]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/bpf.c
xnu-1699.22.81.tar.gz
[apple/xnu.git] / bsd / net / bpf.c
1 /*
2 * Copyright (c) 2000-2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
66 *
67 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.5 2001/01/05 04:49:09 jdp Exp $
68 */
69 /*
70 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
71 * support for mandatory and extensible security protections. This notice
72 * is included in support of clause 2.2 (b) of the Apple Public License,
73 * Version 2.0.
74 */
75
76 #include "bpf.h"
77
78 #ifndef __GNUC__
79 #define inline
80 #else
81 #define inline __inline
82 #endif
83
84 #include <sys/param.h>
85 #include <sys/systm.h>
86 #include <sys/conf.h>
87 #include <sys/malloc.h>
88 #include <sys/mbuf.h>
89 #include <sys/time.h>
90 #include <sys/proc.h>
91 #include <sys/signalvar.h>
92 #include <sys/filio.h>
93 #include <sys/sockio.h>
94 #include <sys/ttycom.h>
95 #include <sys/filedesc.h>
96 #include <sys/uio_internal.h>
97 #include <sys/file_internal.h>
98 #include <sys/event.h>
99
100 #if defined(sparc) && BSD < 199103
101 #include <sys/stream.h>
102 #endif
103 #include <sys/poll.h>
104
105 #include <sys/socket.h>
106 #include <sys/vnode.h>
107
108 #include <net/if.h>
109 #include <net/bpf.h>
110 #include <net/bpfdesc.h>
111
112 #include <netinet/in.h>
113 #include <netinet/if_ether.h>
114 #include <sys/kernel.h>
115 #include <sys/sysctl.h>
116 #include <net/firewire.h>
117
118 #include <miscfs/devfs/devfs.h>
119 #include <net/dlil.h>
120
121 #include <kern/locks.h>
122 #include <kern/thread_call.h>
123
124 #if CONFIG_MACF_NET
125 #include <security/mac_framework.h>
126 #endif /* MAC_NET */
127
128 extern int tvtohz(struct timeval *);
129
130 /*
131 * Older BSDs don't have kernel malloc.
132 */
133 #if BSD < 199103
134 extern bcopy();
135 static caddr_t bpf_alloc();
136 #include <net/bpf_compat.h>
137 #define BPF_BUFSIZE (MCLBYTES-8)
138 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
139 #else
140 #define BPF_BUFSIZE 4096
141 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
142 #endif
143
144
145 #define PRINET 26 /* interruptible */
146
147 /*
148 * The default read buffer size is patchable.
149 */
150 static unsigned int bpf_bufsize = BPF_BUFSIZE;
151 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
152 &bpf_bufsize, 0, "");
153 __private_extern__ unsigned int bpf_maxbufsize = BPF_MAXBUFSIZE;
154 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW | CTLFLAG_LOCKED,
155 &bpf_maxbufsize, 0, "");
156 static unsigned int bpf_maxdevices = 256;
157 SYSCTL_UINT(_debug, OID_AUTO, bpf_maxdevices, CTLFLAG_RW | CTLFLAG_LOCKED,
158 &bpf_maxdevices, 0, "");
159
160 /*
161 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
162 * bpf_dtab holds pointer to the descriptors, indexed by minor device #
163 */
164 static struct bpf_if *bpf_iflist;
165 #ifdef __APPLE__
166 /*
167 * BSD now stores the bpf_d in the dev_t which is a struct
168 * on their system. Our dev_t is an int, so we still store
169 * the bpf_d in a separate table indexed by minor device #.
170 *
171 * The value stored in bpf_dtab[n] represent three states:
172 * 0: device not opened
173 * 1: device opening or closing
174 * other: device <n> opened with pointer to storage
175 */
176 static struct bpf_d **bpf_dtab = NULL;
177 static unsigned int bpf_dtab_size = 0;
178 static unsigned int nbpfilter = 0;
179
180 static lck_mtx_t *bpf_mlock;
181 static lck_grp_t *bpf_mlock_grp;
182 static lck_grp_attr_t *bpf_mlock_grp_attr;
183 static lck_attr_t *bpf_mlock_attr;
184
185 /*
186 * Mark a descriptor free by making it point to itself.
187 * This is probably cheaper than marking with a constant since
188 * the address should be in a register anyway.
189 */
190 #endif /* __APPLE__ */
191
192 static int bpf_allocbufs(struct bpf_d *);
193 static errno_t bpf_attachd(struct bpf_d *d, struct bpf_if *bp);
194 static void bpf_detachd(struct bpf_d *d);
195 static void bpf_freed(struct bpf_d *);
196 static void bpf_mcopy(const void *, void *, size_t);
197 static int bpf_movein(struct uio *, int,
198 struct mbuf **, struct sockaddr *, int *);
199 static int bpf_setif(struct bpf_d *, ifnet_t ifp, u_int32_t dlt);
200 static void bpf_timed_out(void *, void *);
201 static void bpf_wakeup(struct bpf_d *);
202 static void catchpacket(struct bpf_d *, u_char *, u_int,
203 u_int, void (*)(const void *, void *, size_t));
204 static void reset_d(struct bpf_d *);
205 static int bpf_setf(struct bpf_d *, u_int bf_len, user_addr_t bf_insns);
206 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *,
207 struct proc *);
208 static int bpf_setdlt(struct bpf_d *, u_int);
209
210 /*static void *bpf_devfs_token[MAXBPFILTER];*/
211
212 static int bpf_devsw_installed;
213
214 void bpf_init(void *unused);
215 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m);
216
217 /*
218 * Darwin differs from BSD here, the following are static
219 * on BSD and not static on Darwin.
220 */
221 d_open_t bpfopen;
222 d_close_t bpfclose;
223 d_read_t bpfread;
224 d_write_t bpfwrite;
225 ioctl_fcn_t bpfioctl;
226 select_fcn_t bpfselect;
227
228
229 /* Darwin's cdevsw struct differs slightly from BSDs */
230 #define CDEV_MAJOR 23
231 static struct cdevsw bpf_cdevsw = {
232 /* open */ bpfopen,
233 /* close */ bpfclose,
234 /* read */ bpfread,
235 /* write */ bpfwrite,
236 /* ioctl */ bpfioctl,
237 /* stop */ eno_stop,
238 /* reset */ eno_reset,
239 /* tty */ NULL,
240 /* select */ bpfselect,
241 /* mmap */ eno_mmap,
242 /* strategy*/ eno_strat,
243 /* getc */ eno_getc,
244 /* putc */ eno_putc,
245 /* type */ 0
246 };
247
248 #define SOCKADDR_HDR_LEN offsetof(struct sockaddr, sa_data)
249
250 static int
251 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, struct sockaddr *sockp, int *datlen)
252 {
253 struct mbuf *m;
254 int error;
255 int len;
256 uint8_t sa_family;
257 int hlen;
258
259 switch (linktype) {
260
261 #if SLIP
262 case DLT_SLIP:
263 sa_family = AF_INET;
264 hlen = 0;
265 break;
266 #endif /* SLIP */
267
268 case DLT_EN10MB:
269 sa_family = AF_UNSPEC;
270 /* XXX Would MAXLINKHDR be better? */
271 hlen = sizeof(struct ether_header);
272 break;
273
274 #if FDDI
275 case DLT_FDDI:
276 #if defined(__FreeBSD__) || defined(__bsdi__)
277 sa_family = AF_IMPLINK;
278 hlen = 0;
279 #else
280 sa_family = AF_UNSPEC;
281 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
282 hlen = 24;
283 #endif
284 break;
285 #endif /* FDDI */
286
287 case DLT_RAW:
288 case DLT_NULL:
289 sa_family = AF_UNSPEC;
290 hlen = 0;
291 break;
292
293 #ifdef __FreeBSD__
294 case DLT_ATM_RFC1483:
295 /*
296 * en atm driver requires 4-byte atm pseudo header.
297 * though it isn't standard, vpi:vci needs to be
298 * specified anyway.
299 */
300 sa_family = AF_UNSPEC;
301 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
302 break;
303 #endif
304
305 case DLT_PPP:
306 sa_family = AF_UNSPEC;
307 hlen = 4; /* This should match PPP_HDRLEN */
308 break;
309
310 case DLT_APPLE_IP_OVER_IEEE1394:
311 sa_family = AF_UNSPEC;
312 hlen = sizeof(struct firewire_header);
313 break;
314
315 case DLT_IEEE802_11: /* IEEE 802.11 wireless */
316 sa_family = AF_IEEE80211;
317 hlen = 0;
318 break;
319
320 case DLT_IEEE802_11_RADIO:
321 sa_family = AF_IEEE80211;
322 hlen = 0;
323 break;
324
325 default:
326 return (EIO);
327 }
328
329 // LP64todo - fix this!
330 len = uio_resid(uio);
331 *datlen = len - hlen;
332 if ((unsigned)len > MCLBYTES)
333 return (EIO);
334
335 if (sockp) {
336 /*
337 * Build a sockaddr based on the data link layer type.
338 * We do this at this level because the ethernet header
339 * is copied directly into the data field of the sockaddr.
340 * In the case of SLIP, there is no header and the packet
341 * is forwarded as is.
342 * Also, we are careful to leave room at the front of the mbuf
343 * for the link level header.
344 */
345 if ((hlen + SOCKADDR_HDR_LEN) > sockp->sa_len) {
346 return (EIO);
347 }
348 sockp->sa_family = sa_family;
349 } else {
350 /*
351 * We're directly sending the packet data supplied by
352 * the user; we don't need to make room for the link
353 * header, and don't need the header length value any
354 * more, so set it to 0.
355 */
356 hlen = 0;
357 }
358
359 MGETHDR(m, M_WAIT, MT_DATA);
360 if (m == 0)
361 return (ENOBUFS);
362 if ((unsigned)len > MHLEN) {
363 #if BSD >= 199103
364 MCLGET(m, M_WAIT);
365 if ((m->m_flags & M_EXT) == 0) {
366 #else
367 MCLGET(m);
368 if (m->m_len != MCLBYTES) {
369 #endif
370 error = ENOBUFS;
371 goto bad;
372 }
373 }
374 m->m_pkthdr.len = m->m_len = len;
375 m->m_pkthdr.rcvif = NULL;
376 *mp = m;
377
378 /*
379 * Make room for link header.
380 */
381 if (hlen != 0) {
382 m->m_pkthdr.len -= hlen;
383 m->m_len -= hlen;
384 #if BSD >= 199103
385 m->m_data += hlen; /* XXX */
386 #else
387 m->m_off += hlen;
388 #endif
389 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
390 if (error)
391 goto bad;
392 }
393 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
394 if (error)
395 goto bad;
396
397 /* Check for multicast destination */
398 switch (linktype) {
399 case DLT_EN10MB: {
400 struct ether_header *eh = mtod(m, struct ether_header *);
401
402 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
403 if (_ether_cmp(etherbroadcastaddr, eh->ether_dhost) == 0)
404 m->m_flags |= M_BCAST;
405 else
406 m->m_flags |= M_MCAST;
407 }
408 break;
409 }
410 }
411
412 return 0;
413 bad:
414 m_freem(m);
415 return (error);
416 }
417
418 #ifdef __APPLE__
419
420 /*
421 * The dynamic addition of a new device node must block all processes that are opening
422 * the last device so that no process will get an unexpected ENOENT
423 */
424 static void
425 bpf_make_dev_t(int maj)
426 {
427 static int bpf_growing = 0;
428 unsigned int cur_size = nbpfilter, i;
429
430 if (nbpfilter >= bpf_maxdevices)
431 return;
432
433 while (bpf_growing) {
434 /* Wait until new device has been created */
435 (void)tsleep((caddr_t)&bpf_growing, PZERO, "bpf_growing", 0);
436 }
437 if (nbpfilter > cur_size) {
438 /* other thread grew it already */
439 return;
440 }
441 bpf_growing = 1;
442
443 /* need to grow bpf_dtab first */
444 if (nbpfilter == bpf_dtab_size) {
445 int new_dtab_size;
446 struct bpf_d **new_dtab = NULL;
447 struct bpf_d **old_dtab = NULL;
448
449 new_dtab_size = bpf_dtab_size + NBPFILTER;
450 new_dtab = (struct bpf_d **)_MALLOC(sizeof(struct bpf_d *) * new_dtab_size, M_DEVBUF, M_WAIT);
451 if (new_dtab == 0) {
452 printf("bpf_make_dev_t: malloc bpf_dtab failed\n");
453 goto done;
454 }
455 if (bpf_dtab) {
456 bcopy(bpf_dtab, new_dtab,
457 sizeof(struct bpf_d *) * bpf_dtab_size);
458 }
459 bzero(new_dtab + bpf_dtab_size,
460 sizeof(struct bpf_d *) * NBPFILTER);
461 old_dtab = bpf_dtab;
462 bpf_dtab = new_dtab;
463 bpf_dtab_size = new_dtab_size;
464 if (old_dtab != NULL)
465 _FREE(old_dtab, M_DEVBUF);
466 }
467 i = nbpfilter++;
468 (void) devfs_make_node(makedev(maj, i),
469 DEVFS_CHAR, UID_ROOT, GID_WHEEL, 0600,
470 "bpf%d", i);
471 done:
472 bpf_growing = 0;
473 wakeup((caddr_t)&bpf_growing);
474 }
475
476 #endif
477
478 /*
479 * Attach file to the bpf interface, i.e. make d listen on bp.
480 */
481 static errno_t
482 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
483 {
484 int first = bp->bif_dlist == NULL;
485 int error = 0;
486
487 /*
488 * Point d at bp, and add d to the interface's list of listeners.
489 * Finally, point the driver's bpf cookie at the interface so
490 * it will divert packets to bpf.
491 */
492 d->bd_bif = bp;
493 d->bd_next = bp->bif_dlist;
494 bp->bif_dlist = d;
495
496 if (first) {
497 /* Find the default bpf entry for this ifp */
498 if (bp->bif_ifp->if_bpf == NULL) {
499 struct bpf_if *primary;
500
501 for (primary = bpf_iflist; primary && primary->bif_ifp != bp->bif_ifp;
502 primary = primary->bif_next)
503 ;
504
505 bp->bif_ifp->if_bpf = primary;
506 }
507
508 /* Only call dlil_set_bpf_tap for primary dlt */
509 if (bp->bif_ifp->if_bpf == bp)
510 dlil_set_bpf_tap(bp->bif_ifp, BPF_TAP_INPUT_OUTPUT, bpf_tap_callback);
511
512 if (bp->bif_tap)
513 error = bp->bif_tap(bp->bif_ifp, bp->bif_dlt, BPF_TAP_INPUT_OUTPUT);
514 }
515
516 return error;
517 }
518
519 /*
520 * Detach a file from its interface.
521 */
522 static void
523 bpf_detachd(struct bpf_d *d)
524 {
525 struct bpf_d **p;
526 struct bpf_if *bp;
527 struct ifnet *ifp;
528
529 ifp = d->bd_bif->bif_ifp;
530 bp = d->bd_bif;
531
532 /* Remove d from the interface's descriptor list. */
533 p = &bp->bif_dlist;
534 while (*p != d) {
535 p = &(*p)->bd_next;
536 if (*p == 0)
537 panic("bpf_detachd: descriptor not in list");
538 }
539 *p = (*p)->bd_next;
540 if (bp->bif_dlist == 0) {
541 /*
542 * Let the driver know that there are no more listeners.
543 */
544 /* Only call dlil_set_bpf_tap for primary dlt */
545 if (bp->bif_ifp->if_bpf == bp)
546 dlil_set_bpf_tap(ifp, BPF_TAP_DISABLE, NULL);
547 if (bp->bif_tap)
548 bp->bif_tap(ifp, bp->bif_dlt, BPF_TAP_DISABLE);
549
550 for (bp = bpf_iflist; bp; bp = bp->bif_next)
551 if (bp->bif_ifp == ifp && bp->bif_dlist != 0)
552 break;
553 if (bp == NULL)
554 ifp->if_bpf = NULL;
555 }
556 d->bd_bif = NULL;
557 /*
558 * Check if this descriptor had requested promiscuous mode.
559 * If so, turn it off.
560 */
561 if (d->bd_promisc) {
562 d->bd_promisc = 0;
563 lck_mtx_unlock(bpf_mlock);
564 if (ifnet_set_promiscuous(ifp, 0)) {
565 /*
566 * Something is really wrong if we were able to put
567 * the driver into promiscuous mode, but can't
568 * take it out.
569 * Most likely the network interface is gone.
570 */
571 printf("bpf: ifnet_set_promiscuous failed");
572 }
573 lck_mtx_lock(bpf_mlock);
574 }
575 }
576
577
578 /*
579 * Start asynchronous timer, if necessary.
580 * Must be called with bpf_mlock held.
581 */
582 static void
583 bpf_start_timer(struct bpf_d *d)
584 {
585 uint64_t deadline;
586 struct timeval tv;
587
588 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
589 tv.tv_sec = d->bd_rtout / hz;
590 tv.tv_usec = (d->bd_rtout % hz) * tick;
591
592 clock_interval_to_deadline((uint64_t)tv.tv_sec * USEC_PER_SEC + tv.tv_usec,
593 NSEC_PER_USEC,
594 &deadline);
595 /*
596 * The state is BPF_IDLE, so the timer hasn't
597 * been started yet, and hasn't gone off yet;
598 * there is no thread call scheduled, so this
599 * won't change the schedule.
600 *
601 * XXX - what if, by the time it gets entered,
602 * the deadline has already passed?
603 */
604 thread_call_enter_delayed(d->bd_thread_call, deadline);
605 d->bd_state = BPF_WAITING;
606 }
607 }
608
609 /*
610 * Cancel asynchronous timer.
611 * Must be called with bpf_mlock held.
612 */
613 static boolean_t
614 bpf_stop_timer(struct bpf_d *d)
615 {
616 /*
617 * If the timer has already gone off, this does nothing.
618 * Our caller is expected to set d->bd_state to BPF_IDLE,
619 * with the bpf_mlock, after we are called. bpf_timed_out()
620 * also grabs bpf_mlock, so, if the timer has gone off and
621 * bpf_timed_out() hasn't finished, it's waiting for the
622 * lock; when this thread releases the lock, it will
623 * find the state is BPF_IDLE, and just release the
624 * lock and return.
625 */
626 return (thread_call_cancel(d->bd_thread_call));
627 }
628
629
630
631 /*
632 * Open ethernet device. Returns ENXIO for illegal minor device number,
633 * EBUSY if file is open by another process.
634 */
635 /* ARGSUSED */
636 int
637 bpfopen(dev_t dev, int flags, __unused int fmt,
638 __unused struct proc *p)
639 {
640 struct bpf_d *d;
641
642 lck_mtx_lock(bpf_mlock);
643 if ((unsigned int) minor(dev) >= nbpfilter) {
644 lck_mtx_unlock(bpf_mlock);
645 return (ENXIO);
646 }
647 /*
648 * New device nodes are created on demand when opening the last one.
649 * The programming model is for processes to loop on the minor starting at 0
650 * as long as EBUSY is returned. The loop stops when either the open succeeds or
651 * an error other that EBUSY is returned. That means that bpf_make_dev_t() must
652 * block all processes that are opening the last node. If not all
653 * processes are blocked, they could unexpectedly get ENOENT and abort their
654 * opening loop.
655 */
656 if ((unsigned int) minor(dev) == (nbpfilter - 1))
657 bpf_make_dev_t(major(dev));
658
659 /*
660 * Each minor can be opened by only one process. If the requested
661 * minor is in use, return EBUSY.
662 *
663 * Important: bpfopen() and bpfclose() have to check and set the status of a device
664 * in the same lockin context otherwise the device may be leaked because the vnode use count
665 * will be unpextectly greater than 1 when close() is called.
666 */
667 if (bpf_dtab[minor(dev)] == 0) {
668 bpf_dtab[minor(dev)] = (void *)1; /* Mark opening */
669 } else {
670 lck_mtx_unlock(bpf_mlock);
671 return (EBUSY);
672 }
673 d = (struct bpf_d *)_MALLOC(sizeof(struct bpf_d), M_DEVBUF, M_WAIT);
674 if (d == NULL) {
675 /* this really is a catastrophic failure */
676 printf("bpfopen: malloc bpf_d failed\n");
677 bpf_dtab[minor(dev)] = NULL;
678 lck_mtx_unlock(bpf_mlock);
679 return ENOMEM;
680 }
681 bzero(d, sizeof(struct bpf_d));
682
683 /*
684 * It is not necessary to take the BPF lock here because no other
685 * thread can access the device until it is marked opened...
686 */
687
688 /* Mark "in use" and do most initialization. */
689 d->bd_bufsize = bpf_bufsize;
690 d->bd_sig = SIGIO;
691 d->bd_seesent = 1;
692 d->bd_oflags = flags;
693 d->bd_state = BPF_IDLE;
694 d->bd_thread_call = thread_call_allocate(bpf_timed_out, d);
695
696 if (d->bd_thread_call == NULL) {
697 printf("bpfopen: malloc thread call failed\n");
698 bpf_dtab[minor(dev)] = NULL;
699 lck_mtx_unlock(bpf_mlock);
700 _FREE(d, M_DEVBUF);
701 return ENOMEM;
702 }
703 #if CONFIG_MACF_NET
704 mac_bpfdesc_label_init(d);
705 mac_bpfdesc_label_associate(kauth_cred_get(), d);
706 #endif
707 bpf_dtab[minor(dev)] = d; /* Mark opened */
708 lck_mtx_unlock(bpf_mlock);
709
710 return (0);
711 }
712
713 /*
714 * Close the descriptor by detaching it from its interface,
715 * deallocating its buffers, and marking it free.
716 */
717 /* ARGSUSED */
718 int
719 bpfclose(dev_t dev, __unused int flags, __unused int fmt,
720 __unused struct proc *p)
721 {
722 struct bpf_d *d;
723
724 /* Take BPF lock to ensure no other thread is using the device */
725 lck_mtx_lock(bpf_mlock);
726
727 d = bpf_dtab[minor(dev)];
728 if (d == 0 || d == (void *)1) {
729 lck_mtx_unlock(bpf_mlock);
730 return (ENXIO);
731 }
732 bpf_dtab[minor(dev)] = (void *)1; /* Mark closing */
733
734 /*
735 * Deal with any in-progress timeouts.
736 */
737 switch (d->bd_state) {
738 case BPF_IDLE:
739 /*
740 * Not waiting for a timeout, and no timeout happened.
741 */
742 break;
743
744 case BPF_WAITING:
745 /*
746 * Waiting for a timeout.
747 * Cancel any timer that has yet to go off,
748 * and mark the state as "closing".
749 * Then drop the lock to allow any timers that
750 * *have* gone off to run to completion, and wait
751 * for them to finish.
752 */
753 if (!bpf_stop_timer(d)) {
754 /*
755 * There was no pending call, so the call must
756 * have been in progress. Wait for the call to
757 * complete; we have to drop the lock while
758 * waiting. to let the in-progrss call complete
759 */
760 d->bd_state = BPF_DRAINING;
761 while (d->bd_state == BPF_DRAINING)
762 msleep((caddr_t)d, bpf_mlock, PRINET,
763 "bpfdraining", NULL);
764 }
765 d->bd_state = BPF_IDLE;
766 break;
767
768 case BPF_TIMED_OUT:
769 /*
770 * Timer went off, and the timeout routine finished.
771 */
772 d->bd_state = BPF_IDLE;
773 break;
774
775 case BPF_DRAINING:
776 /*
777 * Another thread is blocked on a close waiting for
778 * a timeout to finish.
779 * This "shouldn't happen", as the first thread to enter
780 * bpfclose() will set bpf_dtab[minor(dev)] to 1, and
781 * all subsequent threads should see that and fail with
782 * ENXIO.
783 */
784 panic("Two threads blocked in a BPF close");
785 break;
786 }
787
788 if (d->bd_bif)
789 bpf_detachd(d);
790 selthreadclear(&d->bd_sel);
791 #if CONFIG_MACF_NET
792 mac_bpfdesc_label_destroy(d);
793 #endif
794 thread_call_free(d->bd_thread_call);
795 bpf_freed(d);
796
797 /* Mark free in same context as bpfopen comes to check */
798 bpf_dtab[minor(dev)] = NULL; /* Mark closed */
799 lck_mtx_unlock(bpf_mlock);
800
801 _FREE(d, M_DEVBUF);
802
803 return (0);
804 }
805
806
807 #define BPF_SLEEP bpf_sleep
808
809 static int
810 bpf_sleep(struct bpf_d *d, int pri, const char *wmesg, int timo)
811 {
812 u_int64_t abstime = 0;
813
814 if(timo)
815 clock_interval_to_deadline(timo, NSEC_PER_SEC / hz, &abstime);
816
817 return msleep1((caddr_t)d, bpf_mlock, pri, wmesg, abstime);
818 }
819
820 /*
821 * Rotate the packet buffers in descriptor d. Move the store buffer
822 * into the hold slot, and the free buffer into the store slot.
823 * Zero the length of the new store buffer.
824 */
825 #define ROTATE_BUFFERS(d) \
826 (d)->bd_hbuf = (d)->bd_sbuf; \
827 (d)->bd_hlen = (d)->bd_slen; \
828 (d)->bd_sbuf = (d)->bd_fbuf; \
829 (d)->bd_slen = 0; \
830 (d)->bd_fbuf = NULL;
831 /*
832 * bpfread - read next chunk of packets from buffers
833 */
834 int
835 bpfread(dev_t dev, struct uio *uio, int ioflag)
836 {
837 struct bpf_d *d;
838 int timed_out;
839 int error;
840
841 lck_mtx_lock(bpf_mlock);
842
843 d = bpf_dtab[minor(dev)];
844 if (d == 0 || d == (void *)1) {
845 lck_mtx_unlock(bpf_mlock);
846 return (ENXIO);
847 }
848
849 /*
850 * Restrict application to use a buffer the same size as
851 * as kernel buffers.
852 */
853 if (uio_resid(uio) != d->bd_bufsize) {
854 lck_mtx_unlock(bpf_mlock);
855 return (EINVAL);
856 }
857
858 if (d->bd_state == BPF_WAITING)
859 bpf_stop_timer(d);
860
861 timed_out = (d->bd_state == BPF_TIMED_OUT);
862 d->bd_state = BPF_IDLE;
863
864 /*
865 * If the hold buffer is empty, then do a timed sleep, which
866 * ends when the timeout expires or when enough packets
867 * have arrived to fill the store buffer.
868 */
869 while (d->bd_hbuf == 0) {
870 if ((d->bd_immediate || timed_out || (ioflag & IO_NDELAY))
871 && d->bd_slen != 0) {
872 /*
873 * We're in immediate mode, or are reading
874 * in non-blocking mode, or a timer was
875 * started before the read (e.g., by select()
876 * or poll()) and has expired and a packet(s)
877 * either arrived since the previous
878 * read or arrived while we were asleep.
879 * Rotate the buffers and return what's here.
880 */
881 ROTATE_BUFFERS(d);
882 break;
883 }
884
885 /*
886 * No data is available, check to see if the bpf device
887 * is still pointed at a real interface. If not, return
888 * ENXIO so that the userland process knows to rebind
889 * it before using it again.
890 */
891 if (d->bd_bif == NULL) {
892 lck_mtx_unlock(bpf_mlock);
893 return (ENXIO);
894 }
895 if (ioflag & IO_NDELAY) {
896 lck_mtx_unlock(bpf_mlock);
897 return (EWOULDBLOCK);
898 }
899 error = BPF_SLEEP(d, PRINET|PCATCH, "bpf",
900 d->bd_rtout);
901 /*
902 * Make sure device is still opened
903 */
904 d = bpf_dtab[minor(dev)];
905 if (d == 0 || d == (void *)1) {
906 lck_mtx_unlock(bpf_mlock);
907 return (ENXIO);
908 }
909 if (error == EINTR || error == ERESTART) {
910 lck_mtx_unlock(bpf_mlock);
911 return (error);
912 }
913 if (error == EWOULDBLOCK) {
914 /*
915 * On a timeout, return what's in the buffer,
916 * which may be nothing. If there is something
917 * in the store buffer, we can rotate the buffers.
918 */
919 if (d->bd_hbuf)
920 /*
921 * We filled up the buffer in between
922 * getting the timeout and arriving
923 * here, so we don't need to rotate.
924 */
925 break;
926
927 if (d->bd_slen == 0) {
928 lck_mtx_unlock(bpf_mlock);
929 return (0);
930 }
931 ROTATE_BUFFERS(d);
932 break;
933 }
934 }
935 /*
936 * At this point, we know we have something in the hold slot.
937 */
938
939 /*
940 * Move data from hold buffer into user space.
941 * We know the entire buffer is transferred since
942 * we checked above that the read buffer is bpf_bufsize bytes.
943 */
944 error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
945
946 d->bd_fbuf = d->bd_hbuf;
947 d->bd_hbuf = NULL;
948 d->bd_hlen = 0;
949 lck_mtx_unlock(bpf_mlock);
950 return (error);
951 }
952
953
954 /*
955 * If there are processes sleeping on this descriptor, wake them up.
956 */
957 static void
958 bpf_wakeup(struct bpf_d *d)
959 {
960 if (d->bd_state == BPF_WAITING) {
961 bpf_stop_timer(d);
962 d->bd_state = BPF_IDLE;
963 }
964 wakeup((caddr_t)d);
965 if (d->bd_async && d->bd_sig && d->bd_sigio)
966 pgsigio(d->bd_sigio, d->bd_sig);
967
968 #if BSD >= 199103
969 selwakeup(&d->bd_sel);
970 KNOTE(&d->bd_sel.si_note, 1);
971 #ifndef __APPLE__
972 /* XXX */
973 d->bd_sel.si_pid = 0;
974 #endif
975 #else
976 if (d->bd_selproc) {
977 selwakeup(d->bd_selproc, (int)d->bd_selcoll);
978 d->bd_selcoll = 0;
979 d->bd_selproc = 0;
980 }
981 #endif
982 }
983
984
985 static void
986 bpf_timed_out(void *arg, __unused void *dummy)
987 {
988 struct bpf_d *d = (struct bpf_d *)arg;
989
990 lck_mtx_lock(bpf_mlock);
991 if (d->bd_state == BPF_WAITING) {
992 /*
993 * There's a select or kqueue waiting for this; if there's
994 * now stuff to read, wake it up.
995 */
996 d->bd_state = BPF_TIMED_OUT;
997 if (d->bd_slen != 0)
998 bpf_wakeup(d);
999 } else if (d->bd_state == BPF_DRAINING) {
1000 /*
1001 * A close is waiting for this to finish.
1002 * Mark it as finished, and wake the close up.
1003 */
1004 d->bd_state = BPF_IDLE;
1005 bpf_wakeup(d);
1006 }
1007 lck_mtx_unlock(bpf_mlock);
1008 }
1009
1010
1011
1012
1013
1014 /* keep in sync with bpf_movein above: */
1015 #define MAX_DATALINK_HDR_LEN (sizeof(struct firewire_header))
1016
1017 int
1018 bpfwrite(dev_t dev, struct uio *uio, __unused int ioflag)
1019 {
1020 struct bpf_d *d;
1021 struct ifnet *ifp;
1022 struct mbuf *m = NULL;
1023 int error;
1024 char dst_buf[SOCKADDR_HDR_LEN + MAX_DATALINK_HDR_LEN];
1025 int datlen = 0;
1026 int bif_dlt;
1027 int bd_hdrcmplt;
1028
1029 lck_mtx_lock(bpf_mlock);
1030
1031 d = bpf_dtab[minor(dev)];
1032 if (d == 0 || d == (void *)1) {
1033 lck_mtx_unlock(bpf_mlock);
1034 return (ENXIO);
1035 }
1036 if (d->bd_bif == 0) {
1037 lck_mtx_unlock(bpf_mlock);
1038 return (ENXIO);
1039 }
1040
1041 ifp = d->bd_bif->bif_ifp;
1042
1043 if ((ifp->if_flags & IFF_UP) == 0) {
1044 lck_mtx_unlock(bpf_mlock);
1045 return (ENETDOWN);
1046 }
1047 if (uio_resid(uio) == 0) {
1048 lck_mtx_unlock(bpf_mlock);
1049 return (0);
1050 }
1051 ((struct sockaddr *)dst_buf)->sa_len = sizeof(dst_buf);
1052
1053 /*
1054 * fix for PR-6849527
1055 * geting variables onto stack before dropping lock for bpf_movein()
1056 */
1057 bif_dlt = (int)d->bd_bif->bif_dlt;
1058 bd_hdrcmplt = d->bd_hdrcmplt;
1059
1060 /* bpf_movein allocating mbufs; drop lock */
1061 lck_mtx_unlock(bpf_mlock);
1062
1063 error = bpf_movein(uio, bif_dlt, &m,
1064 bd_hdrcmplt ? NULL : (struct sockaddr *)dst_buf,
1065 &datlen);
1066
1067 if (error) {
1068 return (error);
1069 }
1070
1071 /* taking the lock again and verifying whether device is open */
1072 lck_mtx_lock(bpf_mlock);
1073 d = bpf_dtab[minor(dev)];
1074 if (d == 0 || d == (void *)1) {
1075 lck_mtx_unlock(bpf_mlock);
1076 m_freem(m);
1077 return (ENXIO);
1078 }
1079
1080 if (d->bd_bif == NULL) {
1081 lck_mtx_unlock(bpf_mlock);
1082 m_free(m);
1083 return (ENXIO);
1084 }
1085
1086 if ((unsigned)datlen > ifp->if_mtu) {
1087 lck_mtx_unlock(bpf_mlock);
1088 m_freem(m);
1089 return (EMSGSIZE);
1090 }
1091
1092
1093 #if CONFIG_MACF_NET
1094 mac_mbuf_label_associate_bpfdesc(d, m);
1095 #endif
1096 lck_mtx_unlock(bpf_mlock);
1097
1098 if (d->bd_hdrcmplt) {
1099 if (d->bd_bif->bif_send)
1100 error = d->bd_bif->bif_send(ifp, d->bd_bif->bif_dlt, m);
1101 else
1102 error = dlil_output(ifp, 0, m, NULL, NULL, 1);
1103 }
1104 else {
1105 error = dlil_output(ifp, PF_INET, m, NULL, (struct sockaddr *)dst_buf, 0);
1106 }
1107
1108 /*
1109 * The driver frees the mbuf.
1110 */
1111 return (error);
1112 }
1113
1114 /*
1115 * Reset a descriptor by flushing its packet buffer and clearing the
1116 * receive and drop counts.
1117 */
1118 static void
1119 reset_d(struct bpf_d *d)
1120 {
1121 if (d->bd_hbuf) {
1122 /* Free the hold buffer. */
1123 d->bd_fbuf = d->bd_hbuf;
1124 d->bd_hbuf = NULL;
1125 }
1126 d->bd_slen = 0;
1127 d->bd_hlen = 0;
1128 d->bd_rcount = 0;
1129 d->bd_dcount = 0;
1130 }
1131
1132 /*
1133 * FIONREAD Check for read packet available.
1134 * SIOCGIFADDR Get interface address - convenient hook to driver.
1135 * BIOCGBLEN Get buffer len [for read()].
1136 * BIOCSETF Set ethernet read filter.
1137 * BIOCFLUSH Flush read packet buffer.
1138 * BIOCPROMISC Put interface into promiscuous mode.
1139 * BIOCGDLT Get link layer type.
1140 * BIOCGETIF Get interface name.
1141 * BIOCSETIF Set interface.
1142 * BIOCSRTIMEOUT Set read timeout.
1143 * BIOCGRTIMEOUT Get read timeout.
1144 * BIOCGSTATS Get packet stats.
1145 * BIOCIMMEDIATE Set immediate mode.
1146 * BIOCVERSION Get filter language version.
1147 * BIOCGHDRCMPLT Get "header already complete" flag
1148 * BIOCSHDRCMPLT Set "header already complete" flag
1149 * BIOCGSEESENT Get "see packets sent" flag
1150 * BIOCSSEESENT Set "see packets sent" flag
1151 */
1152 /* ARGSUSED */
1153 int
1154 bpfioctl(dev_t dev, u_long cmd, caddr_t addr, __unused int flags,
1155 struct proc *p)
1156 {
1157 struct bpf_d *d;
1158 int error = 0;
1159
1160 lck_mtx_lock(bpf_mlock);
1161
1162 d = bpf_dtab[minor(dev)];
1163 if (d == 0 || d == (void *)1) {
1164 lck_mtx_unlock(bpf_mlock);
1165 return (ENXIO);
1166 }
1167
1168 if (d->bd_state == BPF_WAITING)
1169 bpf_stop_timer(d);
1170 d->bd_state = BPF_IDLE;
1171
1172 switch (cmd) {
1173
1174 default:
1175 error = EINVAL;
1176 break;
1177
1178 /*
1179 * Check for read packet available.
1180 */
1181 case FIONREAD:
1182 {
1183 int n;
1184
1185 n = d->bd_slen;
1186 if (d->bd_hbuf)
1187 n += d->bd_hlen;
1188
1189 *(int *)addr = n;
1190 break;
1191 }
1192
1193 case SIOCGIFADDR:
1194 {
1195 struct ifnet *ifp;
1196
1197 if (d->bd_bif == 0)
1198 error = EINVAL;
1199 else {
1200 ifp = d->bd_bif->bif_ifp;
1201 error = ifnet_ioctl(ifp, 0, cmd, addr);
1202 }
1203 break;
1204 }
1205
1206 /*
1207 * Get buffer len [for read()].
1208 */
1209 case BIOCGBLEN:
1210 *(u_int *)addr = d->bd_bufsize;
1211 break;
1212
1213 /*
1214 * Set buffer length.
1215 */
1216 case BIOCSBLEN:
1217 #if BSD < 199103
1218 error = EINVAL;
1219 #else
1220 if (d->bd_bif != 0)
1221 error = EINVAL;
1222 else {
1223 u_int size = *(u_int *)addr;
1224
1225 if (size > bpf_maxbufsize)
1226 *(u_int *)addr = size = bpf_maxbufsize;
1227 else if (size < BPF_MINBUFSIZE)
1228 *(u_int *)addr = size = BPF_MINBUFSIZE;
1229 d->bd_bufsize = size;
1230 }
1231 #endif
1232 break;
1233
1234 /*
1235 * Set link layer read filter.
1236 */
1237 case BIOCSETF32: {
1238 struct bpf_program32 *prg32 = (struct bpf_program32 *)addr;
1239 error = bpf_setf(d, prg32->bf_len,
1240 CAST_USER_ADDR_T(prg32->bf_insns));
1241 break;
1242 }
1243
1244 case BIOCSETF64: {
1245 struct bpf_program64 *prg64 = (struct bpf_program64 *)addr;
1246 error = bpf_setf(d, prg64->bf_len, prg64->bf_insns);
1247 break;
1248 }
1249
1250 /*
1251 * Flush read packet buffer.
1252 */
1253 case BIOCFLUSH:
1254 reset_d(d);
1255 break;
1256
1257 /*
1258 * Put interface into promiscuous mode.
1259 */
1260 case BIOCPROMISC:
1261 if (d->bd_bif == 0) {
1262 /*
1263 * No interface attached yet.
1264 */
1265 error = EINVAL;
1266 break;
1267 }
1268 if (d->bd_promisc == 0) {
1269 lck_mtx_unlock(bpf_mlock);
1270 error = ifnet_set_promiscuous(d->bd_bif->bif_ifp, 1);
1271 lck_mtx_lock(bpf_mlock);
1272 if (error == 0)
1273 d->bd_promisc = 1;
1274 }
1275 break;
1276
1277 /*
1278 * Get device parameters.
1279 */
1280 case BIOCGDLT:
1281 if (d->bd_bif == 0)
1282 error = EINVAL;
1283 else
1284 *(u_int *)addr = d->bd_bif->bif_dlt;
1285 break;
1286
1287 /*
1288 * Get a list of supported data link types.
1289 */
1290 case BIOCGDLTLIST:
1291 if (d->bd_bif == NULL) {
1292 error = EINVAL;
1293 } else {
1294 error = bpf_getdltlist(d,
1295 (struct bpf_dltlist *)addr, p);
1296 }
1297 break;
1298
1299 /*
1300 * Set data link type.
1301 */
1302 case BIOCSDLT:
1303 if (d->bd_bif == NULL)
1304 error = EINVAL;
1305 else
1306 error = bpf_setdlt(d, *(u_int *)addr);
1307 break;
1308
1309 /*
1310 * Get interface name.
1311 */
1312 case BIOCGETIF:
1313 if (d->bd_bif == 0)
1314 error = EINVAL;
1315 else {
1316 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1317 struct ifreq *const ifr = (struct ifreq *)addr;
1318
1319 snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
1320 "%s%d", ifp->if_name, ifp->if_unit);
1321 }
1322 break;
1323
1324 /*
1325 * Set interface.
1326 */
1327 case BIOCSETIF: {
1328 ifnet_t ifp;
1329 ifp = ifunit(((struct ifreq *)addr)->ifr_name);
1330 if (ifp == NULL)
1331 error = ENXIO;
1332 else
1333 error = bpf_setif(d, ifp, 0);
1334 break;
1335 }
1336
1337 /*
1338 * Set read timeout.
1339 */
1340 case BIOCSRTIMEOUT32:
1341 {
1342 struct user32_timeval *_tv = (struct user32_timeval *)addr;
1343 struct timeval tv;
1344
1345 tv.tv_sec = _tv->tv_sec;
1346 tv.tv_usec = _tv->tv_usec;
1347
1348 /*
1349 * Subtract 1 tick from tvtohz() since this isn't
1350 * a one-shot timer.
1351 */
1352 if ((error = itimerfix(&tv)) == 0)
1353 d->bd_rtout = tvtohz(&tv) - 1;
1354 break;
1355 }
1356
1357 case BIOCSRTIMEOUT64:
1358 {
1359 struct user64_timeval *_tv = (struct user64_timeval *)addr;
1360 struct timeval tv;
1361
1362 tv.tv_sec = _tv->tv_sec;
1363 tv.tv_usec = _tv->tv_usec;
1364
1365 /*
1366 * Subtract 1 tick from tvtohz() since this isn't
1367 * a one-shot timer.
1368 */
1369 if ((error = itimerfix(&tv)) == 0)
1370 d->bd_rtout = tvtohz(&tv) - 1;
1371 break;
1372 }
1373
1374 /*
1375 * Get read timeout.
1376 */
1377 case BIOCGRTIMEOUT32:
1378 {
1379 struct user32_timeval *tv = (struct user32_timeval *)addr;
1380
1381 tv->tv_sec = d->bd_rtout / hz;
1382 tv->tv_usec = (d->bd_rtout % hz) * tick;
1383 break;
1384 }
1385
1386 case BIOCGRTIMEOUT64:
1387 {
1388 struct user64_timeval *tv = (struct user64_timeval *)addr;
1389
1390 tv->tv_sec = d->bd_rtout / hz;
1391 tv->tv_usec = (d->bd_rtout % hz) * tick;
1392 break;
1393 }
1394
1395 /*
1396 * Get packet stats.
1397 */
1398 case BIOCGSTATS:
1399 {
1400 struct bpf_stat *bs = (struct bpf_stat *)addr;
1401
1402 bs->bs_recv = d->bd_rcount;
1403 bs->bs_drop = d->bd_dcount;
1404 break;
1405 }
1406
1407 /*
1408 * Set immediate mode.
1409 */
1410 case BIOCIMMEDIATE:
1411 d->bd_immediate = *(u_int *)addr;
1412 break;
1413
1414 case BIOCVERSION:
1415 {
1416 struct bpf_version *bv = (struct bpf_version *)addr;
1417
1418 bv->bv_major = BPF_MAJOR_VERSION;
1419 bv->bv_minor = BPF_MINOR_VERSION;
1420 break;
1421 }
1422
1423 /*
1424 * Get "header already complete" flag
1425 */
1426 case BIOCGHDRCMPLT:
1427 *(u_int *)addr = d->bd_hdrcmplt;
1428 break;
1429
1430 /*
1431 * Set "header already complete" flag
1432 */
1433 case BIOCSHDRCMPLT:
1434 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1435 break;
1436
1437 /*
1438 * Get "see sent packets" flag
1439 */
1440 case BIOCGSEESENT:
1441 *(u_int *)addr = d->bd_seesent;
1442 break;
1443
1444 /*
1445 * Set "see sent packets" flag
1446 */
1447 case BIOCSSEESENT:
1448 d->bd_seesent = *(u_int *)addr;
1449 break;
1450
1451 case FIONBIO: /* Non-blocking I/O */
1452 break;
1453
1454 case FIOASYNC: /* Send signal on receive packets */
1455 d->bd_async = *(int *)addr;
1456 break;
1457 #ifndef __APPLE__
1458 case FIOSETOWN:
1459 error = fsetown(*(int *)addr, &d->bd_sigio);
1460 break;
1461
1462 case FIOGETOWN:
1463 *(int *)addr = fgetown(d->bd_sigio);
1464 break;
1465
1466 /* This is deprecated, FIOSETOWN should be used instead. */
1467 case TIOCSPGRP:
1468 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1469 break;
1470
1471 /* This is deprecated, FIOGETOWN should be used instead. */
1472 case TIOCGPGRP:
1473 *(int *)addr = -fgetown(d->bd_sigio);
1474 break;
1475 #endif
1476 case BIOCSRSIG: /* Set receive signal */
1477 {
1478 u_int sig;
1479
1480 sig = *(u_int *)addr;
1481
1482 if (sig >= NSIG)
1483 error = EINVAL;
1484 else
1485 d->bd_sig = sig;
1486 break;
1487 }
1488 case BIOCGRSIG:
1489 *(u_int *)addr = d->bd_sig;
1490 break;
1491 }
1492
1493 lck_mtx_unlock(bpf_mlock);
1494
1495 return (error);
1496 }
1497
1498 /*
1499 * Set d's packet filter program to fp. If this file already has a filter,
1500 * free it and replace it. Returns EINVAL for bogus requests.
1501 */
1502 static int
1503 bpf_setf(struct bpf_d *d, u_int bf_len, user_addr_t bf_insns)
1504 {
1505 struct bpf_insn *fcode, *old;
1506 u_int flen, size;
1507
1508 old = d->bd_filter;
1509 if (bf_insns == USER_ADDR_NULL) {
1510 if (bf_len != 0)
1511 return (EINVAL);
1512 d->bd_filter = NULL;
1513 reset_d(d);
1514 if (old != 0)
1515 FREE((caddr_t)old, M_DEVBUF);
1516 return (0);
1517 }
1518 flen = bf_len;
1519 if (flen > BPF_MAXINSNS)
1520 return (EINVAL);
1521
1522 size = flen * sizeof(struct bpf_insn);
1523 fcode = (struct bpf_insn *) _MALLOC(size, M_DEVBUF, M_WAIT);
1524 #ifdef __APPLE__
1525 if (fcode == NULL)
1526 return (ENOBUFS);
1527 #endif
1528 if (copyin(bf_insns, (caddr_t)fcode, size) == 0 &&
1529 bpf_validate(fcode, (int)flen)) {
1530 d->bd_filter = fcode;
1531 reset_d(d);
1532 if (old != 0)
1533 FREE((caddr_t)old, M_DEVBUF);
1534
1535 return (0);
1536 }
1537 FREE((caddr_t)fcode, M_DEVBUF);
1538 return (EINVAL);
1539 }
1540
1541 /*
1542 * Detach a file from its current interface (if attached at all) and attach
1543 * to the interface indicated by the name stored in ifr.
1544 * Return an errno or 0.
1545 */
1546 static int
1547 bpf_setif(struct bpf_d *d, ifnet_t theywant, u_int32_t dlt)
1548 {
1549 struct bpf_if *bp;
1550 int error;
1551
1552 /*
1553 * Look through attached interfaces for the named one.
1554 */
1555 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1556 struct ifnet *ifp = bp->bif_ifp;
1557
1558 if (ifp == 0 || ifp != theywant || (dlt != 0 && dlt != bp->bif_dlt))
1559 continue;
1560 /*
1561 * We found the requested interface.
1562 * Allocate the packet buffers if we need to.
1563 * If we're already attached to requested interface,
1564 * just flush the buffer.
1565 */
1566 if (d->bd_sbuf == 0) {
1567 error = bpf_allocbufs(d);
1568 if (error != 0)
1569 return (error);
1570 }
1571 if (bp != d->bd_bif) {
1572 if (d->bd_bif)
1573 /*
1574 * Detach if attached to something else.
1575 */
1576 bpf_detachd(d);
1577
1578 if (bpf_attachd(d, bp) != 0) {
1579 return ENXIO;
1580 }
1581 }
1582 reset_d(d);
1583 return (0);
1584 }
1585 /* Not found. */
1586 return (ENXIO);
1587 }
1588
1589
1590
1591 /*
1592 * Get a list of available data link type of the interface.
1593 */
1594 static int
1595 bpf_getdltlist(struct bpf_d *d, struct bpf_dltlist *bfl, struct proc *p)
1596 {
1597 u_int n;
1598 int error;
1599 struct ifnet *ifp;
1600 struct bpf_if *bp;
1601 user_addr_t dlist;
1602
1603 if (proc_is64bit(p)) {
1604 dlist = (user_addr_t)bfl->bfl_u.bflu_pad;
1605 } else {
1606 dlist = CAST_USER_ADDR_T(bfl->bfl_u.bflu_list);
1607 }
1608
1609 ifp = d->bd_bif->bif_ifp;
1610 n = 0;
1611 error = 0;
1612 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1613 if (bp->bif_ifp != ifp)
1614 continue;
1615 if (dlist != USER_ADDR_NULL) {
1616 if (n >= bfl->bfl_len) {
1617 return (ENOMEM);
1618 }
1619 error = copyout(&bp->bif_dlt, dlist,
1620 sizeof (bp->bif_dlt));
1621 dlist += sizeof (bp->bif_dlt);
1622 }
1623 n++;
1624 }
1625 bfl->bfl_len = n;
1626 return (error);
1627 }
1628
1629 /*
1630 * Set the data link type of a BPF instance.
1631 */
1632 static int
1633 bpf_setdlt(struct bpf_d *d, uint32_t dlt)
1634
1635
1636 {
1637 int error, opromisc;
1638 struct ifnet *ifp;
1639 struct bpf_if *bp;
1640
1641 if (d->bd_bif->bif_dlt == dlt)
1642 return (0);
1643 ifp = d->bd_bif->bif_ifp;
1644 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1645 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1646 break;
1647 }
1648 if (bp != NULL) {
1649 opromisc = d->bd_promisc;
1650 bpf_detachd(d);
1651 error = bpf_attachd(d, bp);
1652 if (error) {
1653 printf("bpf_setdlt: bpf_attachd %s%d failed (%d)\n",
1654 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1655 return error;
1656 }
1657 reset_d(d);
1658 if (opromisc) {
1659 lck_mtx_unlock(bpf_mlock);
1660 error = ifnet_set_promiscuous(bp->bif_ifp, 1);
1661 lck_mtx_lock(bpf_mlock);
1662 if (error)
1663 printf("bpf_setdlt: ifpromisc %s%d failed (%d)\n",
1664 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1665 else
1666 d->bd_promisc = 1;
1667 }
1668 }
1669 return (bp == NULL ? EINVAL : 0);
1670 }
1671
1672 /*
1673 * Support for select()
1674 *
1675 * Return true iff the specific operation will not block indefinitely.
1676 * Otherwise, return false but make a note that a selwakeup() must be done.
1677 */
1678 int
1679 bpfselect(dev_t dev, int which, void * wql, struct proc *p)
1680 {
1681 struct bpf_d *d;
1682 int ret = 0;
1683
1684 lck_mtx_lock(bpf_mlock);
1685
1686 d = bpf_dtab[minor(dev)];
1687 if (d == 0 || d == (void *)1) {
1688 lck_mtx_unlock(bpf_mlock);
1689 return (ENXIO);
1690 }
1691
1692 if (d->bd_bif == NULL) {
1693 lck_mtx_unlock(bpf_mlock);
1694 return (ENXIO);
1695 }
1696
1697 switch (which) {
1698 case FREAD:
1699 if (d->bd_hlen != 0 ||
1700 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1701 d->bd_slen != 0))
1702 ret = 1; /* read has data to return */
1703 else {
1704 /*
1705 * Read has no data to return.
1706 * Make the select wait, and start a timer if
1707 * necessary.
1708 */
1709 selrecord(p, &d->bd_sel, wql);
1710 bpf_start_timer(d);
1711 }
1712 break;
1713
1714 case FWRITE:
1715 ret = 1; /* can't determine whether a write would block */
1716 break;
1717 }
1718
1719 lck_mtx_unlock(bpf_mlock);
1720 return (ret);
1721 }
1722
1723
1724 /*
1725 * Support for kevent() system call. Register EVFILT_READ filters and
1726 * reject all others.
1727 */
1728 int bpfkqfilter(dev_t dev, struct knote *kn);
1729 static void filt_bpfdetach(struct knote *);
1730 static int filt_bpfread(struct knote *, long);
1731
1732 static struct filterops bpfread_filtops = {
1733 .f_isfd = 1,
1734 .f_detach = filt_bpfdetach,
1735 .f_event = filt_bpfread,
1736 };
1737
1738 int
1739 bpfkqfilter(dev_t dev, struct knote *kn)
1740 {
1741 struct bpf_d *d;
1742
1743 /*
1744 * Is this device a bpf?
1745 */
1746 if (major(dev) != CDEV_MAJOR) {
1747 return (EINVAL);
1748 }
1749
1750 if (kn->kn_filter != EVFILT_READ) {
1751 return (EINVAL);
1752 }
1753
1754 lck_mtx_lock(bpf_mlock);
1755
1756 d = bpf_dtab[minor(dev)];
1757 if (d == 0 || d == (void *)1) {
1758 lck_mtx_unlock(bpf_mlock);
1759 return (ENXIO);
1760 }
1761
1762 if (d->bd_bif == NULL) {
1763 lck_mtx_unlock(bpf_mlock);
1764 return (ENXIO);
1765 }
1766
1767 kn->kn_hook = d;
1768 kn->kn_fop = &bpfread_filtops;
1769 KNOTE_ATTACH(&d->bd_sel.si_note, kn);
1770 lck_mtx_unlock(bpf_mlock);
1771 return 0;
1772 }
1773
1774 static void
1775 filt_bpfdetach(struct knote *kn)
1776 {
1777 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1778
1779 lck_mtx_lock(bpf_mlock);
1780 KNOTE_DETACH(&d->bd_sel.si_note, kn);
1781 lck_mtx_unlock(bpf_mlock);
1782 }
1783
1784 static int
1785 filt_bpfread(struct knote *kn, long hint)
1786 {
1787 struct bpf_d *d = (struct bpf_d *)kn->kn_hook;
1788 int ready = 0;
1789
1790 if (hint == 0)
1791 lck_mtx_lock(bpf_mlock);
1792
1793 if (d->bd_immediate) {
1794 /*
1795 * If there's data in the hold buffer, it's the
1796 * amount of data a read will return.
1797 *
1798 * If there's no data in the hold buffer, but
1799 * there's data in the store buffer, a read will
1800 * immediately rotate the store buffer to the
1801 * hold buffer, the amount of data in the store
1802 * buffer is the amount of data a read will
1803 * return.
1804 *
1805 * If there's no data in either buffer, we're not
1806 * ready to read.
1807 */
1808 kn->kn_data = (d->bd_hlen == 0 ? d->bd_slen : d->bd_hlen);
1809 int64_t lowwat = 1;
1810 if (kn->kn_sfflags & NOTE_LOWAT)
1811 {
1812 if (kn->kn_sdata > d->bd_bufsize)
1813 lowwat = d->bd_bufsize;
1814 else if (kn->kn_sdata > lowwat)
1815 lowwat = kn->kn_sdata;
1816 }
1817 ready = (kn->kn_data >= lowwat);
1818 } else {
1819 /*
1820 * If there's data in the hold buffer, it's the
1821 * amount of data a read will return.
1822 *
1823 * If there's no data in the hold buffer, but
1824 * there's data in the store buffer, if the
1825 * timer has expired a read will immediately
1826 * rotate the store buffer to the hold buffer,
1827 * so the amount of data in the store buffer is
1828 * the amount of data a read will return.
1829 *
1830 * If there's no data in either buffer, or there's
1831 * no data in the hold buffer and the timer hasn't
1832 * expired, we're not ready to read.
1833 */
1834 kn->kn_data = (d->bd_hlen == 0 && d->bd_state == BPF_TIMED_OUT ?
1835 d->bd_slen : d->bd_hlen);
1836 ready = (kn->kn_data > 0);
1837 }
1838 if (!ready)
1839 bpf_start_timer(d);
1840
1841 if (hint == 0)
1842 lck_mtx_unlock(bpf_mlock);
1843 return (ready);
1844 }
1845
1846 static inline void*
1847 _cast_non_const(const void * ptr) {
1848 union {
1849 const void* cval;
1850 void* val;
1851 } ret;
1852
1853 ret.cval = ptr;
1854 return (ret.val);
1855 }
1856
1857 /*
1858 * Copy data from an mbuf chain into a buffer. This code is derived
1859 * from m_copydata in sys/uipc_mbuf.c.
1860 */
1861 static void
1862 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
1863 {
1864 struct mbuf *m = _cast_non_const(src_arg);
1865 u_int count;
1866 u_char *dst;
1867
1868 dst = dst_arg;
1869 while (len > 0) {
1870 if (m == 0)
1871 panic("bpf_mcopy");
1872 count = min(m->m_len, len);
1873 bcopy(mbuf_data(m), dst, count);
1874 m = m->m_next;
1875 dst += count;
1876 len -= count;
1877 }
1878 }
1879
1880 static inline void
1881 bpf_tap_imp(
1882 ifnet_t ifp,
1883 u_int32_t dlt,
1884 mbuf_t m,
1885 void* hdr,
1886 size_t hlen,
1887 int outbound)
1888 {
1889 struct bpf_if *bp;
1890
1891 /*
1892 * It's possible that we get here after the bpf descriptor has been
1893 * detached from the interface; in such a case we simply return.
1894 * Lock ordering is important since we can be called asynchronously
1895 * (from the IOKit) to process an inbound packet; when that happens
1896 * we would have been holding its "gateLock" and will be acquiring
1897 * "bpf_mlock" upon entering this routine. Due to that, we release
1898 * "bpf_mlock" prior to calling ifnet_set_promiscuous (which will
1899 * acquire "gateLock" in the IOKit), in order to avoid a deadlock
1900 * when a ifnet_set_promiscuous request simultaneously collides with
1901 * an inbound packet being passed into the tap callback.
1902 */
1903 lck_mtx_lock(bpf_mlock);
1904 if (ifp->if_bpf == NULL) {
1905 lck_mtx_unlock(bpf_mlock);
1906 return;
1907 }
1908 bp = ifp->if_bpf;
1909 for (bp = ifp->if_bpf; bp && bp->bif_ifp == ifp &&
1910 (dlt != 0 && bp->bif_dlt != dlt); bp = bp->bif_next)
1911 ;
1912 if (bp && bp->bif_ifp == ifp && bp->bif_dlist != NULL) {
1913 struct bpf_d *d;
1914 struct m_hdr hack_hdr;
1915 u_int pktlen = 0;
1916 u_int slen = 0;
1917 struct mbuf *m0;
1918
1919 if (hdr) {
1920 /*
1921 * This is gross. We mock up an mbuf that points to the
1922 * header buffer. This means we don't have to copy the
1923 * header. A number of interfaces prepended headers just
1924 * for bpf by allocating an mbuf on the stack. We want to
1925 * give developers an easy way to prepend a header for bpf.
1926 * Since a developer allocating an mbuf on the stack is bad,
1927 * we do even worse here, allocating only a header to point
1928 * to a buffer the developer supplied. This makes assumptions
1929 * that bpf_filter and catchpacket will not look at anything
1930 * in the mbuf other than the header. This was true at the
1931 * time this code was written.
1932 */
1933 hack_hdr.mh_next = m;
1934 hack_hdr.mh_nextpkt = NULL;
1935 hack_hdr.mh_len = hlen;
1936 hack_hdr.mh_data = hdr;
1937 hack_hdr.mh_type = m->m_type;
1938 hack_hdr.mh_flags = 0;
1939
1940 m = (mbuf_t)&hack_hdr;
1941 }
1942
1943 for (m0 = m; m0 != 0; m0 = m0->m_next)
1944 pktlen += m0->m_len;
1945
1946 for (d = bp->bif_dlist; d; d = d->bd_next) {
1947 if (outbound && !d->bd_seesent)
1948 continue;
1949 ++d->bd_rcount;
1950 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1951 if (slen != 0) {
1952 #if CONFIG_MACF_NET
1953 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) != 0)
1954 continue;
1955 #endif
1956 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1957 }
1958 }
1959 }
1960 lck_mtx_unlock(bpf_mlock);
1961 }
1962
1963 void
1964 bpf_tap_out(
1965 ifnet_t ifp,
1966 u_int32_t dlt,
1967 mbuf_t m,
1968 void* hdr,
1969 size_t hlen)
1970 {
1971 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 1);
1972 }
1973
1974 void
1975 bpf_tap_in(
1976 ifnet_t ifp,
1977 u_int32_t dlt,
1978 mbuf_t m,
1979 void* hdr,
1980 size_t hlen)
1981 {
1982 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 0);
1983 }
1984
1985 /* Callback registered with Ethernet driver. */
1986 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m)
1987 {
1988 bpf_tap_imp(ifp, 0, m, NULL, 0, mbuf_pkthdr_rcvif(m) == NULL);
1989
1990 return 0;
1991 }
1992
1993 /*
1994 * Move the packet data from interface memory (pkt) into the
1995 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
1996 * otherwise 0. "copy" is the routine called to do the actual data
1997 * transfer. bcopy is passed in to copy contiguous chunks, while
1998 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1999 * pkt is really an mbuf.
2000 */
2001 static void
2002 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
2003 void (*cpfn)(const void *, void *, size_t))
2004 {
2005 struct bpf_hdr *hp;
2006 int totlen, curlen;
2007 int hdrlen = d->bd_bif->bif_hdrlen;
2008 int do_wakeup = 0;
2009 /*
2010 * Figure out how many bytes to move. If the packet is
2011 * greater or equal to the snapshot length, transfer that
2012 * much. Otherwise, transfer the whole packet (unless
2013 * we hit the buffer size limit).
2014 */
2015 totlen = hdrlen + min(snaplen, pktlen);
2016 if (totlen > d->bd_bufsize)
2017 totlen = d->bd_bufsize;
2018
2019 /*
2020 * Round up the end of the previous packet to the next longword.
2021 */
2022 curlen = BPF_WORDALIGN(d->bd_slen);
2023 if (curlen + totlen > d->bd_bufsize) {
2024 /*
2025 * This packet will overflow the storage buffer.
2026 * Rotate the buffers if we can, then wakeup any
2027 * pending reads.
2028 */
2029 if (d->bd_fbuf == NULL) {
2030 /*
2031 * We haven't completed the previous read yet,
2032 * so drop the packet.
2033 */
2034 ++d->bd_dcount;
2035 return;
2036 }
2037 ROTATE_BUFFERS(d);
2038 do_wakeup = 1;
2039 curlen = 0;
2040 }
2041 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
2042 /*
2043 * Immediate mode is set, or the read timeout has
2044 * already expired during a select call. A packet
2045 * arrived, so the reader should be woken up.
2046 */
2047 do_wakeup = 1;
2048
2049 /*
2050 * Append the bpf header.
2051 */
2052 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
2053 struct timeval tv;
2054 microtime(&tv);
2055 hp->bh_tstamp.tv_sec = tv.tv_sec;
2056 hp->bh_tstamp.tv_usec = tv.tv_usec;
2057 hp->bh_datalen = pktlen;
2058 hp->bh_hdrlen = hdrlen;
2059 /*
2060 * Copy the packet data into the store buffer and update its length.
2061 */
2062 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
2063 d->bd_slen = curlen + totlen;
2064
2065 if (do_wakeup)
2066 bpf_wakeup(d);
2067 }
2068
2069 /*
2070 * Initialize all nonzero fields of a descriptor.
2071 */
2072 static int
2073 bpf_allocbufs(struct bpf_d *d)
2074 {
2075 d->bd_fbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2076 if (d->bd_fbuf == 0)
2077 return (ENOBUFS);
2078
2079 d->bd_sbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
2080 if (d->bd_sbuf == 0) {
2081 FREE(d->bd_fbuf, M_DEVBUF);
2082 return (ENOBUFS);
2083 }
2084 d->bd_slen = 0;
2085 d->bd_hlen = 0;
2086 return (0);
2087 }
2088
2089 /*
2090 * Free buffers currently in use by a descriptor.
2091 * Called on close.
2092 */
2093 static void
2094 bpf_freed(struct bpf_d *d)
2095 {
2096 /*
2097 * We don't need to lock out interrupts since this descriptor has
2098 * been detached from its interface and it yet hasn't been marked
2099 * free.
2100 */
2101 if (d->bd_sbuf != 0) {
2102 FREE(d->bd_sbuf, M_DEVBUF);
2103 if (d->bd_hbuf != 0)
2104 FREE(d->bd_hbuf, M_DEVBUF);
2105 if (d->bd_fbuf != 0)
2106 FREE(d->bd_fbuf, M_DEVBUF);
2107 }
2108 if (d->bd_filter)
2109 FREE((caddr_t)d->bd_filter, M_DEVBUF);
2110 }
2111
2112 /*
2113 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
2114 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
2115 * size of the link header (variable length headers not yet supported).
2116 */
2117 void
2118 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
2119 {
2120 bpf_attach(ifp, dlt, hdrlen, NULL, NULL);
2121 }
2122
2123 errno_t
2124 bpf_attach(
2125 ifnet_t ifp,
2126 u_int32_t dlt,
2127 u_int32_t hdrlen,
2128 bpf_send_func send,
2129 bpf_tap_func tap)
2130 {
2131 struct bpf_if *bp_new;
2132 struct bpf_if *bp_temp;
2133 struct bpf_if *bp_first = NULL;
2134
2135 bp_new = (struct bpf_if *) _MALLOC(sizeof(*bp_new), M_DEVBUF, M_WAIT);
2136 if (bp_new == 0)
2137 panic("bpfattach");
2138
2139 lck_mtx_lock(bpf_mlock);
2140
2141 /*
2142 * Check if this interface/dlt is already attached, record first
2143 * attachment for this interface.
2144 */
2145 for (bp_temp = bpf_iflist; bp_temp && (bp_temp->bif_ifp != ifp ||
2146 bp_temp->bif_dlt != dlt); bp_temp = bp_temp->bif_next) {
2147 if (bp_temp->bif_ifp == ifp && bp_first == NULL)
2148 bp_first = bp_temp;
2149 }
2150
2151 if (bp_temp != NULL) {
2152 printf("bpfattach - %s%d with dlt %d is already attached\n",
2153 ifp->if_name, ifp->if_unit, dlt);
2154 FREE(bp_new, M_DEVBUF);
2155 lck_mtx_unlock(bpf_mlock);
2156 return EEXIST;
2157 }
2158
2159 bzero(bp_new, sizeof(*bp_new));
2160 bp_new->bif_ifp = ifp;
2161 bp_new->bif_dlt = dlt;
2162 bp_new->bif_send = send;
2163 bp_new->bif_tap = tap;
2164
2165 if (bp_first == NULL) {
2166 /* No other entries for this ifp */
2167 bp_new->bif_next = bpf_iflist;
2168 bpf_iflist = bp_new;
2169 }
2170 else {
2171 /* Add this after the first entry for this interface */
2172 bp_new->bif_next = bp_first->bif_next;
2173 bp_first->bif_next = bp_new;
2174 }
2175
2176 /*
2177 * Compute the length of the bpf header. This is not necessarily
2178 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
2179 * that the network layer header begins on a longword boundary (for
2180 * performance reasons and to alleviate alignment restrictions).
2181 */
2182 bp_new->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
2183
2184 /* Take a reference on the interface */
2185 ifnet_reference(ifp);
2186
2187 lck_mtx_unlock(bpf_mlock);
2188
2189 #ifndef __APPLE__
2190 if (bootverbose)
2191 printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
2192 #endif
2193
2194 return 0;
2195 }
2196
2197 /*
2198 * Detach bpf from an interface. This involves detaching each descriptor
2199 * associated with the interface, and leaving bd_bif NULL. Notify each
2200 * descriptor as it's detached so that any sleepers wake up and get
2201 * ENXIO.
2202 */
2203 void
2204 bpfdetach(struct ifnet *ifp)
2205 {
2206 struct bpf_if *bp, *bp_prev, *bp_next;
2207 struct bpf_if *bp_free = NULL;
2208 struct bpf_d *d;
2209
2210
2211 lck_mtx_lock(bpf_mlock);
2212
2213 /* Locate BPF interface information */
2214 bp_prev = NULL;
2215 for (bp = bpf_iflist; bp != NULL; bp = bp_next) {
2216 bp_next = bp->bif_next;
2217 if (ifp != bp->bif_ifp) {
2218 bp_prev = bp;
2219 continue;
2220 }
2221
2222 while ((d = bp->bif_dlist) != NULL) {
2223 bpf_detachd(d);
2224 bpf_wakeup(d);
2225 }
2226
2227 if (bp_prev) {
2228 bp_prev->bif_next = bp->bif_next;
2229 } else {
2230 bpf_iflist = bp->bif_next;
2231 }
2232
2233 bp->bif_next = bp_free;
2234 bp_free = bp;
2235
2236 ifnet_release(ifp);
2237 }
2238
2239 lck_mtx_unlock(bpf_mlock);
2240
2241 FREE(bp, M_DEVBUF);
2242
2243 }
2244
2245 void
2246 bpf_init(__unused void *unused)
2247 {
2248 #ifdef __APPLE__
2249 int i;
2250 int maj;
2251
2252 if (bpf_devsw_installed == 0) {
2253 bpf_devsw_installed = 1;
2254
2255 bpf_mlock_grp_attr = lck_grp_attr_alloc_init();
2256
2257 bpf_mlock_grp = lck_grp_alloc_init("bpf", bpf_mlock_grp_attr);
2258
2259 bpf_mlock_attr = lck_attr_alloc_init();
2260
2261 bpf_mlock = lck_mtx_alloc_init(bpf_mlock_grp, bpf_mlock_attr);
2262
2263 if (bpf_mlock == 0) {
2264 printf("bpf_init: failed to allocate bpf_mlock\n");
2265 bpf_devsw_installed = 0;
2266 return;
2267 }
2268
2269 maj = cdevsw_add(CDEV_MAJOR, &bpf_cdevsw);
2270 if (maj == -1) {
2271 if (bpf_mlock)
2272 lck_mtx_free(bpf_mlock, bpf_mlock_grp);
2273 if (bpf_mlock_attr)
2274 lck_attr_free(bpf_mlock_attr);
2275 if (bpf_mlock_grp)
2276 lck_grp_free(bpf_mlock_grp);
2277 if (bpf_mlock_grp_attr)
2278 lck_grp_attr_free(bpf_mlock_grp_attr);
2279
2280 bpf_mlock = NULL;
2281 bpf_mlock_attr = NULL;
2282 bpf_mlock_grp = NULL;
2283 bpf_mlock_grp_attr = NULL;
2284 bpf_devsw_installed = 0;
2285 printf("bpf_init: failed to allocate a major number!\n");
2286 return;
2287 }
2288
2289 for (i = 0 ; i < NBPFILTER; i++)
2290 bpf_make_dev_t(maj);
2291 }
2292 #else
2293 cdevsw_add(&bpf_cdevsw);
2294 #endif
2295 }
2296
2297 #ifndef __APPLE__
2298 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
2299 #endif
2300
2301 #if CONFIG_MACF_NET
2302 struct label *
2303 mac_bpfdesc_label_get(struct bpf_d *d)
2304 {
2305
2306 return (d->bd_label);
2307 }
2308
2309 void
2310 mac_bpfdesc_label_set(struct bpf_d *d, struct label *label)
2311 {
2312
2313 d->bd_label = label;
2314 }
2315 #endif