USER_ADDR_T(bfl.bfl_u.bflu_list);
1776 }
1777
1778 ifp = d->bd_bif->bif_ifp;
1779 n = 0;
1780 error = 0;
1781 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1782 if (bp->bif_ifp != ifp)
1783 continue;
1784 if (dlist != USER_ADDR_NULL) {
1785 if (n >= bfl.bfl_len) {
1786 return (ENOMEM);
1787 }
1788 error = copyout(&bp->bif_dlt, dlist,
1789 sizeof (bp->bif_dlt));
1790 if (error != 0)
1791 break;
1792 dlist += sizeof (bp->bif_dlt);
1793 }
1794 n++;
1795 }
1796 bfl.bfl_len = n;
1797 bcopy(&bfl, addr, sizeof (bfl));
1798
1799 return (error);
1800 }
1801
1802 /*
1803 * Set the data link type of a BPF instance.
1804 */
1805 static int
1806 bpf_setdlt(struct bpf_d *d, uint32_t dlt, dev_t dev)
1807 {
1808 int error, opromisc;
1809 struct ifnet *ifp;
1810 struct bpf_if *bp;
1811
1812 if (d->bd_bif->bif_dlt == dlt)
1813 return (0);
1814
1815 while (d->bd_hbuf_read)
1816 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
1817
1818 d = bpf_dtab[minor(dev)];
1819 if (d == 0 || d == (void *)1)
1820 return (ENXIO);
1821
1822 ifp = d->bd_bif->bif_ifp;
1823 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1824 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1825 break;
1826 }
1827 if (bp != NULL) {
1828 opromisc = d->bd_promisc;
1829 bpf_detachd(d);
1830 error = bpf_attachd(d, bp);
1831 if (error) {
1832 printf("bpf_setdlt: bpf_attachd %s%d failed (%d)\n",
1833 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1834 return error;
1835 }
1836 reset_d(d);
1837 if (opromisc) {
1838 lck_mtx_unlock(bpf_mlock);
1839 error = ifnet_set_promiscuous(bp->bif_ifp, 1);
1840 lck_mtx_lock(bpf_mlock);
1841 if (error)
1842 printf("bpf_setdlt: ifpromisc %s%d failed (%d)\n",
1843 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1844 else
1845 d->bd_promisc = 1;
1846 }
1847 }
1848 return (bp == NULL ? EINVAL : 0);
1849 }
1850
1851 static int
1852 bpf_set_traffic_class(struct bpf_d *d, int tc)
1853 {
1854 int error = 0;
1855
1856 if (!SO_VALID_TC(tc))
1857 error = EINVAL;
1858 else
1859 d->bd_traffic_class = tc;
1860
1861 return (error);
1862 }
1863
1864 static void
1865 bpf_set_packet_service_class(struct mbuf *m, int tc)
1866 {
1867 if (!(m->m_flags & M_PKTHDR))
1868 return;
1869
1870 VERIFY(SO_VALID_TC(tc));
1871 (void) m_set_service_class(m, so_tc2msc(tc));
1872 }
1873
1874 /*
1875 * Support for select()
1876 *
1877 * Return true iff the specific operation will not block indefinitely.
1878 * Otherwise, return false but make a note that a selwakeup() must be done.
1879 */
1880 int
1881 bpfselect(dev_t dev, int which, void * wql, struct proc *p)
1882 {
1883 struct bpf_d *d;
1884 int ret = 0;
1885
1886 lck_mtx_lock(bpf_mlock);
1887
1888 d = bpf_dtab[minor(dev)];
1889 if (d == 0 || d == (void *)1) {
1890 lck_mtx_unlock(bpf_mlock);
1891 return (ENXIO);
1892 }
1893
1894 if (d->bd_bif == NULL) {
1895 lck_mtx_unlock(bpf_mlock);
1896 return (ENXIO);
1897 }
1898
1899 while (d->bd_hbuf_read)
1900 msleep((caddr_t)d, bpf_mlock, PRINET, "bpf_reading", NULL);
1901
1902 d = bpf_dtab[minor(dev)];
1903 if (d == 0 || d == (void *)1) {
1904 lck_mtx_unlock(bpf_mlock);
1905 return (ENXIO);
1906 }
1907
1908 switch (which) {
1909 case FREAD:
1910 if (d->bd_hlen != 0 ||
1911 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1912 d->bd_slen != 0))
1913 ret = 1; /* read has data to return */
1914 else {
1915 /*
1916 * Read has no data to return.
1917 * Make the select wait, and start a timer if
1918 * necessary.
1919 */
1920 selrecord(p, &d->bd_sel, wql);
1921 bpf_start_timer(d);
1922 }
1923 break;
1924
1925 case FWRITE:
1926 ret = 1; /* can't determine whether a write would block */
1927 break;
1928 }
1929
1930 lck_mtx_unlock(bpf_mlock);
1931 return (ret);
1932 }
1933
1934
1935 /*
1936 * Support for kevent() system call. Register EVFILT_READ filters and
1937 * reject all others.
1938 */
1939 int bpfkqfilter(dev_t dev, struct knote *kn);
1940 static void filt_bpfdetach(struct knote *);
1941 static int filt_bpfread(struct knote *, long);
1942
1943 static struct filterops bpfread_filtops = {
1944 .f_isfd = 1,
1945 .f_detach = filt_bpfdetach,
1946 .f_event = filt_bpfread,
1947 };
1948
1949 int
1950 bpfkqfilter(dev_t dev, struct knote *kn)
1951 {
1952 struct bpf_d *d;
1953
1954 /*
1955 * Is this device a bpf?
1956 */
1957 if (major(dev) != CDEV_MAJOR) {
1958 return (EINVAL);
1959 }
1960
1961 if (kn->kn_filter != EVFILT_READ) {
1962 return (EINVAL);
1963 }
1964
1965 lck_mtx_lock(bpf_mlock);
1966
1967 d = bpf_dtab[minor(dev)];
1968 if (d == 0 || d == (void *)1) {
1969 lck_mtx_unlock(bpf_mlock);
1970 return (ENXIO);
1971 }
1972
1973 if (d->bd_bif == NULL) {
1974 lck_mtx_unlock(bpf_mlock);
1975 return (ENXIO);
1976 }
1977
1978 kn->kn_hook = d;
1979 kn->kn_fop = &bpfread_filtops;
1980 KNOTE_ATTACH(&d->bd_sel.si_note, kn);
1981 lck_mtx_unlock(bpf_mlock);
1982 return 0;
1983 }
1984
1985 static void
1986 filt_bpfdetach(struct knote *kn)
1987 {
1988 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1989
1990 lck_mtx_lock(bpf_mlock);
1991 KNOTE_DETACH(&d->bd_sel.si_note, kn);
1992 lck_mtx_unlock(bpf_mlock);
1993 }
1994
1995 static int
1996 filt_bpfread(struct knote *kn, long hint)
1997 {
1998 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1999 int ready = 0;
2000
2001 if (hint == 0)
2002 lck_mtx_lock(bpf_mlock);
2003
2004 if (d->bd_immediate) {
2005 /*
2006 * If there's data in the hold buffer, it's the
2007 * amount of data a read will return.
2008 *
2009 * If there's no data in the hold buffer, but
2010 * there's data in the store buffer, a read will
2011 * immediately rotate the store buffer to the
2012 * hold buffer, the amount of data in the store
2013 * buffer is the amount of data a read will
2014 * return.
2015 *
2016 * If there's no data in either buffer, we're not
2017 * ready to read.
2018 */
2019 kn->kn_data = ((d->bd_hlen == 0 || d->bd_hbuf_read)
2020 ? d->bd_slen : d->bd_hlen);
2021 int64_t lowwat = 1;
2022 if (kn->kn_sfflags & NOTE_LOWAT)
2023 {
2024 if (kn->kn_sdata > d->bd_bufsize)
2025 lowwat = d->bd_bufsize;
2026 else if (kn->kn_sdata > lowwat)
2027 lowwat = kn->kn_sdata;
2028 }
2029 ready = (kn->kn_data >= lowwat);
2030 } else {
2031 /*
2032 * If there's data in the hold buffer, it's the
2033 * amount of data a read will return.
2034 *
2035 * If there's no data in the hold buffer, but
2036 * there's data in the store buffer, if the
2037 * timer has expired a read will immediately
2038 * rotate the store buffer to the hold buffer,
2039 * so the amount of data in the store buffer is
2040 * the amount of data a read will return.
2041 *
2042 * If there's no data in either buffer, or there's
2043 * no data in the hold buffer and the timer hasn't
2044 * expired, we're not ready to read.
2045 */
2046 kn->kn_data = ((d->bd_hlen == 0 || d->bd_hbuf_read) && d->bd_state == BPF_TIMED_OUT ?
2047 d->bd_slen : d->bd_hlen);
2048 ready = (kn->kn_data > 0);
2049 }
2050 if (!ready)
2051 bpf_start_timer(d);
2052
2053 if (hint == 0)
2054 lck_mtx_unlock(bpf_mlock);
2055 return (ready);
2056 }
2057
2058 /*
2059 * Copy data from an mbuf chain into a buffer. This code is derived
2060 * from m_copydata in sys/uipc_mbuf.c.
2061 */
2062 static void
2063 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
2064 {
2065 struct mbuf *m = (struct mbuf *)(uintptr_t)(src_arg);
2066 u_int count;
2067 u_char *dst;
2068
2069 dst = dst_arg;
2070 while (len > 0) {
2071 if (m == 0)
2072 panic("bpf_mcopy");
2073 count = min(m->m_len, len);
2074 bcopy(mbuf_data(m), dst, count);
2075 m = m->m_next;
2076 dst += count;
2077 len -= count;
2078 }
2079 }
2080
2081 static inline void
2082 bpf_tap_imp(
2083 ifnet_t ifp,
2084 u_int32_t dlt,
2085 mbuf_t m,
2086 void* hdr,
2087 size_t hlen,
2088 int outbound)
2089 {
2090 struct bpf_if *bp;
2091 struct mbuf *savedm = m;
2092
2093 /*
2094 * It's possible that we get here after the bpf descriptor has been
2095 * detached from the interface; in such a case we simply return.
2096 * Lock ordering is important since we can be called asynchronously
2097 * (from the IOKit) to process an inbound packet; when that happens
2098 * we would have been holding its "gateLock" and will be acquiring
2099 * "bpf_mlock" upon entering this routine. Due to that, we release
2100 * "bpf_mlock" prior to calling ifnet_set_promiscuous (which will
2101 * acquire "gateLock" in the IOKit), in order to avoid a deadlock
2102 * when a ifnet_set_promiscuous request simultaneously collides with
2103 * an inbound packet being passed into the tap callback.
2104 */
2105 lck_mtx_lock(bpf_mlock);
2106 if (ifp->if_bpf == NULL) {
2107 lck_mtx_unlock(bpf_mlock);
2108 return;
2109 }
2110 bp = ifp->if_bpf;
2111 for (bp = ifp->if_bpf; bp && bp->bif_ifp == ifp &&
2112 (dlt != 0 && bp->bif_dlt != dlt); bp = bp->bif_next)
2113 ;
2114 if (bp && bp->bif_ifp == ifp && bp->bif_dlist != NULL) {
2115 struct bpf_d *d;
2116 struct m_hdr hack_hdr;
2117 u_int pktlen = 0;
2118 u_int slen = 0;
2119 struct mbuf *m0;
2120
2121 if (hdr) {
2122 /*
2123 * This is gross. We mock up an mbuf that points to the
2124 * header buffer. This means we don't have to copy the
2125 * header. A number of interfaces prepended headers just
2126 * for bpf by allocating an mbuf on the stack. We want to
2127 * give developers an easy way to prepend a header for bpf.
2128 * Since a developer allocating an mbuf on the stack is bad,
2129 * we do even worse here, allocating only a header to point
2130 * to a buffer the developer supplied. This makes assumptions
2131 * that bpf_filter and catchpacket will not look at anything
2132 * in the mbuf other than the header. This was true at the
2133 * time this code was written.
2134 */
2135 hack_hdr.mh_next = m;
2136 hack_hdr.mh_nextpkt = NULL;
2137 hack_hdr.mh_len = hlen;
2138 hack_hdr.mh_data = hdr;
2139 hack_hdr.mh_type = m->m_type;
2140 hack_hdr.mh_flags = 0;
2141
2142 m = (mbuf_t)&hack_hdr;
2143 }
2144
2145 for (m0 = m; m0 != 0; m0 = m0->m_next)
2146 pktlen += m0->m_len;
2147
2148 for (d = bp->bif_dlist; d; d = d->bd_next) {
2149 if (outbound && !d->bd_seesent)
2150 continue;
2151 ++d->bd_rcount;
2152 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
2153 if (slen != 0) {
2154 #if CONFIG_MACF_NET
2155 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) != 0)
2156 continue;
2157 #endif
2158 catchpacket(d, (u_char *)m, savedm, pktlen,
2159 slen, outbound, bpf_mcopy);
2160 }
2161 }
2162 }
2163 lck_mtx_unlock(bpf_mlock);
2164 }
2165
2166 void
2167 bpf_tap_out(
2168 ifnet_t ifp,
2169 u_int32_t dlt,
2170 mbuf_t m,
2171 void* hdr,
2172 size_t hlen)
2173 {
2174 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 1);
2175 }
2176
2177 void
2178 bpf_tap_in(
2179 ifnet_t ifp,
2180 u_int32_t dlt,
2181 mbuf_t m,
2182 void* hdr,
2183 size_t hlen)
2184 {
2185 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 0);
2186 }
2187
2188 /* Callback registered with Ethernet driver. */
2189 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m)
2190 {
2191 bpf_tap_imp(ifp, 0, m, NULL, 0, mbuf_pkthdr_rcvif(m) == NULL);
2192
2193 return 0;
2194 }
2195
2196 /*
2197 * Move the packet data from interface memory (pkt) into the
2198 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
2199 * otherwise 0. "copy" is the routine called to do the actual data
2200 * transfer. bcopy is passed in to copy contiguous chunks, while
2201 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
2202 * pkt is really an mbuf.
2203 */
2204 static void
2205 catchpacket(struct bpf_d *d, u_char *pkt, struct mbuf *m, u_int pktlen,
2206 u_int snaplen, int outbound,
2207 void (*cpfn)(const void *, void *, size_t))
2208 {
2209 struct bpf_hdr *hp;
2210 struct bpf_hdr_ext *ehp;
2211 int totlen, curlen;
2212 int hdrlen, caplen;
2213 int do_wakeup = 0;
2214 u_char *payload;
2215 struct timeval tv;
2216 struct m_tag *mt = NULL;
2217 struct bpf_mtag *bt = NULL;
2218
2219 hdrlen = d->bd_extendedhdr ? d->bd_bif->bif_exthdrlen :
2220 d->bd_bif->bif_hdrlen;
2221 /*
2222 * Figure out how many bytes to move. If the packet is
2223 * greater or equal to the snapshot length, transfer that
2224 * much. Otherwise, transfer the whole packet (unless
2225 * we hit the buffer size limit).
2226 */
2227 totlen = hdrlen + min(snaplen, pktlen);
2228 if (totlen > d->bd_bufsize)
2229 totlen = d->bd_bufsize;
2230
2231 /*
2232 * Round up the end of the previous packet to the next longword.
2233 */
2234 curlen = BPF_WORDALIGN(d->bd_slen);
2235 if (curlen + totlen > d->bd_bufsize) {
2236 /*
2237 * This packet will overflow the storage buffer.
2238 * Rotate the buffers if we can, then wakeup any
2239 * pending reads.
2240 */
2241 if (d->bd_fbuf == NULL) {
2242 /*
2243 * We haven't completed the previous read yet,
2244 * so drop the packet.
2245 */
2246 ++d->bd_dcount;
2247 return;
2248 }
2249 ROTATE_BUFFERS(d);
2250 do_wakeup = 1;
2251 curlen = 0;
2252 }
2253 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
2254 /*
2255 * Immediate mode is set, or the read timeout has
2256 * already expired during a select call. A packet
2257 * arrived, so the reader should be woken up.
2258 */
2259 do_wakeup = 1;
2260
2261 /*
2262 * Append the bpf header.
2263 */
2264 microtime(&tv);
2265 if (d->bd_extendedhdr) {
2266 ehp = (struct bpf_hdr_ext *)(void *)(d->bd_sbuf + curlen);
2267 memset(ehp, 0, sizeof(*ehp));
2268 ehp->bh_tstamp.tv_sec = tv.tv_sec;
2269 ehp->bh_tstamp.tv_usec = tv.tv_usec;
2270 ehp->bh_datalen = pktlen;
2271 ehp->bh_hdrlen = hdrlen;
2272 ehp->bh_caplen = totlen - hdrlen;
2273 mt = m_tag_locate(m, bpf_mtag_id, 0, NULL);
2274 if (mt && mt->m_tag_len >= sizeof(*bt)) {
2275 bt = (struct bpf_mtag *)(mt + 1);
2276 ehp->bh_pid = bt->bt_pid;
2277 strlcpy(ehp->bh_comm, bt->bt_comm,
2278 sizeof(ehp->bh_comm));
2279 ehp->bh_svc = so_svc2tc(bt->bt_svc);
2280 if (bt->bt_direction == BPF_MTAG_DIR_OUT)
2281 ehp->bh_flags |= BPF_HDR_EXT_FLAGS_DIR_OUT;
2282 else
2283 ehp->bh_flags |= BPF_HDR_EXT_FLAGS_DIR_IN;
2284 m_tag_delete(m, mt);
2285 } else if (outbound) {
2286 /* only do lookups on non-raw INPCB */
2287 if ((m->m_pkthdr.pkt_flags & (PKTF_FLOW_ID|
2288 PKTF_FLOW_LOCALSRC|PKTF_FLOW_RAWSOCK)) ==
2289 (PKTF_FLOW_ID|PKTF_FLOW_LOCALSRC) &&
2290 m->m_pkthdr.pkt_flowsrc == FLOWSRC_INPCB) {
2291 ehp->bh_flowid = m->m_pkthdr.pkt_flowid;
2292 ehp->bh_proto = m->m_pkthdr.pkt_proto;
2293 }
2294 ehp->bh_svc = so_svc2tc(m->m_pkthdr.pkt_svc);
2295 ehp->bh_flags |= BPF_HDR_EXT_FLAGS_DIR_OUT;
2296 } else
2297 ehp->bh_flags |= BPF_HDR_EXT_FLAGS_DIR_IN;
2298 payload = (u_char *)ehp + hdrlen;
2299 caplen = ehp->bh_caplen;
2300 } else {
2301 hp = (struct bpf_hdr *)(void *)(d->bd_sbuf + curlen);
2302 hp->bh_tstamp.tv_sec = tv.tv_sec;
2303 hp->bh_tstamp.tv_usec = tv.tv_usec;
2304 hp->bh_datalen = pktlen;
2305 hp->bh_hdrlen = hdrlen;
2306 hp->bh_caplen = totlen - hdrlen;
2307 payload = (u_char *)hp + hdrlen;
2308 caplen = hp->bh_caplen;
2309 }
2310 /*
2311 * Copy the packet data into the store buffer and update its length.
2312 */
2313 (*cpfn)(pkt, payload, caplen);
2314 d->bd_slen = curlen + totlen;
2315
2316 if (do_wakeup)
2317 bpf_wakeup(d);
2318 }
2319
2320 /*
2321 * Initialize all nonzero fields of a descriptor.
2322 */
2323 static int
2324 bpf_allocbufs(struct bpf_d *d)
2325 {
2326 d->bd_fbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2327 if (d->bd_fbuf == 0)
2328 return (ENOBUFS);
2329
2330 d->bd_sbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2331 if (d->bd_sbuf == 0) {
2332 FREE(d->bd_fbuf, M_DEVBUF);
2333 return (ENOBUFS);
2334 }
2335 d->bd_slen = 0;
2336 d->bd_hlen = 0;
2337 return (0);
2338 }
2339
2340 /*
2341 * Free buffers currently in use by a descriptor.
2342 * Called on close.
2343 */
2344 static void
2345 bpf_freed(struct bpf_d *d)
2346 {
2347 /*
2348 * We don't need to lock out interrupts since this descriptor has
2349 * been detached from its interface and it yet hasn't been marked
2350 * free.
2351 */
2352 if (d->bd_hbuf_read)
2353 panic("bpf buffer freed during read");
2354
2355 if (d->bd_sbuf != 0) {
2356 FREE(d->bd_sbuf, M_DEVBUF);
2357 if (d->bd_hbuf != 0)
2358 FREE(d->bd_hbuf, M_DEVBUF);
2359 if (d->bd_fbuf != 0)
2360 FREE(d->bd_fbuf, M_DEVBUF);
2361 }
2362 if (d->bd_filter)
2363 FREE((caddr_t)d->bd_filter, M_DEVBUF);
2364 }
2365
2366 /*
2367 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
2368 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
2369 * size of the link header (variable length headers not yet supported).
2370 */
2371 void
2372 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2373 {
2374 bpf_attach(ifp, dlt, hdrlen, NULL, NULL);
2375 }
2376
2377 errno_t
2378 bpf_attach(
2379 ifnet_t ifp,
2380 u_int32_t dlt,
2381 u_int32_t hdrlen,
2382 bpf_send_func send,
2383 bpf_tap_func tap)
2384 {
2385 struct bpf_if *bp_new;
2386 struct bpf_if *bp_temp;
2387 struct bpf_if *bp_first = NULL;
2388
2389 bp_new = (struct bpf_if *) _MALLOC(sizeof(*bp_new), M_DEVBUF, M_WAIT);
2390 if (bp_new == 0)
2391 panic("bpfattach");
2392
2393 lck_mtx_lock(bpf_mlock);
2394
2395 /*
2396 * Check if this interface/dlt is already attached, record first
2397 * attachment for this interface.
2398 */
2399 for (bp_temp = bpf_iflist; bp_temp && (bp_temp->bif_ifp != ifp ||
2400 bp_temp->bif_dlt != dlt); bp_temp = bp_temp->bif_next) {
2401 if (bp_temp->bif_ifp == ifp && bp_first == NULL)
2402 bp_first = bp_temp;
2403 }
2404
2405 if (bp_temp != NULL) {
2406 printf("bpfattach - %s with dlt %d is already attached\n",
2407 if_name(ifp), dlt);
2408 FREE(bp_new, M_DEVBUF);
2409 lck_mtx_unlock(bpf_mlock);
2410 return EEXIST;
2411 }
2412
2413 bzero(bp_new, sizeof(*bp_new));
2414 bp_new->bif_ifp = ifp;
2415 bp_new->bif_dlt = dlt;
2416 bp_new->bif_send = send;
2417 bp_new->bif_tap = tap;
2418
2419 if (bp_first == NULL) {
2420 /* No other entries for this ifp */
2421 bp_new->bif_next = bpf_iflist;
2422 bpf_iflist = bp_new;
2423 }
2424 else {
2425 /* Add this after the first entry for this interface */
2426 bp_new->bif_next = bp_first->bif_next;
2427 bp_first->bif_next = bp_new;
2428 }
2429
2430 /*
2431 * Compute the length of the bpf header. This is not necessarily
2432 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
2433 * that the network layer header begins on a longword boundary (for
2434 * performance reasons and to alleviate alignment restrictions).
2435 */
2436 bp_new->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
2437 bp_new->bif_exthdrlen = BPF_WORDALIGN(hdrlen +
2438 sizeof(struct bpf_hdr_ext)) - hdrlen;
2439
2440 /* Take a reference on the interface */
2441 ifnet_reference(ifp);
2442
2443 lck_mtx_unlock(bpf_mlock);
2444
2445 #ifndef __APPLE__
2446 if (bootverbose)
2447 printf("bpf: %s attached\n", if_name(ifp));
2448 #endif
2449
2450 return 0;
2451 }
2452
2453 /*
2454 * Detach bpf from an interface. This involves detaching each descriptor
2455 * associated with the interface, and leaving bd_bif NULL. Notify each
2456 * descriptor as it's detached so that any sleepers wake up and get
2457 * ENXIO.
2458 */
2459 void
2460 bpfdetach(struct ifnet *ifp)
2461 {
2462 struct bpf_if *bp, *bp_prev, *bp_next;
2463 struct bpf_if *bp_free = NULL;
2464 struct bpf_d *d;
2465
2466
2467 lck_mtx_lock(bpf_mlock);
2468
2469 /* Locate BPF interface information */
2470 bp_prev = NULL;
2471 for (bp = bpf_iflist; bp != NULL; bp = bp_next) {
2472 bp_next = bp->bif_next;
2473 if (ifp != bp->bif_ifp) {
2474 bp_prev = bp;
2475 continue;
2476 }
2477
2478 while ((d = bp->bif_dlist) != NULL) {
2479 bpf_detachd(d);
2480 bpf_wakeup(d);
2481 }
2482
2483 if (bp_prev) {
2484 bp_prev->bif_next = bp->bif_next;
2485 } else {
2486 bpf_iflist = bp->bif_next;
2487 }
2488
2489 bp->bif_next = bp_free;
2490 bp_free = bp;
2491
2492 ifnet_release(ifp);
2493 }
2494
2495 lck_mtx_unlock(bpf_mlock);
2496
2497 FREE(bp, M_DEVBUF);
2498
2499 }
2500
2501 void
2502 bpf_init(__unused void *unused)
2503 {
2504 #ifdef __APPLE__
2505 int i;
2506 int maj;
2507
2508 if (bpf_devsw_installed == 0) {
2509 bpf_devsw_installed = 1;
2510 bpf_mlock_grp_attr = lck_grp_attr_alloc_init();
2511 bpf_mlock_grp = lck_grp_alloc_init("bpf", bpf_mlock_grp_attr);
2512 bpf_mlock_attr = lck_attr_alloc_init();
2513 lck_mtx_init(bpf_mlock, bpf_mlock_grp, bpf_mlock_attr);
2514 maj = cdevsw_add(CDEV_MAJOR, &bpf_cdevsw);
2515 if (maj == -1) {
2516 if (bpf_mlock_attr)
2517 lck_attr_free(bpf_mlock_attr);
2518 if (bpf_mlock_grp)
2519 lck_grp_free(bpf_mlock_grp);
2520 if (bpf_mlock_grp_attr)
2521 lck_grp_attr_free(bpf_mlock_grp_attr);
2522
2523 bpf_mlock = NULL;
2524 bpf_mlock_attr = NULL;
2525 bpf_mlock_grp = NULL;
2526 bpf_mlock_grp_attr = NULL;
2527 bpf_devsw_installed = 0;
2528 printf("bpf_init: failed to allocate a major number!\n");
2529 return;
2530 }
2531
2532 for (i = 0 ; i < NBPFILTER; i++)
2533 bpf_make_dev_t(maj);
2534
2535 VERIFY(mbuf_tag_id_find(BPF_CONTROL_NAME, &bpf_mtag_id) == 0);
2536 }
2537 #else
2538 cdevsw_add(&bpf_cdevsw);
2539 #endif
2540 }
2541
2542 #ifndef __APPLE__
2543 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
2544 #endif
2545
2546 #if CONFIG_MACF_NET
2547 struct label *
2548 mac_bpfdesc_label_get(struct bpf_d *d)
2549 {
2550
2551 return (d->bd_label);
2552 }
2553
2554 void
2555 mac_bpfdesc_label_set(struct bpf_d *d, struct label *label)
2556 {
2557
2558 d->bd_label = label;
2559 }
2560 #endif
mirror of XNU