]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/bpf.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1228.7.58.tar.gz
[apple/xnu.git] / bsd / net / bpf.c
1 /*
2 * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
66 *
67 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.5 2001/01/05 04:49:09 jdp Exp $
68 */
69 /*
70 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
71 * support for mandatory and extensible security protections. This notice
72 * is included in support of clause 2.2 (b) of the Apple Public License,
73 * Version 2.0.
74 */
75
76 #include "bpf.h"
77
78 #ifndef __GNUC__
79 #define inline
80 #else
81 #define inline __inline
82 #endif
83
84 #include <sys/param.h>
85 #include <sys/systm.h>
86 #include <sys/conf.h>
87 #include <sys/malloc.h>
88 #include <sys/mbuf.h>
89 #include <sys/time.h>
90 #include <sys/proc.h>
91 #include <sys/signalvar.h>
92 #include <sys/filio.h>
93 #include <sys/sockio.h>
94 #include <sys/ttycom.h>
95 #include <sys/filedesc.h>
96 #include <sys/uio_internal.h>
97
98 #if defined(sparc) && BSD < 199103
99 #include <sys/stream.h>
100 #endif
101 #include <sys/poll.h>
102
103 #include <sys/socket.h>
104 #include <sys/vnode.h>
105
106 #include <net/if.h>
107 #include <net/bpf.h>
108 #include <net/bpfdesc.h>
109
110 #include <netinet/in.h>
111 #include <netinet/if_ether.h>
112 #include <sys/kernel.h>
113 #include <sys/sysctl.h>
114 #include <net/firewire.h>
115
116 #include <miscfs/devfs/devfs.h>
117 #include <net/dlil.h>
118
119 #include <kern/locks.h>
120
121 #if CONFIG_MACF_NET
122 #include <security/mac_framework.h>
123 #endif /* MAC_NET */
124
125 extern int tvtohz(struct timeval *);
126
127 /*
128 * Older BSDs don't have kernel malloc.
129 */
130 #if BSD < 199103
131 extern bcopy();
132 static caddr_t bpf_alloc();
133 #include <net/bpf_compat.h>
134 #define BPF_BUFSIZE (MCLBYTES-8)
135 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
136 #else
137 #define BPF_BUFSIZE 4096
138 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
139 #endif
140
141
142 #define PRINET 26 /* interruptible */
143
144 /*
145 * The default read buffer size is patchable.
146 */
147 static unsigned int bpf_bufsize = BPF_BUFSIZE;
148 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW,
149 &bpf_bufsize, 0, "");
150 static unsigned int bpf_maxbufsize = BPF_MAXBUFSIZE;
151 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW,
152 &bpf_maxbufsize, 0, "");
153 static unsigned int bpf_maxdevices = 256;
154 SYSCTL_UINT(_debug, OID_AUTO, bpf_maxdevices, CTLFLAG_RW,
155 &bpf_maxdevices, 0, "");
156
157 /*
158 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
159 * bpf_dtab holds pointer to the descriptors, indexed by minor device #
160 */
161 static struct bpf_if *bpf_iflist;
162 #ifdef __APPLE__
163 /*
164 * BSD now stores the bpf_d in the dev_t which is a struct
165 * on their system. Our dev_t is an int, so we still store
166 * the bpf_d in a separate table indexed by minor device #.
167 *
168 * The value stored in bpf_dtab[n] represent three states:
169 * 0: device not opened
170 * 1: device opening or closing
171 * other: device <n> opened with pointer to storage
172 */
173 static struct bpf_d **bpf_dtab = NULL;
174 static unsigned int bpf_dtab_size = 0;
175 static unsigned int nbpfilter = 0;
176
177 static lck_mtx_t *bpf_mlock;
178 static lck_grp_t *bpf_mlock_grp;
179 static lck_grp_attr_t *bpf_mlock_grp_attr;
180 static lck_attr_t *bpf_mlock_attr;
181
182 /*
183 * Mark a descriptor free by making it point to itself.
184 * This is probably cheaper than marking with a constant since
185 * the address should be in a register anyway.
186 */
187 #endif /* __APPLE__ */
188
189 static int bpf_allocbufs(struct bpf_d *);
190 static errno_t bpf_attachd(struct bpf_d *d, struct bpf_if *bp);
191 static void bpf_detachd(struct bpf_d *d);
192 static void bpf_freed(struct bpf_d *);
193 static void bpf_mcopy(const void *, void *, size_t);
194 static int bpf_movein(struct uio *, int,
195 struct mbuf **, struct sockaddr *, int *);
196 static int bpf_setif(struct bpf_d *, ifnet_t ifp, u_int32_t dlt);
197 static void bpf_wakeup(struct bpf_d *);
198 static void catchpacket(struct bpf_d *, u_char *, u_int,
199 u_int, void (*)(const void *, void *, size_t));
200 static void reset_d(struct bpf_d *);
201 static int bpf_setf(struct bpf_d *, u_int bf_len, user_addr_t bf_insns);
202 static int bpf_getdltlist(struct bpf_d *, struct bpf_dltlist *);
203 static int bpf_setdlt(struct bpf_d *, u_int);
204
205 /*static void *bpf_devfs_token[MAXBPFILTER];*/
206
207 static int bpf_devsw_installed;
208
209 void bpf_init(void *unused);
210 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m);
211
212 /*
213 * Darwin differs from BSD here, the following are static
214 * on BSD and not static on Darwin.
215 */
216 d_open_t bpfopen;
217 d_close_t bpfclose;
218 d_read_t bpfread;
219 d_write_t bpfwrite;
220 ioctl_fcn_t bpfioctl;
221 select_fcn_t bpfpoll;
222
223
224 /* Darwin's cdevsw struct differs slightly from BSDs */
225 #define CDEV_MAJOR 23
226 static struct cdevsw bpf_cdevsw = {
227 /* open */ bpfopen,
228 /* close */ bpfclose,
229 /* read */ bpfread,
230 /* write */ bpfwrite,
231 /* ioctl */ bpfioctl,
232 /* stop */ eno_stop,
233 /* reset */ eno_reset,
234 /* tty */ NULL,
235 /* select */ bpfpoll,
236 /* mmap */ eno_mmap,
237 /* strategy*/ eno_strat,
238 /* getc */ eno_getc,
239 /* putc */ eno_putc,
240 /* type */ 0
241 };
242
243 #define SOCKADDR_HDR_LEN offsetof(struct sockaddr, sa_data)
244
245 static int
246 bpf_movein(struct uio *uio, int linktype, struct mbuf **mp, struct sockaddr *sockp, int *datlen)
247 {
248 struct mbuf *m;
249 int error;
250 int len;
251 uint8_t sa_family;
252 int hlen;
253
254 switch (linktype) {
255
256 #if SLIP
257 case DLT_SLIP:
258 sa_family = AF_INET;
259 hlen = 0;
260 break;
261 #endif /* SLIP */
262
263 case DLT_EN10MB:
264 sa_family = AF_UNSPEC;
265 /* XXX Would MAXLINKHDR be better? */
266 hlen = sizeof(struct ether_header);
267 break;
268
269 #if FDDI
270 case DLT_FDDI:
271 #if defined(__FreeBSD__) || defined(__bsdi__)
272 sa_family = AF_IMPLINK;
273 hlen = 0;
274 #else
275 sa_family = AF_UNSPEC;
276 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
277 hlen = 24;
278 #endif
279 break;
280 #endif /* FDDI */
281
282 case DLT_RAW:
283 case DLT_NULL:
284 sa_family = AF_UNSPEC;
285 hlen = 0;
286 break;
287
288 #ifdef __FreeBSD__
289 case DLT_ATM_RFC1483:
290 /*
291 * en atm driver requires 4-byte atm pseudo header.
292 * though it isn't standard, vpi:vci needs to be
293 * specified anyway.
294 */
295 sa_family = AF_UNSPEC;
296 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
297 break;
298 #endif
299
300 case DLT_PPP:
301 sa_family = AF_UNSPEC;
302 hlen = 4; /* This should match PPP_HDRLEN */
303 break;
304
305 case DLT_APPLE_IP_OVER_IEEE1394:
306 sa_family = AF_UNSPEC;
307 hlen = sizeof(struct firewire_header);
308 break;
309
310 default:
311 return (EIO);
312 }
313
314 // LP64todo - fix this!
315 len = uio_resid(uio);
316 *datlen = len - hlen;
317 if ((unsigned)len > MCLBYTES)
318 return (EIO);
319
320 if (sockp) {
321 /*
322 * Build a sockaddr based on the data link layer type.
323 * We do this at this level because the ethernet header
324 * is copied directly into the data field of the sockaddr.
325 * In the case of SLIP, there is no header and the packet
326 * is forwarded as is.
327 * Also, we are careful to leave room at the front of the mbuf
328 * for the link level header.
329 */
330 if ((hlen + SOCKADDR_HDR_LEN) > sockp->sa_len) {
331 return (EIO);
332 }
333 sockp->sa_family = sa_family;
334 } else {
335 /*
336 * We're directly sending the packet data supplied by
337 * the user; we don't need to make room for the link
338 * header, and don't need the header length value any
339 * more, so set it to 0.
340 */
341 hlen = 0;
342 }
343
344 MGETHDR(m, M_WAIT, MT_DATA);
345 if (m == 0)
346 return (ENOBUFS);
347 if ((unsigned)len > MHLEN) {
348 #if BSD >= 199103
349 MCLGET(m, M_WAIT);
350 if ((m->m_flags & M_EXT) == 0) {
351 #else
352 MCLGET(m);
353 if (m->m_len != MCLBYTES) {
354 #endif
355 error = ENOBUFS;
356 goto bad;
357 }
358 }
359 m->m_pkthdr.len = m->m_len = len;
360 m->m_pkthdr.rcvif = NULL;
361 *mp = m;
362 /*
363 * Make room for link header.
364 */
365 if (hlen != 0) {
366 m->m_pkthdr.len -= hlen;
367 m->m_len -= hlen;
368 #if BSD >= 199103
369 m->m_data += hlen; /* XXX */
370 #else
371 m->m_off += hlen;
372 #endif
373 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
374 if (error)
375 goto bad;
376 }
377 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
378 if (!error)
379 return (0);
380 bad:
381 m_freem(m);
382 return (error);
383 }
384
385 #ifdef __APPLE__
386
387 /*
388 * The dynamic addition of a new device node must block all processes that are opening
389 * the last device so that no process will get an unexpected ENOENT
390 */
391 static void
392 bpf_make_dev_t(int maj)
393 {
394 static int bpf_growing = 0;
395 unsigned int cur_size = nbpfilter, i;
396
397 if (nbpfilter >= bpf_maxdevices)
398 return;
399
400 while (bpf_growing) {
401 /* Wait until new device has been created */
402 (void)tsleep((caddr_t)&bpf_growing, PZERO, "bpf_growing", 0);
403 }
404 if (nbpfilter > cur_size) {
405 /* other thread grew it already */
406 return;
407 }
408 bpf_growing = 1;
409
410 /* need to grow bpf_dtab first */
411 if (nbpfilter == bpf_dtab_size) {
412 int new_dtab_size;
413 struct bpf_d **new_dtab = NULL;
414 struct bpf_d **old_dtab = NULL;
415
416 new_dtab_size = bpf_dtab_size + NBPFILTER;
417 new_dtab = (struct bpf_d **)_MALLOC(sizeof(struct bpf_d *) * new_dtab_size, M_DEVBUF, M_WAIT);
418 if (new_dtab == 0) {
419 printf("bpf_make_dev_t: malloc bpf_dtab failed\n");
420 goto done;
421 }
422 if (bpf_dtab) {
423 bcopy(bpf_dtab, new_dtab,
424 sizeof(struct bpf_d *) * bpf_dtab_size);
425 }
426 bzero(new_dtab + bpf_dtab_size,
427 sizeof(struct bpf_d *) * NBPFILTER);
428 old_dtab = bpf_dtab;
429 bpf_dtab = new_dtab;
430 bpf_dtab_size = new_dtab_size;
431 if (old_dtab != NULL)
432 _FREE(old_dtab, M_DEVBUF);
433 }
434 i = nbpfilter++;
435 (void) devfs_make_node(makedev(maj, i),
436 DEVFS_CHAR, UID_ROOT, GID_WHEEL, 0600,
437 "bpf%d", i);
438 done:
439 bpf_growing = 0;
440 wakeup((caddr_t)&bpf_growing);
441 }
442
443 #endif
444
445 /*
446 * Attach file to the bpf interface, i.e. make d listen on bp.
447 */
448 static errno_t
449 bpf_attachd(struct bpf_d *d, struct bpf_if *bp)
450 {
451 int first = bp->bif_dlist == NULL;
452 int error = 0;
453
454 /*
455 * Point d at bp, and add d to the interface's list of listeners.
456 * Finally, point the driver's bpf cookie at the interface so
457 * it will divert packets to bpf.
458 */
459 d->bd_bif = bp;
460 d->bd_next = bp->bif_dlist;
461 bp->bif_dlist = d;
462
463 if (first) {
464 /* Find the default bpf entry for this ifp */
465 if (bp->bif_ifp->if_bpf == NULL) {
466 struct bpf_if *primary;
467
468 for (primary = bpf_iflist; primary && primary->bif_ifp != bp->bif_ifp;
469 primary = primary->bif_next)
470 ;
471
472 bp->bif_ifp->if_bpf = primary;
473 }
474
475 /* Only call dlil_set_bpf_tap for primary dlt */
476 if (bp->bif_ifp->if_bpf == bp)
477 dlil_set_bpf_tap(bp->bif_ifp, BPF_TAP_INPUT_OUTPUT, bpf_tap_callback);
478
479 if (bp->bif_tap)
480 error = bp->bif_tap(bp->bif_ifp, bp->bif_dlt, BPF_TAP_INPUT_OUTPUT);
481 }
482
483 return error;
484 }
485
486 /*
487 * Detach a file from its interface.
488 */
489 static void
490 bpf_detachd(struct bpf_d *d)
491 {
492 struct bpf_d **p;
493 struct bpf_if *bp;
494 struct ifnet *ifp;
495
496 ifp = d->bd_bif->bif_ifp;
497 bp = d->bd_bif;
498
499 /* Remove d from the interface's descriptor list. */
500 p = &bp->bif_dlist;
501 while (*p != d) {
502 p = &(*p)->bd_next;
503 if (*p == 0)
504 panic("bpf_detachd: descriptor not in list");
505 }
506 *p = (*p)->bd_next;
507 if (bp->bif_dlist == 0) {
508 /*
509 * Let the driver know that there are no more listeners.
510 */
511 /* Only call dlil_set_bpf_tap for primary dlt */
512 if (bp->bif_ifp->if_bpf == bp)
513 dlil_set_bpf_tap(ifp, BPF_TAP_DISABLE, NULL);
514 if (bp->bif_tap)
515 bp->bif_tap(ifp, bp->bif_dlt, BPF_TAP_DISABLE);
516
517 for (bp = bpf_iflist; bp; bp = bp->bif_next)
518 if (bp->bif_ifp == ifp && bp->bif_dlist != 0)
519 break;
520 if (bp == NULL)
521 ifp->if_bpf = NULL;
522 }
523 d->bd_bif = NULL;
524 /*
525 * Check if this descriptor had requested promiscuous mode.
526 * If so, turn it off.
527 */
528 if (d->bd_promisc) {
529 d->bd_promisc = 0;
530 lck_mtx_unlock(bpf_mlock);
531 if (ifnet_set_promiscuous(ifp, 0)) {
532 /*
533 * Something is really wrong if we were able to put
534 * the driver into promiscuous mode, but can't
535 * take it out.
536 * Most likely the network interface is gone.
537 */
538 printf("bpf: ifnet_set_promiscuous failed");
539 }
540 lck_mtx_lock(bpf_mlock);
541 }
542 }
543
544
545 /*
546 * Open ethernet device. Returns ENXIO for illegal minor device number,
547 * EBUSY if file is open by another process.
548 */
549 /* ARGSUSED */
550 int
551 bpfopen(dev_t dev, __unused int flags, __unused int fmt,
552 __unused struct proc *p)
553 {
554 struct bpf_d *d;
555
556 lck_mtx_lock(bpf_mlock);
557 if ((unsigned int) minor(dev) >= nbpfilter) {
558 lck_mtx_unlock(bpf_mlock);
559 return (ENXIO);
560 }
561 /*
562 * New device nodes are created on demand when opening the last one.
563 * The programming model is for processes to loop on the minor starting at 0
564 * as long as EBUSY is returned. The loop stops when either the open succeeds or
565 * an error other that EBUSY is returned. That means that bpf_make_dev_t() must
566 * block all processes that are opening the last node. If not all
567 * processes are blocked, they could unexpectedly get ENOENT and abort their
568 * opening loop.
569 */
570 if ((unsigned int) minor(dev) == (nbpfilter - 1))
571 bpf_make_dev_t(major(dev));
572
573 /*
574 * Each minor can be opened by only one process. If the requested
575 * minor is in use, return EBUSY.
576 *
577 * Important: bpfopen() and bpfclose() have to check and set the status of a device
578 * in the same lockin context otherwise the device may be leaked because the vnode use count
579 * will be unpextectly greater than 1 when close() is called.
580 */
581 if (bpf_dtab[minor(dev)] == 0) {
582 bpf_dtab[minor(dev)] = (void *)1; /* Mark opening */
583 } else {
584 lck_mtx_unlock(bpf_mlock);
585 return (EBUSY);
586 }
587 d = (struct bpf_d *)_MALLOC(sizeof(struct bpf_d), M_DEVBUF, M_WAIT);
588 if (d == NULL) {
589 /* this really is a catastrophic failure */
590 printf("bpfopen: malloc bpf_d failed\n");
591 bpf_dtab[minor(dev)] = NULL;
592 lck_mtx_unlock(bpf_mlock);
593 return ENOMEM;
594 }
595 bzero(d, sizeof(struct bpf_d));
596
597 /*
598 * It is not necessary to take the BPF lock here because no other
599 * thread can access the device until it is marked opened...
600 */
601
602 /* Mark "in use" and do most initialization. */
603 d->bd_bufsize = bpf_bufsize;
604 d->bd_sig = SIGIO;
605 d->bd_seesent = 1;
606 #if CONFIG_MACF_NET
607 mac_bpfdesc_label_init(d);
608 mac_bpfdesc_label_associate(kauth_cred_get(), d);
609 #endif
610 bpf_dtab[minor(dev)] = d; /* Mark opened */
611 lck_mtx_unlock(bpf_mlock);
612
613 return (0);
614 }
615
616 /*
617 * Close the descriptor by detaching it from its interface,
618 * deallocating its buffers, and marking it free.
619 */
620 /* ARGSUSED */
621 int
622 bpfclose(dev_t dev, __unused int flags, __unused int fmt,
623 __unused struct proc *p)
624 {
625 struct bpf_d *d;
626
627 /* Take BPF lock to ensure no other thread is using the device */
628 lck_mtx_lock(bpf_mlock);
629
630 d = bpf_dtab[minor(dev)];
631 if (d == 0 || d == (void *)1) {
632 lck_mtx_unlock(bpf_mlock);
633 return (ENXIO);
634 }
635 bpf_dtab[minor(dev)] = (void *)1; /* Mark closing */
636
637 if (d->bd_bif)
638 bpf_detachd(d);
639 selthreadclear(&d->bd_sel);
640 #if CONFIG_MACF_NET
641 mac_bpfdesc_label_destroy(d);
642 #endif
643 bpf_freed(d);
644
645 /* Mark free in same context as bpfopen comes to check */
646 bpf_dtab[minor(dev)] = NULL; /* Mark closed */
647 lck_mtx_unlock(bpf_mlock);
648
649 _FREE(d, M_DEVBUF);
650
651 return (0);
652 }
653
654
655 #define BPF_SLEEP bpf_sleep
656
657 static int
658 bpf_sleep(struct bpf_d *d, int pri, const char *wmesg, int timo)
659 {
660 int st;
661
662 lck_mtx_unlock(bpf_mlock);
663
664 st = tsleep((caddr_t)d, pri, wmesg, timo);
665
666 lck_mtx_lock(bpf_mlock);
667
668 return st;
669 }
670
671 /*
672 * Rotate the packet buffers in descriptor d. Move the store buffer
673 * into the hold slot, and the free buffer into the store slot.
674 * Zero the length of the new store buffer.
675 */
676 #define ROTATE_BUFFERS(d) \
677 (d)->bd_hbuf = (d)->bd_sbuf; \
678 (d)->bd_hlen = (d)->bd_slen; \
679 (d)->bd_sbuf = (d)->bd_fbuf; \
680 (d)->bd_slen = 0; \
681 (d)->bd_fbuf = NULL;
682 /*
683 * bpfread - read next chunk of packets from buffers
684 */
685 int
686 bpfread(dev_t dev, struct uio *uio, int ioflag)
687 {
688 struct bpf_d *d;
689 int error;
690
691 lck_mtx_lock(bpf_mlock);
692
693 d = bpf_dtab[minor(dev)];
694 if (d == 0 || d == (void *)1) {
695 lck_mtx_unlock(bpf_mlock);
696 return (ENXIO);
697 }
698
699
700 /*
701 * Restrict application to use a buffer the same size as
702 * as kernel buffers.
703 */
704 // LP64todo - fix this
705 if (uio->uio_resid != d->bd_bufsize) {
706 lck_mtx_unlock(bpf_mlock);
707 return (EINVAL);
708 }
709
710 /*
711 * If the hold buffer is empty, then do a timed sleep, which
712 * ends when the timeout expires or when enough packets
713 * have arrived to fill the store buffer.
714 */
715 while (d->bd_hbuf == 0) {
716 if (d->bd_immediate && d->bd_slen != 0) {
717 /*
718 * A packet(s) either arrived since the previous
719 * read or arrived while we were asleep.
720 * Rotate the buffers and return what's here.
721 */
722 ROTATE_BUFFERS(d);
723 break;
724 }
725
726 /*
727 * No data is available, check to see if the bpf device
728 * is still pointed at a real interface. If not, return
729 * ENXIO so that the userland process knows to rebind
730 * it before using it again.
731 */
732 if (d->bd_bif == NULL) {
733 lck_mtx_unlock(bpf_mlock);
734 return (ENXIO);
735 }
736
737 if (ioflag & IO_NDELAY)
738 error = EWOULDBLOCK;
739 else
740 error = BPF_SLEEP(d, PRINET|PCATCH, "bpf",
741 d->bd_rtout);
742 /*
743 * Make sure device is still opened
744 */
745 d = bpf_dtab[minor(dev)];
746 if (d == 0 || d == (void *)1) {
747 lck_mtx_unlock(bpf_mlock);
748 return (ENXIO);
749 }
750 if (error == EINTR || error == ERESTART) {
751 lck_mtx_unlock(bpf_mlock);
752 return (error);
753 }
754 if (error == EWOULDBLOCK) {
755 /*
756 * On a timeout, return what's in the buffer,
757 * which may be nothing. If there is something
758 * in the store buffer, we can rotate the buffers.
759 */
760 if (d->bd_hbuf)
761 /*
762 * We filled up the buffer in between
763 * getting the timeout and arriving
764 * here, so we don't need to rotate.
765 */
766 break;
767
768 if (d->bd_slen == 0) {
769 lck_mtx_unlock(bpf_mlock);
770 return (0);
771 }
772 ROTATE_BUFFERS(d);
773 break;
774 }
775 }
776 /*
777 * At this point, we know we have something in the hold slot.
778 */
779
780 /*
781 * Move data from hold buffer into user space.
782 * We know the entire buffer is transferred since
783 * we checked above that the read buffer is bpf_bufsize bytes.
784 */
785 error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
786
787 d->bd_fbuf = d->bd_hbuf;
788 d->bd_hbuf = NULL;
789 d->bd_hlen = 0;
790 lck_mtx_unlock(bpf_mlock);
791 return (error);
792 }
793
794
795 /*
796 * If there are processes sleeping on this descriptor, wake them up.
797 */
798 static void
799 bpf_wakeup(struct bpf_d *d)
800 {
801 wakeup((caddr_t)d);
802 if (d->bd_async && d->bd_sig && d->bd_sigio)
803 pgsigio(d->bd_sigio, d->bd_sig);
804
805 #if BSD >= 199103
806 selwakeup(&d->bd_sel);
807 #ifndef __APPLE__
808 /* XXX */
809 d->bd_sel.si_pid = 0;
810 #endif
811 #else
812 if (d->bd_selproc) {
813 selwakeup(d->bd_selproc, (int)d->bd_selcoll);
814 d->bd_selcoll = 0;
815 d->bd_selproc = 0;
816 }
817 #endif
818 }
819
820 /* keep in sync with bpf_movein above: */
821 #define MAX_DATALINK_HDR_LEN (sizeof(struct firewire_header))
822
823 int
824 bpfwrite(dev_t dev, struct uio *uio, __unused int ioflag)
825 {
826 struct bpf_d *d;
827 struct ifnet *ifp;
828 struct mbuf *m = NULL;
829 int error;
830 char dst_buf[SOCKADDR_HDR_LEN + MAX_DATALINK_HDR_LEN];
831 int datlen;
832
833 lck_mtx_lock(bpf_mlock);
834
835 d = bpf_dtab[minor(dev)];
836 if (d == 0 || d == (void *)1) {
837 lck_mtx_unlock(bpf_mlock);
838 return (ENXIO);
839 }
840 if (d->bd_bif == 0) {
841 lck_mtx_unlock(bpf_mlock);
842 return (ENXIO);
843 }
844
845 ifp = d->bd_bif->bif_ifp;
846
847 if (uio->uio_resid == 0) {
848 lck_mtx_unlock(bpf_mlock);
849 return (0);
850 }
851 ((struct sockaddr *)dst_buf)->sa_len = sizeof(dst_buf);
852 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m,
853 d->bd_hdrcmplt ? NULL : (struct sockaddr *)dst_buf,
854 &datlen);
855 if (error) {
856 lck_mtx_unlock(bpf_mlock);
857 return (error);
858 }
859
860 if ((unsigned)datlen > ifp->if_mtu) {
861 lck_mtx_unlock(bpf_mlock);
862 m_freem(m);
863 return (EMSGSIZE);
864 }
865
866 if ((error = ifp_use(ifp, kIfNetUseCount_MustNotBeZero)) != 0) {
867 lck_mtx_unlock(bpf_mlock);
868 m_freem(m);
869 return (error);
870 }
871
872 #if CONFIG_MACF_NET
873 mac_mbuf_label_associate_bpfdesc(d, m);
874 #endif
875 lck_mtx_unlock(bpf_mlock);
876
877 if (d->bd_hdrcmplt) {
878 if (d->bd_bif->bif_send)
879 error = d->bd_bif->bif_send(ifp, d->bd_bif->bif_dlt, m);
880 else
881 error = dlil_output(ifp, 0, m, NULL, NULL, 1);
882 }
883 else {
884 error = dlil_output(ifp, PF_INET, m, NULL, (struct sockaddr *)dst_buf, 0);
885 }
886
887 if (ifp_unuse(ifp) != 0)
888 ifp_use_reached_zero(ifp);
889
890 /*
891 * The driver frees the mbuf.
892 */
893 return (error);
894 }
895
896 /*
897 * Reset a descriptor by flushing its packet buffer and clearing the
898 * receive and drop counts.
899 */
900 static void
901 reset_d(struct bpf_d *d)
902 {
903 if (d->bd_hbuf) {
904 /* Free the hold buffer. */
905 d->bd_fbuf = d->bd_hbuf;
906 d->bd_hbuf = NULL;
907 }
908 d->bd_slen = 0;
909 d->bd_hlen = 0;
910 d->bd_rcount = 0;
911 d->bd_dcount = 0;
912 }
913
914 /*
915 * FIONREAD Check for read packet available.
916 * SIOCGIFADDR Get interface address - convenient hook to driver.
917 * BIOCGBLEN Get buffer len [for read()].
918 * BIOCSETF Set ethernet read filter.
919 * BIOCFLUSH Flush read packet buffer.
920 * BIOCPROMISC Put interface into promiscuous mode.
921 * BIOCGDLT Get link layer type.
922 * BIOCGETIF Get interface name.
923 * BIOCSETIF Set interface.
924 * BIOCSRTIMEOUT Set read timeout.
925 * BIOCGRTIMEOUT Get read timeout.
926 * BIOCGSTATS Get packet stats.
927 * BIOCIMMEDIATE Set immediate mode.
928 * BIOCVERSION Get filter language version.
929 * BIOCGHDRCMPLT Get "header already complete" flag
930 * BIOCSHDRCMPLT Set "header already complete" flag
931 * BIOCGSEESENT Get "see packets sent" flag
932 * BIOCSSEESENT Set "see packets sent" flag
933 */
934 /* ARGSUSED */
935 int
936 bpfioctl(dev_t dev, u_long cmd, caddr_t addr, __unused int flags,
937 __unused struct proc *p)
938 {
939 struct bpf_d *d;
940 int error = 0;
941
942 lck_mtx_lock(bpf_mlock);
943
944 d = bpf_dtab[minor(dev)];
945 if (d == 0 || d == (void *)1) {
946 lck_mtx_unlock(bpf_mlock);
947 return (ENXIO);
948 }
949
950 switch (cmd) {
951
952 default:
953 error = EINVAL;
954 break;
955
956 /*
957 * Check for read packet available.
958 */
959 case FIONREAD:
960 {
961 int n;
962
963 n = d->bd_slen;
964 if (d->bd_hbuf)
965 n += d->bd_hlen;
966
967 *(int *)addr = n;
968 break;
969 }
970
971 case SIOCGIFADDR:
972 {
973 struct ifnet *ifp;
974
975 if (d->bd_bif == 0)
976 error = EINVAL;
977 else {
978 ifp = d->bd_bif->bif_ifp;
979 error = ifnet_ioctl(ifp, 0, cmd, addr);
980 }
981 break;
982 }
983
984 /*
985 * Get buffer len [for read()].
986 */
987 case BIOCGBLEN:
988 *(u_int *)addr = d->bd_bufsize;
989 break;
990
991 /*
992 * Set buffer length.
993 */
994 case BIOCSBLEN:
995 #if BSD < 199103
996 error = EINVAL;
997 #else
998 if (d->bd_bif != 0)
999 error = EINVAL;
1000 else {
1001 u_int size = *(u_int *)addr;
1002
1003 if (size > bpf_maxbufsize)
1004 *(u_int *)addr = size = bpf_maxbufsize;
1005 else if (size < BPF_MINBUFSIZE)
1006 *(u_int *)addr = size = BPF_MINBUFSIZE;
1007 d->bd_bufsize = size;
1008 }
1009 #endif
1010 break;
1011
1012 /*
1013 * Set link layer read filter.
1014 */
1015 case BIOCSETF64:
1016 case BIOCSETF: {
1017 if (proc_is64bit(current_proc())) {
1018 struct bpf_program64 * prg64;
1019
1020 prg64 = (struct bpf_program64 *)addr;
1021 error = bpf_setf(d, prg64->bf_len,
1022 prg64->bf_insns);
1023 }
1024 else {
1025 struct bpf_program * prg;
1026
1027 prg = (struct bpf_program *)addr;
1028 error = bpf_setf(d, prg->bf_len,
1029 CAST_USER_ADDR_T(prg->bf_insns));
1030 }
1031 break;
1032 }
1033 /*
1034 * Flush read packet buffer.
1035 */
1036 case BIOCFLUSH:
1037 reset_d(d);
1038 break;
1039
1040 /*
1041 * Put interface into promiscuous mode.
1042 */
1043 case BIOCPROMISC:
1044 if (d->bd_bif == 0) {
1045 /*
1046 * No interface attached yet.
1047 */
1048 error = EINVAL;
1049 break;
1050 }
1051 if (d->bd_promisc == 0) {
1052 lck_mtx_unlock(bpf_mlock);
1053 error = ifnet_set_promiscuous(d->bd_bif->bif_ifp, 1);
1054 lck_mtx_lock(bpf_mlock);
1055 if (error == 0)
1056 d->bd_promisc = 1;
1057 }
1058 break;
1059
1060 /*
1061 * Get device parameters.
1062 */
1063 case BIOCGDLT:
1064 if (d->bd_bif == 0)
1065 error = EINVAL;
1066 else
1067 *(u_int *)addr = d->bd_bif->bif_dlt;
1068 break;
1069
1070 /*
1071 * Get a list of supported data link types.
1072 */
1073 case BIOCGDLTLIST:
1074 if (d->bd_bif == NULL)
1075 error = EINVAL;
1076 else
1077 error = bpf_getdltlist(d, (struct bpf_dltlist *)addr);
1078 break;
1079
1080 /*
1081 * Set data link type.
1082 */
1083 case BIOCSDLT:
1084 if (d->bd_bif == NULL)
1085 error = EINVAL;
1086 else
1087 error = bpf_setdlt(d, *(u_int *)addr);
1088 break;
1089
1090 /*
1091 * Get interface name.
1092 */
1093 case BIOCGETIF:
1094 if (d->bd_bif == 0)
1095 error = EINVAL;
1096 else {
1097 struct ifnet *const ifp = d->bd_bif->bif_ifp;
1098 struct ifreq *const ifr = (struct ifreq *)addr;
1099
1100 snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
1101 "%s%d", ifp->if_name, ifp->if_unit);
1102 }
1103 break;
1104
1105 /*
1106 * Set interface.
1107 */
1108 case BIOCSETIF: {
1109 ifnet_t ifp;
1110 ifp = ifunit(((struct ifreq *)addr)->ifr_name);
1111 if (ifp == NULL)
1112 error = ENXIO;
1113 else
1114 error = bpf_setif(d, ifp, 0);
1115 break;
1116 }
1117
1118 /*
1119 * Set read timeout.
1120 */
1121 case BIOCSRTIMEOUT:
1122 {
1123 struct timeval *tv = (struct timeval *)addr;
1124
1125 /*
1126 * Subtract 1 tick from tvtohz() since this isn't
1127 * a one-shot timer.
1128 */
1129 if ((error = itimerfix(tv)) == 0)
1130 d->bd_rtout = tvtohz(tv) - 1;
1131 break;
1132 }
1133
1134 /*
1135 * Get read timeout.
1136 */
1137 case BIOCGRTIMEOUT:
1138 {
1139 struct timeval *tv = (struct timeval *)addr;
1140
1141 tv->tv_sec = d->bd_rtout / hz;
1142 tv->tv_usec = (d->bd_rtout % hz) * tick;
1143 break;
1144 }
1145
1146 /*
1147 * Get packet stats.
1148 */
1149 case BIOCGSTATS:
1150 {
1151 struct bpf_stat *bs = (struct bpf_stat *)addr;
1152
1153 bs->bs_recv = d->bd_rcount;
1154 bs->bs_drop = d->bd_dcount;
1155 break;
1156 }
1157
1158 /*
1159 * Set immediate mode.
1160 */
1161 case BIOCIMMEDIATE:
1162 d->bd_immediate = *(u_int *)addr;
1163 break;
1164
1165 case BIOCVERSION:
1166 {
1167 struct bpf_version *bv = (struct bpf_version *)addr;
1168
1169 bv->bv_major = BPF_MAJOR_VERSION;
1170 bv->bv_minor = BPF_MINOR_VERSION;
1171 break;
1172 }
1173
1174 /*
1175 * Get "header already complete" flag
1176 */
1177 case BIOCGHDRCMPLT:
1178 *(u_int *)addr = d->bd_hdrcmplt;
1179 break;
1180
1181 /*
1182 * Set "header already complete" flag
1183 */
1184 case BIOCSHDRCMPLT:
1185 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
1186 break;
1187
1188 /*
1189 * Get "see sent packets" flag
1190 */
1191 case BIOCGSEESENT:
1192 *(u_int *)addr = d->bd_seesent;
1193 break;
1194
1195 /*
1196 * Set "see sent packets" flag
1197 */
1198 case BIOCSSEESENT:
1199 d->bd_seesent = *(u_int *)addr;
1200 break;
1201
1202 case FIONBIO: /* Non-blocking I/O */
1203 break;
1204
1205 case FIOASYNC: /* Send signal on receive packets */
1206 d->bd_async = *(int *)addr;
1207 break;
1208 #ifndef __APPLE__
1209 case FIOSETOWN:
1210 error = fsetown(*(int *)addr, &d->bd_sigio);
1211 break;
1212
1213 case FIOGETOWN:
1214 *(int *)addr = fgetown(d->bd_sigio);
1215 break;
1216
1217 /* This is deprecated, FIOSETOWN should be used instead. */
1218 case TIOCSPGRP:
1219 error = fsetown(-(*(int *)addr), &d->bd_sigio);
1220 break;
1221
1222 /* This is deprecated, FIOGETOWN should be used instead. */
1223 case TIOCGPGRP:
1224 *(int *)addr = -fgetown(d->bd_sigio);
1225 break;
1226 #endif
1227 case BIOCSRSIG: /* Set receive signal */
1228 {
1229 u_int sig;
1230
1231 sig = *(u_int *)addr;
1232
1233 if (sig >= NSIG)
1234 error = EINVAL;
1235 else
1236 d->bd_sig = sig;
1237 break;
1238 }
1239 case BIOCGRSIG:
1240 *(u_int *)addr = d->bd_sig;
1241 break;
1242 }
1243
1244 lck_mtx_unlock(bpf_mlock);
1245
1246 return (error);
1247 }
1248
1249 /*
1250 * Set d's packet filter program to fp. If this file already has a filter,
1251 * free it and replace it. Returns EINVAL for bogus requests.
1252 */
1253 static int
1254 bpf_setf(struct bpf_d *d, u_int bf_len, user_addr_t bf_insns)
1255 {
1256 struct bpf_insn *fcode, *old;
1257 u_int flen, size;
1258
1259 old = d->bd_filter;
1260 if (bf_insns == USER_ADDR_NULL) {
1261 if (bf_len != 0)
1262 return (EINVAL);
1263 d->bd_filter = NULL;
1264 reset_d(d);
1265 if (old != 0)
1266 FREE((caddr_t)old, M_DEVBUF);
1267 return (0);
1268 }
1269 flen = bf_len;
1270 if (flen > BPF_MAXINSNS)
1271 return (EINVAL);
1272
1273 size = flen * sizeof(struct bpf_insn);
1274 fcode = (struct bpf_insn *) _MALLOC(size, M_DEVBUF, M_WAIT);
1275 #ifdef __APPLE__
1276 if (fcode == NULL)
1277 return (ENOBUFS);
1278 #endif
1279 if (copyin(bf_insns, (caddr_t)fcode, size) == 0 &&
1280 bpf_validate(fcode, (int)flen)) {
1281 d->bd_filter = fcode;
1282 reset_d(d);
1283 if (old != 0)
1284 FREE((caddr_t)old, M_DEVBUF);
1285
1286 return (0);
1287 }
1288 FREE((caddr_t)fcode, M_DEVBUF);
1289 return (EINVAL);
1290 }
1291
1292 /*
1293 * Detach a file from its current interface (if attached at all) and attach
1294 * to the interface indicated by the name stored in ifr.
1295 * Return an errno or 0.
1296 */
1297 static int
1298 bpf_setif(struct bpf_d *d, ifnet_t theywant, u_int32_t dlt)
1299 {
1300 struct bpf_if *bp;
1301 int error;
1302
1303 /*
1304 * Look through attached interfaces for the named one.
1305 */
1306 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1307 struct ifnet *ifp = bp->bif_ifp;
1308
1309 if (ifp == 0 || ifp != theywant || (dlt != 0 && dlt != bp->bif_dlt))
1310 continue;
1311 /*
1312 * We found the requested interface.
1313 * If it's not up, return an error.
1314 * Allocate the packet buffers if we need to.
1315 * If we're already attached to requested interface,
1316 * just flush the buffer.
1317 */
1318 if ((ifp->if_flags & IFF_UP) == 0)
1319 return (ENETDOWN);
1320
1321 if (d->bd_sbuf == 0) {
1322 error = bpf_allocbufs(d);
1323 if (error != 0)
1324 return (error);
1325 }
1326 if (bp != d->bd_bif) {
1327 if (d->bd_bif)
1328 /*
1329 * Detach if attached to something else.
1330 */
1331 bpf_detachd(d);
1332
1333 if (bpf_attachd(d, bp) != 0) {
1334 return ENXIO;
1335 }
1336 }
1337 reset_d(d);
1338 return (0);
1339 }
1340 /* Not found. */
1341 return (ENXIO);
1342 }
1343
1344
1345
1346 /*
1347 * Get a list of available data link type of the interface.
1348 */
1349 static int
1350 bpf_getdltlist(
1351 struct bpf_d *d,
1352 struct bpf_dltlist *bfl)
1353 {
1354 u_int n;
1355 int error;
1356 struct ifnet *ifp;
1357 struct bpf_if *bp;
1358 user_addr_t dlist;
1359
1360 if (IS_64BIT_PROCESS(current_proc())) {
1361 dlist = CAST_USER_ADDR_T(bfl->bfl_u.bflu_pad);
1362 }
1363 else {
1364 dlist = CAST_USER_ADDR_T(bfl->bfl_u.bflu_list);
1365 }
1366
1367 ifp = d->bd_bif->bif_ifp;
1368 n = 0;
1369 error = 0;
1370 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1371 if (bp->bif_ifp != ifp)
1372 continue;
1373 if (dlist != 0) {
1374 if (n >= bfl->bfl_len) {
1375 return (ENOMEM);
1376 }
1377 error = copyout(&bp->bif_dlt, dlist, sizeof(bp->bif_dlt));
1378 dlist += sizeof(bp->bif_dlt);
1379 }
1380 n++;
1381 }
1382 bfl->bfl_len = n;
1383 return (error);
1384 }
1385
1386 /*
1387 * Set the data link type of a BPF instance.
1388 */
1389 static int
1390 bpf_setdlt(struct bpf_d *d, uint32_t dlt)
1391
1392
1393 {
1394 int error, opromisc;
1395 struct ifnet *ifp;
1396 struct bpf_if *bp;
1397
1398 if (d->bd_bif->bif_dlt == dlt)
1399 return (0);
1400 ifp = d->bd_bif->bif_ifp;
1401 for (bp = bpf_iflist; bp; bp = bp->bif_next) {
1402 if (bp->bif_ifp == ifp && bp->bif_dlt == dlt)
1403 break;
1404 }
1405 if (bp != NULL) {
1406 opromisc = d->bd_promisc;
1407 bpf_detachd(d);
1408 error = bpf_attachd(d, bp);
1409 if (error) {
1410 printf("bpf_setdlt: bpf_attachd %s%d failed (%d)\n",
1411 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1412 return error;
1413 }
1414 reset_d(d);
1415 if (opromisc) {
1416 lck_mtx_unlock(bpf_mlock);
1417 error = ifnet_set_promiscuous(bp->bif_ifp, 1);
1418 lck_mtx_lock(bpf_mlock);
1419 if (error)
1420 printf("bpf_setdlt: ifpromisc %s%d failed (%d)\n",
1421 ifnet_name(bp->bif_ifp), ifnet_unit(bp->bif_ifp), error);
1422 else
1423 d->bd_promisc = 1;
1424 }
1425 }
1426 return (bp == NULL ? EINVAL : 0);
1427 }
1428
1429 /*
1430 * Support for select() and poll() system calls
1431 *
1432 * Return true iff the specific operation will not block indefinitely.
1433 * Otherwise, return false but make a note that a selwakeup() must be done.
1434 */
1435 int
1436 bpfpoll(dev_t dev, int events, void * wql, struct proc *p)
1437 {
1438 struct bpf_d *d;
1439 int revents = 0;
1440
1441 lck_mtx_lock(bpf_mlock);
1442
1443 d = bpf_dtab[minor(dev)];
1444 if (d == 0 || d == (void *)1) {
1445 lck_mtx_unlock(bpf_mlock);
1446 return (ENXIO);
1447 }
1448
1449 /*
1450 * An imitation of the FIONREAD ioctl code.
1451 */
1452 if (d->bd_bif == NULL) {
1453 lck_mtx_unlock(bpf_mlock);
1454 return (ENXIO);
1455 }
1456
1457 if (events & (POLLIN | POLLRDNORM)) {
1458 if (d->bd_hlen != 0 || (d->bd_immediate && d->bd_slen != 0))
1459 revents |= events & (POLLIN | POLLRDNORM);
1460 else
1461 selrecord(p, &d->bd_sel, wql);
1462 }
1463
1464 lck_mtx_unlock(bpf_mlock);
1465 return (revents);
1466 }
1467
1468 static inline void*
1469 _cast_non_const(const void * ptr) {
1470 union {
1471 const void* cval;
1472 void* val;
1473 } ret;
1474
1475 ret.cval = ptr;
1476 return (ret.val);
1477 }
1478
1479 /*
1480 * Copy data from an mbuf chain into a buffer. This code is derived
1481 * from m_copydata in sys/uipc_mbuf.c.
1482 */
1483 static void
1484 bpf_mcopy(const void *src_arg, void *dst_arg, size_t len)
1485 {
1486 struct mbuf *m = _cast_non_const(src_arg);
1487 u_int count;
1488 u_char *dst;
1489
1490 dst = dst_arg;
1491 while (len > 0) {
1492 if (m == 0)
1493 panic("bpf_mcopy");
1494 count = min(m->m_len, len);
1495 bcopy(mbuf_data(m), dst, count);
1496 m = m->m_next;
1497 dst += count;
1498 len -= count;
1499 }
1500 }
1501
1502 static inline void
1503 bpf_tap_imp(
1504 ifnet_t ifp,
1505 u_int32_t dlt,
1506 mbuf_t m,
1507 void* hdr,
1508 size_t hlen,
1509 int outbound)
1510 {
1511 struct bpf_if *bp;
1512
1513 /*
1514 * It's possible that we get here after the bpf descriptor has been
1515 * detached from the interface; in such a case we simply return.
1516 * Lock ordering is important since we can be called asynchronously
1517 * (from the IOKit) to process an inbound packet; when that happens
1518 * we would have been holding its "gateLock" and will be acquiring
1519 * "bpf_mlock" upon entering this routine. Due to that, we release
1520 * "bpf_mlock" prior to calling ifnet_set_promiscuous (which will
1521 * acquire "gateLock" in the IOKit), in order to avoid a deadlock
1522 * when a ifnet_set_promiscuous request simultaneously collides with
1523 * an inbound packet being passed into the tap callback.
1524 */
1525 lck_mtx_lock(bpf_mlock);
1526 if (ifp->if_bpf == NULL) {
1527 lck_mtx_unlock(bpf_mlock);
1528 return;
1529 }
1530 bp = ifp->if_bpf;
1531 for (bp = ifp->if_bpf; bp && bp->bif_ifp == ifp &&
1532 (dlt != 0 && bp->bif_dlt != dlt); bp = bp->bif_next)
1533 ;
1534 if (bp && bp->bif_ifp == ifp && bp->bif_dlist != NULL) {
1535 struct bpf_d *d;
1536 struct m_hdr hack_hdr;
1537 u_int pktlen = 0;
1538 u_int slen = 0;
1539 struct mbuf *m0;
1540
1541 if (hdr) {
1542 /*
1543 * This is gross. We mock up an mbuf that points to the
1544 * header buffer. This means we don't have to copy the
1545 * header. A number of interfaces prepended headers just
1546 * for bpf by allocating an mbuf on the stack. We want to
1547 * give developers an easy way to prepend a header for bpf.
1548 * Since a developer allocating an mbuf on the stack is bad,
1549 * we do even worse here, allocating only a header to point
1550 * to a buffer the developer supplied. This makes assumptions
1551 * that bpf_filter and catchpacket will not look at anything
1552 * in the mbuf other than the header. This was true at the
1553 * time this code was written.
1554 */
1555 hack_hdr.mh_next = m;
1556 hack_hdr.mh_nextpkt = NULL;
1557 hack_hdr.mh_len = hlen;
1558 hack_hdr.mh_data = hdr;
1559 hack_hdr.mh_type = m->m_type;
1560 hack_hdr.mh_flags = 0;
1561
1562 m = (mbuf_t)&hack_hdr;
1563 }
1564
1565 for (m0 = m; m0 != 0; m0 = m0->m_next)
1566 pktlen += m0->m_len;
1567
1568 for (d = bp->bif_dlist; d; d = d->bd_next) {
1569 if (outbound && !d->bd_seesent)
1570 continue;
1571 ++d->bd_rcount;
1572 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1573 if (slen != 0) {
1574 #if CONFIG_MACF_NET
1575 if (mac_bpfdesc_check_receive(d, bp->bif_ifp) != 0)
1576 continue;
1577 #endif
1578 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1579 }
1580 }
1581 }
1582 lck_mtx_unlock(bpf_mlock);
1583 }
1584
1585 void
1586 bpf_tap_out(
1587 ifnet_t ifp,
1588 u_int32_t dlt,
1589 mbuf_t m,
1590 void* hdr,
1591 size_t hlen)
1592 {
1593 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 1);
1594 }
1595
1596 void
1597 bpf_tap_in(
1598 ifnet_t ifp,
1599 u_int32_t dlt,
1600 mbuf_t m,
1601 void* hdr,
1602 size_t hlen)
1603 {
1604 bpf_tap_imp(ifp, dlt, m, hdr, hlen, 0);
1605 }
1606
1607 /* Callback registered with Ethernet driver. */
1608 static int bpf_tap_callback(struct ifnet *ifp, struct mbuf *m)
1609 {
1610 bpf_tap_imp(ifp, 0, m, NULL, 0, mbuf_pkthdr_rcvif(m) == NULL);
1611
1612 return 0;
1613 }
1614
1615 /*
1616 * Move the packet data from interface memory (pkt) into the
1617 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
1618 * otherwise 0. "copy" is the routine called to do the actual data
1619 * transfer. bcopy is passed in to copy contiguous chunks, while
1620 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1621 * pkt is really an mbuf.
1622 */
1623 static void
1624 catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
1625 void (*cpfn)(const void *, void *, size_t))
1626 {
1627 struct bpf_hdr *hp;
1628 int totlen, curlen;
1629 int hdrlen = d->bd_bif->bif_hdrlen;
1630 /*
1631 * Figure out how many bytes to move. If the packet is
1632 * greater or equal to the snapshot length, transfer that
1633 * much. Otherwise, transfer the whole packet (unless
1634 * we hit the buffer size limit).
1635 */
1636 totlen = hdrlen + min(snaplen, pktlen);
1637 if (totlen > d->bd_bufsize)
1638 totlen = d->bd_bufsize;
1639
1640 /*
1641 * Round up the end of the previous packet to the next longword.
1642 */
1643 curlen = BPF_WORDALIGN(d->bd_slen);
1644 if (curlen + totlen > d->bd_bufsize) {
1645 /*
1646 * This packet will overflow the storage buffer.
1647 * Rotate the buffers if we can, then wakeup any
1648 * pending reads.
1649 */
1650 if (d->bd_fbuf == 0) {
1651 /*
1652 * We haven't completed the previous read yet,
1653 * so drop the packet.
1654 */
1655 ++d->bd_dcount;
1656 return;
1657 }
1658 ROTATE_BUFFERS(d);
1659 bpf_wakeup(d);
1660 curlen = 0;
1661 }
1662 else if (d->bd_immediate)
1663 /*
1664 * Immediate mode is set. A packet arrived so any
1665 * reads should be woken up.
1666 */
1667 bpf_wakeup(d);
1668
1669 /*
1670 * Append the bpf header.
1671 */
1672 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1673 microtime(&hp->bh_tstamp);
1674 hp->bh_datalen = pktlen;
1675 hp->bh_hdrlen = hdrlen;
1676 /*
1677 * Copy the packet data into the store buffer and update its length.
1678 */
1679 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1680 d->bd_slen = curlen + totlen;
1681 }
1682
1683 /*
1684 * Initialize all nonzero fields of a descriptor.
1685 */
1686 static int
1687 bpf_allocbufs(struct bpf_d *d)
1688 {
1689 d->bd_fbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
1690 if (d->bd_fbuf == 0)
1691 return (ENOBUFS);
1692
1693 d->bd_sbuf = (caddr_t) _MALLOC(d->bd_bufsize, M_DEVBUF, M_WAIT);
1694 if (d->bd_sbuf == 0) {
1695 FREE(d->bd_fbuf, M_DEVBUF);
1696 return (ENOBUFS);
1697 }
1698 d->bd_slen = 0;
1699 d->bd_hlen = 0;
1700 return (0);
1701 }
1702
1703 /*
1704 * Free buffers currently in use by a descriptor.
1705 * Called on close.
1706 */
1707 static void
1708 bpf_freed(struct bpf_d *d)
1709 {
1710 /*
1711 * We don't need to lock out interrupts since this descriptor has
1712 * been detached from its interface and it yet hasn't been marked
1713 * free.
1714 */
1715 if (d->bd_sbuf != 0) {
1716 FREE(d->bd_sbuf, M_DEVBUF);
1717 if (d->bd_hbuf != 0)
1718 FREE(d->bd_hbuf, M_DEVBUF);
1719 if (d->bd_fbuf != 0)
1720 FREE(d->bd_fbuf, M_DEVBUF);
1721 }
1722 if (d->bd_filter)
1723 FREE((caddr_t)d->bd_filter, M_DEVBUF);
1724 }
1725
1726 /*
1727 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
1728 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
1729 * size of the link header (variable length headers not yet supported).
1730 */
1731 void
1732 bpfattach(struct ifnet *ifp, u_int dlt, u_int hdrlen)
1733 {
1734 bpf_attach(ifp, dlt, hdrlen, NULL, NULL);
1735 }
1736
1737 errno_t
1738 bpf_attach(
1739 ifnet_t ifp,
1740 u_int32_t dlt,
1741 u_int32_t hdrlen,
1742 bpf_send_func send,
1743 bpf_tap_func tap)
1744 {
1745 struct bpf_if *bp_new;
1746 struct bpf_if *bp_temp;
1747 struct bpf_if *bp_first = NULL;
1748
1749 bp_new = (struct bpf_if *) _MALLOC(sizeof(*bp_new), M_DEVBUF, M_WAIT);
1750 if (bp_new == 0)
1751 panic("bpfattach");
1752
1753 lck_mtx_lock(bpf_mlock);
1754
1755 /*
1756 * Check if this interface/dlt is already attached, record first
1757 * attachment for this interface.
1758 */
1759 for (bp_temp = bpf_iflist; bp_temp && (bp_temp->bif_ifp != ifp ||
1760 bp_temp->bif_dlt != dlt); bp_temp = bp_temp->bif_next) {
1761 if (bp_temp->bif_ifp == ifp && bp_first == NULL)
1762 bp_first = bp_temp;
1763 }
1764
1765 if (bp_temp != NULL) {
1766 printf("bpfattach - %s%d with dlt %d is already attached\n",
1767 ifp->if_name, ifp->if_unit, dlt);
1768 FREE(bp_new, M_DEVBUF);
1769 lck_mtx_unlock(bpf_mlock);
1770 return EEXIST;
1771 }
1772
1773 bzero(bp_new, sizeof(*bp_new));
1774 bp_new->bif_ifp = ifp;
1775 bp_new->bif_dlt = dlt;
1776 bp_new->bif_send = send;
1777 bp_new->bif_tap = tap;
1778
1779 if (bp_first == NULL) {
1780 /* No other entries for this ifp */
1781 bp_new->bif_next = bpf_iflist;
1782 bpf_iflist = bp_new;
1783 }
1784 else {
1785 /* Add this after the first entry for this interface */
1786 bp_new->bif_next = bp_first->bif_next;
1787 bp_first->bif_next = bp_new;
1788 }
1789
1790 /*
1791 * Compute the length of the bpf header. This is not necessarily
1792 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1793 * that the network layer header begins on a longword boundary (for
1794 * performance reasons and to alleviate alignment restrictions).
1795 */
1796 bp_new->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1797
1798 /* Take a reference on the interface */
1799 ifnet_reference(ifp);
1800
1801 lck_mtx_unlock(bpf_mlock);
1802
1803 #ifndef __APPLE__
1804 if (bootverbose)
1805 printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
1806 #endif
1807
1808 return 0;
1809 }
1810
1811 /*
1812 * Detach bpf from an interface. This involves detaching each descriptor
1813 * associated with the interface, and leaving bd_bif NULL. Notify each
1814 * descriptor as it's detached so that any sleepers wake up and get
1815 * ENXIO.
1816 */
1817 void
1818 bpfdetach(struct ifnet *ifp)
1819 {
1820 struct bpf_if *bp, *bp_prev, *bp_next;
1821 struct bpf_if *bp_free = NULL;
1822 struct bpf_d *d;
1823
1824
1825 lck_mtx_lock(bpf_mlock);
1826
1827 /* Locate BPF interface information */
1828 bp_prev = NULL;
1829 for (bp = bpf_iflist; bp != NULL; bp = bp_next) {
1830 bp_next = bp->bif_next;
1831 if (ifp != bp->bif_ifp) {
1832 bp_prev = bp;
1833 continue;
1834 }
1835
1836 while ((d = bp->bif_dlist) != NULL) {
1837 bpf_detachd(d);
1838 bpf_wakeup(d);
1839 }
1840
1841 if (bp_prev) {
1842 bp_prev->bif_next = bp->bif_next;
1843 } else {
1844 bpf_iflist = bp->bif_next;
1845 }
1846
1847 bp->bif_next = bp_free;
1848 bp_free = bp;
1849
1850 ifnet_release(ifp);
1851 }
1852
1853 lck_mtx_unlock(bpf_mlock);
1854
1855 FREE(bp, M_DEVBUF);
1856
1857 }
1858
1859 void
1860 bpf_init(__unused void *unused)
1861 {
1862 #ifdef __APPLE__
1863 int i;
1864 int maj;
1865
1866 if (bpf_devsw_installed == 0) {
1867 bpf_devsw_installed = 1;
1868
1869 bpf_mlock_grp_attr = lck_grp_attr_alloc_init();
1870
1871 bpf_mlock_grp = lck_grp_alloc_init("bpf", bpf_mlock_grp_attr);
1872
1873 bpf_mlock_attr = lck_attr_alloc_init();
1874
1875 bpf_mlock = lck_mtx_alloc_init(bpf_mlock_grp, bpf_mlock_attr);
1876
1877 if (bpf_mlock == 0) {
1878 printf("bpf_init: failed to allocate bpf_mlock\n");
1879 bpf_devsw_installed = 0;
1880 return;
1881 }
1882
1883 maj = cdevsw_add(CDEV_MAJOR, &bpf_cdevsw);
1884 if (maj == -1) {
1885 if (bpf_mlock)
1886 lck_mtx_free(bpf_mlock, bpf_mlock_grp);
1887 if (bpf_mlock_attr)
1888 lck_attr_free(bpf_mlock_attr);
1889 if (bpf_mlock_grp)
1890 lck_grp_free(bpf_mlock_grp);
1891 if (bpf_mlock_grp_attr)
1892 lck_grp_attr_free(bpf_mlock_grp_attr);
1893
1894 bpf_mlock = NULL;
1895 bpf_mlock_attr = NULL;
1896 bpf_mlock_grp = NULL;
1897 bpf_mlock_grp_attr = NULL;
1898 bpf_devsw_installed = 0;
1899 printf("bpf_init: failed to allocate a major number!\n");
1900 return;
1901 }
1902
1903 for (i = 0 ; i < NBPFILTER; i++)
1904 bpf_make_dev_t(maj);
1905 }
1906 #else
1907 cdevsw_add(&bpf_cdevsw);
1908 #endif
1909 }
1910
1911 #ifndef __APPLE__
1912 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
1913 #endif
1914
1915 #if CONFIG_MACF_NET
1916 struct label *
1917 mac_bpfdesc_label_get(struct bpf_d *d)
1918 {
1919
1920 return (d->bd_label);
1921 }
1922
1923 void
1924 mac_bpfdesc_label_set(struct bpf_d *d, struct label *label)
1925 {
1926
1927 d->bd_label = label;
1928 }
1929 #endif
mirror of XNU