2 * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
67 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.5 2001/01/05 04:49:09 jdp Exp $
70 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
71 * support for mandatory and extensible security protections. This notice
72 * is included in support of clause 2.2 (b) of the Apple Public License,
81 #define inline __inline
84 #include <sys/param.h>
85 #include <sys/systm.h>
87 #include <sys/malloc.h>
91 #include <sys/signalvar.h>
92 #include <sys/filio.h>
93 #include <sys/sockio.h>
94 #include <sys/ttycom.h>
95 #include <sys/filedesc.h>
96 #include <sys/uio_internal.h>
97 #include <sys/file_internal.h>
98 #include <sys/event.h>
100 #include <sys/poll.h>
102 #include <sys/socket.h>
103 #include <sys/socketvar.h>
104 #include <sys/vnode.h>
108 #include <net/bpfdesc.h>
110 #include <netinet/in.h>
111 #include <netinet/ip.h>
112 #include <netinet/ip6.h>
113 #include <netinet/in_pcb.h>
114 #include <netinet/in_var.h>
115 #include <netinet/ip_var.h>
116 #include <netinet/tcp.h>
117 #include <netinet/tcp_var.h>
118 #include <netinet/udp.h>
119 #include <netinet/udp_var.h>
120 #include <netinet/if_ether.h>
121 #include <netinet/isakmp.h>
122 #include <netinet6/esp.h>
123 #include <sys/kernel.h>
124 #include <sys/sysctl.h>
125 #include <net/firewire.h>
127 #include <miscfs/devfs/devfs.h>
128 #include <net/dlil.h>
129 #include <net/pktap.h>
131 #include <kern/locks.h>
132 #include <kern/thread_call.h>
133 #include <libkern/section_keywords.h>
136 #include <security/mac_framework.h>
141 extern int tvtohz(struct timeval
*);
143 #define BPF_BUFSIZE 4096
144 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
146 #define PRINET 26 /* interruptible */
148 #define ISAKMP_HDR_SIZE (sizeof(struct isakmp) + sizeof(struct isakmp_gen))
149 #define ESP_HDR_SIZE sizeof(struct newesp)
151 typedef void (*pktcopyfunc_t
)(const void *, void *, size_t);
154 * The default read buffer size is patchable.
156 static unsigned int bpf_bufsize
= BPF_BUFSIZE
;
157 SYSCTL_INT(_debug
, OID_AUTO
, bpf_bufsize
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
158 &bpf_bufsize
, 0, "");
160 static int sysctl_bpf_maxbufsize SYSCTL_HANDLER_ARGS
;
161 extern const int copysize_limit_panic
;
162 #define BPF_MAXSIZE_CAP (copysize_limit_panic >> 1)
163 __private_extern__
unsigned int bpf_maxbufsize
= BPF_MAXBUFSIZE
;
164 SYSCTL_PROC(_debug
, OID_AUTO
, bpf_maxbufsize
, CTLTYPE_INT
| CTLFLAG_RW
| CTLFLAG_LOCKED
,
166 sysctl_bpf_maxbufsize
, "I", "Default BPF max buffer size");
168 static unsigned int bpf_maxdevices
= 256;
169 SYSCTL_UINT(_debug
, OID_AUTO
, bpf_maxdevices
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
170 &bpf_maxdevices
, 0, "");
172 * bpf_wantpktap controls the defaul visibility of DLT_PKTAP
173 * For OS X is off by default so process need to use the ioctl BPF_WANT_PKTAP
174 * explicitly to be able to use DLT_PKTAP.
177 static unsigned int bpf_wantpktap
= 1;
179 static unsigned int bpf_wantpktap
= 0;
181 SYSCTL_UINT(_debug
, OID_AUTO
, bpf_wantpktap
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
182 &bpf_wantpktap
, 0, "");
184 static int bpf_debug
= 0;
185 SYSCTL_INT(_debug
, OID_AUTO
, bpf_debug
, CTLFLAG_RW
| CTLFLAG_LOCKED
,
189 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
190 * bpf_dtab holds pointer to the descriptors, indexed by minor device #
192 static struct bpf_if
*bpf_iflist
;
195 * BSD now stores the bpf_d in the dev_t which is a struct
196 * on their system. Our dev_t is an int, so we still store
197 * the bpf_d in a separate table indexed by minor device #.
199 * The value stored in bpf_dtab[n] represent three states:
200 * NULL: device not opened
201 * BPF_DEV_RESERVED: device opening or closing
202 * other: device <n> opened with pointer to storage
204 #define BPF_DEV_RESERVED ((struct bpf_d *)(uintptr_t)1)
205 static struct bpf_d
**bpf_dtab
= NULL
;
206 static unsigned int bpf_dtab_size
= 0;
207 static unsigned int nbpfilter
= 0;
209 decl_lck_mtx_data(static, bpf_mlock_data
);
210 static lck_mtx_t
*bpf_mlock
= &bpf_mlock_data
;
211 static lck_grp_t
*bpf_mlock_grp
;
212 static lck_grp_attr_t
*bpf_mlock_grp_attr
;
213 static lck_attr_t
*bpf_mlock_attr
;
215 #endif /* __APPLE__ */
217 static int bpf_allocbufs(struct bpf_d
*);
218 static errno_t
bpf_attachd(struct bpf_d
*d
, struct bpf_if
*bp
);
219 static int bpf_detachd(struct bpf_d
*d
, int);
220 static void bpf_freed(struct bpf_d
*);
221 static int bpf_movein(struct uio
*, int,
222 struct mbuf
**, struct sockaddr
*, int *);
223 static int bpf_setif(struct bpf_d
*, ifnet_t ifp
, bool, bool);
224 static void bpf_timed_out(void *, void *);
225 static void bpf_wakeup(struct bpf_d
*);
226 static u_int
get_pkt_trunc_len(u_char
*, u_int
);
227 static void catchpacket(struct bpf_d
*, struct bpf_packet
*, u_int
, int);
228 static void reset_d(struct bpf_d
*);
229 static int bpf_setf(struct bpf_d
*, u_int
, user_addr_t
, u_long
);
230 static int bpf_getdltlist(struct bpf_d
*, caddr_t
, struct proc
*);
231 static int bpf_setdlt(struct bpf_d
*, u_int
);
232 static int bpf_set_traffic_class(struct bpf_d
*, int);
233 static void bpf_set_packet_service_class(struct mbuf
*, int);
235 static void bpf_acquire_d(struct bpf_d
*);
236 static void bpf_release_d(struct bpf_d
*);
238 static int bpf_devsw_installed
;
240 void bpf_init(void *unused
);
241 static int bpf_tap_callback(struct ifnet
*ifp
, struct mbuf
*m
);
244 * Darwin differs from BSD here, the following are static
245 * on BSD and not static on Darwin.
251 ioctl_fcn_t bpfioctl
;
252 select_fcn_t bpfselect
;
254 /* Darwin's cdevsw struct differs slightly from BSDs */
255 #define CDEV_MAJOR 23
256 static struct cdevsw bpf_cdevsw
= {
263 .d_reset
= eno_reset
,
265 .d_select
= bpfselect
,
267 .d_strategy
= eno_strat
,
268 .d_reserved_1
= eno_getc
,
269 .d_reserved_2
= eno_putc
,
273 #define SOCKADDR_HDR_LEN offsetof(struct sockaddr, sa_data)
276 bpf_movein(struct uio
*uio
, int linktype
, struct mbuf
**mp
,
277 struct sockaddr
*sockp
, int *datlen
)
294 sa_family
= AF_UNSPEC
;
295 /* XXX Would MAXLINKHDR be better? */
296 hlen
= sizeof(struct ether_header
);
301 #if defined(__FreeBSD__) || defined(__bsdi__)
302 sa_family
= AF_IMPLINK
;
305 sa_family
= AF_UNSPEC
;
306 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
314 sa_family
= AF_UNSPEC
;
319 case DLT_ATM_RFC1483
:
321 * en atm driver requires 4-byte atm pseudo header.
322 * though it isn't standard, vpi:vci needs to be
325 sa_family
= AF_UNSPEC
;
326 hlen
= 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
331 sa_family
= AF_UNSPEC
;
332 hlen
= 4; /* This should match PPP_HDRLEN */
335 case DLT_APPLE_IP_OVER_IEEE1394
:
336 sa_family
= AF_UNSPEC
;
337 hlen
= sizeof(struct firewire_header
);
340 case DLT_IEEE802_11
: /* IEEE 802.11 wireless */
341 sa_family
= AF_IEEE80211
;
345 case DLT_IEEE802_11_RADIO
:
346 sa_family
= AF_IEEE80211
;
354 // LP64todo - fix this!
355 len
= uio_resid(uio
);
356 *datlen
= len
- hlen
;
357 if ((unsigned)len
> MCLBYTES
) {
363 * Build a sockaddr based on the data link layer type.
364 * We do this at this level because the ethernet header
365 * is copied directly into the data field of the sockaddr.
366 * In the case of SLIP, there is no header and the packet
367 * is forwarded as is.
368 * Also, we are careful to leave room at the front of the mbuf
369 * for the link level header.
371 if ((hlen
+ SOCKADDR_HDR_LEN
) > sockp
->sa_len
) {
374 sockp
->sa_family
= sa_family
;
377 * We're directly sending the packet data supplied by
378 * the user; we don't need to make room for the link
379 * header, and don't need the header length value any
380 * more, so set it to 0.
385 MGETHDR(m
, M_WAIT
, MT_DATA
);
389 if ((unsigned)len
> MHLEN
) {
391 if ((m
->m_flags
& M_EXT
) == 0) {
396 m
->m_pkthdr
.len
= m
->m_len
= len
;
397 m
->m_pkthdr
.rcvif
= NULL
;
401 * Make room for link header.
404 m
->m_pkthdr
.len
-= hlen
;
406 m
->m_data
+= hlen
; /* XXX */
407 error
= UIOMOVE((caddr_t
)sockp
->sa_data
, hlen
, UIO_WRITE
, uio
);
412 error
= UIOMOVE(mtod(m
, caddr_t
), len
- hlen
, UIO_WRITE
, uio
);
417 /* Check for multicast destination */
420 struct ether_header
*eh
;
422 eh
= mtod(m
, struct ether_header
*);
423 if (ETHER_IS_MULTICAST(eh
->ether_dhost
)) {
424 if (_ether_cmp(etherbroadcastaddr
,
425 eh
->ether_dhost
) == 0) {
426 m
->m_flags
|= M_BCAST
;
428 m
->m_flags
|= M_MCAST
;
444 * The dynamic addition of a new device node must block all processes that
445 * are opening the last device so that no process will get an unexpected
449 bpf_make_dev_t(int maj
)
451 static int bpf_growing
= 0;
452 unsigned int cur_size
= nbpfilter
, i
;
454 if (nbpfilter
>= bpf_maxdevices
) {
458 while (bpf_growing
) {
459 /* Wait until new device has been created */
460 (void) tsleep((caddr_t
)&bpf_growing
, PZERO
, "bpf_growing", 0);
462 if (nbpfilter
> cur_size
) {
463 /* other thread grew it already */
468 /* need to grow bpf_dtab first */
469 if (nbpfilter
== bpf_dtab_size
) {
471 struct bpf_d
**new_dtab
= NULL
;
472 struct bpf_d
**old_dtab
= NULL
;
474 new_dtab_size
= bpf_dtab_size
+ NBPFILTER
;
475 new_dtab
= (struct bpf_d
**)_MALLOC(
476 sizeof(struct bpf_d
*) * new_dtab_size
, M_DEVBUF
, M_WAIT
);
478 printf("bpf_make_dev_t: malloc bpf_dtab failed\n");
482 bcopy(bpf_dtab
, new_dtab
,
483 sizeof(struct bpf_d
*) * bpf_dtab_size
);
485 bzero(new_dtab
+ bpf_dtab_size
,
486 sizeof(struct bpf_d
*) * NBPFILTER
);
489 bpf_dtab_size
= new_dtab_size
;
490 if (old_dtab
!= NULL
) {
491 _FREE(old_dtab
, M_DEVBUF
);
495 (void) devfs_make_node(makedev(maj
, i
),
496 DEVFS_CHAR
, UID_ROOT
, GID_WHEEL
, 0600,
500 wakeup((caddr_t
)&bpf_growing
);
506 * Attach file to the bpf interface, i.e. make d listen on bp.
509 bpf_attachd(struct bpf_d
*d
, struct bpf_if
*bp
)
511 int first
= bp
->bif_dlist
== NULL
;
515 * Point d at bp, and add d to the interface's list of listeners.
516 * Finally, point the driver's bpf cookie at the interface so
517 * it will divert packets to bpf.
520 d
->bd_next
= bp
->bif_dlist
;
524 * Take a reference on the device even if an error is returned
525 * because we keep the device in the interface's list of listeners
530 /* Find the default bpf entry for this ifp */
531 if (bp
->bif_ifp
->if_bpf
== NULL
) {
532 struct bpf_if
*tmp
, *primary
= NULL
;
534 for (tmp
= bpf_iflist
; tmp
; tmp
= tmp
->bif_next
) {
535 if (tmp
->bif_ifp
== bp
->bif_ifp
) {
540 bp
->bif_ifp
->if_bpf
= primary
;
542 /* Only call dlil_set_bpf_tap for primary dlt */
543 if (bp
->bif_ifp
->if_bpf
== bp
) {
544 dlil_set_bpf_tap(bp
->bif_ifp
, BPF_TAP_INPUT_OUTPUT
,
548 if (bp
->bif_tap
!= NULL
) {
549 error
= bp
->bif_tap(bp
->bif_ifp
, bp
->bif_dlt
,
550 BPF_TAP_INPUT_OUTPUT
);
555 * Reset the detach flags in case we previously detached an interface
557 d
->bd_flags
&= ~(BPF_DETACHING
| BPF_DETACHED
);
559 if (bp
->bif_dlt
== DLT_PKTAP
) {
560 d
->bd_flags
|= BPF_FINALIZE_PKTAP
;
562 d
->bd_flags
&= ~BPF_FINALIZE_PKTAP
;
568 * Detach a file from its interface.
570 * Return 1 if was closed by some thread, 0 otherwise
573 bpf_detachd(struct bpf_d
*d
, int closing
)
579 int bpf_closed
= d
->bd_flags
& BPF_CLOSING
;
581 * Some other thread already detached
583 if ((d
->bd_flags
& (BPF_DETACHED
| BPF_DETACHING
)) != 0) {
587 * This thread is doing the detach
589 d
->bd_flags
|= BPF_DETACHING
;
591 ifp
= d
->bd_bif
->bif_ifp
;
594 if (bpf_debug
!= 0) {
595 printf("%s: %llx %s%s\n",
596 __func__
, (uint64_t)VM_KERNEL_ADDRPERM(d
),
597 if_name(ifp
), closing
? " closing" : "");
600 /* Remove d from the interface's descriptor list. */
605 panic("bpf_detachd: descriptor not in list");
609 if (bp
->bif_dlist
== 0) {
611 * Let the driver know that there are no more listeners.
613 /* Only call dlil_set_bpf_tap for primary dlt */
614 if (bp
->bif_ifp
->if_bpf
== bp
) {
615 dlil_set_bpf_tap(ifp
, BPF_TAP_DISABLE
, NULL
);
618 bp
->bif_tap(ifp
, bp
->bif_dlt
, BPF_TAP_DISABLE
);
621 for (bp
= bpf_iflist
; bp
; bp
= bp
->bif_next
) {
622 if (bp
->bif_ifp
== ifp
&& bp
->bif_dlist
!= 0) {
632 * Check if this descriptor had requested promiscuous mode.
633 * If so, turn it off.
637 lck_mtx_unlock(bpf_mlock
);
638 if (ifnet_set_promiscuous(ifp
, 0)) {
640 * Something is really wrong if we were able to put
641 * the driver into promiscuous mode, but can't
643 * Most likely the network interface is gone.
645 printf("%s: ifnet_set_promiscuous failed\n", __func__
);
647 lck_mtx_lock(bpf_mlock
);
651 * Wake up other thread that are waiting for this thread to finish
654 d
->bd_flags
&= ~BPF_DETACHING
;
655 d
->bd_flags
|= BPF_DETACHED
;
657 /* Refresh the local variable as d could have been modified */
658 bpf_closed
= d
->bd_flags
& BPF_CLOSING
;
660 * Note that We've kept the reference because we may have dropped
661 * the lock when turning off promiscuous mode
667 * When closing makes sure no other thread refer to the bpf_d
669 if (bpf_debug
!= 0) {
670 printf("%s: %llx done\n",
671 __func__
, (uint64_t)VM_KERNEL_ADDRPERM(d
));
674 * Let the caller know the bpf_d is closed
684 * Start asynchronous timer, if necessary.
685 * Must be called with bpf_mlock held.
688 bpf_start_timer(struct bpf_d
*d
)
693 if (d
->bd_rtout
> 0 && d
->bd_state
== BPF_IDLE
) {
694 tv
.tv_sec
= d
->bd_rtout
/ hz
;
695 tv
.tv_usec
= (d
->bd_rtout
% hz
) * tick
;
697 clock_interval_to_deadline(
698 (uint64_t)tv
.tv_sec
* USEC_PER_SEC
+ tv
.tv_usec
,
699 NSEC_PER_USEC
, &deadline
);
701 * The state is BPF_IDLE, so the timer hasn't
702 * been started yet, and hasn't gone off yet;
703 * there is no thread call scheduled, so this
704 * won't change the schedule.
706 * XXX - what if, by the time it gets entered,
707 * the deadline has already passed?
709 thread_call_enter_delayed(d
->bd_thread_call
, deadline
);
710 d
->bd_state
= BPF_WAITING
;
715 * Cancel asynchronous timer.
716 * Must be called with bpf_mlock held.
719 bpf_stop_timer(struct bpf_d
*d
)
722 * If the timer has already gone off, this does nothing.
723 * Our caller is expected to set d->bd_state to BPF_IDLE,
724 * with the bpf_mlock, after we are called. bpf_timed_out()
725 * also grabs bpf_mlock, so, if the timer has gone off and
726 * bpf_timed_out() hasn't finished, it's waiting for the
727 * lock; when this thread releases the lock, it will
728 * find the state is BPF_IDLE, and just release the
731 return thread_call_cancel(d
->bd_thread_call
);
735 bpf_acquire_d(struct bpf_d
*d
)
737 void *lr_saved
= __builtin_return_address(0);
739 LCK_MTX_ASSERT(bpf_mlock
, LCK_MTX_ASSERT_OWNED
);
743 d
->bd_ref_lr
[d
->bd_next_ref_lr
] = lr_saved
;
744 d
->bd_next_ref_lr
= (d
->bd_next_ref_lr
+ 1) % BPF_REF_HIST
;
748 bpf_release_d(struct bpf_d
*d
)
750 void *lr_saved
= __builtin_return_address(0);
752 LCK_MTX_ASSERT(bpf_mlock
, LCK_MTX_ASSERT_OWNED
);
754 if (d
->bd_refcnt
<= 0) {
755 panic("%s: %p refcnt <= 0", __func__
, d
);
760 d
->bd_unref_lr
[d
->bd_next_unref_lr
] = lr_saved
;
761 d
->bd_next_unref_lr
= (d
->bd_next_unref_lr
+ 1) % BPF_REF_HIST
;
763 if (d
->bd_refcnt
== 0) {
764 /* Assert the device is detached */
765 if ((d
->bd_flags
& BPF_DETACHED
) == 0) {
766 panic("%s: %p BPF_DETACHED not set", __func__
, d
);
774 * Open ethernet device. Returns ENXIO for illegal minor device number,
775 * EBUSY if file is open by another process.
779 bpfopen(dev_t dev
, int flags
, __unused
int fmt
,
784 lck_mtx_lock(bpf_mlock
);
785 if ((unsigned int) minor(dev
) >= nbpfilter
) {
786 lck_mtx_unlock(bpf_mlock
);
790 * New device nodes are created on demand when opening the last one.
791 * The programming model is for processes to loop on the minor starting
792 * at 0 as long as EBUSY is returned. The loop stops when either the
793 * open succeeds or an error other that EBUSY is returned. That means
794 * that bpf_make_dev_t() must block all processes that are opening the
795 * last node. If not all processes are blocked, they could unexpectedly
796 * get ENOENT and abort their opening loop.
798 if ((unsigned int) minor(dev
) == (nbpfilter
- 1)) {
799 bpf_make_dev_t(major(dev
));
803 * Each minor can be opened by only one process. If the requested
804 * minor is in use, return EBUSY.
806 * Important: bpfopen() and bpfclose() have to check and set the status
807 * of a device in the same lockin context otherwise the device may be
808 * leaked because the vnode use count will be unpextectly greater than 1
809 * when close() is called.
811 if (bpf_dtab
[minor(dev
)] == NULL
) {
812 /* Reserve while opening */
813 bpf_dtab
[minor(dev
)] = BPF_DEV_RESERVED
;
815 lck_mtx_unlock(bpf_mlock
);
818 d
= (struct bpf_d
*)_MALLOC(sizeof(struct bpf_d
), M_DEVBUF
,
821 /* this really is a catastrophic failure */
822 printf("bpfopen: malloc bpf_d failed\n");
823 bpf_dtab
[minor(dev
)] = NULL
;
824 lck_mtx_unlock(bpf_mlock
);
828 /* Mark "in use" and do most initialization. */
830 d
->bd_bufsize
= bpf_bufsize
;
833 d
->bd_oflags
= flags
;
834 d
->bd_state
= BPF_IDLE
;
835 d
->bd_traffic_class
= SO_TC_BE
;
836 d
->bd_flags
|= BPF_DETACHED
;
838 d
->bd_flags
|= BPF_WANT_PKTAP
;
840 d
->bd_flags
&= ~BPF_WANT_PKTAP
;
842 d
->bd_thread_call
= thread_call_allocate(bpf_timed_out
, d
);
843 if (d
->bd_thread_call
== NULL
) {
844 printf("bpfopen: malloc thread call failed\n");
845 bpf_dtab
[minor(dev
)] = NULL
;
847 lck_mtx_unlock(bpf_mlock
);
852 uuid_generate(d
->bd_uuid
);
855 mac_bpfdesc_label_init(d
);
856 mac_bpfdesc_label_associate(kauth_cred_get(), d
);
858 bpf_dtab
[minor(dev
)] = d
; /* Mark opened */
859 lck_mtx_unlock(bpf_mlock
);
865 * Close the descriptor by detaching it from its interface,
866 * deallocating its buffers, and marking it free.
870 bpfclose(dev_t dev
, __unused
int flags
, __unused
int fmt
,
871 __unused
struct proc
*p
)
875 /* Take BPF lock to ensure no other thread is using the device */
876 lck_mtx_lock(bpf_mlock
);
878 d
= bpf_dtab
[minor(dev
)];
879 if (d
== NULL
|| d
== BPF_DEV_RESERVED
) {
880 lck_mtx_unlock(bpf_mlock
);
885 * Other threads may call bpd_detachd() if we drop the bpf_mlock
887 d
->bd_flags
|= BPF_CLOSING
;
889 if (bpf_debug
!= 0) {
891 __func__
, (uint64_t)VM_KERNEL_ADDRPERM(d
));
894 bpf_dtab
[minor(dev
)] = BPF_DEV_RESERVED
; /* Reserve while closing */
897 * Deal with any in-progress timeouts.
899 switch (d
->bd_state
) {
902 * Not waiting for a timeout, and no timeout happened.
908 * Waiting for a timeout.
909 * Cancel any timer that has yet to go off,
910 * and mark the state as "closing".
911 * Then drop the lock to allow any timers that
912 * *have* gone off to run to completion, and wait
913 * for them to finish.
915 if (!bpf_stop_timer(d
)) {
917 * There was no pending call, so the call must
918 * have been in progress. Wait for the call to
919 * complete; we have to drop the lock while
920 * waiting. to let the in-progrss call complete
922 d
->bd_state
= BPF_DRAINING
;
923 while (d
->bd_state
== BPF_DRAINING
) {
924 msleep((caddr_t
)d
, bpf_mlock
, PRINET
,
925 "bpfdraining", NULL
);
928 d
->bd_state
= BPF_IDLE
;
933 * Timer went off, and the timeout routine finished.
935 d
->bd_state
= BPF_IDLE
;
940 * Another thread is blocked on a close waiting for
941 * a timeout to finish.
942 * This "shouldn't happen", as the first thread to enter
943 * bpfclose() will set bpf_dtab[minor(dev)] to 1, and
944 * all subsequent threads should see that and fail with
947 panic("Two threads blocked in a BPF close");
954 selthreadclear(&d
->bd_sel
);
956 mac_bpfdesc_label_destroy(d
);
958 thread_call_free(d
->bd_thread_call
);
960 while (d
->bd_hbuf_read
!= 0) {
961 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
966 /* Mark free in same context as bpfopen comes to check */
967 bpf_dtab
[minor(dev
)] = NULL
; /* Mark closed */
971 lck_mtx_unlock(bpf_mlock
);
976 #define BPF_SLEEP bpf_sleep
979 bpf_sleep(struct bpf_d
*d
, int pri
, const char *wmesg
, int timo
)
981 u_int64_t abstime
= 0;
984 clock_interval_to_deadline(timo
, NSEC_PER_SEC
/ hz
, &abstime
);
987 return msleep1((caddr_t
)d
, bpf_mlock
, pri
, wmesg
, abstime
);
991 bpf_finalize_pktap(struct bpf_hdr
*hp
, struct pktap_header
*pktaphdr
)
993 if (pktaphdr
->pth_flags
& PTH_FLAG_V2_HDR
) {
994 struct pktap_v2_hdr
*pktap_v2_hdr
;
996 pktap_v2_hdr
= (struct pktap_v2_hdr
*)pktaphdr
;
998 if (pktap_v2_hdr
->pth_flags
& PTH_FLAG_DELAY_PKTAP
) {
999 pktap_v2_finalize_proc_info(pktap_v2_hdr
);
1002 if (pktaphdr
->pth_flags
& PTH_FLAG_DELAY_PKTAP
) {
1003 pktap_finalize_proc_info(pktaphdr
);
1006 if (pktaphdr
->pth_flags
& PTH_FLAG_TSTAMP
) {
1007 hp
->bh_tstamp
.tv_sec
= pktaphdr
->pth_tstamp
.tv_sec
;
1008 hp
->bh_tstamp
.tv_usec
= pktaphdr
->pth_tstamp
.tv_usec
;
1014 * Rotate the packet buffers in descriptor d. Move the store buffer
1015 * into the hold slot, and the free buffer into the store slot.
1016 * Zero the length of the new store buffer.
1018 #define ROTATE_BUFFERS(d) \
1019 if (d->bd_hbuf_read != 0) \
1020 panic("rotating bpf buffers during read"); \
1021 (d)->bd_hbuf = (d)->bd_sbuf; \
1022 (d)->bd_hlen = (d)->bd_slen; \
1023 (d)->bd_hcnt = (d)->bd_scnt; \
1024 (d)->bd_sbuf = (d)->bd_fbuf; \
1027 (d)->bd_fbuf = NULL;
1029 * bpfread - read next chunk of packets from buffers
1032 bpfread(dev_t dev
, struct uio
*uio
, int ioflag
)
1036 int timed_out
, hbuf_len
;
1040 lck_mtx_lock(bpf_mlock
);
1042 d
= bpf_dtab
[minor(dev
)];
1043 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
1044 (d
->bd_flags
& BPF_CLOSING
) != 0) {
1045 lck_mtx_unlock(bpf_mlock
);
1052 * Restrict application to use a buffer the same size as
1053 * as kernel buffers.
1055 if (uio_resid(uio
) != d
->bd_bufsize
) {
1057 lck_mtx_unlock(bpf_mlock
);
1061 if (d
->bd_state
== BPF_WAITING
) {
1065 timed_out
= (d
->bd_state
== BPF_TIMED_OUT
);
1066 d
->bd_state
= BPF_IDLE
;
1068 while (d
->bd_hbuf_read
!= 0) {
1069 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
1072 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1074 lck_mtx_unlock(bpf_mlock
);
1078 * If the hold buffer is empty, then do a timed sleep, which
1079 * ends when the timeout expires or when enough packets
1080 * have arrived to fill the store buffer.
1082 while (d
->bd_hbuf
== 0) {
1083 if ((d
->bd_immediate
|| timed_out
|| (ioflag
& IO_NDELAY
)) &&
1086 * We're in immediate mode, or are reading
1087 * in non-blocking mode, or a timer was
1088 * started before the read (e.g., by select()
1089 * or poll()) and has expired and a packet(s)
1090 * either arrived since the previous
1091 * read or arrived while we were asleep.
1092 * Rotate the buffers and return what's here.
1099 * No data is available, check to see if the bpf device
1100 * is still pointed at a real interface. If not, return
1101 * ENXIO so that the userland process knows to rebind
1102 * it before using it again.
1104 if (d
->bd_bif
== NULL
) {
1106 lck_mtx_unlock(bpf_mlock
);
1109 if (ioflag
& IO_NDELAY
) {
1111 lck_mtx_unlock(bpf_mlock
);
1114 error
= BPF_SLEEP(d
, PRINET
| PCATCH
, "bpf", d
->bd_rtout
);
1116 * Make sure device is still opened
1118 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1120 lck_mtx_unlock(bpf_mlock
);
1124 while (d
->bd_hbuf_read
!= 0) {
1125 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading",
1129 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1131 lck_mtx_unlock(bpf_mlock
);
1135 if (error
== EINTR
|| error
== ERESTART
) {
1136 if (d
->bd_hbuf
!= NULL
) {
1138 * Because we msleep, the hold buffer might
1139 * be filled when we wake up. Avoid rotating
1144 if (d
->bd_slen
!= 0) {
1146 * Sometimes we may be interrupted often and
1147 * the sleep above will not timeout.
1148 * Regardless, we should rotate the buffers
1149 * if there's any new data pending and
1156 lck_mtx_unlock(bpf_mlock
);
1157 if (error
== ERESTART
) {
1158 printf("%s: %llx ERESTART to EINTR\n",
1159 __func__
, (uint64_t)VM_KERNEL_ADDRPERM(d
));
1164 if (error
== EWOULDBLOCK
) {
1166 * On a timeout, return what's in the buffer,
1167 * which may be nothing. If there is something
1168 * in the store buffer, we can rotate the buffers.
1172 * We filled up the buffer in between
1173 * getting the timeout and arriving
1174 * here, so we don't need to rotate.
1179 if (d
->bd_slen
== 0) {
1181 lck_mtx_unlock(bpf_mlock
);
1189 * At this point, we know we have something in the hold slot.
1193 * Set the hold buffer read. So we do not
1194 * rotate the buffers until the hold buffer
1195 * read is complete. Also to avoid issues resulting
1196 * from page faults during disk sleep (<rdar://problem/13436396>).
1198 d
->bd_hbuf_read
= 1;
1200 hbuf_len
= d
->bd_hlen
;
1201 flags
= d
->bd_flags
;
1202 lck_mtx_unlock(bpf_mlock
);
1206 * Before we move data to userland, we fill out the extended
1209 if (flags
& BPF_EXTENDED_HDR
) {
1213 while (p
< hbuf
+ hbuf_len
) {
1214 struct bpf_hdr_ext
*ehp
;
1216 struct so_procinfo soprocinfo
;
1219 ehp
= (struct bpf_hdr_ext
*)(void *)p
;
1220 if ((flowid
= ehp
->bh_flowid
) != 0) {
1221 if (ehp
->bh_proto
== IPPROTO_TCP
) {
1222 found
= inp_findinpcb_procinfo(&tcbinfo
,
1223 flowid
, &soprocinfo
);
1224 } else if (ehp
->bh_proto
== IPPROTO_UDP
) {
1225 found
= inp_findinpcb_procinfo(&udbinfo
,
1226 flowid
, &soprocinfo
);
1229 ehp
->bh_pid
= soprocinfo
.spi_pid
;
1230 strlcpy(&ehp
->bh_comm
[0], &soprocinfo
.spi_proc_name
[0], sizeof(ehp
->bh_comm
));
1235 if (flags
& BPF_FINALIZE_PKTAP
) {
1236 struct pktap_header
*pktaphdr
;
1238 pktaphdr
= (struct pktap_header
*)(void *)
1239 (p
+ BPF_WORDALIGN(ehp
->bh_hdrlen
));
1241 bpf_finalize_pktap((struct bpf_hdr
*) ehp
,
1244 p
+= BPF_WORDALIGN(ehp
->bh_hdrlen
+ ehp
->bh_caplen
);
1246 } else if (flags
& BPF_FINALIZE_PKTAP
) {
1250 while (p
< hbuf
+ hbuf_len
) {
1252 struct pktap_header
*pktaphdr
;
1254 hp
= (struct bpf_hdr
*)(void *)p
;
1255 pktaphdr
= (struct pktap_header
*)(void *)
1256 (p
+ BPF_WORDALIGN(hp
->bh_hdrlen
));
1258 bpf_finalize_pktap(hp
, pktaphdr
);
1260 p
+= BPF_WORDALIGN(hp
->bh_hdrlen
+ hp
->bh_caplen
);
1266 * Move data from hold buffer into user space.
1267 * We know the entire buffer is transferred since
1268 * we checked above that the read buffer is bpf_bufsize bytes.
1270 error
= UIOMOVE(hbuf
, hbuf_len
, UIO_READ
, uio
);
1272 lck_mtx_lock(bpf_mlock
);
1274 * Make sure device is still opened
1276 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1278 lck_mtx_unlock(bpf_mlock
);
1282 d
->bd_hbuf_read
= 0;
1283 d
->bd_fbuf
= d
->bd_hbuf
;
1290 lck_mtx_unlock(bpf_mlock
);
1295 * If there are processes sleeping on this descriptor, wake them up.
1298 bpf_wakeup(struct bpf_d
*d
)
1300 if (d
->bd_state
== BPF_WAITING
) {
1302 d
->bd_state
= BPF_IDLE
;
1305 if (d
->bd_async
&& d
->bd_sig
&& d
->bd_sigio
) {
1306 pgsigio(d
->bd_sigio
, d
->bd_sig
);
1309 selwakeup(&d
->bd_sel
);
1310 if ((d
->bd_flags
& BPF_KNOTE
)) {
1311 KNOTE(&d
->bd_sel
.si_note
, 1);
1316 bpf_timed_out(void *arg
, __unused
void *dummy
)
1318 struct bpf_d
*d
= (struct bpf_d
*)arg
;
1320 lck_mtx_lock(bpf_mlock
);
1321 if (d
->bd_state
== BPF_WAITING
) {
1323 * There's a select or kqueue waiting for this; if there's
1324 * now stuff to read, wake it up.
1326 d
->bd_state
= BPF_TIMED_OUT
;
1327 if (d
->bd_slen
!= 0) {
1330 } else if (d
->bd_state
== BPF_DRAINING
) {
1332 * A close is waiting for this to finish.
1333 * Mark it as finished, and wake the close up.
1335 d
->bd_state
= BPF_IDLE
;
1338 lck_mtx_unlock(bpf_mlock
);
1341 /* keep in sync with bpf_movein above: */
1342 #define MAX_DATALINK_HDR_LEN (sizeof(struct firewire_header))
1345 bpfwrite(dev_t dev
, struct uio
*uio
, __unused
int ioflag
)
1349 struct mbuf
*m
= NULL
;
1351 char dst_buf
[SOCKADDR_HDR_LEN
+ MAX_DATALINK_HDR_LEN
];
1356 lck_mtx_lock(bpf_mlock
);
1358 d
= bpf_dtab
[minor(dev
)];
1359 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
1360 (d
->bd_flags
& BPF_CLOSING
) != 0) {
1361 lck_mtx_unlock(bpf_mlock
);
1367 if (d
->bd_bif
== 0) {
1369 lck_mtx_unlock(bpf_mlock
);
1373 ifp
= d
->bd_bif
->bif_ifp
;
1375 if ((ifp
->if_flags
& IFF_UP
) == 0) {
1377 lck_mtx_unlock(bpf_mlock
);
1380 if (uio_resid(uio
) == 0) {
1382 lck_mtx_unlock(bpf_mlock
);
1385 ((struct sockaddr
*)dst_buf
)->sa_len
= sizeof(dst_buf
);
1388 * fix for PR-6849527
1389 * geting variables onto stack before dropping lock for bpf_movein()
1391 bif_dlt
= (int)d
->bd_bif
->bif_dlt
;
1392 bd_hdrcmplt
= d
->bd_hdrcmplt
;
1394 /* bpf_movein allocating mbufs; drop lock */
1395 lck_mtx_unlock(bpf_mlock
);
1397 error
= bpf_movein(uio
, bif_dlt
, &m
,
1398 bd_hdrcmplt
? NULL
: (struct sockaddr
*)dst_buf
,
1401 /* take the lock again */
1402 lck_mtx_lock(bpf_mlock
);
1405 lck_mtx_unlock(bpf_mlock
);
1409 /* verify the device is still open */
1410 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1412 lck_mtx_unlock(bpf_mlock
);
1417 if (d
->bd_bif
== NULL
) {
1419 lck_mtx_unlock(bpf_mlock
);
1424 if ((unsigned)datlen
> ifp
->if_mtu
) {
1426 lck_mtx_unlock(bpf_mlock
);
1432 mac_mbuf_label_associate_bpfdesc(d
, m
);
1435 bpf_set_packet_service_class(m
, d
->bd_traffic_class
);
1437 lck_mtx_unlock(bpf_mlock
);
1440 * The driver frees the mbuf.
1442 if (d
->bd_hdrcmplt
) {
1443 if (d
->bd_bif
->bif_send
) {
1444 error
= d
->bd_bif
->bif_send(ifp
, d
->bd_bif
->bif_dlt
, m
);
1446 error
= dlil_output(ifp
, 0, m
, NULL
, NULL
, 1, NULL
);
1449 error
= dlil_output(ifp
, PF_INET
, m
, NULL
,
1450 (struct sockaddr
*)dst_buf
, 0, NULL
);
1453 lck_mtx_lock(bpf_mlock
);
1455 lck_mtx_unlock(bpf_mlock
);
1461 * Reset a descriptor by flushing its packet buffer and clearing the
1462 * receive and drop counts.
1465 reset_d(struct bpf_d
*d
)
1467 if (d
->bd_hbuf_read
!= 0) {
1468 panic("resetting buffers during read");
1472 /* Free the hold buffer. */
1473 d
->bd_fbuf
= d
->bd_hbuf
;
1484 static struct bpf_d
*
1485 bpf_get_device_from_uuid(uuid_t uuid
)
1489 for (i
= 0; i
< nbpfilter
; i
++) {
1490 struct bpf_d
*d
= bpf_dtab
[i
];
1492 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
1493 (d
->bd_flags
& BPF_CLOSING
) != 0) {
1496 if (uuid_compare(uuid
, d
->bd_uuid
) == 0) {
1505 * The BIOCSETUP command "atomically" attach to the interface and
1506 * copy the buffer from another interface. This minimizes the risk
1507 * of missing packet because this is done while holding
1508 * the BPF global lock
1511 bpf_setup(struct bpf_d
*d_to
, uuid_t uuid_from
, ifnet_t ifp
)
1513 struct bpf_d
*d_from
;
1516 LCK_MTX_ASSERT(bpf_mlock
, LCK_MTX_ASSERT_OWNED
);
1521 d_from
= bpf_get_device_from_uuid(uuid_from
);
1522 if (d_from
== NULL
) {
1524 os_log_info(OS_LOG_DEFAULT
,
1525 "%s: uuids not found error %d",
1529 if (d_from
->bd_opened_by
!= d_to
->bd_opened_by
) {
1531 os_log_info(OS_LOG_DEFAULT
,
1532 "%s: processes not matching error %d",
1538 * Prevent any read while copying
1540 while (d_to
->bd_hbuf_read
!= 0) {
1541 msleep((caddr_t
)d_to
, bpf_mlock
, PRINET
, __func__
, NULL
);
1543 d_to
->bd_hbuf_read
= 1;
1545 while (d_from
->bd_hbuf_read
!= 0) {
1546 msleep((caddr_t
)d_from
, bpf_mlock
, PRINET
, __func__
, NULL
);
1548 d_from
->bd_hbuf_read
= 1;
1551 * Verify the devices have not been closed
1553 if (d_to
->bd_flags
& BPF_CLOSING
) {
1555 os_log_info(OS_LOG_DEFAULT
,
1556 "%s: d_to is closing error %d",
1560 if (d_from
->bd_flags
& BPF_CLOSING
) {
1562 os_log_info(OS_LOG_DEFAULT
,
1563 "%s: d_from is closing error %d",
1569 * For now require the same buffer size
1571 if (d_from
->bd_bufsize
!= d_to
->bd_bufsize
) {
1573 os_log_info(OS_LOG_DEFAULT
,
1574 "%s: bufsizes not matching error %d",
1580 * Attach to the interface
1582 error
= bpf_setif(d_to
, ifp
, false, true);
1584 os_log_info(OS_LOG_DEFAULT
,
1585 "%s: bpf_setif() failed error %d",
1591 * Make sure the buffers are setup as expected by bpf_setif()
1593 ASSERT(d_to
->bd_hbuf
== NULL
);
1594 ASSERT(d_to
->bd_sbuf
!= NULL
);
1595 ASSERT(d_to
->bd_fbuf
!= NULL
);
1598 * Copy the buffers and update the pointers and counts
1600 memcpy(d_to
->bd_sbuf
, d_from
->bd_sbuf
, d_from
->bd_slen
);
1601 d_to
->bd_slen
= d_from
->bd_slen
;
1602 d_to
->bd_scnt
= d_from
->bd_scnt
;
1604 if (d_from
->bd_hbuf
!= NULL
) {
1605 d_to
->bd_hbuf
= d_to
->bd_fbuf
;
1606 d_to
->bd_fbuf
= NULL
;
1607 memcpy(d_to
->bd_hbuf
, d_from
->bd_hbuf
, d_from
->bd_hlen
);
1609 d_to
->bd_hlen
= d_from
->bd_hlen
;
1610 d_to
->bd_hcnt
= d_from
->bd_hcnt
;
1612 if (bpf_debug
> 0) {
1613 os_log_info(OS_LOG_DEFAULT
,
1614 "%s: done slen %u scnt %u hlen %u hcnt %u",
1615 __func__
, d_to
->bd_slen
, d_to
->bd_scnt
,
1616 d_to
->bd_hlen
, d_to
->bd_hcnt
);
1619 d_from
->bd_hbuf_read
= 0;
1620 wakeup((caddr_t
)d_from
);
1622 d_to
->bd_hbuf_read
= 0;
1623 wakeup((caddr_t
)d_to
);
1629 * FIONREAD Check for read packet available.
1630 * SIOCGIFADDR Get interface address - convenient hook to driver.
1631 * BIOCGBLEN Get buffer len [for read()].
1632 * BIOCSETF Set ethernet read filter.
1633 * BIOCFLUSH Flush read packet buffer.
1634 * BIOCPROMISC Put interface into promiscuous mode.
1635 * BIOCGDLT Get link layer type.
1636 * BIOCGETIF Get interface name.
1637 * BIOCSETIF Set interface.
1638 * BIOCSRTIMEOUT Set read timeout.
1639 * BIOCGRTIMEOUT Get read timeout.
1640 * BIOCGSTATS Get packet stats.
1641 * BIOCIMMEDIATE Set immediate mode.
1642 * BIOCVERSION Get filter language version.
1643 * BIOCGHDRCMPLT Get "header already complete" flag
1644 * BIOCSHDRCMPLT Set "header already complete" flag
1645 * BIOCGSEESENT Get "see packets sent" flag
1646 * BIOCSSEESENT Set "see packets sent" flag
1647 * BIOCSETTC Set traffic class.
1648 * BIOCGETTC Get traffic class.
1649 * BIOCSEXTHDR Set "extended header" flag
1650 * BIOCSHEADDROP Drop head of the buffer if user is not reading
1651 * BIOCGHEADDROP Get "head-drop" flag
1655 bpfioctl(dev_t dev
, u_long cmd
, caddr_t addr
, __unused
int flags
,
1663 lck_mtx_lock(bpf_mlock
);
1665 d
= bpf_dtab
[minor(dev
)];
1666 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
1667 (d
->bd_flags
& BPF_CLOSING
) != 0) {
1668 lck_mtx_unlock(bpf_mlock
);
1674 if (d
->bd_state
== BPF_WAITING
) {
1677 d
->bd_state
= BPF_IDLE
;
1685 * Check for read packet available.
1687 case FIONREAD
: /* int */
1692 if (d
->bd_hbuf
&& d
->bd_hbuf_read
== 0) {
1696 bcopy(&n
, addr
, sizeof(n
));
1700 case SIOCGIFADDR
: /* struct ifreq */
1704 if (d
->bd_bif
== 0) {
1707 ifp
= d
->bd_bif
->bif_ifp
;
1708 error
= ifnet_ioctl(ifp
, 0, cmd
, addr
);
1714 * Get buffer len [for read()].
1716 case BIOCGBLEN
: /* u_int */
1717 bcopy(&d
->bd_bufsize
, addr
, sizeof(u_int
));
1721 * Set buffer length.
1723 case BIOCSBLEN
: { /* u_int */
1725 unsigned int maxbufsize
= bpf_maxbufsize
;
1728 * Allow larger buffer in head drop mode to with the
1729 * assumption the reading process may be low priority but
1730 * is interested in the most recent traffic
1732 if (d
->bd_headdrop
!= 0) {
1733 maxbufsize
= 2 * bpf_maxbufsize
;
1736 if (d
->bd_bif
!= 0 || (d
->bd_flags
& BPF_DETACHING
)) {
1738 * Interface already attached, unable to change buffers
1743 bcopy(addr
, &size
, sizeof(size
));
1745 if (size
> maxbufsize
) {
1746 d
->bd_bufsize
= maxbufsize
;
1748 os_log_info(OS_LOG_DEFAULT
,
1749 "%s bufsize capped to %u from %u",
1750 __func__
, d
->bd_bufsize
, size
);
1751 } else if (size
< BPF_MINBUFSIZE
) {
1752 d
->bd_bufsize
= BPF_MINBUFSIZE
;
1754 os_log_info(OS_LOG_DEFAULT
,
1755 "%s bufsize bumped to %u from %u",
1756 __func__
, d
->bd_bufsize
, size
);
1758 d
->bd_bufsize
= size
;
1761 /* It's a read/write ioctl */
1762 bcopy(&d
->bd_bufsize
, addr
, sizeof(u_int
));
1766 * Set link layer read filter.
1769 case BIOCSETFNR32
: { /* struct bpf_program32 */
1770 struct bpf_program32 prg32
;
1772 bcopy(addr
, &prg32
, sizeof(prg32
));
1773 error
= bpf_setf(d
, prg32
.bf_len
,
1774 CAST_USER_ADDR_T(prg32
.bf_insns
), cmd
);
1779 case BIOCSETFNR64
: { /* struct bpf_program64 */
1780 struct bpf_program64 prg64
;
1782 bcopy(addr
, &prg64
, sizeof(prg64
));
1783 error
= bpf_setf(d
, prg64
.bf_len
, prg64
.bf_insns
, cmd
);
1788 * Flush read packet buffer.
1791 while (d
->bd_hbuf_read
!= 0) {
1792 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading",
1795 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
1803 * Put interface into promiscuous mode.
1806 if (d
->bd_bif
== 0) {
1808 * No interface attached yet.
1813 if (d
->bd_promisc
== 0) {
1814 lck_mtx_unlock(bpf_mlock
);
1815 error
= ifnet_set_promiscuous(d
->bd_bif
->bif_ifp
, 1);
1816 lck_mtx_lock(bpf_mlock
);
1824 * Get device parameters.
1826 case BIOCGDLT
: /* u_int */
1827 if (d
->bd_bif
== 0) {
1830 bcopy(&d
->bd_bif
->bif_dlt
, addr
, sizeof(u_int
));
1835 * Get a list of supported data link types.
1837 case BIOCGDLTLIST
: /* struct bpf_dltlist */
1838 if (d
->bd_bif
== NULL
) {
1841 error
= bpf_getdltlist(d
, addr
, p
);
1846 * Set data link type.
1848 case BIOCSDLT
: /* u_int */
1849 if (d
->bd_bif
== NULL
) {
1854 bcopy(addr
, &dlt
, sizeof(dlt
));
1856 if (dlt
== DLT_PKTAP
&&
1857 !(d
->bd_flags
& BPF_WANT_PKTAP
)) {
1860 error
= bpf_setdlt(d
, dlt
);
1865 * Get interface name.
1867 case BIOCGETIF
: /* struct ifreq */
1868 if (d
->bd_bif
== 0) {
1871 struct ifnet
*const ifp
= d
->bd_bif
->bif_ifp
;
1873 snprintf(((struct ifreq
*)(void *)addr
)->ifr_name
,
1874 sizeof(ifr
.ifr_name
), "%s", if_name(ifp
));
1881 case BIOCSETIF
: { /* struct ifreq */
1884 bcopy(addr
, &ifr
, sizeof(ifr
));
1885 ifr
.ifr_name
[IFNAMSIZ
- 1] = '\0';
1886 ifp
= ifunit(ifr
.ifr_name
);
1890 error
= bpf_setif(d
, ifp
, true, false);
1898 case BIOCSRTIMEOUT32
: { /* struct user32_timeval */
1899 struct user32_timeval _tv
;
1902 bcopy(addr
, &_tv
, sizeof(_tv
));
1903 tv
.tv_sec
= _tv
.tv_sec
;
1904 tv
.tv_usec
= _tv
.tv_usec
;
1907 * Subtract 1 tick from tvtohz() since this isn't
1910 if ((error
= itimerfix(&tv
)) == 0) {
1911 d
->bd_rtout
= tvtohz(&tv
) - 1;
1916 case BIOCSRTIMEOUT64
: { /* struct user64_timeval */
1917 struct user64_timeval _tv
;
1920 bcopy(addr
, &_tv
, sizeof(_tv
));
1921 tv
.tv_sec
= _tv
.tv_sec
;
1922 tv
.tv_usec
= _tv
.tv_usec
;
1925 * Subtract 1 tick from tvtohz() since this isn't
1928 if ((error
= itimerfix(&tv
)) == 0) {
1929 d
->bd_rtout
= tvtohz(&tv
) - 1;
1937 case BIOCGRTIMEOUT32
: { /* struct user32_timeval */
1938 struct user32_timeval tv
;
1940 bzero(&tv
, sizeof(tv
));
1941 tv
.tv_sec
= d
->bd_rtout
/ hz
;
1942 tv
.tv_usec
= (d
->bd_rtout
% hz
) * tick
;
1943 bcopy(&tv
, addr
, sizeof(tv
));
1947 case BIOCGRTIMEOUT64
: { /* struct user64_timeval */
1948 struct user64_timeval tv
;
1950 bzero(&tv
, sizeof(tv
));
1951 tv
.tv_sec
= d
->bd_rtout
/ hz
;
1952 tv
.tv_usec
= (d
->bd_rtout
% hz
) * tick
;
1953 bcopy(&tv
, addr
, sizeof(tv
));
1960 case BIOCGSTATS
: { /* struct bpf_stat */
1963 bzero(&bs
, sizeof(bs
));
1964 bs
.bs_recv
= d
->bd_rcount
;
1965 bs
.bs_drop
= d
->bd_dcount
;
1966 bcopy(&bs
, addr
, sizeof(bs
));
1971 * Set immediate mode.
1973 case BIOCIMMEDIATE
: /* u_int */
1974 d
->bd_immediate
= *(u_int
*)(void *)addr
;
1977 case BIOCVERSION
: { /* struct bpf_version */
1978 struct bpf_version bv
;
1980 bzero(&bv
, sizeof(bv
));
1981 bv
.bv_major
= BPF_MAJOR_VERSION
;
1982 bv
.bv_minor
= BPF_MINOR_VERSION
;
1983 bcopy(&bv
, addr
, sizeof(bv
));
1988 * Get "header already complete" flag
1990 case BIOCGHDRCMPLT
: /* u_int */
1991 bcopy(&d
->bd_hdrcmplt
, addr
, sizeof(u_int
));
1995 * Set "header already complete" flag
1997 case BIOCSHDRCMPLT
: /* u_int */
1998 bcopy(addr
, &int_arg
, sizeof(int_arg
));
1999 d
->bd_hdrcmplt
= int_arg
? 1 : 0;
2003 * Get "see sent packets" flag
2005 case BIOCGSEESENT
: /* u_int */
2006 bcopy(&d
->bd_seesent
, addr
, sizeof(u_int
));
2010 * Set "see sent packets" flag
2012 case BIOCSSEESENT
: /* u_int */
2013 bcopy(addr
, &d
->bd_seesent
, sizeof(u_int
));
2017 * Set traffic service class
2019 case BIOCSETTC
: { /* int */
2022 bcopy(addr
, &tc
, sizeof(int));
2023 error
= bpf_set_traffic_class(d
, tc
);
2028 * Get traffic service class
2030 case BIOCGETTC
: /* int */
2031 bcopy(&d
->bd_traffic_class
, addr
, sizeof(int));
2034 case FIONBIO
: /* Non-blocking I/O; int */
2037 case FIOASYNC
: /* Send signal on receive packets; int */
2038 bcopy(addr
, &d
->bd_async
, sizeof(int));
2042 error
= fsetown(*(int *)addr
, &d
->bd_sigio
);
2046 *(int *)addr
= fgetown(d
->bd_sigio
);
2049 /* This is deprecated, FIOSETOWN should be used instead. */
2051 error
= fsetown(-(*(int *)addr
), &d
->bd_sigio
);
2054 /* This is deprecated, FIOGETOWN should be used instead. */
2056 *(int *)addr
= -fgetown(d
->bd_sigio
);
2059 case BIOCSRSIG
: { /* Set receive signal; u_int */
2062 bcopy(addr
, &sig
, sizeof(u_int
));
2071 case BIOCGRSIG
: /* u_int */
2072 bcopy(&d
->bd_sig
, addr
, sizeof(u_int
));
2075 case BIOCSEXTHDR
: /* u_int */
2076 bcopy(addr
, &int_arg
, sizeof(int_arg
));
2078 d
->bd_flags
|= BPF_EXTENDED_HDR
;
2080 d
->bd_flags
&= ~BPF_EXTENDED_HDR
;
2084 case BIOCGIFATTACHCOUNT
: { /* struct ifreq */
2088 bcopy(addr
, &ifr
, sizeof(ifr
));
2089 ifr
.ifr_name
[IFNAMSIZ
- 1] = '\0';
2090 ifp
= ifunit(ifr
.ifr_name
);
2096 for (bp
= bpf_iflist
; bp
!= 0; bp
= bp
->bif_next
) {
2097 struct bpf_d
*bpf_d
;
2099 if (bp
->bif_ifp
== NULL
|| bp
->bif_ifp
!= ifp
) {
2102 for (bpf_d
= bp
->bif_dlist
; bpf_d
;
2103 bpf_d
= bpf_d
->bd_next
) {
2104 ifr
.ifr_intval
+= 1;
2107 bcopy(&ifr
, addr
, sizeof(ifr
));
2110 case BIOCGWANTPKTAP
: /* u_int */
2111 int_arg
= d
->bd_flags
& BPF_WANT_PKTAP
? 1 : 0;
2112 bcopy(&int_arg
, addr
, sizeof(int_arg
));
2115 case BIOCSWANTPKTAP
: /* u_int */
2116 bcopy(addr
, &int_arg
, sizeof(int_arg
));
2118 d
->bd_flags
|= BPF_WANT_PKTAP
;
2120 d
->bd_flags
&= ~BPF_WANT_PKTAP
;
2126 bcopy(addr
, &int_arg
, sizeof(int_arg
));
2127 d
->bd_headdrop
= int_arg
? 1 : 0;
2131 bcopy(&d
->bd_headdrop
, addr
, sizeof(int));
2135 bcopy(addr
, &int_arg
, sizeof(int_arg
));
2137 d
->bd_flags
|= BPF_TRUNCATE
;
2139 d
->bd_flags
&= ~BPF_TRUNCATE
;
2144 bcopy(&d
->bd_uuid
, addr
, sizeof(uuid_t
));
2148 struct bpf_setup_args bsa
;
2151 bcopy(addr
, &bsa
, sizeof(struct bpf_setup_args
));
2152 bsa
.bsa_ifname
[IFNAMSIZ
- 1] = 0;
2153 ifp
= ifunit(bsa
.bsa_ifname
);
2156 os_log_info(OS_LOG_DEFAULT
,
2157 "%s: ifnet not found for %s error %d",
2158 __func__
, bsa
.bsa_ifname
, error
);
2162 error
= bpf_setup(d
, bsa
.bsa_uuid
, ifp
);
2166 bcopy(addr
, &int_arg
, sizeof(int_arg
));
2168 d
->bd_flags
|= BPF_PKTHDRV2
;
2170 d
->bd_flags
&= ~BPF_PKTHDRV2
;
2175 int_arg
= d
->bd_flags
& BPF_PKTHDRV2
? 1 : 0;
2176 bcopy(&int_arg
, addr
, sizeof(int));
2181 lck_mtx_unlock(bpf_mlock
);
2187 * Set d's packet filter program to fp. If this file already has a filter,
2188 * free it and replace it. Returns EINVAL for bogus requests.
2191 bpf_setf(struct bpf_d
*d
, u_int bf_len
, user_addr_t bf_insns
,
2194 struct bpf_insn
*fcode
, *old
;
2197 while (d
->bd_hbuf_read
!= 0) {
2198 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
2201 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
2206 if (bf_insns
== USER_ADDR_NULL
) {
2210 d
->bd_filter
= NULL
;
2213 FREE(old
, M_DEVBUF
);
2218 if (flen
> BPF_MAXINSNS
) {
2222 size
= flen
* sizeof(struct bpf_insn
);
2223 fcode
= (struct bpf_insn
*) _MALLOC(size
, M_DEVBUF
, M_WAIT
);
2225 if (fcode
== NULL
) {
2229 if (copyin(bf_insns
, (caddr_t
)fcode
, size
) == 0 &&
2230 bpf_validate(fcode
, (int)flen
)) {
2231 d
->bd_filter
= fcode
;
2233 if (cmd
== BIOCSETF32
|| cmd
== BIOCSETF64
) {
2238 FREE(old
, M_DEVBUF
);
2243 FREE(fcode
, M_DEVBUF
);
2248 * Detach a file from its current interface (if attached at all) and attach
2249 * to the interface indicated by the name stored in ifr.
2250 * Return an errno or 0.
2253 bpf_setif(struct bpf_d
*d
, ifnet_t theywant
, bool do_reset
, bool has_hbuf_read
)
2258 while (d
->bd_hbuf_read
!= 0 && !has_hbuf_read
) {
2259 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
2262 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
2267 * Look through attached interfaces for the named one.
2269 for (bp
= bpf_iflist
; bp
!= 0; bp
= bp
->bif_next
) {
2270 struct ifnet
*ifp
= bp
->bif_ifp
;
2272 if (ifp
== 0 || ifp
!= theywant
) {
2276 * Do not use DLT_PKTAP, unless requested explicitly
2278 if (bp
->bif_dlt
== DLT_PKTAP
&& !(d
->bd_flags
& BPF_WANT_PKTAP
)) {
2282 * Skip the coprocessor interface
2284 if (!intcoproc_unrestricted
&& IFNET_IS_INTCOPROC(ifp
)) {
2288 * We found the requested interface.
2289 * Allocate the packet buffers.
2291 error
= bpf_allocbufs(d
);
2296 * Detach if attached to something else.
2298 if (bp
!= d
->bd_bif
) {
2299 if (d
->bd_bif
!= NULL
) {
2300 if (bpf_detachd(d
, 0) != 0) {
2304 if (bpf_attachd(d
, bp
) != 0) {
2318 * Get a list of available data link type of the interface.
2321 bpf_getdltlist(struct bpf_d
*d
, caddr_t addr
, struct proc
*p
)
2328 struct bpf_dltlist bfl
;
2330 bcopy(addr
, &bfl
, sizeof(bfl
));
2331 if (proc_is64bit(p
)) {
2332 dlist
= (user_addr_t
)bfl
.bfl_u
.bflu_pad
;
2334 dlist
= CAST_USER_ADDR_T(bfl
.bfl_u
.bflu_list
);
2337 ifp
= d
->bd_bif
->bif_ifp
;
2341 for (bp
= bpf_iflist
; bp
; bp
= bp
->bif_next
) {
2342 if (bp
->bif_ifp
!= ifp
) {
2346 * Do not use DLT_PKTAP, unless requested explicitly
2348 if (bp
->bif_dlt
== DLT_PKTAP
&& !(d
->bd_flags
& BPF_WANT_PKTAP
)) {
2351 if (dlist
!= USER_ADDR_NULL
) {
2352 if (n
>= bfl
.bfl_len
) {
2355 error
= copyout(&bp
->bif_dlt
, dlist
,
2356 sizeof(bp
->bif_dlt
));
2360 dlist
+= sizeof(bp
->bif_dlt
);
2365 bcopy(&bfl
, addr
, sizeof(bfl
));
2371 * Set the data link type of a BPF instance.
2374 bpf_setdlt(struct bpf_d
*d
, uint32_t dlt
)
2376 int error
, opromisc
;
2380 if (d
->bd_bif
->bif_dlt
== dlt
) {
2384 while (d
->bd_hbuf_read
!= 0) {
2385 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
2388 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
2392 ifp
= d
->bd_bif
->bif_ifp
;
2393 for (bp
= bpf_iflist
; bp
; bp
= bp
->bif_next
) {
2394 if (bp
->bif_ifp
== ifp
&& bp
->bif_dlt
== dlt
) {
2396 * Do not use DLT_PKTAP, unless requested explicitly
2398 if (bp
->bif_dlt
== DLT_PKTAP
&&
2399 !(d
->bd_flags
& BPF_WANT_PKTAP
)) {
2406 opromisc
= d
->bd_promisc
;
2407 if (bpf_detachd(d
, 0) != 0) {
2410 error
= bpf_attachd(d
, bp
);
2412 printf("bpf_setdlt: bpf_attachd %s%d failed (%d)\n",
2413 ifnet_name(bp
->bif_ifp
), ifnet_unit(bp
->bif_ifp
),
2419 lck_mtx_unlock(bpf_mlock
);
2420 error
= ifnet_set_promiscuous(bp
->bif_ifp
, 1);
2421 lck_mtx_lock(bpf_mlock
);
2423 printf("%s: ifpromisc %s%d failed (%d)\n",
2424 __func__
, ifnet_name(bp
->bif_ifp
),
2425 ifnet_unit(bp
->bif_ifp
), error
);
2431 return bp
== NULL
? EINVAL
: 0;
2435 bpf_set_traffic_class(struct bpf_d
*d
, int tc
)
2439 if (!SO_VALID_TC(tc
)) {
2442 d
->bd_traffic_class
= tc
;
2449 bpf_set_packet_service_class(struct mbuf
*m
, int tc
)
2451 if (!(m
->m_flags
& M_PKTHDR
)) {
2455 VERIFY(SO_VALID_TC(tc
));
2456 (void) m_set_service_class(m
, so_tc2msc(tc
));
2460 * Support for select()
2462 * Return true iff the specific operation will not block indefinitely.
2463 * Otherwise, return false but make a note that a selwakeup() must be done.
2466 bpfselect(dev_t dev
, int which
, void * wql
, struct proc
*p
)
2471 lck_mtx_lock(bpf_mlock
);
2473 d
= bpf_dtab
[minor(dev
)];
2474 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
2475 (d
->bd_flags
& BPF_CLOSING
) != 0) {
2476 lck_mtx_unlock(bpf_mlock
);
2482 if (d
->bd_bif
== NULL
) {
2484 lck_mtx_unlock(bpf_mlock
);
2488 while (d
->bd_hbuf_read
!= 0) {
2489 msleep((caddr_t
)d
, bpf_mlock
, PRINET
, "bpf_reading", NULL
);
2492 if ((d
->bd_flags
& BPF_CLOSING
) != 0) {
2494 lck_mtx_unlock(bpf_mlock
);
2500 if (d
->bd_hlen
!= 0 ||
2501 ((d
->bd_immediate
||
2502 d
->bd_state
== BPF_TIMED_OUT
) && d
->bd_slen
!= 0)) {
2503 ret
= 1; /* read has data to return */
2506 * Read has no data to return.
2507 * Make the select wait, and start a timer if
2510 selrecord(p
, &d
->bd_sel
, wql
);
2516 /* can't determine whether a write would block */
2522 lck_mtx_unlock(bpf_mlock
);
2528 * Support for kevent() system call. Register EVFILT_READ filters and
2529 * reject all others.
2531 int bpfkqfilter(dev_t dev
, struct knote
*kn
);
2532 static void filt_bpfdetach(struct knote
*);
2533 static int filt_bpfread(struct knote
*, long);
2534 static int filt_bpftouch(struct knote
*kn
, struct kevent_qos_s
*kev
);
2535 static int filt_bpfprocess(struct knote
*kn
, struct kevent_qos_s
*kev
);
2537 SECURITY_READ_ONLY_EARLY(struct filterops
) bpfread_filtops
= {
2539 .f_detach
= filt_bpfdetach
,
2540 .f_event
= filt_bpfread
,
2541 .f_touch
= filt_bpftouch
,
2542 .f_process
= filt_bpfprocess
,
2546 filt_bpfread_common(struct knote
*kn
, struct kevent_qos_s
*kev
, struct bpf_d
*d
)
2551 if (d
->bd_immediate
) {
2553 * If there's data in the hold buffer, it's the
2554 * amount of data a read will return.
2556 * If there's no data in the hold buffer, but
2557 * there's data in the store buffer, a read will
2558 * immediately rotate the store buffer to the
2559 * hold buffer, the amount of data in the store
2560 * buffer is the amount of data a read will
2563 * If there's no data in either buffer, we're not
2566 data
= (d
->bd_hlen
== 0 || d
->bd_hbuf_read
!= 0 ?
2567 d
->bd_slen
: d
->bd_hlen
);
2568 int64_t lowwat
= knote_low_watermark(kn
);
2569 if (lowwat
> d
->bd_bufsize
) {
2570 lowwat
= d
->bd_bufsize
;
2572 ready
= (data
>= lowwat
);
2575 * If there's data in the hold buffer, it's the
2576 * amount of data a read will return.
2578 * If there's no data in the hold buffer, but
2579 * there's data in the store buffer, if the
2580 * timer has expired a read will immediately
2581 * rotate the store buffer to the hold buffer,
2582 * so the amount of data in the store buffer is
2583 * the amount of data a read will return.
2585 * If there's no data in either buffer, or there's
2586 * no data in the hold buffer and the timer hasn't
2587 * expired, we're not ready to read.
2589 data
= ((d
->bd_hlen
== 0 || d
->bd_hbuf_read
!= 0) &&
2590 d
->bd_state
== BPF_TIMED_OUT
? d
->bd_slen
: d
->bd_hlen
);
2596 knote_fill_kevent(kn
, kev
, data
);
2603 bpfkqfilter(dev_t dev
, struct knote
*kn
)
2609 * Is this device a bpf?
2611 if (major(dev
) != CDEV_MAJOR
|| kn
->kn_filter
!= EVFILT_READ
) {
2612 knote_set_error(kn
, EINVAL
);
2616 lck_mtx_lock(bpf_mlock
);
2618 d
= bpf_dtab
[minor(dev
)];
2620 if (d
== NULL
|| d
== BPF_DEV_RESERVED
||
2621 (d
->bd_flags
& BPF_CLOSING
) != 0 ||
2622 d
->bd_bif
== NULL
) {
2623 lck_mtx_unlock(bpf_mlock
);
2624 knote_set_error(kn
, ENXIO
);
2629 kn
->kn_filtid
= EVFILTID_BPFREAD
;
2630 KNOTE_ATTACH(&d
->bd_sel
.si_note
, kn
);
2631 d
->bd_flags
|= BPF_KNOTE
;
2633 /* capture the current state */
2634 res
= filt_bpfread_common(kn
, NULL
, d
);
2636 lck_mtx_unlock(bpf_mlock
);
2642 filt_bpfdetach(struct knote
*kn
)
2644 struct bpf_d
*d
= (struct bpf_d
*)kn
->kn_hook
;
2646 lck_mtx_lock(bpf_mlock
);
2647 if (d
->bd_flags
& BPF_KNOTE
) {
2648 KNOTE_DETACH(&d
->bd_sel
.si_note
, kn
);
2649 d
->bd_flags
&= ~BPF_KNOTE
;
2651 lck_mtx_unlock(bpf_mlock
);
2655 filt_bpfread(struct knote
*kn
, long hint
)
2657 #pragma unused(hint)
2658 struct bpf_d
*d
= (struct bpf_d
*)kn
->kn_hook
;
2660 return filt_bpfread_common(kn
, NULL
, d
);
2664 filt_bpftouch(struct knote
*kn
, struct kevent_qos_s
*kev
)
2666 struct bpf_d
*d
= (struct bpf_d
*)kn
->kn_hook
;
2669 lck_mtx_lock(bpf_mlock
);
2671 /* save off the lowat threshold and flag */
2672 kn
->kn_sdata
= kev
->data
;
2673 kn
->kn_sfflags
= kev
->fflags
;
2675 /* output data will be re-generated here */
2676 res
= filt_bpfread_common(kn
, NULL
, d
);
2678 lck_mtx_unlock(bpf_mlock
);
2684 filt_bpfprocess(struct knote
*kn
, struct kevent_qos_s
*kev
)
2686 struct bpf_d
*d
= (struct bpf_d
*)kn
->kn_hook
;
2689 lck_mtx_lock(bpf_mlock
);
2690 res
= filt_bpfread_common(kn
, kev
, d
);
2691 lck_mtx_unlock(bpf_mlock
);
2697 * Copy data from an mbuf chain into a buffer. This code is derived
2698 * from m_copydata in kern/uipc_mbuf.c.
2701 bpf_mcopy(struct mbuf
* m
, void *dst_arg
, size_t len
)
2711 count
= min(m
->m_len
, len
);
2712 bcopy(mbuf_data(m
), dst
, count
);
2723 struct bpf_packet
*bpf_pkt
,
2731 * It's possible that we get here after the bpf descriptor has been
2732 * detached from the interface; in such a case we simply return.
2733 * Lock ordering is important since we can be called asynchronously
2734 * (from IOKit) to process an inbound packet; when that happens
2735 * we would have been holding its "gateLock" and will be acquiring
2736 * "bpf_mlock" upon entering this routine. Due to that, we release
2737 * "bpf_mlock" prior to calling ifnet_set_promiscuous (which will
2738 * acquire "gateLock" in the IOKit), in order to avoid a deadlock
2739 * when a ifnet_set_promiscuous request simultaneously collides with
2740 * an inbound packet being passed into the tap callback.
2742 lck_mtx_lock(bpf_mlock
);
2743 if (ifp
->if_bpf
== NULL
) {
2744 lck_mtx_unlock(bpf_mlock
);
2747 for (bp
= ifp
->if_bpf
; bp
!= NULL
; bp
= bp
->bif_next
) {
2748 if (bp
->bif_ifp
!= ifp
) {
2749 /* wrong interface */
2753 if (dlt
== 0 || bp
->bif_dlt
== dlt
) {
2754 /* tapping default DLT or DLT matches */
2761 for (d
= bp
->bif_dlist
; d
; d
= d
->bd_next
) {
2762 struct bpf_packet
*bpf_pkt_saved
= bpf_pkt
;
2763 struct bpf_packet bpf_pkt_tmp
;
2764 struct pktap_header_buffer bpfp_header_tmp
;
2766 if (outbound
&& !d
->bd_seesent
) {
2771 slen
= bpf_filter(d
->bd_filter
, (u_char
*)bpf_pkt
,
2772 bpf_pkt
->bpfp_total_length
, 0);
2773 if (bp
->bif_ifp
->if_type
== IFT_PKTAP
&&
2774 bp
->bif_dlt
== DLT_PKTAP
) {
2776 * Need to copy the bpf_pkt because the conversion
2777 * to v2 pktap header modifies the content of the
2780 if ((d
->bd_flags
& BPF_PKTHDRV2
) &&
2781 bpf_pkt
->bpfp_header_length
<= sizeof(bpfp_header_tmp
)) {
2782 bpf_pkt_tmp
= *bpf_pkt
;
2784 bpf_pkt
= &bpf_pkt_tmp
;
2786 memcpy(&bpfp_header_tmp
, bpf_pkt
->bpfp_header
,
2787 bpf_pkt
->bpfp_header_length
);
2789 bpf_pkt
->bpfp_header
= &bpfp_header_tmp
;
2791 convert_to_pktap_header_to_v2(bpf_pkt
,
2792 !!(d
->bd_flags
& BPF_TRUNCATE
));
2795 if (d
->bd_flags
& BPF_TRUNCATE
) {
2797 get_pkt_trunc_len((u_char
*)bpf_pkt
,
2798 bpf_pkt
->bpfp_total_length
));
2803 if (mac_bpfdesc_check_receive(d
, bp
->bif_ifp
) != 0) {
2807 catchpacket(d
, bpf_pkt
, slen
, outbound
);
2809 bpf_pkt
= bpf_pkt_saved
;
2813 lck_mtx_unlock(bpf_mlock
);
2825 struct bpf_packet bpf_pkt
;
2828 if (ifp
->if_bpf
== NULL
) {
2829 /* quickly check without taking lock */
2832 bpf_pkt
.bpfp_type
= BPF_PACKET_TYPE_MBUF
;
2833 bpf_pkt
.bpfp_mbuf
= m
;
2834 bpf_pkt
.bpfp_total_length
= 0;
2835 for (m0
= m
; m0
!= NULL
; m0
= m0
->m_next
) {
2836 bpf_pkt
.bpfp_total_length
+= m0
->m_len
;
2838 bpf_pkt
.bpfp_header
= hdr
;
2840 bpf_pkt
.bpfp_total_length
+= hlen
;
2841 bpf_pkt
.bpfp_header_length
= hlen
;
2843 bpf_pkt
.bpfp_header_length
= 0;
2845 bpf_tap_imp(ifp
, dlt
, &bpf_pkt
, outbound
);
2856 bpf_tap_mbuf(ifp
, dlt
, m
, hdr
, hlen
, 1);
2867 bpf_tap_mbuf(ifp
, dlt
, m
, hdr
, hlen
, 0);
2870 /* Callback registered with Ethernet driver. */
2872 bpf_tap_callback(struct ifnet
*ifp
, struct mbuf
*m
)
2874 bpf_tap_mbuf(ifp
, 0, m
, NULL
, 0, mbuf_pkthdr_rcvif(m
) == NULL
);
2881 bpf_copydata(struct bpf_packet
*pkt
, size_t off
, size_t len
, void* out_data
)
2884 if (pkt
->bpfp_type
== BPF_PACKET_TYPE_MBUF
) {
2885 err
= mbuf_copydata(pkt
->bpfp_mbuf
, off
, len
, out_data
);
2894 copy_bpf_packet(struct bpf_packet
* pkt
, void * dst
, size_t len
)
2896 /* copy the optional header */
2897 if (pkt
->bpfp_header_length
!= 0) {
2898 size_t count
= min(len
, pkt
->bpfp_header_length
);
2899 bcopy(pkt
->bpfp_header
, dst
, count
);
2904 /* nothing past the header */
2907 /* copy the packet */
2908 switch (pkt
->bpfp_type
) {
2909 case BPF_PACKET_TYPE_MBUF
:
2910 bpf_mcopy(pkt
->bpfp_mbuf
, dst
, len
);
2918 get_esp_trunc_len(__unused
struct bpf_packet
*pkt
, __unused
uint16_t off
,
2919 const uint16_t remaining_caplen
)
2922 * For some reason tcpdump expects to have one byte beyond the ESP header
2924 uint16_t trunc_len
= ESP_HDR_SIZE
+ 1;
2926 if (trunc_len
> remaining_caplen
) {
2927 return remaining_caplen
;
2934 get_isakmp_trunc_len(__unused
struct bpf_packet
*pkt
, __unused
uint16_t off
,
2935 const uint16_t remaining_caplen
)
2938 * Include the payload generic header
2940 uint16_t trunc_len
= ISAKMP_HDR_SIZE
;
2942 if (trunc_len
> remaining_caplen
) {
2943 return remaining_caplen
;
2950 get_isakmp_natt_trunc_len(struct bpf_packet
*pkt
, uint16_t off
,
2951 const uint16_t remaining_caplen
)
2954 uint16_t trunc_len
= 0;
2955 char payload
[remaining_caplen
];
2957 err
= bpf_copydata(pkt
, off
, remaining_caplen
, payload
);
2959 return remaining_caplen
;
2962 * They are three cases:
2963 * - IKE: payload start with 4 bytes header set to zero before ISAKMP header
2964 * - keep alive: 1 byte payload
2965 * - otherwise it's ESP
2967 if (remaining_caplen
>= 4 &&
2968 payload
[0] == 0 && payload
[1] == 0 &&
2969 payload
[2] == 0 && payload
[3] == 0) {
2970 trunc_len
= 4 + get_isakmp_trunc_len(pkt
, off
+ 4, remaining_caplen
- 4);
2971 } else if (remaining_caplen
== 1) {
2974 trunc_len
= get_esp_trunc_len(pkt
, off
, remaining_caplen
);
2977 if (trunc_len
> remaining_caplen
) {
2978 return remaining_caplen
;
2985 get_udp_trunc_len(struct bpf_packet
*pkt
, uint16_t off
, const uint16_t remaining_caplen
)
2988 uint16_t trunc_len
= sizeof(struct udphdr
); /* By default no UDP payload */
2990 if (trunc_len
>= remaining_caplen
) {
2991 return remaining_caplen
;
2994 struct udphdr udphdr
;
2995 err
= bpf_copydata(pkt
, off
, sizeof(struct udphdr
), &udphdr
);
2997 return remaining_caplen
;
3000 u_short sport
, dport
;
3002 sport
= EXTRACT_SHORT(&udphdr
.uh_sport
);
3003 dport
= EXTRACT_SHORT(&udphdr
.uh_dport
);
3005 if (dport
== PORT_DNS
|| sport
== PORT_DNS
) {
3007 * Full UDP payload for DNS
3009 trunc_len
= remaining_caplen
;
3010 } else if ((sport
== PORT_BOOTPS
&& dport
== PORT_BOOTPC
) ||
3011 (sport
== PORT_BOOTPC
&& dport
== PORT_BOOTPS
)) {
3013 * Full UDP payload for BOOTP and DHCP
3015 trunc_len
= remaining_caplen
;
3016 } else if (dport
== PORT_ISAKMP
&& sport
== PORT_ISAKMP
) {
3018 * Return the ISAKMP header
3020 trunc_len
+= get_isakmp_trunc_len(pkt
, off
+ sizeof(struct udphdr
),
3021 remaining_caplen
- sizeof(struct udphdr
));
3022 } else if (dport
== PORT_ISAKMP_NATT
&& sport
== PORT_ISAKMP_NATT
) {
3023 trunc_len
+= get_isakmp_natt_trunc_len(pkt
, off
+ sizeof(struct udphdr
),
3024 remaining_caplen
- sizeof(struct udphdr
));
3026 if (trunc_len
>= remaining_caplen
) {
3027 return remaining_caplen
;
3034 get_tcp_trunc_len(struct bpf_packet
*pkt
, uint16_t off
, const uint16_t remaining_caplen
)
3037 uint16_t trunc_len
= sizeof(struct tcphdr
); /* By default no TCP payload */
3038 if (trunc_len
>= remaining_caplen
) {
3039 return remaining_caplen
;
3042 struct tcphdr tcphdr
;
3043 err
= bpf_copydata(pkt
, off
, sizeof(struct tcphdr
), &tcphdr
);
3045 return remaining_caplen
;
3048 u_short sport
, dport
;
3049 sport
= EXTRACT_SHORT(&tcphdr
.th_sport
);
3050 dport
= EXTRACT_SHORT(&tcphdr
.th_dport
);
3052 if (dport
== PORT_DNS
|| sport
== PORT_DNS
) {
3054 * Full TCP payload for DNS
3056 trunc_len
= remaining_caplen
;
3058 trunc_len
= tcphdr
.th_off
<< 2;
3060 if (trunc_len
>= remaining_caplen
) {
3061 return remaining_caplen
;
3068 get_proto_trunc_len(uint8_t proto
, struct bpf_packet
*pkt
, uint16_t off
, const uint16_t remaining_caplen
)
3073 case IPPROTO_ICMP
: {
3077 trunc_len
= remaining_caplen
;
3080 case IPPROTO_ICMPV6
: {
3082 * Full IMCPV6 payload
3084 trunc_len
= remaining_caplen
;
3087 case IPPROTO_IGMP
: {
3091 trunc_len
= remaining_caplen
;
3095 trunc_len
= get_udp_trunc_len(pkt
, off
, remaining_caplen
);
3099 trunc_len
= get_tcp_trunc_len(pkt
, off
, remaining_caplen
);
3103 trunc_len
= get_esp_trunc_len(pkt
, off
, remaining_caplen
);
3108 * By default we only include the IP header
3114 if (trunc_len
>= remaining_caplen
) {
3115 return remaining_caplen
;
3122 get_ip_trunc_len(struct bpf_packet
*pkt
, uint16_t off
, const uint16_t remaining_caplen
)
3125 uint16_t iplen
= sizeof(struct ip
);
3126 if (iplen
>= remaining_caplen
) {
3127 return remaining_caplen
;
3131 err
= bpf_copydata(pkt
, off
, sizeof(struct ip
), &iphdr
);
3133 return remaining_caplen
;
3138 iplen
= iphdr
.ip_hl
<< 2;
3139 if (iplen
>= remaining_caplen
) {
3140 return remaining_caplen
;
3144 iplen
+= get_proto_trunc_len(proto
, pkt
, off
+ iplen
, remaining_caplen
- iplen
);
3146 if (iplen
>= remaining_caplen
) {
3147 return remaining_caplen
;
3154 get_ip6_trunc_len(struct bpf_packet
*pkt
, uint16_t off
, const uint16_t remaining_caplen
)
3157 uint16_t iplen
= sizeof(struct ip6_hdr
);
3158 if (iplen
>= remaining_caplen
) {
3159 return remaining_caplen
;
3162 struct ip6_hdr ip6hdr
;
3163 err
= bpf_copydata(pkt
, off
, sizeof(struct ip6_hdr
), &ip6hdr
);
3165 return remaining_caplen
;
3171 * TBD: process the extension headers
3173 proto
= ip6hdr
.ip6_nxt
;
3174 iplen
+= get_proto_trunc_len(proto
, pkt
, off
+ iplen
, remaining_caplen
- iplen
);
3176 if (iplen
>= remaining_caplen
) {
3177 return remaining_caplen
;
3184 get_ether_trunc_len(struct bpf_packet
*pkt
, int off
, const uint16_t remaining_caplen
)
3187 uint16_t ethlen
= sizeof(struct ether_header
);
3188 if (ethlen
>= remaining_caplen
) {
3189 return remaining_caplen
;
3192 struct ether_header eh
;
3194 err
= bpf_copydata(pkt
, off
, sizeof(struct ether_header
), &eh
);
3196 return remaining_caplen
;
3199 type
= EXTRACT_SHORT(&eh
.ether_type
);
3200 /* Include full ARP */
3201 if (type
== ETHERTYPE_ARP
) {
3202 ethlen
= remaining_caplen
;
3203 } else if (type
!= ETHERTYPE_IP
&& type
!= ETHERTYPE_IPV6
) {
3204 ethlen
= min(BPF_MIN_PKT_SIZE
, remaining_caplen
);
3206 if (type
== ETHERTYPE_IP
) {
3207 ethlen
+= get_ip_trunc_len(pkt
, sizeof(struct ether_header
),
3209 } else if (type
== ETHERTYPE_IPV6
) {
3210 ethlen
+= get_ip6_trunc_len(pkt
, sizeof(struct ether_header
),
3218 get_pkt_trunc_len(u_char
*p
, u_int len
)
3220 struct bpf_packet
*pkt
= (struct bpf_packet
*)(void *) p
;
3221 struct pktap_header
*pktap
= (struct pktap_header
*) (pkt
->bpfp_header
);
3222 uint32_t out_pkt_len
= 0, tlen
= 0;
3224 * pktap->pth_frame_pre_length is L2 header length and accounts
3225 * for both pre and pre_adjust.
3226 * pktap->pth_length is sizeof(pktap_header) (excl the pre/pre_adjust)
3227 * pkt->bpfp_header_length is (pktap->pth_length + pre_adjust)
3228 * pre is the offset to the L3 header after the bpfp_header, or length
3229 * of L2 header after bpfp_header, if present.
3231 int32_t pre
= pktap
->pth_frame_pre_length
-
3232 (pkt
->bpfp_header_length
- pktap
->pth_length
);
3234 /* Length of the input packet starting from L3 header */
3235 uint32_t in_pkt_len
= len
- pkt
->bpfp_header_length
- pre
;
3236 if (pktap
->pth_protocol_family
== AF_INET
||
3237 pktap
->pth_protocol_family
== AF_INET6
) {
3238 /* Contains L2 header */
3240 if (pre
< (int32_t)sizeof(struct ether_header
)) {
3244 out_pkt_len
= get_ether_trunc_len(pkt
, 0, in_pkt_len
);
3245 } else if (pre
== 0) {
3246 if (pktap
->pth_protocol_family
== AF_INET
) {
3247 out_pkt_len
= get_ip_trunc_len(pkt
, pre
, in_pkt_len
);
3248 } else if (pktap
->pth_protocol_family
== AF_INET6
) {
3249 out_pkt_len
= get_ip6_trunc_len(pkt
, pre
, in_pkt_len
);
3252 /* Ideally pre should be >= 0. This is an exception */
3253 out_pkt_len
= min(BPF_MIN_PKT_SIZE
, in_pkt_len
);
3256 if (pktap
->pth_iftype
== IFT_ETHER
) {
3257 if (in_pkt_len
< sizeof(struct ether_header
)) {
3260 /* At most include the Ethernet header and 16 bytes */
3261 out_pkt_len
= MIN(sizeof(struct ether_header
) + 16,
3265 * For unknown protocols include at most 16 bytes
3267 out_pkt_len
= MIN(16, in_pkt_len
);
3271 tlen
= pkt
->bpfp_header_length
+ out_pkt_len
+ pre
;
3274 out_pkt_len
= in_pkt_len
;
3279 * Move the packet data from interface memory (pkt) into the
3280 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
3284 catchpacket(struct bpf_d
*d
, struct bpf_packet
* pkt
,
3285 u_int snaplen
, int outbound
)
3288 struct bpf_hdr_ext
*ehp
;
3295 hdrlen
= (d
->bd_flags
& BPF_EXTENDED_HDR
) ? d
->bd_bif
->bif_exthdrlen
:
3296 d
->bd_bif
->bif_hdrlen
;
3298 * Figure out how many bytes to move. If the packet is
3299 * greater or equal to the snapshot length, transfer that
3300 * much. Otherwise, transfer the whole packet (unless
3301 * we hit the buffer size limit).
3303 totlen
= hdrlen
+ min(snaplen
, pkt
->bpfp_total_length
);
3304 if (totlen
> d
->bd_bufsize
) {
3305 totlen
= d
->bd_bufsize
;
3308 if (hdrlen
> totlen
) {
3313 * Round up the end of the previous packet to the next longword.
3315 curlen
= BPF_WORDALIGN(d
->bd_slen
);
3316 if (curlen
+ totlen
> d
->bd_bufsize
) {
3318 * This packet will overflow the storage buffer.
3319 * Rotate the buffers if we can, then wakeup any
3322 * We cannot rotate buffers if a read is in progress
3323 * so drop the packet
3325 if (d
->bd_hbuf_read
!= 0) {
3330 if (d
->bd_fbuf
== NULL
) {
3331 if (d
->bd_headdrop
== 0) {
3333 * We haven't completed the previous read yet,
3334 * so drop the packet.
3340 * Drop the hold buffer as it contains older packets
3342 d
->bd_dcount
+= d
->bd_hcnt
;
3343 d
->bd_fbuf
= d
->bd_hbuf
;
3350 } else if (d
->bd_immediate
|| d
->bd_state
== BPF_TIMED_OUT
) {
3352 * Immediate mode is set, or the read timeout has
3353 * already expired during a select call. A packet
3354 * arrived, so the reader should be woken up.
3360 * Append the bpf header.
3363 if (d
->bd_flags
& BPF_EXTENDED_HDR
) {
3366 m
= (pkt
->bpfp_type
== BPF_PACKET_TYPE_MBUF
)
3367 ? pkt
->bpfp_mbuf
: NULL
;
3368 ehp
= (struct bpf_hdr_ext
*)(void *)(d
->bd_sbuf
+ curlen
);
3369 memset(ehp
, 0, sizeof(*ehp
));
3370 ehp
->bh_tstamp
.tv_sec
= tv
.tv_sec
;
3371 ehp
->bh_tstamp
.tv_usec
= tv
.tv_usec
;
3373 ehp
->bh_datalen
= pkt
->bpfp_total_length
;
3374 ehp
->bh_hdrlen
= hdrlen
;
3375 caplen
= ehp
->bh_caplen
= totlen
- hdrlen
;
3378 ehp
->bh_flags
|= BPF_HDR_EXT_FLAGS_DIR_OUT
;
3380 ehp
->bh_flags
|= BPF_HDR_EXT_FLAGS_DIR_IN
;
3382 } else if (outbound
) {
3383 ehp
->bh_flags
|= BPF_HDR_EXT_FLAGS_DIR_OUT
;
3385 /* only do lookups on non-raw INPCB */
3386 if ((m
->m_pkthdr
.pkt_flags
& (PKTF_FLOW_ID
|
3387 PKTF_FLOW_LOCALSRC
| PKTF_FLOW_RAWSOCK
)) ==
3388 (PKTF_FLOW_ID
| PKTF_FLOW_LOCALSRC
) &&
3389 m
->m_pkthdr
.pkt_flowsrc
== FLOWSRC_INPCB
) {
3390 ehp
->bh_flowid
= m
->m_pkthdr
.pkt_flowid
;
3391 ehp
->bh_proto
= m
->m_pkthdr
.pkt_proto
;
3393 ehp
->bh_svc
= so_svc2tc(m
->m_pkthdr
.pkt_svc
);
3394 if (m
->m_pkthdr
.pkt_flags
& PKTF_TCP_REXMT
) {
3395 ehp
->bh_pktflags
|= BPF_PKTFLAGS_TCP_REXMT
;
3397 if (m
->m_pkthdr
.pkt_flags
& PKTF_START_SEQ
) {
3398 ehp
->bh_pktflags
|= BPF_PKTFLAGS_START_SEQ
;
3400 if (m
->m_pkthdr
.pkt_flags
& PKTF_LAST_PKT
) {
3401 ehp
->bh_pktflags
|= BPF_PKTFLAGS_LAST_PKT
;
3403 if (m
->m_pkthdr
.pkt_flags
& PKTF_VALID_UNSENT_DATA
) {
3404 ehp
->bh_unsent_bytes
=
3405 m
->m_pkthdr
.bufstatus_if
;
3406 ehp
->bh_unsent_snd
=
3407 m
->m_pkthdr
.bufstatus_sndbuf
;
3410 ehp
->bh_flags
|= BPF_HDR_EXT_FLAGS_DIR_IN
;
3412 payload
= (u_char
*)ehp
+ hdrlen
;
3414 hp
= (struct bpf_hdr
*)(void *)(d
->bd_sbuf
+ curlen
);
3415 hp
->bh_tstamp
.tv_sec
= tv
.tv_sec
;
3416 hp
->bh_tstamp
.tv_usec
= tv
.tv_usec
;
3417 hp
->bh_datalen
= pkt
->bpfp_total_length
;
3418 hp
->bh_hdrlen
= hdrlen
;
3419 caplen
= hp
->bh_caplen
= totlen
- hdrlen
;
3420 payload
= (u_char
*)hp
+ hdrlen
;
3423 * Copy the packet data into the store buffer and update its length.
3425 copy_bpf_packet(pkt
, payload
, caplen
);
3426 d
->bd_slen
= curlen
+ totlen
;
3435 * Initialize all nonzero fields of a descriptor.
3438 bpf_allocbufs(struct bpf_d
*d
)
3440 if (d
->bd_sbuf
!= NULL
) {
3441 FREE(d
->bd_sbuf
, M_DEVBUF
);
3444 if (d
->bd_hbuf
!= NULL
) {
3445 FREE(d
->bd_hbuf
, M_DEVBUF
);
3448 if (d
->bd_fbuf
!= NULL
) {
3449 FREE(d
->bd_fbuf
, M_DEVBUF
);
3453 d
->bd_fbuf
= (caddr_t
) _MALLOC(d
->bd_bufsize
, M_DEVBUF
, M_WAIT
);
3454 if (d
->bd_fbuf
== NULL
) {
3458 d
->bd_sbuf
= (caddr_t
) _MALLOC(d
->bd_bufsize
, M_DEVBUF
, M_WAIT
);
3459 if (d
->bd_sbuf
== NULL
) {
3460 FREE(d
->bd_fbuf
, M_DEVBUF
);
3472 * Free buffers currently in use by a descriptor.
3476 bpf_freed(struct bpf_d
*d
)
3479 * We don't need to lock out interrupts since this descriptor has
3480 * been detached from its interface and it yet hasn't been marked
3483 if (d
->bd_hbuf_read
!= 0) {
3484 panic("bpf buffer freed during read");
3487 if (d
->bd_sbuf
!= 0) {
3488 FREE(d
->bd_sbuf
, M_DEVBUF
);
3489 if (d
->bd_hbuf
!= 0) {
3490 FREE(d
->bd_hbuf
, M_DEVBUF
);
3492 if (d
->bd_fbuf
!= 0) {
3493 FREE(d
->bd_fbuf
, M_DEVBUF
);
3497 FREE(d
->bd_filter
, M_DEVBUF
);
3502 * Attach an interface to bpf. driverp is a pointer to a (struct bpf_if *)
3503 * in the driver's softc; dlt is the link layer type; hdrlen is the fixed
3504 * size of the link header (variable length headers not yet supported).
3507 bpfattach(struct ifnet
*ifp
, u_int dlt
, u_int hdrlen
)
3509 bpf_attach(ifp
, dlt
, hdrlen
, NULL
, NULL
);
3521 struct bpf_if
*bp_new
;
3522 struct bpf_if
*bp_before_first
= NULL
;
3523 struct bpf_if
*bp_first
= NULL
;
3524 struct bpf_if
*bp_last
= NULL
;
3527 bp_new
= (struct bpf_if
*) _MALLOC(sizeof(*bp_new
), M_DEVBUF
,
3533 lck_mtx_lock(bpf_mlock
);
3536 * Check if this interface/dlt is already attached. Remember the
3537 * first and last attachment for this interface, as well as the
3538 * element before the first attachment.
3541 for (bp
= bpf_iflist
; bp
!= NULL
; bp
= bp
->bif_next
) {
3542 if (bp
->bif_ifp
!= ifp
) {
3543 if (bp_first
!= NULL
) {
3544 /* no more elements for this interface */
3547 bp_before_first
= bp
;
3549 if (bp
->bif_dlt
== dlt
) {
3553 if (bp_first
== NULL
) {
3560 lck_mtx_unlock(bpf_mlock
);
3561 printf("bpfattach - %s with dlt %d is already attached\n",
3563 FREE(bp_new
, M_DEVBUF
);
3567 bp_new
->bif_ifp
= ifp
;
3568 bp_new
->bif_dlt
= dlt
;
3569 bp_new
->bif_send
= send
;
3570 bp_new
->bif_tap
= tap
;
3572 if (bp_first
== NULL
) {
3573 /* No other entries for this ifp */
3574 bp_new
->bif_next
= bpf_iflist
;
3575 bpf_iflist
= bp_new
;
3577 if (ifnet_type(ifp
) == IFT_ETHER
&& dlt
== DLT_EN10MB
) {
3578 /* Make this the first entry for this interface */
3579 if (bp_before_first
!= NULL
) {
3580 /* point the previous to us */
3581 bp_before_first
->bif_next
= bp_new
;
3583 /* we're the new head */
3584 bpf_iflist
= bp_new
;
3586 bp_new
->bif_next
= bp_first
;
3588 /* Add this after the last entry for this interface */
3589 bp_new
->bif_next
= bp_last
->bif_next
;
3590 bp_last
->bif_next
= bp_new
;
3595 * Compute the length of the bpf header. This is not necessarily
3596 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
3597 * that the network layer header begins on a longword boundary (for
3598 * performance reasons and to alleviate alignment restrictions).
3600 bp_new
->bif_hdrlen
= BPF_WORDALIGN(hdrlen
+ SIZEOF_BPF_HDR
) - hdrlen
;
3601 bp_new
->bif_exthdrlen
= BPF_WORDALIGN(hdrlen
+
3602 sizeof(struct bpf_hdr_ext
)) - hdrlen
;
3604 /* Take a reference on the interface */
3605 ifnet_reference(ifp
);
3607 lck_mtx_unlock(bpf_mlock
);
3611 printf("bpf: %s attached\n", if_name(ifp
));
3619 * Detach bpf from an interface. This involves detaching each descriptor
3620 * associated with the interface, and leaving bd_bif NULL. Notify each
3621 * descriptor as it's detached so that any sleepers wake up and get
3625 bpfdetach(struct ifnet
*ifp
)
3627 struct bpf_if
*bp
, *bp_prev
, *bp_next
;
3630 if (bpf_debug
!= 0) {
3631 printf("%s: %s\n", __func__
, if_name(ifp
));
3634 lck_mtx_lock(bpf_mlock
);
3637 * Build the list of devices attached to that interface
3638 * that we need to free while keeping the lock to maintain
3639 * the integrity of the interface list
3642 for (bp
= bpf_iflist
; bp
!= NULL
; bp
= bp_next
) {
3643 bp_next
= bp
->bif_next
;
3645 if (ifp
!= bp
->bif_ifp
) {
3649 /* Unlink from the interface list */
3651 bp_prev
->bif_next
= bp
->bif_next
;
3653 bpf_iflist
= bp
->bif_next
;
3656 /* Detach the devices attached to the interface */
3657 while ((d
= bp
->bif_dlist
) != NULL
) {
3659 * Take an extra reference to prevent the device
3660 * from being freed when bpf_detachd() releases
3661 * the reference for the interface list
3671 lck_mtx_unlock(bpf_mlock
);
3675 bpf_init(__unused
void *unused
)
3681 if (bpf_devsw_installed
== 0) {
3682 bpf_devsw_installed
= 1;
3683 bpf_mlock_grp_attr
= lck_grp_attr_alloc_init();
3684 bpf_mlock_grp
= lck_grp_alloc_init("bpf", bpf_mlock_grp_attr
);
3685 bpf_mlock_attr
= lck_attr_alloc_init();
3686 lck_mtx_init(bpf_mlock
, bpf_mlock_grp
, bpf_mlock_attr
);
3687 maj
= cdevsw_add(CDEV_MAJOR
, &bpf_cdevsw
);
3689 if (bpf_mlock_attr
) {
3690 lck_attr_free(bpf_mlock_attr
);
3692 if (bpf_mlock_grp
) {
3693 lck_grp_free(bpf_mlock_grp
);
3695 if (bpf_mlock_grp_attr
) {
3696 lck_grp_attr_free(bpf_mlock_grp_attr
);
3700 bpf_mlock_attr
= NULL
;
3701 bpf_mlock_grp
= NULL
;
3702 bpf_mlock_grp_attr
= NULL
;
3703 bpf_devsw_installed
= 0;
3704 printf("bpf_init: failed to allocate a major number\n");
3708 for (i
= 0; i
< NBPFILTER
; i
++) {
3709 bpf_make_dev_t(maj
);
3713 cdevsw_add(&bpf_cdevsw
);
3718 SYSINIT(bpfdev
, SI_SUB_DRIVERS
, SI_ORDER_MIDDLE
+ CDEV_MAJOR
, bpf_drvinit
, NULL
);
3723 mac_bpfdesc_label_get(struct bpf_d
*d
)
3729 mac_bpfdesc_label_set(struct bpf_d
*d
, struct label
*label
)
3731 d
->bd_label
= label
;
3736 sysctl_bpf_maxbufsize SYSCTL_HANDLER_ARGS
3738 #pragma unused(arg1, arg2)
3743 err
= sysctl_handle_int(oidp
, &i
, 0, req
);
3744 if (err
!= 0 || req
->newptr
== USER_ADDR_NULL
) {
3748 if (i
< 0 || i
> BPF_MAXSIZE_CAP
) {
3749 i
= BPF_MAXSIZE_CAP
;