1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 1990, 1991, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from the Stanford/CMU enet packet filter,
|
|
|
|
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
|
1995-05-30 08:16:23 +00:00
|
|
|
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
|
1994-05-24 10:09:53 +00:00
|
|
|
* Berkeley Laboratory.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
2001-10-17 10:18:42 +00:00
|
|
|
* @(#)bpf.c 8.4 (Berkeley) 1/9/95
|
1994-05-24 10:09:53 +00:00
|
|
|
*
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
2001-01-29 13:26:14 +00:00
|
|
|
#include "opt_bpf.h"
|
|
|
|
#include "opt_netgraph.h"
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
1995-12-02 19:38:06 +00:00
|
|
|
#include <sys/conf.h>
|
1997-09-02 01:19:47 +00:00
|
|
|
#include <sys/malloc.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
#include <sys/proc.h>
|
1995-12-06 23:52:35 +00:00
|
|
|
#include <sys/signalvar.h>
|
1997-03-24 12:12:36 +00:00
|
|
|
#include <sys/filio.h>
|
|
|
|
#include <sys/sockio.h>
|
|
|
|
#include <sys/ttycom.h>
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
#include <sys/filedesc.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-09-14 03:03:05 +00:00
|
|
|
#include <sys/poll.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
#include <sys/socket.h>
|
1997-11-18 16:29:53 +00:00
|
|
|
#include <sys/vnode.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-11-18 16:29:53 +00:00
|
|
|
#include <net/if.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <net/bpf.h>
|
|
|
|
#include <net/bpfdesc.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/if_ether.h>
|
|
|
|
#include <sys/kernel.h>
|
1995-12-14 09:55:16 +00:00
|
|
|
#include <sys/sysctl.h>
|
1998-01-24 02:54:56 +00:00
|
|
|
|
2000-12-08 20:09:00 +00:00
|
|
|
static MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
|
1995-12-08 11:19:42 +00:00
|
|
|
|
2001-01-29 13:26:14 +00:00
|
|
|
#if defined(DEV_BPF) || defined(NETGRAPH_BPF)
|
1995-11-29 10:49:16 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
#define PRINET 26 /* interruptible */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The default read buffer size is patchable.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
static int bpf_bufsize = 4096;
|
1995-12-14 09:55:16 +00:00
|
|
|
SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW,
|
|
|
|
&bpf_bufsize, 0, "");
|
2000-01-15 19:46:12 +00:00
|
|
|
static int bpf_maxbufsize = BPF_MAXBUFSIZE;
|
|
|
|
SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW,
|
|
|
|
&bpf_maxbufsize, 0, "");
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* bpf_iflist is the list of interfaces; each corresponds to an ifnet
|
|
|
|
*/
|
1995-12-14 09:55:16 +00:00
|
|
|
static struct bpf_if *bpf_iflist;
|
2001-02-16 17:10:28 +00:00
|
|
|
static struct mtx bpf_mtx; /* bpf global lock */
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
static int bpf_allocbufs __P((struct bpf_d *));
|
1995-12-02 19:38:06 +00:00
|
|
|
static void bpf_attachd __P((struct bpf_d *d, struct bpf_if *bp));
|
|
|
|
static void bpf_detachd __P((struct bpf_d *d));
|
1994-05-24 10:09:53 +00:00
|
|
|
static void bpf_freed __P((struct bpf_d *));
|
1998-10-04 23:04:48 +00:00
|
|
|
static void bpf_mcopy __P((const void *, void *, size_t));
|
1994-05-24 10:09:53 +00:00
|
|
|
static int bpf_movein __P((struct uio *, int,
|
|
|
|
struct mbuf **, struct sockaddr *, int *));
|
|
|
|
static int bpf_setif __P((struct bpf_d *, struct ifreq *));
|
2001-12-14 22:17:54 +00:00
|
|
|
static void bpf_timed_out __P((void *));
|
2001-02-16 17:10:28 +00:00
|
|
|
static __inline void
|
1994-05-24 10:09:53 +00:00
|
|
|
bpf_wakeup __P((struct bpf_d *));
|
|
|
|
static void catchpacket __P((struct bpf_d *, u_char *, u_int,
|
1998-10-04 23:04:48 +00:00
|
|
|
u_int, void (*)(const void *, void *, size_t)));
|
1994-05-24 10:09:53 +00:00
|
|
|
static void reset_d __P((struct bpf_d *));
|
1995-12-14 09:55:16 +00:00
|
|
|
static int bpf_setf __P((struct bpf_d *, struct bpf_program *));
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1995-12-08 11:19:42 +00:00
|
|
|
static d_open_t bpfopen;
|
|
|
|
static d_close_t bpfclose;
|
|
|
|
static d_read_t bpfread;
|
|
|
|
static d_write_t bpfwrite;
|
|
|
|
static d_ioctl_t bpfioctl;
|
1997-09-14 03:03:05 +00:00
|
|
|
static d_poll_t bpfpoll;
|
1995-12-08 11:19:42 +00:00
|
|
|
|
|
|
|
#define CDEV_MAJOR 23
|
1999-05-30 16:53:49 +00:00
|
|
|
static struct cdevsw bpf_cdevsw = {
|
|
|
|
/* open */ bpfopen,
|
|
|
|
/* close */ bpfclose,
|
|
|
|
/* read */ bpfread,
|
|
|
|
/* write */ bpfwrite,
|
|
|
|
/* ioctl */ bpfioctl,
|
|
|
|
/* poll */ bpfpoll,
|
|
|
|
/* mmap */ nommap,
|
|
|
|
/* strategy */ nostrategy,
|
|
|
|
/* name */ "bpf",
|
|
|
|
/* maj */ CDEV_MAJOR,
|
|
|
|
/* dump */ nodump,
|
|
|
|
/* psize */ nopsize,
|
|
|
|
/* flags */ 0,
|
|
|
|
};
|
1995-12-08 11:19:42 +00:00
|
|
|
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
static int
|
|
|
|
bpf_movein(uio, linktype, mp, sockp, datlen)
|
|
|
|
register struct uio *uio;
|
|
|
|
int linktype, *datlen;
|
|
|
|
register struct mbuf **mp;
|
|
|
|
register struct sockaddr *sockp;
|
|
|
|
{
|
|
|
|
struct mbuf *m;
|
|
|
|
int error;
|
|
|
|
int len;
|
|
|
|
int hlen;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Build a sockaddr based on the data link layer type.
|
|
|
|
* We do this at this level because the ethernet header
|
|
|
|
* is copied directly into the data field of the sockaddr.
|
|
|
|
* In the case of SLIP, there is no header and the packet
|
|
|
|
* is forwarded as is.
|
|
|
|
* Also, we are careful to leave room at the front of the mbuf
|
|
|
|
* for the link level header.
|
|
|
|
*/
|
|
|
|
switch (linktype) {
|
|
|
|
|
|
|
|
case DLT_SLIP:
|
|
|
|
sockp->sa_family = AF_INET;
|
|
|
|
hlen = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DLT_EN10MB:
|
|
|
|
sockp->sa_family = AF_UNSPEC;
|
|
|
|
/* XXX Would MAXLINKHDR be better? */
|
|
|
|
hlen = sizeof(struct ether_header);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DLT_FDDI:
|
1995-03-14 09:16:07 +00:00
|
|
|
sockp->sa_family = AF_IMPLINK;
|
|
|
|
hlen = 0;
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
1998-08-18 10:13:11 +00:00
|
|
|
case DLT_RAW:
|
1994-05-24 10:09:53 +00:00
|
|
|
case DLT_NULL:
|
|
|
|
sockp->sa_family = AF_UNSPEC;
|
|
|
|
hlen = 0;
|
|
|
|
break;
|
|
|
|
|
1998-07-29 05:35:16 +00:00
|
|
|
case DLT_ATM_RFC1483:
|
|
|
|
/*
|
|
|
|
* en atm driver requires 4-byte atm pseudo header.
|
|
|
|
* though it isn't standard, vpi:vci needs to be
|
|
|
|
* specified anyway.
|
|
|
|
*/
|
|
|
|
sockp->sa_family = AF_UNSPEC;
|
|
|
|
hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
|
|
|
|
break;
|
|
|
|
|
2000-09-16 14:17:15 +00:00
|
|
|
case DLT_PPP:
|
|
|
|
sockp->sa_family = AF_UNSPEC;
|
|
|
|
hlen = 4; /* This should match PPP_HDRLEN */
|
|
|
|
break;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
default:
|
|
|
|
return (EIO);
|
|
|
|
}
|
|
|
|
|
|
|
|
len = uio->uio_resid;
|
|
|
|
*datlen = len - hlen;
|
|
|
|
if ((unsigned)len > MCLBYTES)
|
|
|
|
return (EIO);
|
|
|
|
|
2000-12-21 21:44:31 +00:00
|
|
|
MGETHDR(m, M_TRYWAIT, MT_DATA);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (m == 0)
|
|
|
|
return (ENOBUFS);
|
1995-09-22 17:57:48 +00:00
|
|
|
if (len > MHLEN) {
|
2000-12-21 21:44:31 +00:00
|
|
|
MCLGET(m, M_TRYWAIT);
|
1994-05-24 10:09:53 +00:00
|
|
|
if ((m->m_flags & M_EXT) == 0) {
|
|
|
|
error = ENOBUFS;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
}
|
1995-09-22 17:57:48 +00:00
|
|
|
m->m_pkthdr.len = m->m_len = len;
|
|
|
|
m->m_pkthdr.rcvif = NULL;
|
1994-05-24 10:09:53 +00:00
|
|
|
*mp = m;
|
|
|
|
/*
|
|
|
|
* Make room for link header.
|
|
|
|
*/
|
|
|
|
if (hlen != 0) {
|
1997-01-08 14:17:27 +00:00
|
|
|
m->m_pkthdr.len -= hlen;
|
1994-05-24 10:09:53 +00:00
|
|
|
m->m_len -= hlen;
|
|
|
|
#if BSD >= 199103
|
|
|
|
m->m_data += hlen; /* XXX */
|
|
|
|
#else
|
|
|
|
m->m_off += hlen;
|
|
|
|
#endif
|
2001-02-16 17:10:28 +00:00
|
|
|
error = uiomove((caddr_t)sockp->sa_data, hlen, uio);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
error = uiomove(mtod(m, caddr_t), len - hlen, uio);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (!error)
|
|
|
|
return (0);
|
|
|
|
bad:
|
|
|
|
m_freem(m);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attach file to the bpf interface, i.e. make d listen on bp.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
bpf_attachd(d, bp)
|
|
|
|
struct bpf_d *d;
|
|
|
|
struct bpf_if *bp;
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Point d at bp, and add d to the interface's list of listeners.
|
|
|
|
* Finally, point the driver's bpf cookie at the interface so
|
|
|
|
* it will divert packets to bpf.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_LOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_bif = bp;
|
|
|
|
d->bd_next = bp->bif_dlist;
|
|
|
|
bp->bif_dlist = d;
|
|
|
|
|
1996-02-06 18:51:28 +00:00
|
|
|
bp->bif_ifp->if_bpf = bp;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_UNLOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Detach a file from its interface.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
bpf_detachd(d)
|
|
|
|
struct bpf_d *d;
|
|
|
|
{
|
2000-06-01 21:57:13 +00:00
|
|
|
int error;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct bpf_d **p;
|
|
|
|
struct bpf_if *bp;
|
|
|
|
|
|
|
|
bp = d->bd_bif;
|
|
|
|
/*
|
|
|
|
* Check if this descriptor had requested promiscuous mode.
|
|
|
|
* If so, turn it off.
|
|
|
|
*/
|
|
|
|
if (d->bd_promisc) {
|
|
|
|
d->bd_promisc = 0;
|
2000-06-01 21:57:13 +00:00
|
|
|
error = ifpromisc(bp->bif_ifp, 0);
|
|
|
|
if (error != 0 && error != ENXIO) {
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
2000-06-01 21:57:13 +00:00
|
|
|
* ENXIO can happen if a pccard is unplugged
|
1994-05-24 10:09:53 +00:00
|
|
|
* Something is really wrong if we were able to put
|
|
|
|
* the driver into promiscuous mode, but can't
|
|
|
|
* take it out.
|
|
|
|
*/
|
2000-06-01 21:57:13 +00:00
|
|
|
printf("%s%d: ifpromisc failed %d\n",
|
|
|
|
bp->bif_ifp->if_name, bp->bif_ifp->if_unit, error);
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
/* Remove d from the interface's descriptor list. */
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_LOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
p = &bp->bif_dlist;
|
|
|
|
while (*p != d) {
|
|
|
|
p = &(*p)->bd_next;
|
|
|
|
if (*p == 0)
|
|
|
|
panic("bpf_detachd: descriptor not in list");
|
|
|
|
}
|
|
|
|
*p = (*p)->bd_next;
|
|
|
|
if (bp->bif_dlist == 0)
|
|
|
|
/*
|
|
|
|
* Let the driver know that there are no more listeners.
|
|
|
|
*/
|
1996-02-06 18:51:28 +00:00
|
|
|
d->bd_bif->bif_ifp->if_bpf = 0;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_UNLOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_bif = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Open ethernet device. Returns ENXIO for illegal minor device number,
|
|
|
|
* EBUSY if file is open by another process.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
1995-12-08 11:19:42 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
bpfopen(dev, flags, fmt, td)
|
1994-05-24 10:09:53 +00:00
|
|
|
dev_t dev;
|
1995-09-08 11:09:15 +00:00
|
|
|
int flags;
|
|
|
|
int fmt;
|
2001-09-12 08:38:13 +00:00
|
|
|
struct thread *td;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&bpf_mtx);
|
1999-08-15 09:38:21 +00:00
|
|
|
d = dev->si_drv1;
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
1999-08-15 09:38:21 +00:00
|
|
|
* Each minor can be opened by only one process. If the requested
|
1994-05-24 10:09:53 +00:00
|
|
|
* minor is in use, return EBUSY.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
if (d) {
|
|
|
|
mtx_unlock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (EBUSY);
|
2001-02-16 17:10:28 +00:00
|
|
|
}
|
|
|
|
dev->si_drv1 = (struct bpf_d *)~0; /* mark device in use */
|
|
|
|
mtx_unlock(&bpf_mtx);
|
|
|
|
|
2000-11-03 00:51:41 +00:00
|
|
|
if ((dev->si_flags & SI_NAMED) == 0)
|
2000-10-09 14:19:09 +00:00
|
|
|
make_dev(&bpf_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600,
|
|
|
|
"bpf%d", dev2unit(dev));
|
2000-12-08 21:51:06 +00:00
|
|
|
MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
|
1999-08-15 09:38:21 +00:00
|
|
|
dev->si_drv1 = d;
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_bufsize = bpf_bufsize;
|
1995-06-15 18:11:00 +00:00
|
|
|
d->bd_sig = SIGIO;
|
2000-03-18 06:30:42 +00:00
|
|
|
d->bd_seesent = 1;
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_init(&d->bd_mtx, devtoname(dev), MTX_DEF);
|
2001-12-14 22:17:54 +00:00
|
|
|
callout_init(&d->bd_callout, 1);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Close the descriptor by detaching it from its interface,
|
|
|
|
* deallocating its buffers, and marking it free.
|
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
1995-12-08 11:19:42 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
bpfclose(dev, flags, fmt, td)
|
1994-05-24 10:09:53 +00:00
|
|
|
dev_t dev;
|
1995-09-08 11:09:15 +00:00
|
|
|
int flags;
|
|
|
|
int fmt;
|
2001-09-12 08:38:13 +00:00
|
|
|
struct thread *td;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d = dev->si_drv1;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-12-14 22:17:54 +00:00
|
|
|
BPFD_LOCK(d);
|
|
|
|
if (d->bd_state == BPF_WAITING)
|
|
|
|
callout_stop(&d->bd_callout);
|
|
|
|
d->bd_state = BPF_IDLE;
|
|
|
|
BPFD_UNLOCK(d);
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
funsetown(d->bd_sigio);
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_bif)
|
|
|
|
bpf_detachd(d);
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
bpf_freed(d);
|
1999-08-15 09:38:21 +00:00
|
|
|
dev->si_drv1 = 0;
|
|
|
|
FREE(d, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Rotate the packet buffers in descriptor d. Move the store buffer
|
|
|
|
* into the hold slot, and the free buffer into the store slot.
|
|
|
|
* Zero the length of the new store buffer.
|
|
|
|
*/
|
|
|
|
#define ROTATE_BUFFERS(d) \
|
|
|
|
(d)->bd_hbuf = (d)->bd_sbuf; \
|
|
|
|
(d)->bd_hlen = (d)->bd_slen; \
|
|
|
|
(d)->bd_sbuf = (d)->bd_fbuf; \
|
|
|
|
(d)->bd_slen = 0; \
|
|
|
|
(d)->bd_fbuf = 0;
|
|
|
|
/*
|
|
|
|
* bpfread - read next chunk of packets from buffers
|
|
|
|
*/
|
1995-12-08 11:19:42 +00:00
|
|
|
static int
|
1995-09-08 11:09:15 +00:00
|
|
|
bpfread(dev, uio, ioflag)
|
1994-05-24 10:09:53 +00:00
|
|
|
dev_t dev;
|
|
|
|
register struct uio *uio;
|
1995-09-08 11:09:15 +00:00
|
|
|
int ioflag;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d = dev->si_drv1;
|
2001-12-14 22:17:54 +00:00
|
|
|
int timed_out;
|
1994-05-24 10:09:53 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Restrict application to use a buffer the same size as
|
|
|
|
* as kernel buffers.
|
|
|
|
*/
|
|
|
|
if (uio->uio_resid != d->bd_bufsize)
|
|
|
|
return (EINVAL);
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
2001-12-14 22:17:54 +00:00
|
|
|
if (d->bd_state == BPF_WAITING)
|
|
|
|
callout_stop(&d->bd_callout);
|
|
|
|
timed_out = (d->bd_state == BPF_TIMED_OUT);
|
|
|
|
d->bd_state = BPF_IDLE;
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* If the hold buffer is empty, then do a timed sleep, which
|
|
|
|
* ends when the timeout expires or when enough packets
|
|
|
|
* have arrived to fill the store buffer.
|
|
|
|
*/
|
|
|
|
while (d->bd_hbuf == 0) {
|
2001-12-14 22:17:54 +00:00
|
|
|
if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* A packet(s) either arrived since the previous
|
|
|
|
* read or arrived while we were asleep.
|
|
|
|
* Rotate the buffers and return what's here.
|
|
|
|
*/
|
|
|
|
ROTATE_BUFFERS(d);
|
|
|
|
break;
|
|
|
|
}
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* No data is available, check to see if the bpf device
|
|
|
|
* is still pointed at a real interface. If not, return
|
|
|
|
* ENXIO so that the userland process knows to rebind
|
|
|
|
* it before using it again.
|
|
|
|
*/
|
|
|
|
if (d->bd_bif == NULL) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
return (ENXIO);
|
|
|
|
}
|
|
|
|
|
2000-12-17 20:50:22 +00:00
|
|
|
if (ioflag & IO_NDELAY) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
2000-12-17 20:50:22 +00:00
|
|
|
return (EWOULDBLOCK);
|
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
error = msleep((caddr_t)d, &d->bd_mtx, PRINET|PCATCH,
|
|
|
|
"bpf", d->bd_rtout);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (error == EINTR || error == ERESTART) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
if (error == EWOULDBLOCK) {
|
|
|
|
/*
|
|
|
|
* On a timeout, return what's in the buffer,
|
|
|
|
* which may be nothing. If there is something
|
|
|
|
* in the store buffer, we can rotate the buffers.
|
|
|
|
*/
|
|
|
|
if (d->bd_hbuf)
|
|
|
|
/*
|
|
|
|
* We filled up the buffer in between
|
|
|
|
* getting the timeout and arriving
|
|
|
|
* here, so we don't need to rotate.
|
|
|
|
*/
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (d->bd_slen == 0) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
ROTATE_BUFFERS(d);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* At this point, we know we have something in the hold slot.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Move data from hold buffer into user space.
|
|
|
|
* We know the entire buffer is transferred since
|
|
|
|
* we checked above that the read buffer is bpf_bufsize bytes.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
error = uiomove(d->bd_hbuf, d->bd_hlen, uio);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_fbuf = d->bd_hbuf;
|
|
|
|
d->bd_hbuf = 0;
|
|
|
|
d->bd_hlen = 0;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If there are processes sleeping on this descriptor, wake them up.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
static __inline void
|
1994-05-24 10:09:53 +00:00
|
|
|
bpf_wakeup(d)
|
|
|
|
register struct bpf_d *d;
|
|
|
|
{
|
2001-12-14 22:17:54 +00:00
|
|
|
if (d->bd_state == BPF_WAITING) {
|
|
|
|
callout_stop(&d->bd_callout);
|
|
|
|
d->bd_state = BPF_IDLE;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
wakeup((caddr_t)d);
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
if (d->bd_async && d->bd_sig && d->bd_sigio)
|
|
|
|
pgsigio(d->bd_sigio, d->bd_sig, 0);
|
1995-06-15 18:11:00 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
selwakeup(&d->bd_sel);
|
|
|
|
}
|
|
|
|
|
2001-12-14 22:17:54 +00:00
|
|
|
static void
|
|
|
|
bpf_timed_out(arg)
|
|
|
|
void *arg;
|
|
|
|
{
|
|
|
|
struct bpf_d *d = (struct bpf_d *)arg;
|
|
|
|
|
|
|
|
BPFD_LOCK(d);
|
|
|
|
if (d->bd_state == BPF_WAITING) {
|
|
|
|
d->bd_state = BPF_TIMED_OUT;
|
|
|
|
if (d->bd_slen != 0)
|
|
|
|
bpf_wakeup(d);
|
|
|
|
}
|
|
|
|
BPFD_UNLOCK(d);
|
|
|
|
}
|
|
|
|
|
1995-12-08 11:19:42 +00:00
|
|
|
static int
|
1995-09-08 11:09:15 +00:00
|
|
|
bpfwrite(dev, uio, ioflag)
|
1994-05-24 10:09:53 +00:00
|
|
|
dev_t dev;
|
|
|
|
struct uio *uio;
|
1995-09-08 11:09:15 +00:00
|
|
|
int ioflag;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d = dev->si_drv1;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct ifnet *ifp;
|
|
|
|
struct mbuf *m;
|
2001-02-16 17:10:28 +00:00
|
|
|
int error;
|
1994-05-24 10:09:53 +00:00
|
|
|
static struct sockaddr dst;
|
|
|
|
int datlen;
|
|
|
|
|
|
|
|
if (d->bd_bif == 0)
|
|
|
|
return (ENXIO);
|
|
|
|
|
|
|
|
ifp = d->bd_bif->bif_ifp;
|
|
|
|
|
|
|
|
if (uio->uio_resid == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (datlen > ifp->if_mtu)
|
|
|
|
return (EMSGSIZE);
|
|
|
|
|
1999-10-15 05:07:00 +00:00
|
|
|
if (d->bd_hdrcmplt)
|
|
|
|
dst.sa_family = pseudo_AF_HDRCMPLT;
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&Giant);
|
1994-05-24 10:09:53 +00:00
|
|
|
error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0);
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&Giant);
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* The driver frees the mbuf.
|
|
|
|
*/
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Reset a descriptor by flushing its packet buffer and clearing the
|
2001-02-16 17:10:28 +00:00
|
|
|
* receive and drop counts.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
static void
|
|
|
|
reset_d(d)
|
|
|
|
struct bpf_d *d;
|
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
|
|
|
|
mtx_assert(&d->bd_mtx, MA_OWNED);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_hbuf) {
|
|
|
|
/* Free the hold buffer. */
|
|
|
|
d->bd_fbuf = d->bd_hbuf;
|
|
|
|
d->bd_hbuf = 0;
|
|
|
|
}
|
|
|
|
d->bd_slen = 0;
|
|
|
|
d->bd_hlen = 0;
|
|
|
|
d->bd_rcount = 0;
|
|
|
|
d->bd_dcount = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* FIONREAD Check for read packet available.
|
|
|
|
* SIOCGIFADDR Get interface address - convenient hook to driver.
|
|
|
|
* BIOCGBLEN Get buffer len [for read()].
|
|
|
|
* BIOCSETF Set ethernet read filter.
|
|
|
|
* BIOCFLUSH Flush read packet buffer.
|
|
|
|
* BIOCPROMISC Put interface into promiscuous mode.
|
|
|
|
* BIOCGDLT Get link layer type.
|
|
|
|
* BIOCGETIF Get interface name.
|
|
|
|
* BIOCSETIF Set interface.
|
|
|
|
* BIOCSRTIMEOUT Set read timeout.
|
|
|
|
* BIOCGRTIMEOUT Get read timeout.
|
|
|
|
* BIOCGSTATS Get packet stats.
|
|
|
|
* BIOCIMMEDIATE Set immediate mode.
|
|
|
|
* BIOCVERSION Get filter language version.
|
1999-10-15 05:07:00 +00:00
|
|
|
* BIOCGHDRCMPLT Get "header already complete" flag
|
|
|
|
* BIOCSHDRCMPLT Set "header already complete" flag
|
2000-03-18 06:30:42 +00:00
|
|
|
* BIOCGSEESENT Get "see packets sent" flag
|
|
|
|
* BIOCSSEESENT Set "see packets sent" flag
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
1995-12-08 11:19:42 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
bpfioctl(dev, cmd, addr, flags, td)
|
1994-05-24 10:09:53 +00:00
|
|
|
dev_t dev;
|
1998-06-07 17:13:14 +00:00
|
|
|
u_long cmd;
|
1994-05-24 10:09:53 +00:00
|
|
|
caddr_t addr;
|
1995-09-08 11:09:15 +00:00
|
|
|
int flags;
|
2001-09-12 08:38:13 +00:00
|
|
|
struct thread *td;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d = dev->si_drv1;
|
|
|
|
int error = 0;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-12-14 22:17:54 +00:00
|
|
|
BPFD_LOCK(d);
|
|
|
|
if (d->bd_state == BPF_WAITING)
|
|
|
|
callout_stop(&d->bd_callout);
|
|
|
|
d->bd_state = BPF_IDLE;
|
|
|
|
BPFD_UNLOCK(d);
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
switch (cmd) {
|
|
|
|
|
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check for read packet available.
|
|
|
|
*/
|
|
|
|
case FIONREAD:
|
|
|
|
{
|
|
|
|
int n;
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
n = d->bd_slen;
|
|
|
|
if (d->bd_hbuf)
|
|
|
|
n += d->bd_hlen;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
*(int *)addr = n;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
case SIOCGIFADDR:
|
|
|
|
{
|
|
|
|
struct ifnet *ifp;
|
|
|
|
|
|
|
|
if (d->bd_bif == 0)
|
|
|
|
error = EINVAL;
|
|
|
|
else {
|
|
|
|
ifp = d->bd_bif->bif_ifp;
|
|
|
|
error = (*ifp->if_ioctl)(ifp, cmd, addr);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get buffer len [for read()].
|
|
|
|
*/
|
|
|
|
case BIOCGBLEN:
|
|
|
|
*(u_int *)addr = d->bd_bufsize;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set buffer length.
|
|
|
|
*/
|
|
|
|
case BIOCSBLEN:
|
|
|
|
if (d->bd_bif != 0)
|
|
|
|
error = EINVAL;
|
|
|
|
else {
|
|
|
|
register u_int size = *(u_int *)addr;
|
|
|
|
|
2000-01-15 19:46:12 +00:00
|
|
|
if (size > bpf_maxbufsize)
|
|
|
|
*(u_int *)addr = size = bpf_maxbufsize;
|
1994-05-24 10:09:53 +00:00
|
|
|
else if (size < BPF_MINBUFSIZE)
|
|
|
|
*(u_int *)addr = size = BPF_MINBUFSIZE;
|
|
|
|
d->bd_bufsize = size;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set link layer read filter.
|
|
|
|
*/
|
|
|
|
case BIOCSETF:
|
|
|
|
error = bpf_setf(d, (struct bpf_program *)addr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Flush read packet buffer.
|
|
|
|
*/
|
|
|
|
case BIOCFLUSH:
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
reset_d(d);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Put interface into promiscuous mode.
|
|
|
|
*/
|
|
|
|
case BIOCPROMISC:
|
|
|
|
if (d->bd_bif == 0) {
|
|
|
|
/*
|
|
|
|
* No interface attached yet.
|
|
|
|
*/
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (d->bd_promisc == 0) {
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&Giant);
|
1994-05-24 10:09:53 +00:00
|
|
|
error = ifpromisc(d->bd_bif->bif_ifp, 1);
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&Giant);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (error == 0)
|
|
|
|
d->bd_promisc = 1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get device parameters.
|
|
|
|
*/
|
|
|
|
case BIOCGDLT:
|
|
|
|
if (d->bd_bif == 0)
|
|
|
|
error = EINVAL;
|
|
|
|
else
|
|
|
|
*(u_int *)addr = d->bd_bif->bif_dlt;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
1999-11-03 21:32:28 +00:00
|
|
|
* Get interface name.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
case BIOCGETIF:
|
|
|
|
if (d->bd_bif == 0)
|
|
|
|
error = EINVAL;
|
1999-11-03 21:32:28 +00:00
|
|
|
else {
|
|
|
|
struct ifnet *const ifp = d->bd_bif->bif_ifp;
|
|
|
|
struct ifreq *const ifr = (struct ifreq *)addr;
|
|
|
|
|
|
|
|
snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
|
|
|
|
"%s%d", ifp->if_name, ifp->if_unit);
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set interface.
|
|
|
|
*/
|
|
|
|
case BIOCSETIF:
|
|
|
|
error = bpf_setif(d, (struct ifreq *)addr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set read timeout.
|
|
|
|
*/
|
|
|
|
case BIOCSRTIMEOUT:
|
|
|
|
{
|
|
|
|
struct timeval *tv = (struct timeval *)addr;
|
1998-10-04 17:20:22 +00:00
|
|
|
|
1998-10-08 00:32:08 +00:00
|
|
|
/*
|
|
|
|
* Subtract 1 tick from tvtohz() since this isn't
|
|
|
|
* a one-shot timer.
|
|
|
|
*/
|
|
|
|
if ((error = itimerfix(tv)) == 0)
|
|
|
|
d->bd_rtout = tvtohz(tv) - 1;
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get read timeout.
|
|
|
|
*/
|
|
|
|
case BIOCGRTIMEOUT:
|
|
|
|
{
|
|
|
|
struct timeval *tv = (struct timeval *)addr;
|
|
|
|
|
1998-10-08 00:32:08 +00:00
|
|
|
tv->tv_sec = d->bd_rtout / hz;
|
|
|
|
tv->tv_usec = (d->bd_rtout % hz) * tick;
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get packet stats.
|
|
|
|
*/
|
|
|
|
case BIOCGSTATS:
|
|
|
|
{
|
|
|
|
struct bpf_stat *bs = (struct bpf_stat *)addr;
|
|
|
|
|
|
|
|
bs->bs_recv = d->bd_rcount;
|
|
|
|
bs->bs_drop = d->bd_dcount;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set immediate mode.
|
|
|
|
*/
|
|
|
|
case BIOCIMMEDIATE:
|
|
|
|
d->bd_immediate = *(u_int *)addr;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case BIOCVERSION:
|
|
|
|
{
|
|
|
|
struct bpf_version *bv = (struct bpf_version *)addr;
|
|
|
|
|
|
|
|
bv->bv_major = BPF_MAJOR_VERSION;
|
|
|
|
bv->bv_minor = BPF_MINOR_VERSION;
|
|
|
|
break;
|
|
|
|
}
|
1995-06-15 18:11:00 +00:00
|
|
|
|
1999-10-15 05:07:00 +00:00
|
|
|
/*
|
|
|
|
* Get "header already complete" flag
|
|
|
|
*/
|
|
|
|
case BIOCGHDRCMPLT:
|
|
|
|
*(u_int *)addr = d->bd_hdrcmplt;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set "header already complete" flag
|
|
|
|
*/
|
|
|
|
case BIOCSHDRCMPLT:
|
|
|
|
d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
|
|
|
|
break;
|
|
|
|
|
2000-03-18 06:30:42 +00:00
|
|
|
/*
|
|
|
|
* Get "see sent packets" flag
|
|
|
|
*/
|
|
|
|
case BIOCGSEESENT:
|
|
|
|
*(u_int *)addr = d->bd_seesent;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set "see sent packets" flag
|
|
|
|
*/
|
|
|
|
case BIOCSSEESENT:
|
|
|
|
d->bd_seesent = *(u_int *)addr;
|
|
|
|
break;
|
|
|
|
|
1995-06-15 18:11:00 +00:00
|
|
|
case FIONBIO: /* Non-blocking I/O */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case FIOASYNC: /* Send signal on receive packets */
|
|
|
|
d->bd_async = *(int *)addr;
|
|
|
|
break;
|
|
|
|
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
case FIOSETOWN:
|
|
|
|
error = fsetown(*(int *)addr, &d->bd_sigio);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case FIOGETOWN:
|
|
|
|
*(int *)addr = fgetown(d->bd_sigio);
|
|
|
|
break;
|
1995-06-15 18:11:00 +00:00
|
|
|
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
/* This is deprecated, FIOSETOWN should be used instead. */
|
|
|
|
case TIOCSPGRP:
|
|
|
|
error = fsetown(-(*(int *)addr), &d->bd_sigio);
|
1995-06-15 18:11:00 +00:00
|
|
|
break;
|
|
|
|
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
/* This is deprecated, FIOGETOWN should be used instead. */
|
1995-06-15 18:11:00 +00:00
|
|
|
case TIOCGPGRP:
|
Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
1998-11-11 10:04:13 +00:00
|
|
|
*(int *)addr = -fgetown(d->bd_sigio);
|
1995-06-15 18:11:00 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case BIOCSRSIG: /* Set receive signal */
|
|
|
|
{
|
|
|
|
u_int sig;
|
|
|
|
|
|
|
|
sig = *(u_int *)addr;
|
|
|
|
|
|
|
|
if (sig >= NSIG)
|
|
|
|
error = EINVAL;
|
|
|
|
else
|
|
|
|
d->bd_sig = sig;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case BIOCGRSIG:
|
|
|
|
*(u_int *)addr = d->bd_sig;
|
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set d's packet filter program to fp. If this file already has a filter,
|
|
|
|
* free it and replace it. Returns EINVAL for bogus requests.
|
|
|
|
*/
|
1995-12-14 09:55:16 +00:00
|
|
|
static int
|
1994-05-24 10:09:53 +00:00
|
|
|
bpf_setf(d, fp)
|
|
|
|
struct bpf_d *d;
|
|
|
|
struct bpf_program *fp;
|
|
|
|
{
|
|
|
|
struct bpf_insn *fcode, *old;
|
|
|
|
u_int flen, size;
|
|
|
|
|
|
|
|
old = d->bd_filter;
|
|
|
|
if (fp->bf_insns == 0) {
|
|
|
|
if (fp->bf_len != 0)
|
|
|
|
return (EINVAL);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_filter = 0;
|
|
|
|
reset_d(d);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (old != 0)
|
1999-08-15 09:38:21 +00:00
|
|
|
free((caddr_t)old, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
flen = fp->bf_len;
|
|
|
|
if (flen > BPF_MAXINSNS)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
size = flen * sizeof(*fp->bf_insns);
|
1999-08-15 09:38:21 +00:00
|
|
|
fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
|
|
|
|
bpf_validate(fcode, (int)flen)) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
d->bd_filter = fcode;
|
|
|
|
reset_d(d);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (old != 0)
|
1999-08-15 09:38:21 +00:00
|
|
|
free((caddr_t)old, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
1999-08-15 09:38:21 +00:00
|
|
|
free((caddr_t)fcode, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (EINVAL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Detach a file from its current interface (if attached at all) and attach
|
|
|
|
* to the interface indicated by the name stored in ifr.
|
|
|
|
* Return an errno or 0.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
bpf_setif(d, ifr)
|
|
|
|
struct bpf_d *d;
|
|
|
|
struct ifreq *ifr;
|
|
|
|
{
|
|
|
|
struct bpf_if *bp;
|
2001-02-16 17:10:28 +00:00
|
|
|
int error;
|
1996-02-06 18:51:28 +00:00
|
|
|
struct ifnet *theywant;
|
|
|
|
|
|
|
|
theywant = ifunit(ifr->ifr_name);
|
|
|
|
if (theywant == 0)
|
|
|
|
return ENXIO;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Look through attached interfaces for the named one.
|
|
|
|
*/
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
|
|
|
|
struct ifnet *ifp = bp->bif_ifp;
|
|
|
|
|
1996-02-06 18:51:28 +00:00
|
|
|
if (ifp == 0 || ifp != theywant)
|
1994-05-24 10:09:53 +00:00
|
|
|
continue;
|
2001-02-16 17:10:28 +00:00
|
|
|
|
|
|
|
mtx_unlock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* We found the requested interface.
|
|
|
|
* If it's not up, return an error.
|
|
|
|
* Allocate the packet buffers if we need to.
|
|
|
|
* If we're already attached to requested interface,
|
|
|
|
* just flush the buffer.
|
|
|
|
*/
|
|
|
|
if ((ifp->if_flags & IFF_UP) == 0)
|
|
|
|
return (ENETDOWN);
|
|
|
|
|
|
|
|
if (d->bd_sbuf == 0) {
|
|
|
|
error = bpf_allocbufs(d);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
if (bp != d->bd_bif) {
|
|
|
|
if (d->bd_bif)
|
|
|
|
/*
|
|
|
|
* Detach if attached to something else.
|
|
|
|
*/
|
|
|
|
bpf_detachd(d);
|
|
|
|
|
|
|
|
bpf_attachd(d, bp);
|
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
reset_d(d);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
/* Not found. */
|
|
|
|
return (ENXIO);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1997-09-14 03:03:05 +00:00
|
|
|
* Support for select() and poll() system calls
|
1994-05-24 10:09:53 +00:00
|
|
|
*
|
|
|
|
* Return true iff the specific operation will not block indefinitely.
|
|
|
|
* Otherwise, return false but make a note that a selwakeup() must be done.
|
|
|
|
*/
|
|
|
|
int
|
2001-09-12 08:38:13 +00:00
|
|
|
bpfpoll(dev, events, td)
|
1994-05-24 10:09:53 +00:00
|
|
|
register dev_t dev;
|
1997-09-14 03:03:05 +00:00
|
|
|
int events;
|
2001-09-12 08:38:13 +00:00
|
|
|
struct thread *td;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-02-16 17:10:28 +00:00
|
|
|
struct bpf_d *d;
|
2001-04-04 23:27:35 +00:00
|
|
|
int revents;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1999-08-15 09:38:21 +00:00
|
|
|
d = dev->si_drv1;
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
if (d->bd_bif == NULL)
|
|
|
|
return (ENXIO);
|
|
|
|
|
2001-04-04 23:27:35 +00:00
|
|
|
revents = events & (POLLOUT | POLLWRNORM);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
if (events & (POLLIN | POLLRDNORM)) {
|
2001-04-04 23:27:35 +00:00
|
|
|
/*
|
|
|
|
* An imitation of the FIONREAD ioctl code.
|
|
|
|
* XXX not quite. An exact imitation:
|
|
|
|
* if (d->b_slen != 0 ||
|
|
|
|
* (d->bd_hbuf != NULL && d->bd_hlen != 0)
|
|
|
|
*/
|
2001-12-14 22:17:54 +00:00
|
|
|
if (d->bd_hlen != 0 ||
|
|
|
|
((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
|
|
|
|
d->bd_slen != 0))
|
1997-09-14 03:03:05 +00:00
|
|
|
revents |= events & (POLLIN | POLLRDNORM);
|
2001-12-14 22:17:54 +00:00
|
|
|
else {
|
2001-09-21 22:46:54 +00:00
|
|
|
selrecord(td, &d->bd_sel);
|
2001-12-14 22:17:54 +00:00
|
|
|
/* Start the read timeout if necessary. */
|
|
|
|
if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
|
|
|
|
callout_reset(&d->bd_callout, d->bd_rtout,
|
|
|
|
bpf_timed_out, d);
|
|
|
|
d->bd_state = BPF_WAITING;
|
|
|
|
}
|
|
|
|
}
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1997-09-14 03:03:05 +00:00
|
|
|
return (revents);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Incoming linkage from device drivers. Process the packet pkt, of length
|
|
|
|
* pktlen, which is stored in a contiguous buffer. The packet is parsed
|
|
|
|
* by each process' filter, and if accepted, stashed into the corresponding
|
|
|
|
* buffer.
|
|
|
|
*/
|
|
|
|
void
|
1996-02-06 18:51:28 +00:00
|
|
|
bpf_tap(ifp, pkt, pktlen)
|
|
|
|
struct ifnet *ifp;
|
1994-05-24 10:09:53 +00:00
|
|
|
register u_char *pkt;
|
|
|
|
register u_int pktlen;
|
|
|
|
{
|
|
|
|
struct bpf_if *bp;
|
|
|
|
register struct bpf_d *d;
|
|
|
|
register u_int slen;
|
2001-02-16 17:10:28 +00:00
|
|
|
|
1996-02-06 18:51:28 +00:00
|
|
|
bp = ifp->if_bpf;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_LOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
++d->bd_rcount;
|
|
|
|
slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
|
|
|
|
if (slen != 0)
|
|
|
|
catchpacket(d, pkt, pktlen, slen, bcopy);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_UNLOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copy data from an mbuf chain into a buffer. This code is derived
|
|
|
|
* from m_copydata in sys/uipc_mbuf.c.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
bpf_mcopy(src_arg, dst_arg, len)
|
|
|
|
const void *src_arg;
|
|
|
|
void *dst_arg;
|
1998-10-04 23:04:48 +00:00
|
|
|
register size_t len;
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
|
|
|
register const struct mbuf *m;
|
|
|
|
register u_int count;
|
|
|
|
u_char *dst;
|
|
|
|
|
|
|
|
m = src_arg;
|
|
|
|
dst = dst_arg;
|
|
|
|
while (len > 0) {
|
|
|
|
if (m == 0)
|
|
|
|
panic("bpf_mcopy");
|
|
|
|
count = min(m->m_len, len);
|
1996-06-08 08:19:03 +00:00
|
|
|
bcopy(mtod(m, void *), dst, count);
|
1994-05-24 10:09:53 +00:00
|
|
|
m = m->m_next;
|
|
|
|
dst += count;
|
|
|
|
len -= count;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Incoming linkage from device drivers, when packet is in an mbuf chain.
|
|
|
|
*/
|
|
|
|
void
|
1996-02-06 18:51:28 +00:00
|
|
|
bpf_mtap(ifp, m)
|
|
|
|
struct ifnet *ifp;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct mbuf *m;
|
|
|
|
{
|
1996-02-06 18:51:28 +00:00
|
|
|
struct bpf_if *bp = ifp->if_bpf;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct bpf_d *d;
|
|
|
|
u_int pktlen, slen;
|
|
|
|
struct mbuf *m0;
|
|
|
|
|
|
|
|
pktlen = 0;
|
|
|
|
for (m0 = m; m0 != 0; m0 = m0->m_next)
|
|
|
|
pktlen += m0->m_len;
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_LOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
|
2000-03-18 06:30:42 +00:00
|
|
|
if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
|
|
|
|
continue;
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_LOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
++d->bd_rcount;
|
|
|
|
slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
|
|
|
|
if (slen != 0)
|
|
|
|
catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFD_UNLOCK(d);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2001-02-16 17:10:28 +00:00
|
|
|
BPFIF_UNLOCK(bp);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Move the packet data from interface memory (pkt) into the
|
|
|
|
* store buffer. Return 1 if it's time to wakeup a listener (buffer full),
|
|
|
|
* otherwise 0. "copy" is the routine called to do the actual data
|
|
|
|
* transfer. bcopy is passed in to copy contiguous chunks, while
|
|
|
|
* bpf_mcopy is passed in to copy mbuf chains. In the latter case,
|
|
|
|
* pkt is really an mbuf.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
catchpacket(d, pkt, pktlen, snaplen, cpfn)
|
|
|
|
register struct bpf_d *d;
|
|
|
|
register u_char *pkt;
|
|
|
|
register u_int pktlen, snaplen;
|
1998-10-04 23:04:48 +00:00
|
|
|
register void (*cpfn) __P((const void *, void *, size_t));
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
|
|
|
register struct bpf_hdr *hp;
|
|
|
|
register int totlen, curlen;
|
|
|
|
register int hdrlen = d->bd_bif->bif_hdrlen;
|
|
|
|
/*
|
|
|
|
* Figure out how many bytes to move. If the packet is
|
|
|
|
* greater or equal to the snapshot length, transfer that
|
|
|
|
* much. Otherwise, transfer the whole packet (unless
|
|
|
|
* we hit the buffer size limit).
|
|
|
|
*/
|
|
|
|
totlen = hdrlen + min(snaplen, pktlen);
|
|
|
|
if (totlen > d->bd_bufsize)
|
|
|
|
totlen = d->bd_bufsize;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Round up the end of the previous packet to the next longword.
|
|
|
|
*/
|
|
|
|
curlen = BPF_WORDALIGN(d->bd_slen);
|
|
|
|
if (curlen + totlen > d->bd_bufsize) {
|
|
|
|
/*
|
|
|
|
* This packet will overflow the storage buffer.
|
|
|
|
* Rotate the buffers if we can, then wakeup any
|
|
|
|
* pending reads.
|
|
|
|
*/
|
|
|
|
if (d->bd_fbuf == 0) {
|
|
|
|
/*
|
|
|
|
* We haven't completed the previous read yet,
|
|
|
|
* so drop the packet.
|
|
|
|
*/
|
|
|
|
++d->bd_dcount;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
ROTATE_BUFFERS(d);
|
|
|
|
bpf_wakeup(d);
|
|
|
|
curlen = 0;
|
|
|
|
}
|
2001-12-14 22:17:54 +00:00
|
|
|
else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
2001-12-14 22:17:54 +00:00
|
|
|
* Immediate mode is set, or the read timeout has
|
|
|
|
* already expired during a select call. A packet
|
|
|
|
* arrived, so the reader should be woken up.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
bpf_wakeup(d);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Append the bpf header.
|
|
|
|
*/
|
|
|
|
hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
|
|
|
|
microtime(&hp->bh_tstamp);
|
|
|
|
hp->bh_datalen = pktlen;
|
|
|
|
hp->bh_hdrlen = hdrlen;
|
|
|
|
/*
|
|
|
|
* Copy the packet data into the store buffer and update its length.
|
|
|
|
*/
|
|
|
|
(*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
|
|
|
|
d->bd_slen = curlen + totlen;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize all nonzero fields of a descriptor.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
bpf_allocbufs(d)
|
|
|
|
register struct bpf_d *d;
|
|
|
|
{
|
1999-08-15 09:38:21 +00:00
|
|
|
d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_fbuf == 0)
|
|
|
|
return (ENOBUFS);
|
|
|
|
|
1999-08-15 09:38:21 +00:00
|
|
|
d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_sbuf == 0) {
|
1999-08-15 09:38:21 +00:00
|
|
|
free(d->bd_fbuf, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (ENOBUFS);
|
|
|
|
}
|
|
|
|
d->bd_slen = 0;
|
|
|
|
d->bd_hlen = 0;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free buffers currently in use by a descriptor.
|
|
|
|
* Called on close.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
bpf_freed(d)
|
|
|
|
register struct bpf_d *d;
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* We don't need to lock out interrupts since this descriptor has
|
|
|
|
* been detached from its interface and it yet hasn't been marked
|
|
|
|
* free.
|
|
|
|
*/
|
|
|
|
if (d->bd_sbuf != 0) {
|
1999-08-15 09:38:21 +00:00
|
|
|
free(d->bd_sbuf, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_hbuf != 0)
|
1999-08-15 09:38:21 +00:00
|
|
|
free(d->bd_hbuf, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (d->bd_fbuf != 0)
|
1999-08-15 09:38:21 +00:00
|
|
|
free(d->bd_fbuf, M_BPF);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
if (d->bd_filter)
|
1999-08-15 09:38:21 +00:00
|
|
|
free((caddr_t)d->bd_filter, M_BPF);
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_destroy(&d->bd_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2001-08-23 22:38:08 +00:00
|
|
|
* Attach an interface to bpf. ifp is a pointer to the structure
|
|
|
|
* defining the interface to be attached, dlt is the link layer type,
|
|
|
|
* and hdrlen is the fixed size of the link header (variable length
|
|
|
|
* headers are not yet supporrted).
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
void
|
1996-02-06 18:51:28 +00:00
|
|
|
bpfattach(ifp, dlt, hdrlen)
|
1994-05-24 10:09:53 +00:00
|
|
|
struct ifnet *ifp;
|
|
|
|
u_int dlt, hdrlen;
|
|
|
|
{
|
|
|
|
struct bpf_if *bp;
|
2001-10-10 20:43:50 +00:00
|
|
|
bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_NOWAIT | M_ZERO);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (bp == 0)
|
|
|
|
panic("bpfattach");
|
|
|
|
|
|
|
|
bp->bif_ifp = ifp;
|
|
|
|
bp->bif_dlt = dlt;
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_init(&bp->bif_mtx, "bpf interface lock", MTX_DEF);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
bp->bif_next = bpf_iflist;
|
|
|
|
bpf_iflist = bp;
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&bpf_mtx);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1996-02-06 18:51:28 +00:00
|
|
|
bp->bif_ifp->if_bpf = 0;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Compute the length of the bpf header. This is not necessarily
|
|
|
|
* equal to SIZEOF_BPF_HDR because we want to insert spacing such
|
|
|
|
* that the network layer header begins on a longword boundary (for
|
|
|
|
* performance reasons and to alleviate alignment restrictions).
|
|
|
|
*/
|
|
|
|
bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
|
|
|
|
|
1995-09-20 20:48:29 +00:00
|
|
|
if (bootverbose)
|
|
|
|
printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1995-11-29 10:49:16 +00:00
|
|
|
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
/*
|
|
|
|
* Detach bpf from an interface. This involves detaching each descriptor
|
|
|
|
* associated with the interface, and leaving bd_bif NULL. Notify each
|
|
|
|
* descriptor as it's detached so that any sleepers wake up and get
|
|
|
|
* ENXIO.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
bpfdetach(ifp)
|
|
|
|
struct ifnet *ifp;
|
|
|
|
{
|
|
|
|
struct bpf_if *bp, *bp_prev;
|
|
|
|
struct bpf_d *d;
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_lock(&bpf_mtx);
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
|
|
|
|
/* Locate BPF interface information */
|
|
|
|
bp_prev = NULL;
|
|
|
|
for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) {
|
|
|
|
if (ifp == bp->bif_ifp)
|
|
|
|
break;
|
|
|
|
bp_prev = bp;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Interface wasn't attached */
|
|
|
|
if (bp->bif_ifp == NULL) {
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&bpf_mtx);
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
printf("bpfdetach: %s%d was not attached\n", ifp->if_name,
|
|
|
|
ifp->if_unit);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bp_prev) {
|
|
|
|
bp_prev->bif_next = bp->bif_next;
|
|
|
|
} else {
|
|
|
|
bpf_iflist = bp->bif_next;
|
|
|
|
}
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
while ((d = bp->bif_dlist) != NULL) {
|
|
|
|
bpf_detachd(d);
|
|
|
|
BPFD_LOCK(d);
|
|
|
|
bpf_wakeup(d);
|
|
|
|
BPFD_UNLOCK(d);
|
|
|
|
}
|
|
|
|
|
|
|
|
mtx_destroy(&bp->bif_mtx);
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
free(bp, M_BPF);
|
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_unlock(&bpf_mtx);
|
The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach. This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.
To correct this problem, a new call, bpfdetach, is introduced. bpfdetach
locates BPF descriptor references to the interface, and NULLs them. Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls). Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.
Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp). This is relevant
for buses that support hot removal, such as pccard and usb. Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations. To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card. As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.
Reviewed by: wes
2000-03-19 05:42:34 +00:00
|
|
|
}
|
|
|
|
|
1997-09-16 11:44:05 +00:00
|
|
|
static void bpf_drvinit __P((void *unused));
|
1999-08-15 09:38:21 +00:00
|
|
|
|
2000-08-20 21:34:39 +00:00
|
|
|
static void bpf_clone __P((void *arg, char *name, int namelen, dev_t *dev));
|
|
|
|
|
|
|
|
static void
|
|
|
|
bpf_clone(arg, name, namelen, dev)
|
|
|
|
void *arg;
|
|
|
|
char *name;
|
|
|
|
int namelen;
|
|
|
|
dev_t *dev;
|
|
|
|
{
|
|
|
|
int u;
|
|
|
|
|
|
|
|
if (*dev != NODEV)
|
|
|
|
return;
|
2000-09-02 19:17:34 +00:00
|
|
|
if (dev_stdclone(name, NULL, "bpf", &u) != 1)
|
2000-08-20 21:34:39 +00:00
|
|
|
return;
|
2000-09-19 10:28:44 +00:00
|
|
|
*dev = make_dev(&bpf_cdevsw, unit2minor(u), UID_ROOT, GID_WHEEL, 0600,
|
|
|
|
"bpf%d", u);
|
|
|
|
(*dev)->si_flags |= SI_CHEAPCLONE;
|
2000-08-20 21:34:39 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
1997-09-16 11:44:05 +00:00
|
|
|
static void
|
|
|
|
bpf_drvinit(unused)
|
|
|
|
void *unused;
|
1995-11-29 10:49:16 +00:00
|
|
|
{
|
1996-03-28 14:33:59 +00:00
|
|
|
|
2001-02-16 17:10:28 +00:00
|
|
|
mtx_init(&bpf_mtx, "bpf global lock", MTX_DEF);
|
2000-09-02 19:17:34 +00:00
|
|
|
EVENTHANDLER_REGISTER(dev_clone, bpf_clone, 0, 1000);
|
1999-08-15 09:38:21 +00:00
|
|
|
cdevsw_add(&bpf_cdevsw);
|
1995-11-29 10:49:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
|
|
|
|
|
2001-01-29 13:26:14 +00:00
|
|
|
#else /* !DEV_BPF && !NETGRAPH_BPF */
|
1999-04-28 01:18:13 +00:00
|
|
|
/*
|
|
|
|
* NOP stubs to allow bpf-using drivers to load and function.
|
|
|
|
*
|
|
|
|
* A 'better' implementation would allow the core bpf functionality
|
|
|
|
* to be loaded at runtime.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void
|
|
|
|
bpf_tap(ifp, pkt, pktlen)
|
|
|
|
struct ifnet *ifp;
|
|
|
|
register u_char *pkt;
|
|
|
|
register u_int pktlen;
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
bpf_mtap(ifp, m)
|
|
|
|
struct ifnet *ifp;
|
|
|
|
struct mbuf *m;
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
bpfattach(ifp, dlt, hdrlen)
|
|
|
|
struct ifnet *ifp;
|
|
|
|
u_int dlt, hdrlen;
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2000-04-27 15:11:41 +00:00
|
|
|
void
|
|
|
|
bpfdetach(ifp)
|
|
|
|
struct ifnet *ifp;
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
1999-04-28 01:18:13 +00:00
|
|
|
u_int
|
|
|
|
bpf_filter(pc, p, wirelen, buflen)
|
1999-12-03 09:59:02 +00:00
|
|
|
register const struct bpf_insn *pc;
|
1999-04-28 01:18:13 +00:00
|
|
|
register u_char *p;
|
|
|
|
u_int wirelen;
|
|
|
|
register u_int buflen;
|
|
|
|
{
|
|
|
|
return -1; /* "no filter" behaviour */
|
|
|
|
}
|
|
|
|
|
2001-01-29 13:26:14 +00:00
|
|
|
int
|
|
|
|
bpf_validate(f, len)
|
|
|
|
const struct bpf_insn *f;
|
|
|
|
int len;
|
|
|
|
{
|
|
|
|
return 0; /* false */
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* !DEV_BPF && !NETGRAPH_BPF */
|