Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/net/bpf.h
39476 views
1
/*-

2
 * SPDX-License-Identifier: BSD-3-Clause

3
 *

4
 * Copyright (c) 1990, 1991, 1993

5
 *	The Regents of the University of California.  All rights reserved.

6
 *

7
 * This code is derived from the Stanford/CMU enet packet filter,

8
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed

9
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence

10
 * Berkeley Laboratory.

11
 *

12
 * Redistribution and use in source and binary forms, with or without

13
 * modification, are permitted provided that the following conditions

14
 * are met:

15
 * 1. Redistributions of source code must retain the above copyright

16
 *    notice, this list of conditions and the following disclaimer.

17
 * 2. Redistributions in binary form must reproduce the above copyright

18
 *    notice, this list of conditions and the following disclaimer in the

19
 *    documentation and/or other materials provided with the distribution.

20
 * 3. Neither the name of the University nor the names of its contributors

21
 *    may be used to endorse or promote products derived from this software

22
 *    without specific prior written permission.

23
 *

24
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

25
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

26
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

27
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

28
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

29
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

30
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

31
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

32
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

33
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

34
 * SUCH DAMAGE.

35
 */

36


37
#ifndef _NET_BPF_H_

38
#define _NET_BPF_H_

39


40
#include <sys/types.h>

41
#include <sys/_eventhandler.h>

42
#include <sys/ck.h>

43
#include <net/dlt.h>

44


45
/* BSD style release date */

46
#define	BPF_RELEASE 199606

47


48
typedef	int32_t	  bpf_int32;

49
typedef	u_int32_t bpf_u_int32;

50
typedef	int64_t	  bpf_int64;

51
typedef	u_int64_t bpf_u_int64;

52
struct ifnet;

53


54
/*

55
 * Alignment macros.  BPF_WORDALIGN rounds up to the next multiple of

56
 * BPF_ALIGNMENT.

57
 */

58
#define BPF_ALIGNMENT sizeof(long)

59
#define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1))

60


61
#define BPF_MAXINSNS 512

62
#define BPF_MAXBUFSIZE 0x80000

63
#define BPF_MINBUFSIZE 32

64


65
/*

66
 *  Structure for BIOCSETF.

67
 */

68
struct bpf_program {

69
	u_int bf_len;

70
	struct bpf_insn *bf_insns;

71
};

72


73
/*

74
 * Struct returned by BIOCGSTATS.

75
 */

76
struct bpf_stat {

77
	u_int bs_recv;		/* number of packets received */

78
	u_int bs_drop;		/* number of packets dropped */

79
};

80


81
/*

82
 * Struct return by BIOCVERSION.  This represents the version number of

83
 * the filter language described by the instruction encodings below.

84
 * bpf understands a program iff kernel_major == filter_major &&

85
 * kernel_minor >= filter_minor, that is, if the value returned by the

86
 * running kernel has the same major number and a minor number equal

87
 * equal to or less than the filter being downloaded.  Otherwise, the

88
 * results are undefined, meaning an error may be returned or packets

89
 * may be accepted haphazardly.

90
 * It has nothing to do with the source code version.

91
 */

92
struct bpf_version {

93
	u_short bv_major;

94
	u_short bv_minor;

95
};

96
/* Current version number of filter architecture. */

97
#define BPF_MAJOR_VERSION 1

98
#define BPF_MINOR_VERSION 1

99


100
/*

101
 * Historically, BPF has supported a single buffering model, first using mbuf

102
 * clusters in kernel, and later using malloc(9) buffers in kernel.  We now

103
 * support multiple buffering modes, which may be queried and set using

104
 * BIOCGETBUFMODE and BIOCSETBUFMODE.  So as to avoid handling the complexity

105
 * of changing modes while sniffing packets, the mode becomes fixed once an

106
 * interface has been attached to the BPF descriptor.

107
 */

108
#define	BPF_BUFMODE_BUFFER	1	/* Kernel buffers with read(). */

109
#define	BPF_BUFMODE_ZBUF	2	/* Zero-copy buffers. */

110


111
/*-

112
 * Struct used by BIOCSETZBUF, BIOCROTZBUF: describes up to two zero-copy

113
 * buffer as used by BPF.

114
 */

115
struct bpf_zbuf {

116
	void	*bz_bufa;	/* Location of 'a' zero-copy buffer. */

117
	void	*bz_bufb;	/* Location of 'b' zero-copy buffer. */

118
	size_t	 bz_buflen;	/* Size of zero-copy buffers. */

119
};

120


121
#define	BIOCGBLEN	_IOR('B', 102, u_int)

122
#define	BIOCSBLEN	_IOWR('B', 102, u_int)

123
#define	BIOCSETF	_IOW('B', 103, struct bpf_program)

124
#define	BIOCFLUSH	_IO('B', 104)

125
#define	BIOCPROMISC	_IO('B', 105)

126
#define	BIOCGDLT	_IOR('B', 106, u_int)

127
#define	BIOCGETIF	_IOR('B', 107, struct ifreq)

128
#define	BIOCSETIF	_IOW('B', 108, struct ifreq)

129
#define	BIOCSRTIMEOUT	_IOW('B', 109, struct timeval)

130
#define	BIOCGRTIMEOUT	_IOR('B', 110, struct timeval)

131
#define	BIOCGSTATS	_IOR('B', 111, struct bpf_stat)

132
#define	BIOCIMMEDIATE	_IOW('B', 112, u_int)

133
#define	BIOCVERSION	_IOR('B', 113, struct bpf_version)

134
#define	BIOCGRSIG	_IOR('B', 114, u_int)

135
#define	BIOCSRSIG	_IOW('B', 115, u_int)

136
#define	BIOCGHDRCMPLT	_IOR('B', 116, u_int)

137
#define	BIOCSHDRCMPLT	_IOW('B', 117, u_int)

138
#define	BIOCGDIRECTION	_IOR('B', 118, u_int)

139
#define	BIOCSDIRECTION	_IOW('B', 119, u_int)

140
#define	BIOCSDLT	_IOW('B', 120, u_int)

141
#define	BIOCGDLTLIST	_IOWR('B', 121, struct bpf_dltlist)

142
#define	BIOCLOCK	_IO('B', 122)

143
#define	BIOCSETWF	_IOW('B', 123, struct bpf_program)

144
#define	BIOCFEEDBACK	_IOW('B', 124, u_int)

145
#define	BIOCGETBUFMODE	_IOR('B', 125, u_int)

146
#define	BIOCSETBUFMODE	_IOW('B', 126, u_int)

147
#define	BIOCGETZMAX	_IOR('B', 127, size_t)

148
#define	BIOCROTZBUF	_IOR('B', 128, struct bpf_zbuf)

149
#define	BIOCSETZBUF	_IOW('B', 129, struct bpf_zbuf)

150
#define	BIOCSETFNR	_IOW('B', 130, struct bpf_program)

151
#define	BIOCGTSTAMP	_IOR('B', 131, u_int)

152
#define	BIOCSTSTAMP	_IOW('B', 132, u_int)

153
#define	BIOCSETVLANPCP	_IOW('B', 133, u_int)

154


155
/* Obsolete */

156
#define	BIOCGSEESENT	BIOCGDIRECTION

157
#define	BIOCSSEESENT	BIOCSDIRECTION

158


159
/* Packet directions */

160
enum bpf_direction {

161
	BPF_D_IN,	/* See incoming packets */

162
	BPF_D_INOUT,	/* See incoming and outgoing packets */

163
	BPF_D_OUT	/* See outgoing packets */

164
};

165


166
/* Time stamping functions */

167
#define	BPF_T_MICROTIME		0x0000

168
#define	BPF_T_NANOTIME		0x0001

169
#define	BPF_T_BINTIME		0x0002

170
#define	BPF_T_NONE		0x0003

171
#define	BPF_T_FORMAT_MASK	0x0003

172
#define	BPF_T_NORMAL		0x0000

173
#define	BPF_T_FAST		0x0100

174
#define	BPF_T_MONOTONIC		0x0200

175
#define	BPF_T_MONOTONIC_FAST	(BPF_T_FAST | BPF_T_MONOTONIC)

176
#define	BPF_T_FLAG_MASK		0x0300

177
#define	BPF_T_FORMAT(t)		((t) & BPF_T_FORMAT_MASK)

178
#define	BPF_T_FLAG(t)		((t) & BPF_T_FLAG_MASK)

179
#define	BPF_T_VALID(t)						\

180
    ((t) == BPF_T_NONE || (BPF_T_FORMAT(t) != BPF_T_NONE &&	\

181
    ((t) & ~(BPF_T_FORMAT_MASK | BPF_T_FLAG_MASK)) == 0))

182


183
#define	BPF_T_MICROTIME_FAST		(BPF_T_MICROTIME | BPF_T_FAST)

184
#define	BPF_T_NANOTIME_FAST		(BPF_T_NANOTIME | BPF_T_FAST)

185
#define	BPF_T_BINTIME_FAST		(BPF_T_BINTIME | BPF_T_FAST)

186
#define	BPF_T_MICROTIME_MONOTONIC	(BPF_T_MICROTIME | BPF_T_MONOTONIC)

187
#define	BPF_T_NANOTIME_MONOTONIC	(BPF_T_NANOTIME | BPF_T_MONOTONIC)

188
#define	BPF_T_BINTIME_MONOTONIC		(BPF_T_BINTIME | BPF_T_MONOTONIC)

189
#define	BPF_T_MICROTIME_MONOTONIC_FAST	(BPF_T_MICROTIME | BPF_T_MONOTONIC_FAST)

190
#define	BPF_T_NANOTIME_MONOTONIC_FAST	(BPF_T_NANOTIME | BPF_T_MONOTONIC_FAST)

191
#define	BPF_T_BINTIME_MONOTONIC_FAST	(BPF_T_BINTIME | BPF_T_MONOTONIC_FAST)

192


193
/*

194
 * Structure prepended to each packet.

195
 */

196
struct bpf_ts {

197
	bpf_int64	bt_sec;		/* seconds */

198
	bpf_u_int64	bt_frac;	/* fraction */

199
};

200
struct bpf_xhdr {

201
	struct bpf_ts	bh_tstamp;	/* time stamp */

202
	bpf_u_int32	bh_caplen;	/* length of captured portion */

203
	bpf_u_int32	bh_datalen;	/* original length of packet */

204
	u_short		bh_hdrlen;	/* length of bpf header (this struct

205
					   plus alignment padding) */

206
};

207
/* Obsolete */

208
struct bpf_hdr {

209
	struct timeval	bh_tstamp;	/* time stamp */

210
	bpf_u_int32	bh_caplen;	/* length of captured portion */

211
	bpf_u_int32	bh_datalen;	/* original length of packet */

212
	u_short		bh_hdrlen;	/* length of bpf header (this struct

213
					   plus alignment padding) */

214
};

215
#ifdef _KERNEL

216
#define	MTAG_BPF		0x627066

217
#define	MTAG_BPF_TIMESTAMP	0

218
#endif

219


220
/*

221
 * When using zero-copy BPF buffers, a shared memory header is present

222
 * allowing the kernel BPF implementation and user process to synchronize

223
 * without using system calls.  This structure defines that header.  When

224
 * accessing these fields, appropriate atomic operation and memory barriers

225
 * are required in order not to see stale or out-of-order data; see bpf(4)

226
 * for reference code to access these fields from userspace.

227
 *

228
 * The layout of this structure is critical, and must not be changed; if must

229
 * fit in a single page on all architectures.

230
 */

231
struct bpf_zbuf_header {

232
	volatile u_int	bzh_kernel_gen;	/* Kernel generation number. */

233
	volatile u_int	bzh_kernel_len;	/* Length of data in the buffer. */

234
	volatile u_int	bzh_user_gen;	/* User generation number. */

235
	u_int _bzh_pad[5];

236
};

237


238
/*

239
 * The instruction encodings.

240
 *

241
 * Please inform [email protected] if you use any

242
 * of the reserved values, so that we can note that they're used

243
 * (and perhaps implement it in the reference BPF implementation

244
 * and encourage its implementation elsewhere).

245
 */

246


247
/*

248
 * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000.

249
 */

250


251
/* instruction classes */

252
#define BPF_CLASS(code) ((code) & 0x07)

253
#define		BPF_LD		0x00

254
#define		BPF_LDX		0x01

255
#define		BPF_ST		0x02

256
#define		BPF_STX		0x03

257
#define		BPF_ALU		0x04

258
#define		BPF_JMP		0x05

259
#define		BPF_RET		0x06

260
#define		BPF_MISC	0x07

261


262
/* ld/ldx fields */

263
#define BPF_SIZE(code)	((code) & 0x18)

264
#define		BPF_W		0x00

265
#define		BPF_H		0x08

266
#define		BPF_B		0x10

267
/*				0x18	reserved; used by BSD/OS */

268
#define BPF_MODE(code)	((code) & 0xe0)

269
#define		BPF_IMM 	0x00

270
#define		BPF_ABS		0x20

271
#define		BPF_IND		0x40

272
#define		BPF_MEM		0x60

273
#define		BPF_LEN		0x80

274
#define		BPF_MSH		0xa0

275
/*				0xc0	reserved; used by BSD/OS */

276
/*				0xe0	reserved; used by BSD/OS */

277


278
/* alu/jmp fields */

279
#define BPF_OP(code)	((code) & 0xf0)

280
#define		BPF_ADD		0x00

281
#define		BPF_SUB		0x10

282
#define		BPF_MUL		0x20

283
#define		BPF_DIV		0x30

284
#define		BPF_OR		0x40

285
#define		BPF_AND		0x50

286
#define		BPF_LSH		0x60

287
#define		BPF_RSH		0x70

288
#define		BPF_NEG		0x80

289
#define		BPF_MOD		0x90

290
#define		BPF_XOR		0xa0

291
/*				0xb0	reserved */

292
/*				0xc0	reserved */

293
/*				0xd0	reserved */

294
/*				0xe0	reserved */

295
/*				0xf0	reserved */

296


297
#define		BPF_JA		0x00

298
#define		BPF_JEQ		0x10

299
#define		BPF_JGT		0x20

300
#define		BPF_JGE		0x30

301
#define		BPF_JSET	0x40

302
/*				0x50	reserved; used on BSD/OS */

303
/*				0x60	reserved */

304
/*				0x70	reserved */

305
/*				0x80	reserved */

306
/*				0x90	reserved */

307
/*				0xa0	reserved */

308
/*				0xb0	reserved */

309
/*				0xc0	reserved */

310
/*				0xd0	reserved */

311
/*				0xe0	reserved */

312
/*				0xf0	reserved */

313
#define BPF_SRC(code)	((code) & 0x08)

314
#define		BPF_K		0x00

315
#define		BPF_X		0x08

316


317
/* ret - BPF_K and BPF_X also apply */

318
#define BPF_RVAL(code)	((code) & 0x18)

319
#define		BPF_A		0x10

320
/*				0x18	reserved */

321


322
/* misc */

323
#define BPF_MISCOP(code) ((code) & 0xf8)

324
#define		BPF_TAX		0x00

325
/*				0x08	reserved */

326
/*				0x10	reserved */

327
/*				0x18	reserved */

328
/* #define	BPF_COP		0x20	NetBSD "coprocessor" extensions */

329
/*				0x28	reserved */

330
/*				0x30	reserved */

331
/*				0x38	reserved */

332
/* #define	BPF_COPX	0x40	NetBSD "coprocessor" extensions */

333
/*					also used on BSD/OS */

334
/*				0x48	reserved */

335
/*				0x50	reserved */

336
/*				0x58	reserved */

337
/*				0x60	reserved */

338
/*				0x68	reserved */

339
/*				0x70	reserved */

340
/*				0x78	reserved */

341
#define		BPF_TXA		0x80

342
/*				0x88	reserved */

343
/*				0x90	reserved */

344
/*				0x98	reserved */

345
/*				0xa0	reserved */

346
/*				0xa8	reserved */

347
/*				0xb0	reserved */

348
/*				0xb8	reserved */

349
/*				0xc0	reserved; used on BSD/OS */

350
/*				0xc8	reserved */

351
/*				0xd0	reserved */

352
/*				0xd8	reserved */

353
/*				0xe0	reserved */

354
/*				0xe8	reserved */

355
/*				0xf0	reserved */

356
/*				0xf8	reserved */

357


358
/*

359
 * The instruction data structure.

360
 */

361
struct bpf_insn {

362
	u_short		code;

363
	u_char		jt;

364
	u_char		jf;

365
	bpf_u_int32	k;

366
};

367


368
/*

369
 * Macros for insn array initializers.

370
 */

371
#define BPF_STMT(code, k)		{ (u_short)(code), 0, 0, k }

372
#define BPF_JUMP(code, k, jt, jf)	{ (u_short)(code), jt, jf, k }

373


374
/*

375
 * Structure to retrieve available DLTs for the interface.

376
 */

377
struct bpf_dltlist {

378
	u_int	bfl_len;	/* number of bfd_list array */

379
	u_int	*bfl_list;	/* array of DLTs */

380
};

381


382
#ifdef _KERNEL

383
#ifdef MALLOC_DECLARE

384
MALLOC_DECLARE(M_BPF);

385
#endif

386
#ifdef SYSCTL_DECL

387
SYSCTL_DECL(_net_bpf);

388
#endif

389


390
/*

391
 * Rotate the packet buffers in descriptor d.  Move the store buffer into the

392
 * hold slot, and the free buffer into the store slot.  Zero the length of the

393
 * new store buffer.  Descriptor lock should be held.  One must be careful to

394
 * not rotate the buffers twice, i.e. if fbuf != NULL.

395
 */

396
#define	ROTATE_BUFFERS(d)	do {					\

397
	(d)->bd_hbuf = (d)->bd_sbuf;					\

398
	(d)->bd_hlen = (d)->bd_slen;					\

399
	(d)->bd_sbuf = (d)->bd_fbuf;					\

400
	(d)->bd_slen = 0;						\

401
	(d)->bd_fbuf = NULL;						\

402
	bpf_bufheld(d);							\

403
} while (0)

404


405
/*

406
 * Descriptor associated with each attached hardware interface.

407
 * Part of this structure is exposed to external callers to speed up

408
 * bpf_peers_present() calls.

409
 */

410
struct bpf_if;

411
CK_LIST_HEAD(bpfd_list, bpf_d);

412


413
struct bpf_if_ext {

414
	CK_LIST_ENTRY(bpf_if)	bif_next;	/* list of all interfaces */

415
	struct bpfd_list	bif_dlist;	/* descriptor list */

416
};

417


418
void	bpf_bufheld(struct bpf_d *d);

419
int	bpf_validate(const struct bpf_insn *, int);

420
void	bpf_tap(struct bpf_if *, u_char *, u_int);

421
void	bpf_tap_if(struct ifnet *, u_char *, u_int);

422
void	bpf_mtap(struct bpf_if *, struct mbuf *);

423
void	bpf_mtap_if(struct ifnet *, struct mbuf *);

424
void	bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *);

425
void	bpf_mtap2_if(struct ifnet *, void *, u_int, struct mbuf *);

426
void	bpfattach(struct ifnet *, u_int, u_int);

427
void	bpfattach2(struct ifnet *, u_int, u_int, struct bpf_if **);

428
void	bpfdetach(struct ifnet *);

429
bool	bpf_peers_present_if(struct ifnet *);

430
#ifdef VIMAGE

431
int	bpf_get_bp_params(struct bpf_if *, u_int *, u_int *);

432
void	bpf_ifdetach(struct ifnet *);

433
#endif

434


435
void	bpfilterattach(int);

436
u_int	bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int);

437


438
static __inline bool

439
bpf_peers_present(struct bpf_if *bpf)

440
{

441
	struct bpf_if_ext *ext;

442


443
	ext = (struct bpf_if_ext *)bpf;

444
	return (!CK_LIST_EMPTY(&ext->bif_dlist));

445
}

446


447
#define BPF_TAP(_ifp, _pkt, _pktlen)				\

448
	bpf_tap_if((_ifp), (_pkt), (_pktlen))

449
#define BPF_MTAP(_ifp, _m) 					\

450
	bpf_mtap_if((_ifp), (_m))

451
#define BPF_MTAP2(_ifp, _data, _dlen, _m) 			\

452
	bpf_mtap2_if((_ifp), (_data), (_dlen), (_m))

453
#endif /* _KERNEL */

454


455
/*

456
 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).

457
 */

458
#define BPF_MEMWORDS 16

459


460
/* BPF attach/detach events */

461
typedef void (*bpf_track_fn)(void *, struct ifnet *, int /* dlt */,

462
    int /* 1 =>'s attach */);

463
EVENTHANDLER_DECLARE(bpf_track, bpf_track_fn);

464


465
#endif /* _NET_BPF_H_ */

466


467