2 * Copyright (c) 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)bpf.c 8.2 (Berkeley) 3/28/94
40 * $FreeBSD: src/sys/net/bpf.c,v 1.59.2.12 2002/04/14 21:41:48 luigi Exp $
48 #define inline __inline
51 #include <sys/param.h>
52 #include <sys/systm.h>
54 #include <sys/malloc.h>
58 #include <sys/signalvar.h>
59 #include <sys/filio.h>
60 #include <sys/sockio.h>
61 #include <sys/ttycom.h>
62 #include <sys/filedesc.h>
64 #if defined(sparc) && BSD < 199103
65 #include <sys/stream.h>
69 #include <sys/socket.h>
70 #include <sys/vnode.h>
74 #include <net/bpfdesc.h>
76 #include <netinet/in.h>
77 #include <netinet/if_ether.h>
78 #include <sys/kernel.h>
79 #include <sys/sysctl.h>
81 MALLOC_DEFINE(M_BPF, "BPF", "BPF data");
86 * Older BSDs don't have kernel malloc.
90 static caddr_t bpf_alloc();
91 #include <net/bpf_compat.h>
92 #define BPF_BUFSIZE (MCLBYTES-8)
93 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, code, uio)
95 #define BPF_BUFSIZE 4096
96 #define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
99 #define PRINET 26 /* interruptible */
102 * The default read buffer size is patchable.
104 static int bpf_bufsize = BPF_BUFSIZE;
105 SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW,
106 &bpf_bufsize, 0, "");
107 static int bpf_maxbufsize = BPF_MAXBUFSIZE;
108 SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW,
109 &bpf_maxbufsize, 0, "");
112 * bpf_iflist is the list of interfaces; each corresponds to an ifnet
114 static struct bpf_if *bpf_iflist;
116 static int bpf_allocbufs __P((struct bpf_d *));
117 static void bpf_attachd __P((struct bpf_d *d, struct bpf_if *bp));
118 static void bpf_detachd __P((struct bpf_d *d));
119 static void bpf_freed __P((struct bpf_d *));
120 static void bpf_mcopy __P((const void *, void *, size_t));
121 static int bpf_movein __P((struct uio *, int,
122 struct mbuf **, struct sockaddr *, int *));
123 static int bpf_setif __P((struct bpf_d *, struct ifreq *));
124 static void bpf_timed_out __P((void *));
126 bpf_wakeup __P((struct bpf_d *));
127 static void catchpacket __P((struct bpf_d *, u_char *, u_int,
128 u_int, void (*)(const void *, void *, size_t)));
129 static void reset_d __P((struct bpf_d *));
130 static int bpf_setf __P((struct bpf_d *, struct bpf_program *));
132 static d_open_t bpfopen;
133 static d_close_t bpfclose;
134 static d_read_t bpfread;
135 static d_write_t bpfwrite;
136 static d_ioctl_t bpfioctl;
137 static d_poll_t bpfpoll;
139 #define CDEV_MAJOR 23
140 static struct cdevsw bpf_cdevsw = {
142 /* close */ bpfclose,
144 /* write */ bpfwrite,
145 /* ioctl */ bpfioctl,
148 /* strategy */ nostrategy,
150 /* maj */ CDEV_MAJOR,
159 bpf_movein(uio, linktype, mp, sockp, datlen)
160 register struct uio *uio;
161 int linktype, *datlen;
162 register struct mbuf **mp;
163 register struct sockaddr *sockp;
171 * Build a sockaddr based on the data link layer type.
172 * We do this at this level because the ethernet header
173 * is copied directly into the data field of the sockaddr.
174 * In the case of SLIP, there is no header and the packet
175 * is forwarded as is.
176 * Also, we are careful to leave room at the front of the mbuf
177 * for the link level header.
182 sockp->sa_family = AF_INET;
187 sockp->sa_family = AF_UNSPEC;
188 /* XXX Would MAXLINKHDR be better? */
189 hlen = sizeof(struct ether_header);
193 #if defined(__FreeBSD__) || defined(__bsdi__)
194 sockp->sa_family = AF_IMPLINK;
197 sockp->sa_family = AF_UNSPEC;
198 /* XXX 4(FORMAC)+6(dst)+6(src)+3(LLC)+5(SNAP) */
205 sockp->sa_family = AF_UNSPEC;
210 case DLT_ATM_RFC1483:
212 * en atm driver requires 4-byte atm pseudo header.
213 * though it isn't standard, vpi:vci needs to be
216 sockp->sa_family = AF_UNSPEC;
217 hlen = 12; /* XXX 4(ATM_PH) + 3(LLC) + 5(SNAP) */
221 sockp->sa_family = AF_UNSPEC;
222 hlen = 4; /* This should match PPP_HDRLEN */
229 len = uio->uio_resid;
230 *datlen = len - hlen;
231 if ((unsigned)len > MCLBYTES)
234 MGETHDR(m, M_WAIT, MT_DATA);
240 if ((m->m_flags & M_EXT) == 0) {
243 if (m->m_len != MCLBYTES) {
249 m->m_pkthdr.len = m->m_len = len;
250 m->m_pkthdr.rcvif = NULL;
253 * Make room for link header.
256 m->m_pkthdr.len -= hlen;
259 m->m_data += hlen; /* XXX */
263 error = UIOMOVE((caddr_t)sockp->sa_data, hlen, UIO_WRITE, uio);
267 error = UIOMOVE(mtod(m, caddr_t), len - hlen, UIO_WRITE, uio);
276 * Attach file to the bpf interface, i.e. make d listen on bp.
277 * Must be called at splimp.
285 * Point d at bp, and add d to the interface's list of listeners.
286 * Finally, point the driver's bpf cookie at the interface so
287 * it will divert packets to bpf.
290 d->bd_next = bp->bif_dlist;
293 bp->bif_ifp->if_bpf = bp;
297 * Detach a file from its interface.
308 * Check if this descriptor had requested promiscuous mode.
309 * If so, turn it off.
313 if (ifpromisc(bp->bif_ifp, 0))
315 * Something is really wrong if we were able to put
316 * the driver into promiscuous mode, but can't
319 panic("bpf: ifpromisc failed");
321 /* Remove d from the interface's descriptor list. */
326 panic("bpf_detachd: descriptor not in list");
329 if (bp->bif_dlist == 0)
331 * Let the driver know that there are no more listeners.
333 d->bd_bif->bif_ifp->if_bpf = 0;
338 * Open ethernet device. Returns ENXIO for illegal minor device number,
339 * EBUSY if file is open by another process.
343 bpfopen(dev, flags, fmt, p)
349 register struct bpf_d *d;
356 * Each minor can be opened by only one process. If the requested
357 * minor is in use, return EBUSY.
361 make_dev(&bpf_cdevsw, minor(dev), 0, 0, 0600, "bpf%d", lminor(dev));
362 MALLOC(d, struct bpf_d *, sizeof(*d), M_BPF, M_WAITOK | M_ZERO);
364 d->bd_bufsize = bpf_bufsize;
367 callout_init(&d->bd_callout);
372 * Close the descriptor by detaching it from its interface,
373 * deallocating its buffers, and marking it free.
377 bpfclose(dev, flags, fmt, p)
383 register struct bpf_d *d = dev->si_drv1;
386 funsetown(d->bd_sigio);
388 if (d->bd_state == BPF_WAITING)
389 callout_stop(&d->bd_callout);
390 d->bd_state = BPF_IDLE;
402 * Support for SunOS, which does not have tsleep.
409 struct bpf_d *d = (struct bpf_d *)arg;
414 #define BPF_SLEEP(chan, pri, s, t) bpf_sleep((struct bpf_d *)chan)
418 register struct bpf_d *d;
420 register int rto = d->bd_rtout;
425 timeout(bpf_timeout, (caddr_t)d, rto);
427 st = sleep((caddr_t)d, PRINET|PCATCH);
429 if (d->bd_timedout == 0)
430 untimeout(bpf_timeout, (caddr_t)d);
434 return (st != 0) ? EINTR : 0;
437 #define BPF_SLEEP tsleep
441 * Rotate the packet buffers in descriptor d. Move the store buffer
442 * into the hold slot, and the free buffer into the store slot.
443 * Zero the length of the new store buffer.
445 #define ROTATE_BUFFERS(d) \
446 (d)->bd_hbuf = (d)->bd_sbuf; \
447 (d)->bd_hlen = (d)->bd_slen; \
448 (d)->bd_sbuf = (d)->bd_fbuf; \
452 * bpfread - read next chunk of packets from buffers
455 bpfread(dev, uio, ioflag)
457 register struct uio *uio;
460 register struct bpf_d *d = dev->si_drv1;
466 * Restrict application to use a buffer the same size as
469 if (uio->uio_resid != d->bd_bufsize)
473 if (d->bd_state == BPF_WAITING)
474 callout_stop(&d->bd_callout);
475 timed_out = (d->bd_state == BPF_TIMED_OUT);
476 d->bd_state = BPF_IDLE;
478 * If the hold buffer is empty, then do a timed sleep, which
479 * ends when the timeout expires or when enough packets
480 * have arrived to fill the store buffer.
482 while (d->bd_hbuf == 0) {
483 if ((d->bd_immediate || timed_out) && d->bd_slen != 0) {
485 * A packet(s) either arrived since the previous
486 * read or arrived while we were asleep.
487 * Rotate the buffers and return what's here.
494 * No data is available, check to see if the bpf device
495 * is still pointed at a real interface. If not, return
496 * ENXIO so that the userland process knows to rebind
497 * it before using it again.
499 if (d->bd_bif == NULL) {
504 if (ioflag & IO_NDELAY) {
506 return (EWOULDBLOCK);
508 error = BPF_SLEEP((caddr_t)d, PRINET|PCATCH, "bpf",
510 if (error == EINTR || error == ERESTART) {
514 if (error == EWOULDBLOCK) {
516 * On a timeout, return what's in the buffer,
517 * which may be nothing. If there is something
518 * in the store buffer, we can rotate the buffers.
522 * We filled up the buffer in between
523 * getting the timeout and arriving
524 * here, so we don't need to rotate.
528 if (d->bd_slen == 0) {
537 * At this point, we know we have something in the hold slot.
542 * Move data from hold buffer into user space.
543 * We know the entire buffer is transferred since
544 * we checked above that the read buffer is bpf_bufsize bytes.
546 error = UIOMOVE(d->bd_hbuf, d->bd_hlen, UIO_READ, uio);
549 d->bd_fbuf = d->bd_hbuf;
559 * If there are processes sleeping on this descriptor, wake them up.
563 register struct bpf_d *d;
565 if (d->bd_state == BPF_WAITING) {
566 callout_stop(&d->bd_callout);
567 d->bd_state = BPF_IDLE;
570 if (d->bd_async && d->bd_sig && d->bd_sigio)
571 pgsigio(d->bd_sigio, d->bd_sig, 0);
574 selwakeup(&d->bd_sel);
576 d->bd_sel.si_pid = 0;
579 selwakeup(d->bd_selproc, (int)d->bd_selcoll);
590 struct bpf_d *d = (struct bpf_d *)arg;
594 if (d->bd_state == BPF_WAITING) {
595 d->bd_state = BPF_TIMED_OUT;
603 bpfwrite(dev, uio, ioflag)
608 register struct bpf_d *d = dev->si_drv1;
612 static struct sockaddr dst;
618 ifp = d->bd_bif->bif_ifp;
620 if (uio->uio_resid == 0)
623 error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
627 if (datlen > ifp->if_mtu)
631 dst.sa_family = pseudo_AF_HDRCMPLT;
635 error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0);
637 error = (*ifp->if_output)(ifp, m, &dst);
641 * The driver frees the mbuf.
647 * Reset a descriptor by flushing its packet buffer and clearing the
648 * receive and drop counts. Should be called at splimp.
655 /* Free the hold buffer. */
656 d->bd_fbuf = d->bd_hbuf;
666 * FIONREAD Check for read packet available.
667 * SIOCGIFADDR Get interface address - convenient hook to driver.
668 * BIOCGBLEN Get buffer len [for read()].
669 * BIOCSETF Set ethernet read filter.
670 * BIOCFLUSH Flush read packet buffer.
671 * BIOCPROMISC Put interface into promiscuous mode.
672 * BIOCGDLT Get link layer type.
673 * BIOCGETIF Get interface name.
674 * BIOCSETIF Set interface.
675 * BIOCSRTIMEOUT Set read timeout.
676 * BIOCGRTIMEOUT Get read timeout.
677 * BIOCGSTATS Get packet stats.
678 * BIOCIMMEDIATE Set immediate mode.
679 * BIOCVERSION Get filter language version.
680 * BIOCGHDRCMPLT Get "header already complete" flag
681 * BIOCSHDRCMPLT Set "header already complete" flag
682 * BIOCGSEESENT Get "see packets sent" flag
683 * BIOCSSEESENT Set "see packets sent" flag
687 bpfioctl(dev, cmd, addr, flags, p)
694 register struct bpf_d *d = dev->si_drv1;
698 if (d->bd_state == BPF_WAITING)
699 callout_stop(&d->bd_callout);
700 d->bd_state = BPF_IDLE;
710 * Check for read packet available.
733 ifp = d->bd_bif->bif_ifp;
734 error = (*ifp->if_ioctl)(ifp, cmd, addr);
740 * Get buffer len [for read()].
743 *(u_int *)addr = d->bd_bufsize;
756 register u_int size = *(u_int *)addr;
758 if (size > bpf_maxbufsize)
759 *(u_int *)addr = size = bpf_maxbufsize;
760 else if (size < BPF_MINBUFSIZE)
761 *(u_int *)addr = size = BPF_MINBUFSIZE;
762 d->bd_bufsize = size;
768 * Set link layer read filter.
771 error = bpf_setf(d, (struct bpf_program *)addr);
775 * Flush read packet buffer.
784 * Put interface into promiscuous mode.
787 if (d->bd_bif == 0) {
789 * No interface attached yet.
795 if (d->bd_promisc == 0) {
796 error = ifpromisc(d->bd_bif->bif_ifp, 1);
804 * Get device parameters.
810 *(u_int *)addr = d->bd_bif->bif_dlt;
814 * Get interface name.
820 struct ifnet *const ifp = d->bd_bif->bif_ifp;
821 struct ifreq *const ifr = (struct ifreq *)addr;
823 snprintf(ifr->ifr_name, sizeof(ifr->ifr_name),
824 "%s%d", ifp->if_name, ifp->if_unit);
832 error = bpf_setif(d, (struct ifreq *)addr);
840 struct timeval *tv = (struct timeval *)addr;
843 * Subtract 1 tick from tvtohz() since this isn't
846 if ((error = itimerfix(tv)) == 0)
847 d->bd_rtout = tvtohz(tv) - 1;
856 struct timeval *tv = (struct timeval *)addr;
858 tv->tv_sec = d->bd_rtout / hz;
859 tv->tv_usec = (d->bd_rtout % hz) * tick;
868 struct bpf_stat *bs = (struct bpf_stat *)addr;
870 bs->bs_recv = d->bd_rcount;
871 bs->bs_drop = d->bd_dcount;
876 * Set immediate mode.
879 d->bd_immediate = *(u_int *)addr;
884 struct bpf_version *bv = (struct bpf_version *)addr;
886 bv->bv_major = BPF_MAJOR_VERSION;
887 bv->bv_minor = BPF_MINOR_VERSION;
892 * Get "header already complete" flag
895 *(u_int *)addr = d->bd_hdrcmplt;
899 * Set "header already complete" flag
902 d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
906 * Get "see sent packets" flag
909 *(u_int *)addr = d->bd_seesent;
913 * Set "see sent packets" flag
916 d->bd_seesent = *(u_int *)addr;
919 case FIONBIO: /* Non-blocking I/O */
922 case FIOASYNC: /* Send signal on receive packets */
923 d->bd_async = *(int *)addr;
927 error = fsetown(*(int *)addr, &d->bd_sigio);
931 *(int *)addr = fgetown(d->bd_sigio);
934 /* This is deprecated, FIOSETOWN should be used instead. */
936 error = fsetown(-(*(int *)addr), &d->bd_sigio);
939 /* This is deprecated, FIOGETOWN should be used instead. */
941 *(int *)addr = -fgetown(d->bd_sigio);
944 case BIOCSRSIG: /* Set receive signal */
948 sig = *(u_int *)addr;
957 *(u_int *)addr = d->bd_sig;
964 * Set d's packet filter program to fp. If this file already has a filter,
965 * free it and replace it. Returns EINVAL for bogus requests.
970 struct bpf_program *fp;
972 struct bpf_insn *fcode, *old;
977 if (fp->bf_insns == 0) {
985 free((caddr_t)old, M_BPF);
989 if (flen > BPF_MAXINSNS)
992 size = flen * sizeof(*fp->bf_insns);
993 fcode = (struct bpf_insn *)malloc(size, M_BPF, M_WAITOK);
994 if (copyin((caddr_t)fp->bf_insns, (caddr_t)fcode, size) == 0 &&
995 bpf_validate(fcode, (int)flen)) {
997 d->bd_filter = fcode;
1001 free((caddr_t)old, M_BPF);
1005 free((caddr_t)fcode, M_BPF);
1010 * Detach a file from its current interface (if attached at all) and attach
1011 * to the interface indicated by the name stored in ifr.
1012 * Return an errno or 0.
1021 struct ifnet *theywant;
1023 theywant = ifunit(ifr->ifr_name);
1028 * Look through attached interfaces for the named one.
1030 for (bp = bpf_iflist; bp != 0; bp = bp->bif_next) {
1031 struct ifnet *ifp = bp->bif_ifp;
1033 if (ifp == 0 || ifp != theywant)
1036 * We found the requested interface.
1037 * If it's not up, return an error.
1038 * Allocate the packet buffers if we need to.
1039 * If we're already attached to requested interface,
1040 * just flush the buffer.
1042 if ((ifp->if_flags & IFF_UP) == 0)
1045 if (d->bd_sbuf == 0) {
1046 error = bpf_allocbufs(d);
1051 if (bp != d->bd_bif) {
1054 * Detach if attached to something else.
1069 * Support for select() and poll() system calls
1071 * Return true iff the specific operation will not block indefinitely.
1072 * Otherwise, return false but make a note that a selwakeup() must be done.
1075 bpfpoll(dev, events, p)
1080 register struct bpf_d *d;
1085 if (d->bd_bif == NULL)
1088 revents = events & (POLLOUT | POLLWRNORM);
1090 if (events & (POLLIN | POLLRDNORM)) {
1092 * An imitation of the FIONREAD ioctl code.
1093 * XXX not quite. An exact imitation:
1094 * if (d->b_slen != 0 ||
1095 * (d->bd_hbuf != NULL && d->bd_hlen != 0)
1097 if (d->bd_hlen != 0 ||
1098 ((d->bd_immediate || d->bd_state == BPF_TIMED_OUT) &&
1100 revents |= events & (POLLIN | POLLRDNORM);
1102 selrecord(p, &d->bd_sel);
1103 /* Start the read timeout if necessary. */
1104 if (d->bd_rtout > 0 && d->bd_state == BPF_IDLE) {
1105 callout_reset(&d->bd_callout, d->bd_rtout,
1107 d->bd_state = BPF_WAITING;
1116 * Incoming linkage from device drivers. Process the packet pkt, of length
1117 * pktlen, which is stored in a contiguous buffer. The packet is parsed
1118 * by each process' filter, and if accepted, stashed into the corresponding
1122 bpf_tap(ifp, pkt, pktlen)
1124 register u_char *pkt;
1125 register u_int pktlen;
1128 register struct bpf_d *d;
1129 register u_int slen;
1131 * Note that the ipl does not have to be raised at this point.
1132 * The only problem that could arise here is that if two different
1133 * interfaces shared any data. This is not the case.
1136 for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1138 slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
1140 catchpacket(d, pkt, pktlen, slen, bcopy);
1145 * Copy data from an mbuf chain into a buffer. This code is derived
1146 * from m_copydata in sys/uipc_mbuf.c.
1149 bpf_mcopy(src_arg, dst_arg, len)
1150 const void *src_arg;
1152 register size_t len;
1154 register const struct mbuf *m;
1155 register u_int count;
1163 count = min(m->m_len, len);
1164 bcopy(mtod(m, void *), dst, count);
1172 * Incoming linkage from device drivers, when packet is in an mbuf chain.
1179 struct bpf_if *bp = ifp->if_bpf;
1185 for (m0 = m; m0 != 0; m0 = m0->m_next)
1186 pktlen += m0->m_len;
1188 for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
1189 if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
1192 slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
1194 catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
1199 * Move the packet data from interface memory (pkt) into the
1200 * store buffer. Return 1 if it's time to wakeup a listener (buffer full),
1201 * otherwise 0. "copy" is the routine called to do the actual data
1202 * transfer. bcopy is passed in to copy contiguous chunks, while
1203 * bpf_mcopy is passed in to copy mbuf chains. In the latter case,
1204 * pkt is really an mbuf.
1207 catchpacket(d, pkt, pktlen, snaplen, cpfn)
1208 register struct bpf_d *d;
1209 register u_char *pkt;
1210 register u_int pktlen, snaplen;
1211 register void (*cpfn) __P((const void *, void *, size_t));
1213 register struct bpf_hdr *hp;
1214 register int totlen, curlen;
1215 register int hdrlen = d->bd_bif->bif_hdrlen;
1217 * Figure out how many bytes to move. If the packet is
1218 * greater or equal to the snapshot length, transfer that
1219 * much. Otherwise, transfer the whole packet (unless
1220 * we hit the buffer size limit).
1222 totlen = hdrlen + min(snaplen, pktlen);
1223 if (totlen > d->bd_bufsize)
1224 totlen = d->bd_bufsize;
1227 * Round up the end of the previous packet to the next longword.
1229 curlen = BPF_WORDALIGN(d->bd_slen);
1230 if (curlen + totlen > d->bd_bufsize) {
1232 * This packet will overflow the storage buffer.
1233 * Rotate the buffers if we can, then wakeup any
1236 if (d->bd_fbuf == 0) {
1238 * We haven't completed the previous read yet,
1239 * so drop the packet.
1248 else if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
1250 * Immediate mode is set, or the read timeout has
1251 * already expired during a select call. A packet
1252 * arrived, so the reader should be woken up.
1257 * Append the bpf header.
1259 hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
1261 microtime(&hp->bh_tstamp);
1263 uniqtime(&hp->bh_tstamp);
1265 hp->bh_tstamp = time;
1267 hp->bh_datalen = pktlen;
1268 hp->bh_hdrlen = hdrlen;
1270 * Copy the packet data into the store buffer and update its length.
1272 (*cpfn)(pkt, (u_char *)hp + hdrlen, (hp->bh_caplen = totlen - hdrlen));
1273 d->bd_slen = curlen + totlen;
1277 * Initialize all nonzero fields of a descriptor.
1281 register struct bpf_d *d;
1283 d->bd_fbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1284 if (d->bd_fbuf == 0)
1287 d->bd_sbuf = (caddr_t)malloc(d->bd_bufsize, M_BPF, M_WAITOK);
1288 if (d->bd_sbuf == 0) {
1289 free(d->bd_fbuf, M_BPF);
1298 * Free buffers currently in use by a descriptor.
1303 register struct bpf_d *d;
1306 * We don't need to lock out interrupts since this descriptor has
1307 * been detached from its interface and it yet hasn't been marked
1310 if (d->bd_sbuf != 0) {
1311 free(d->bd_sbuf, M_BPF);
1312 if (d->bd_hbuf != 0)
1313 free(d->bd_hbuf, M_BPF);
1314 if (d->bd_fbuf != 0)
1315 free(d->bd_fbuf, M_BPF);
1318 free((caddr_t)d->bd_filter, M_BPF);
1322 * Attach an interface to bpf. ifp is a pointer to the structure
1323 * defining the interface to be attached, dlt is the link layer type,
1324 * and hdrlen is the fixed size of the link header (variable length
1325 * headers are not yet supporrted).
1328 bpfattach(ifp, dlt, hdrlen)
1333 bp = (struct bpf_if *)malloc(sizeof(*bp), M_BPF, M_DONTWAIT | M_ZERO);
1340 bp->bif_next = bpf_iflist;
1343 bp->bif_ifp->if_bpf = 0;
1346 * Compute the length of the bpf header. This is not necessarily
1347 * equal to SIZEOF_BPF_HDR because we want to insert spacing such
1348 * that the network layer header begins on a longword boundary (for
1349 * performance reasons and to alleviate alignment restrictions).
1351 bp->bif_hdrlen = BPF_WORDALIGN(hdrlen + SIZEOF_BPF_HDR) - hdrlen;
1354 printf("bpf: %s%d attached\n", ifp->if_name, ifp->if_unit);
1358 * Detach bpf from an interface. This involves detaching each descriptor
1359 * associated with the interface, and leaving bd_bif NULL. Notify each
1360 * descriptor as it's detached so that any sleepers wake up and get
1367 struct bpf_if *bp, *bp_prev;
1373 /* Locate BPF interface information */
1375 for (bp = bpf_iflist; bp != NULL; bp = bp->bif_next) {
1376 if (ifp == bp->bif_ifp)
1381 /* Interface wasn't attached */
1382 if (bp->bif_ifp == NULL) {
1384 printf("bpfdetach: %s%d was not attached\n", ifp->if_name,
1389 while ((d = bp->bif_dlist) != NULL) {
1395 bp_prev->bif_next = bp->bif_next;
1397 bpf_iflist = bp->bif_next;
1405 static void bpf_drvinit __P((void *unused));
1412 cdevsw_add(&bpf_cdevsw);
1415 SYSINIT(bpfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,bpf_drvinit,NULL)
1419 * NOP stubs to allow bpf-using drivers to load and function.
1421 * A 'better' implementation would allow the core bpf functionality
1422 * to be loaded at runtime.
1426 bpf_tap(ifp, pkt, pktlen)
1428 register u_char *pkt;
1429 register u_int pktlen;
1441 bpfattach(ifp, dlt, hdrlen)
1454 bpf_filter(pc, p, wirelen, buflen)
1455 register const struct bpf_insn *pc;
1458 register u_int buflen;
1460 return -1; /* "no filter" behaviour */