2005-01-07 01:45:51 +00:00
|
|
|
/*-
|
2017-11-20 19:43:44 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*
|
1994-05-24 10:09:53 +00:00
|
|
|
* Copyright (c) 1990, 1991, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from the Stanford/CMU enet packet filter,
|
|
|
|
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
|
|
|
|
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
|
|
|
|
* Berkeley Laboratory.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1994-05-24 10:09:53 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* @(#)bpfdesc.h 8.1 (Berkeley) 6/10/93
|
|
|
|
*
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
1994-08-21 05:11:48 +00:00
|
|
|
#ifndef _NET_BPFDESC_H_
|
|
|
|
#define _NET_BPFDESC_H_
|
|
|
|
|
2001-12-14 22:17:54 +00:00
|
|
|
#include <sys/callout.h>
|
2001-01-09 04:33:49 +00:00
|
|
|
#include <sys/selinfo.h>
|
2019-05-13 13:45:28 +00:00
|
|
|
#include <sys/ck.h>
|
2005-07-24 17:21:17 +00:00
|
|
|
#include <sys/conf.h>
|
2018-03-20 22:57:06 +00:00
|
|
|
#include <sys/counter.h>
|
2019-05-13 13:45:28 +00:00
|
|
|
#include <sys/epoch.h>
|
2005-07-24 17:21:17 +00:00
|
|
|
#include <net/if.h>
|
1994-05-25 09:21:21 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Descriptor associated with each open bpf file.
|
|
|
|
*/
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
struct zbuf;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct bpf_d {
|
2019-05-13 13:45:28 +00:00
|
|
|
CK_LIST_ENTRY(bpf_d) bd_next; /* Linked list of descriptors */
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
* Buffer slots: two memory buffers store the incoming packets.
|
1994-05-24 10:09:53 +00:00
|
|
|
* The model has three slots. Sbuf is always occupied.
|
|
|
|
* sbuf (store) - Receive interrupt puts packets here.
|
2007-01-29 14:41:03 +00:00
|
|
|
* hbuf (hold) - When sbuf is full, put buffer here and
|
1994-05-24 10:09:53 +00:00
|
|
|
* wakeup read (replace sbuf with fbuf).
|
2007-01-29 14:41:03 +00:00
|
|
|
* fbuf (free) - When read is done, put buffer here.
|
1994-05-24 10:09:53 +00:00
|
|
|
* On receiving, if sbuf is full and fbuf is 0, packet is dropped.
|
|
|
|
*/
|
|
|
|
caddr_t bd_sbuf; /* store slot */
|
|
|
|
caddr_t bd_hbuf; /* hold slot */
|
|
|
|
caddr_t bd_fbuf; /* free slot */
|
2012-12-10 16:14:44 +00:00
|
|
|
int bd_hbuf_in_use; /* don't rotate buffers */
|
1994-05-24 10:09:53 +00:00
|
|
|
int bd_slen; /* current length of store buffer */
|
|
|
|
int bd_hlen; /* current length of hold buffer */
|
|
|
|
|
|
|
|
int bd_bufsize; /* absolute length of buffers */
|
|
|
|
|
|
|
|
struct bpf_if * bd_bif; /* interface descriptor */
|
|
|
|
u_long bd_rtout; /* Read timeout in 'ticks' */
|
2005-08-22 19:35:48 +00:00
|
|
|
struct bpf_insn *bd_rfilter; /* read filter code */
|
|
|
|
struct bpf_insn *bd_wfilter; /* write filter code */
|
2009-08-12 17:28:53 +00:00
|
|
|
void *bd_bfilter; /* binary filter code */
|
2018-03-20 22:57:06 +00:00
|
|
|
counter_u64_t bd_rcount; /* number of packets received */
|
|
|
|
counter_u64_t bd_dcount; /* number of packets dropped */
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
u_char bd_promisc; /* true if listening promiscuously */
|
|
|
|
u_char bd_state; /* idle, waiting, or timed out */
|
|
|
|
u_char bd_immediate; /* true to return on packet arrival */
|
2012-04-06 06:55:21 +00:00
|
|
|
u_char bd_writer; /* non-zero if d is writer-only */
|
1999-10-15 05:07:00 +00:00
|
|
|
int bd_hdrcmplt; /* false to fill in src lladdr automatically */
|
2007-02-26 22:24:14 +00:00
|
|
|
int bd_direction; /* select packet direction */
|
Implement flexible BPF timestamping framework.
- Allow setting format, resolution and accuracy of BPF time stamps per
listener. Previously, we were only able to use microtime(9). Now we can
set various resolutions and accuracies with ioctl(2) BIOCSTSTAMP command.
Similarly, we can get the current resolution and accuracy with BIOCGTSTAMP
command. Document all supported options in bpf(4) and their uses.
- Introduce new time stamp 'struct bpf_ts' and header 'struct bpf_xhdr'.
The new time stamp has both 64-bit second and fractional parts. bpf_xhdr
has this time stamp instead of 'struct timeval' for bh_tstamp. The new
structures let us use bh_tstamp of same size on both 32-bit and 64-bit
platforms without adding additional shims for 32-bit binaries. On 64-bit
platforms, size of BPF header does not change compared to bpf_hdr as its
members are already all 64-bit long. On 32-bit platforms, the size may
increase by 8 bytes. For backward compatibility, struct bpf_hdr with
struct timeval is still the default header unless new time stamp format is
explicitly requested. However, the behaviour may change in the future and
all relevant code is wrapped around "#ifdef BURN_BRIDGES" for now.
- Add experimental support for tagging mbufs with time stamps from a lower
layer, e.g., device driver. Currently, mbuf_tags(9) is used to tag mbufs.
The time stamps must be uptime in 'struct bintime' format as binuptime(9)
and getbinuptime(9) do.
Reviewed by: net@
2010-06-15 19:28:44 +00:00
|
|
|
int bd_tstamp; /* select time stamping function */
|
2007-02-26 22:24:14 +00:00
|
|
|
int bd_feedback; /* true to feed back sent packets */
|
1995-06-15 18:11:00 +00:00
|
|
|
int bd_async; /* non-zero if packet reception should generate signal */
|
|
|
|
int bd_sig; /* signal to send upon packet reception */
|
1998-11-11 10:56:07 +00:00
|
|
|
struct sigio * bd_sigio; /* information for async I/O */
|
1994-05-24 10:09:53 +00:00
|
|
|
struct selinfo bd_sel; /* bsd select info */
|
2012-05-21 22:17:29 +00:00
|
|
|
struct mtx bd_lock; /* per-descriptor lock */
|
2001-12-14 22:17:54 +00:00
|
|
|
struct callout bd_callout; /* for BPF timeouts with select */
|
Modify the MAC Framework so that instead of embedding a (struct label)
in various kernel objects to represent security data, we embed a
(struct label *) pointer, which now references labels allocated using
a UMA zone (mac_label.c). This allows the size and shape of struct
label to be varied without changing the size and shape of these kernel
objects, which become part of the frozen ABI with 5-STABLE. This opens
the door for boot-time selection of the number of label slots, and hence
changes to the bound on the number of simultaneous labeled policies
at boot-time instead of compile-time. This also makes it easier to
embed label references in new objects as required for locking/caching
with fine-grained network stack locking, such as inpcb structures.
This change also moves us further in the direction of hiding the
structure of kernel objects from MAC policy modules, not to mention
dramatically reducing the number of '&' symbols appearing in both the
MAC Framework and MAC policy modules, and improving readability.
While this results in minimal performance change with MAC enabled, it
will observably shrink the size of a number of critical kernel data
structures for the !MAC case, and should have a small (but measurable)
performance benefit (i.e., struct vnode, struct socket) do to memory
conservation and reduced cost of zeroing memory.
NOTE: Users of MAC must recompile their kernel and all MAC modules as a
result of this change. Because this is an API change, third party
MAC modules will also need to be updated to make less use of the '&'
symbol.
Suggestions from: bmilekic
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
2003-11-12 03:14:31 +00:00
|
|
|
struct label *bd_label; /* MAC label for descriptor */
|
2018-03-20 22:57:06 +00:00
|
|
|
counter_u64_t bd_fcount; /* number of packets which matched filter */
|
2005-07-24 17:21:17 +00:00
|
|
|
pid_t bd_pid; /* PID which created descriptor */
|
2005-08-22 19:35:48 +00:00
|
|
|
int bd_locked; /* true if descriptor is locked */
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
u_int bd_bufmode; /* Current buffer mode. */
|
2018-03-20 22:57:06 +00:00
|
|
|
counter_u64_t bd_wcount; /* number of packets written */
|
|
|
|
counter_u64_t bd_wfcount; /* number of packets that matched write filter */
|
|
|
|
counter_u64_t bd_wdcount; /* number of packets dropped during a write */
|
|
|
|
counter_u64_t bd_zcopy; /* number of zero copy operations */
|
2010-04-25 16:43:41 +00:00
|
|
|
u_char bd_compat32; /* 32-bit stream on LP64 system */
|
2019-05-13 13:45:28 +00:00
|
|
|
|
|
|
|
volatile u_int bd_refcnt;
|
|
|
|
struct epoch_context epoch_ctx;
|
1994-05-24 10:09:53 +00:00
|
|
|
};
|
|
|
|
|
2001-12-14 22:17:54 +00:00
|
|
|
/* Values for bd_state */
|
|
|
|
#define BPF_IDLE 0 /* no select in progress */
|
|
|
|
#define BPF_WAITING 1 /* waiting for read timeout in select */
|
|
|
|
#define BPF_TIMED_OUT 2 /* read timeout has expired in select */
|
|
|
|
|
2012-05-21 22:17:29 +00:00
|
|
|
#define BPFD_LOCK(bd) mtx_lock(&(bd)->bd_lock)
|
|
|
|
#define BPFD_UNLOCK(bd) mtx_unlock(&(bd)->bd_lock)
|
|
|
|
#define BPFD_LOCK_ASSERT(bd) mtx_assert(&(bd)->bd_lock, MA_OWNED)
|
2001-02-16 17:10:28 +00:00
|
|
|
|
2012-04-06 06:53:58 +00:00
|
|
|
#define BPF_PID_REFRESH(bd, td) (bd)->bd_pid = (td)->td_proc->p_pid
|
|
|
|
#define BPF_PID_REFRESH_CUR(bd) (bd)->bd_pid = curthread->td_proc->p_pid
|
|
|
|
|
2005-07-24 17:21:17 +00:00
|
|
|
/*
|
|
|
|
* External representation of the bpf descriptor
|
|
|
|
*/
|
|
|
|
struct xbpf_d {
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
u_int bd_structsize; /* Size of this structure. */
|
2005-07-24 17:21:17 +00:00
|
|
|
u_char bd_promisc;
|
|
|
|
u_char bd_immediate;
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
u_char __bd_pad[6];
|
2005-07-24 17:21:17 +00:00
|
|
|
int bd_hdrcmplt;
|
2007-02-26 22:24:14 +00:00
|
|
|
int bd_direction;
|
|
|
|
int bd_feedback;
|
2005-07-24 17:21:17 +00:00
|
|
|
int bd_async;
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
u_int64_t bd_rcount;
|
|
|
|
u_int64_t bd_dcount;
|
|
|
|
u_int64_t bd_fcount;
|
2005-07-24 17:21:17 +00:00
|
|
|
int bd_sig;
|
|
|
|
int bd_slen;
|
|
|
|
int bd_hlen;
|
|
|
|
int bd_bufsize;
|
|
|
|
pid_t bd_pid;
|
|
|
|
char bd_ifname[IFNAMSIZ];
|
2005-08-22 19:35:48 +00:00
|
|
|
int bd_locked;
|
Introduce support for zero-copy BPF buffering, which reduces the
overhead of packet capture by allowing a user process to directly "loan"
buffer memory to the kernel rather than using read(2) to explicitly copy
data from kernel address space.
The user process will issue new BPF ioctls to set the shared memory
buffer mode and provide pointers to buffers and their size. The kernel
then wires and maps the pages into kernel address space using sf_buf(9),
which on supporting architectures will use the direct map region. The
current "buffered" access mode remains the default, and support for
zero-copy buffers must, for the time being, be explicitly enabled using
a sysctl for the kernel to accept requests to use it.
The kernel and user process synchronize use of the buffers with atomic
operations, avoiding the need for system calls under load; the user
process may use select()/poll()/kqueue() to manage blocking while
waiting for network data if the user process is able to consume data
faster than the kernel generates it. Patchs to libpcap are available
to allow libpcap applications to transparently take advantage of this
support. Detailed information on the new API may be found in bpf(4),
including specific atomic operations and memory barriers required to
synchronize buffer use safely.
These changes modify the base BPF implementation to (roughly) abstrac
the current buffer model, allowing the new shared memory model to be
added, and add new monitoring statistics for netstat to print. The
implementation, with the exception of some monitoring hanges that break
the netstat monitoring ABI for BPF, will be MFC'd.
Zerocopy bpf buffers are still considered experimental are disabled
by default. To experiment with this new facility, adjust the
net.bpf.zerocopy_enable sysctl variable to 1.
Changes to libpcap will be made available as a patch for the time being,
and further refinements to the implementation are expected.
Sponsored by: Seccuris Inc.
In collaboration with: rwatson
Tested by: pwood, gallatin
MFC after: 4 months [1]
[1] Certain portions will probably not be MFCed, specifically things
that can break the monitoring ABI.
2008-03-24 13:49:17 +00:00
|
|
|
u_int64_t bd_wcount;
|
|
|
|
u_int64_t bd_wfcount;
|
|
|
|
u_int64_t bd_wdcount;
|
|
|
|
u_int64_t bd_zcopy;
|
|
|
|
int bd_bufmode;
|
|
|
|
/*
|
|
|
|
* Allocate 4 64 bit unsigned integers for future expansion so we do
|
|
|
|
* not have to worry about breaking the ABI.
|
|
|
|
*/
|
|
|
|
u_int64_t bd_spare[4];
|
2005-07-24 17:21:17 +00:00
|
|
|
};
|
|
|
|
|
2012-05-21 22:17:29 +00:00
|
|
|
#define BPFIF_FLAG_DYING 1 /* Reject new bpf consumers */
|
|
|
|
|
1994-08-21 05:11:48 +00:00
|
|
|
#endif
|