Commit Graph

45 Commits

Author SHA1 Message Date
csjp
c1cbf173b2 If bpf(4) has not been compiled into the kernel, initialize the bpf interface
pointer to a zeroed, statically allocated bpf_if structure. This way the
LIST_EMPTY() macro will always return true. This allows us to remove the
additional unconditional memory reference for each packet in the fast path.

Discussed with:	sam
2006-06-14 02:23:28 +00:00
csjp
7686abec4a Back out previous two commits, this caused some problems in the namespace
resulting in some build failures. Instead, to fix the problem of bpf not
being present, check the pointer before dereferencing it.

This is a temporary bandaid until we can decide on how we want to handle
the bpf code not being present. This will be fixed shortly.
2006-06-03 18:48:14 +00:00
csjp
e1f2ab1542 Temporarily include files so that our macro checks do something useful. 2006-06-03 18:16:54 +00:00
csjp
5a4a810c4f Make sure we don't try to dereference the the if_bpf pointer when bpf has
not been compiled into the the kernel.

Submitted by:	benno
2006-06-03 06:37:00 +00:00
csjp
2c4f67981e Fix the following bpf(4) race condition which can result in a panic:
(1) bpf peer attaches to interface netif0
	(2) Packet is received by netif0
	(3) ifp->if_bpf pointer is checked and handed off to bpf
	(4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
	    initialized to NULL.
	(5) ifp->if_bpf is dereferenced by bpf machinery
	(6) Kaboom

This race condition likely explains the various different kernel panics
reported around sending SIGINT to tcpdump or dhclient processes. But really
this race can result in kernel panics anywhere you have frequent bpf attach
and detach operations with high packet per second load.

Summary of changes:

- Remove the bpf interface's "driverp" member
- When we attach bpf interfaces, we now set the ifp->if_bpf member to the
  bpf interface structure. Once this is done, ifp->if_bpf should never be
  NULL. [1]
- Introduce bpf_peers_present function, an inline operation which will do
  a lockless read bpf peer list associated with the interface. It should
  be noted that the bpf code will pickup the bpf_interface lock before adding
  or removing bpf peers. This should serialize the access to the bpf descriptor
  list, removing the race.
- Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
  can use it. This also removes the struct bpf_if; hack that was there.
- Adjust all consumers of the raw if_bpf structure to use bpf_peers_present

Now what happens is:

	(1) Packet is received by netif0
	(2) Check to see if bpf descriptor list is empty
	(3) Pickup the bpf interface lock
	(4) Hand packet off to process

From the attach/detach side:

	(1) Pickup the bpf interface lock
	(2) Add/remove from bpf descriptor list

Now that we are storing the bpf interface structure with the ifnet, there is
is no need to walk the bpf interface list to locate the correct bpf interface.
We now simply look up the interface, and initialize the pointer. This has a
nice side effect of changing a bpf interface attach operation from O(N) (where
N is the number of bpf interfaces), to O(1).

[1] From now on, we can no longer check ifp->if_bpf to tell us whether or
    not we have any bpf peers that might be interested in receiving packets.

In collaboration with:	sam@
MFC after:	1 month
2006-06-02 19:59:33 +00:00
csjp
a41f7da35f Introduce two new ioctl(2) commands, BIOCLOCK and BIOCSETWF. These commands
enhance the security of bpf(4) by further relinquishing the privilege of
the bpf(4) consumer (assuming the ioctl commands are being implemented).

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underly parameters of the
bpf(4) device. An example might be the setting of bpf(4) filter programs or
attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets. Currently if
a bpf(4) consumer is compromised, the bpf(4) descriptor can essentially be used
as a raw socket, regardless of consumer's UID. Write filters give users the
ability to constrain which packets can be sent through the bpf(4) descriptor.

These features are currently implemented by a couple programs which came from
OpenBSD, such as the new dhclient and pflogd.

-Modify bpf_setf(9) to accept a "cmd" parameter. This will be used to specify
 whether a read or write filter is to be set.
-Add a bpf(4) filter program as a parameter to bpf_movein(9) as we will run the
 filter program on the mbuf data once we move the packet in from user-space.
-Rather than execute two uiomove operations, (one for the link header and the
 other for the packet data), execute one and manually copy the linker header
 into the sockaddr structure via bcopy.
-Restructure bpf_setf to compensate for write filters, as well as read.
-Adjust bpf(4) stats structures to include a bd_locked member.

It should be noted that the FreeBSD and OpenBSD implementations differ a bit in
the sense that we unconditionally enforce the lock, where OpenBSD enforces it
only if the calling credential is not root.

Idea from:	OpenBSD
Reviewed by:	mlaier
2005-08-22 19:35:48 +00:00
sam
b82cb32ca3 additions from libpcap 0.9.1 release
Approved by:	re (scottl)
2005-07-11 03:16:23 +00:00
sam
d49fabe2d3 integrate changes from libpcap-0.9.1-096
Reviewed by:	bms
2005-05-28 21:56:41 +00:00
imp
a50ffc2912 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
dwmalone
43ffabb3fb Make the comment for DLT_NULL slightly more accurate.
PR:		62272
Submitted by:	Radim Kolar <hsn@netmag.cz>
MFC after:	1 week
2004-05-30 17:03:48 +00:00
imp
b49b7fe799 Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.

Approved by: core, peter, alc, rwatson
2004-04-07 20:46:16 +00:00
bms
34f833a812 Add more DLT types required by libpcap 0.8.3.
Maintain numeric sort order.
2004-03-31 14:22:13 +00:00
bms
36047c4b94 Update system bpf headers for libpcap 0.8.3.
Maintain listing of DLT link types in numeric order.
2004-03-31 14:09:26 +00:00
mlaier
428f1c9a0f Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).

Approved by: bms(mentor)
2004-02-26 03:53:54 +00:00
sam
c165a87f8d o eliminate widespread on-stack mbuf use for bpf by introducing
a new bpf_mtap2 routine that does the right thing for an mbuf
  and a variable-length chunk of data that should be prepended.
o while we're sweeping the drivers, use u_int32_t uniformly when
  when prepending the address family (several places were assuming
  sizeof(int) was 4)
o return M_ASSERTVALID to BPF_MTAP* now that all stack-allocated
  mbufs have been eliminated; this may better be moved to the bpf
  routines

Reviewed by:	arch@ and several others
2003-12-28 03:56:00 +00:00
silby
73c251c926 Remove the call to M_ASSERTVALID from BPF_MTAP; some mbufs passed to
mpf are allocated on the stack, which causes this check to falsely trigger.

A new check which takes on-stack mbufs into account will be reintroduced
after 5.2 is out the door.

Approved by:	re (watson)
Requested by:	many
2003-11-28 18:48:59 +00:00
silby
4add8d9302 Add a new macro M_ASSERTVALID which ensures that the mbuf in question
is non-free.  (More checks can/should be added in the future.)

Use M_ASSERTVALID in BPF_MTAP so that we catch when freed mbufs are
passed in, even if no bpf listeners are active.

Inspired by a bug in if_dc caught by Kenjiro Cho.
2003-10-19 22:33:41 +00:00
sam
e74e7998d8 o add BIOCGDLTLIST and BIOCSDLT ioctls to get the data link type list
and set the link type for use by libpcap and tcpdump
o move mtx unlock in bpfdetach up; it doesn't need to be held so long
o change printf in bpf_detach to distinguish it from the same one in bpfsetdlt

Note there are locking issues here related to ioctl processing; they
have not been addressed here.

Submitted by:	Guy Harris <guy@alum.mit.edu>
Obtained from:	NetBSD (w/ locking modifications)
2003-01-20 19:08:46 +00:00
sam
0d8343cbfe o add support for multiple link types per interface (e.g. 802.11 and Ethernet)
o introduce BPF_TAP and BPF_MTAP macros to hide implementation details and
  ease code portability
o use m_getcl where appropriate

Reviewed by:	many
Approved by:	re
Obtained from:	NetBSD (multiple link type support)
2002-11-14 23:24:13 +00:00
fenner
63a52d217d Update for libpcap 0.7.1
Originally-committed-to-wrong-repository by:	fenner
2002-06-21 05:29:40 +00:00
alfred
c9985516e4 Remove __P. 2002-03-19 21:54:18 +00:00
fenner
db46728f21 Update our bpf.h with tcpdump.org's new DLT_ types.
Use our bpf.h instead of tcpdump.org's to build libpcap.
2001-07-31 23:27:06 +00:00
rwatson
5b7df33ce0 The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach.  This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.

To correct this problem, a new call, bpfdetach, is introduced.  bpfdetach
locates BPF descriptor references to the interface, and NULLs them.  Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls).  Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.

Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp).  This is relevant
for buses that support hot removal, such as pccard and usb.  Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations.  To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card.  As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.

Reviewed by:	wes
2000-03-19 05:42:34 +00:00
rwatson
7432002de6 Introduce a new bd_seesent flag to the BPF descriptor, indicating whether or
not the current BPF device should report locally generated packets or not.
This allows sniffing applications to see only packets that are not generated
locally, which can be useful for debugging bridging problems, or other
situations where MAC addresses are not sufficient to identify locally
sourced packets.  Default to true for this flag, so as to provide existing
behavior by default.

Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used
to manipulate this flag from userland, given appropriate privilege.

Modify bpf.4 to document these two new ioctl arguments.

Reviewed by:	asmodai
2000-03-18 06:30:42 +00:00
phk
d462c28c31 |The hard limit for the BPF buffer size is 32KB, which appears too low
|for high speed networks (even at 100Mbit/s this corresponds to 1/300th
|of a second). The default buffer size is 4KB, but libpcap and ipfilter
|both override this (using the BIOCSBLEN ioctl) and allocate 32KB.
|
|The following patch adds an sysctl for bpf_maxbufsize, similar to the
|one for bpf_bufsize that you added back in December 1995. I choose to
|make the default for this limit 512KB (the value suggested by NFR).

Submitted by:	se
Reviewed by:	phk
2000-01-15 19:46:12 +00:00
peter
15b9bcb121 Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot).  This is consistant with the other
BSD's who made this change quite some time ago.  More commits to come.
1999-12-29 04:46:21 +00:00
archie
47cb60fd85 Add 'const' to the bpf_filter() and bpf_validate() prototypes.
Remove a stale comment from bpf_validate().
1999-12-02 19:36:05 +00:00
msmith
010a32d645 Implement pseudo_AF_HDRCMPLT, which controls the state of the 'header
completion' flag.  If set, the interface output routine will assume that
the packet already has a valid link-level source address.  This defaults
to off (the address is overwritten)

PR:		kern/10680
Submitted by:	"Christopher N . Harrell" <cnh@mindspring.net>
Obtained from:	NetBSD
1999-10-15 05:07:00 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
alex
8dd53bb3c7 Change BPF_ALIGNMENT to long, necessary for correct alignment on Alpha. 1998-10-04 21:53:59 +00:00
fenner
bb4a1148ba Add DLT_{SLIP,PPP}_BSDOS from libpcap 0.4 1998-09-15 19:35:37 +00:00
ache
60fc86d171 Implement DLT_RAW from libpcap 1998-08-18 10:13:11 +00:00
bde
1155b43c05 Don't attempt to optimize the space allocated for bpf headers if
sizeof(struct bpf_hdr) > 20.  20 is normal on 32-bit systems with
32-bit alignment, but we still assume that the last 2 bytes of the
struct are unnecessary padding on such systems.  On systems with
64-bit longs, struct timeval is bloated to 16 bytes, so bpf headers
certainly don't fit in 18 bytes.
1998-07-13 10:44:02 +00:00
peter
94b6d72794 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
pst
eb97ba114d Update to match definitions in LBL June 96 release 1996-08-19 20:28:25 +00:00
wollman
25ee6cca2a Clean up Ethernet drivers:
- fill in and use ifp->if_softc
	- use if_bpf rather than private cookie variables
	- change bpf interface to take advantage of this
	- call ether_ifattach() directly from Ethernet drivers
	- delete kludge in if_attach() that did this indirectly
1996-02-06 18:51:28 +00:00
mpp
f3dd75a38d Fix a bunch of spelling errors in the comment fields of
a bunch of system include files.
1996-01-30 23:02:38 +00:00
bde
336a6f070b Moved prototypes for devswitch functions from conf.c and driver sources
to <machine/conf.h>.  conf.h was mechanically generated by
`grep ^d_ conf.c >conf.h'.  This accounts for part of its ugliness.  The
prototypes should be moved back to the driver sources when the functions
are staticalized.
1995-11-04 13:25:33 +00:00
bde
b25431cbea Fix benign type mismatches in devsw functions. 82 out of 299 devsw
functions were wrong.
1995-09-08 11:09:15 +00:00
pst
763ad9c0a0 Give the BPF the ability to generate signals when a packet is available.
Reviewed by:	pst & wollman
Submitted by:	grossman@cygnus.com
1995-06-15 18:11:00 +00:00
rgrimes
c86f0c7a71 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
paul
be1bed59fb Make idempotent.
Submitted by:	Paul
1994-08-21 05:11:48 +00:00
dg
8d205697aa Added $Id$ 1994-08-02 07:55:43 +00:00
rgrimes
8fb65ce818 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00