1
/*-
2
 * SPDX-License-Identifier: BSD-3-Clause
3
 *
4
 * Copyright (c) 1990, 1991, 1993
5
 *	The Regents of the University of California.  All rights reserved.
6
 *
7
 * This code is derived from the Stanford/CMU enet packet filter,
8
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
9
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10
 * Berkeley Laboratory.
11
 *
12
 * Redistribution and use in source and binary forms, with or without
13
 * modification, are permitted provided that the following conditions
14
 * are met:
15
 * 1. Redistributions of source code must retain the above copyright
16
 *    notice, this list of conditions and the following disclaimer.
17
 * 2. Redistributions in binary form must reproduce the above copyright
18
 *    notice, this list of conditions and the following disclaimer in the
19
 *    documentation and/or other materials provided with the distribution.
20
 * 3. Neither the name of the University nor the names of its contributors
21
 *    may be used to endorse or promote products derived from this software
22
 *    without specific prior written permission.
23
 *
24
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
 * SUCH DAMAGE.
35
 */
36

37
#ifndef _NET_BPF_H_
38
#define _NET_BPF_H_
39

40
#include <sys/types.h>
41
#include <sys/_eventhandler.h>
42
#include <sys/ck.h>
43
#include <net/dlt.h>
44

45
/* BSD style release date */
46
#define	BPF_RELEASE 199606
47

48
typedef	int32_t	  bpf_int32;
49
typedef	u_int32_t bpf_u_int32;
50
typedef	int64_t	  bpf_int64;
51
typedef	u_int64_t bpf_u_int64;
52
struct ifnet;
53

54
/*
55
 * Alignment macros.  BPF_WORDALIGN rounds up to the next multiple of
56
 * BPF_ALIGNMENT.
57
 */
58
#define BPF_ALIGNMENT sizeof(long)
59
#define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1))
60

61
#define BPF_MAXINSNS 512
62
#define BPF_MAXBUFSIZE 0x80000
63
#define BPF_MINBUFSIZE 32
64

65
/*
66
 *  Structure for BIOCSETF.
67
 */
68
struct bpf_program {
69
	u_int bf_len;
70
	struct bpf_insn *bf_insns;
71
};
72

73
/*
74
 * Struct returned by BIOCGSTATS.
75
 */
76
struct bpf_stat {
77
	u_int bs_recv;		/* number of packets received */
78
	u_int bs_drop;		/* number of packets dropped */
79
};
80

81
/*
82
 * Struct return by BIOCVERSION.  This represents the version number of
83
 * the filter language described by the instruction encodings below.
84
 * bpf understands a program iff kernel_major == filter_major &&
85
 * kernel_minor >= filter_minor, that is, if the value returned by the
86
 * running kernel has the same major number and a minor number equal
87
 * equal to or less than the filter being downloaded.  Otherwise, the
88
 * results are undefined, meaning an error may be returned or packets
89
 * may be accepted haphazardly.
90
 * It has nothing to do with the source code version.
91
 */
92
struct bpf_version {
93
	u_short bv_major;
94
	u_short bv_minor;
95
};
96
/* Current version number of filter architecture. */
97
#define BPF_MAJOR_VERSION 1
98
#define BPF_MINOR_VERSION 1
99

100
/*
101
 * Historically, BPF has supported a single buffering model, first using mbuf
102
 * clusters in kernel, and later using malloc(9) buffers in kernel.  We now
103
 * support multiple buffering modes, which may be queried and set using
104
 * BIOCGETBUFMODE and BIOCSETBUFMODE.  So as to avoid handling the complexity
105
 * of changing modes while sniffing packets, the mode becomes fixed once an
106
 * interface has been attached to the BPF descriptor.
107
 */
108
#define	BPF_BUFMODE_BUFFER	1	/* Kernel buffers with read(). */
109
#define	BPF_BUFMODE_ZBUF	2	/* Zero-copy buffers. */
110

111
/*-
112
 * Struct used by BIOCSETZBUF, BIOCROTZBUF: describes up to two zero-copy
113
 * buffer as used by BPF.
114
 */
115
struct bpf_zbuf {
116
	void	*bz_bufa;	/* Location of 'a' zero-copy buffer. */
117
	void	*bz_bufb;	/* Location of 'b' zero-copy buffer. */
118
	size_t	 bz_buflen;	/* Size of zero-copy buffers. */
119
};
120

121
/*
122
 * Struct used by BIOCGETIFLIST.
123
 */
124
struct bpf_iflist {
125
	u_int	 bi_size;
126
	u_int	 bi_count;
127
	void	*bi_ubuf;
128
};
129

130
#define	BIOCGBLEN	_IOR('B', 102, u_int)
131
#define	BIOCSBLEN	_IOWR('B', 102, u_int)
132
#define	BIOCSETF	_IOW('B', 103, struct bpf_program)
133
#define	BIOCFLUSH	_IO('B', 104)
134
#define	BIOCPROMISC	_IO('B', 105)
135
#define	BIOCGDLT	_IOR('B', 106, u_int)
136
#define	BIOCGETIF	_IOR('B', 107, struct ifreq)
137
#define	BIOCSETIF	_IOW('B', 108, struct ifreq)
138
#define	BIOCSRTIMEOUT	_IOW('B', 109, struct timeval)
139
#define	BIOCGRTIMEOUT	_IOR('B', 110, struct timeval)
140
#define	BIOCGSTATS	_IOR('B', 111, struct bpf_stat)
141
#define	BIOCIMMEDIATE	_IOW('B', 112, u_int)
142
#define	BIOCVERSION	_IOR('B', 113, struct bpf_version)
143
#define	BIOCGRSIG	_IOR('B', 114, u_int)
144
#define	BIOCSRSIG	_IOW('B', 115, u_int)
145
#define	BIOCGHDRCMPLT	_IOR('B', 116, u_int)
146
#define	BIOCSHDRCMPLT	_IOW('B', 117, u_int)
147
#define	BIOCGDIRECTION	_IOR('B', 118, u_int)
148
#define	BIOCSDIRECTION	_IOW('B', 119, u_int)
149
#define	BIOCSDLT	_IOW('B', 120, u_int)
150
#define	BIOCGDLTLIST	_IOWR('B', 121, struct bpf_dltlist)
151
#define	BIOCLOCK	_IO('B', 122)
152
#define	BIOCSETWF	_IOW('B', 123, struct bpf_program)
153
#define	BIOCFEEDBACK	_IOW('B', 124, u_int)
154
#define	BIOCGETBUFMODE	_IOR('B', 125, u_int)
155
#define	BIOCSETBUFMODE	_IOW('B', 126, u_int)
156
#define	BIOCGETZMAX	_IOR('B', 127, size_t)
157
#define	BIOCROTZBUF	_IOR('B', 128, struct bpf_zbuf)
158
#define	BIOCSETZBUF	_IOW('B', 129, struct bpf_zbuf)
159
#define	BIOCSETFNR	_IOW('B', 130, struct bpf_program)
160
#define	BIOCGTSTAMP	_IOR('B', 131, u_int)
161
#define	BIOCSTSTAMP	_IOW('B', 132, u_int)
162
#define	BIOCSETVLANPCP	_IOW('B', 133, u_int)
163
#define	BIOCGETIFLIST	_IOWR('B', 134, struct bpf_iflist)
164

165
/* Obsolete */
166
#define	BIOCGSEESENT	BIOCGDIRECTION
167
#define	BIOCSSEESENT	BIOCSDIRECTION
168

169
/* Packet directions */
170
enum bpf_direction {
171
	BPF_D_IN,	/* See incoming packets */
172
	BPF_D_INOUT,	/* See incoming and outgoing packets */
173
	BPF_D_OUT	/* See outgoing packets */
174
};
175

176
/* Time stamping functions */
177
#define	BPF_T_MICROTIME		0x0000
178
#define	BPF_T_NANOTIME		0x0001
179
#define	BPF_T_BINTIME		0x0002
180
#define	BPF_T_NONE		0x0003
181
#define	BPF_T_FORMAT_MASK	0x0003
182
#define	BPF_T_NORMAL		0x0000
183
#define	BPF_T_FAST		0x0100
184
#define	BPF_T_MONOTONIC		0x0200
185
#define	BPF_T_MONOTONIC_FAST	(BPF_T_FAST | BPF_T_MONOTONIC)
186
#define	BPF_T_FLAG_MASK		0x0300
187
#define	BPF_T_FORMAT(t)		((t) & BPF_T_FORMAT_MASK)
188
#define	BPF_T_FLAG(t)		((t) & BPF_T_FLAG_MASK)
189
#define	BPF_T_VALID(t)						\
190
    ((t) == BPF_T_NONE || (BPF_T_FORMAT(t) != BPF_T_NONE &&	\
191
    ((t) & ~(BPF_T_FORMAT_MASK | BPF_T_FLAG_MASK)) == 0))
192

193
#define	BPF_T_MICROTIME_FAST		(BPF_T_MICROTIME | BPF_T_FAST)
194
#define	BPF_T_NANOTIME_FAST		(BPF_T_NANOTIME | BPF_T_FAST)
195
#define	BPF_T_BINTIME_FAST		(BPF_T_BINTIME | BPF_T_FAST)
196
#define	BPF_T_MICROTIME_MONOTONIC	(BPF_T_MICROTIME | BPF_T_MONOTONIC)
197
#define	BPF_T_NANOTIME_MONOTONIC	(BPF_T_NANOTIME | BPF_T_MONOTONIC)
198
#define	BPF_T_BINTIME_MONOTONIC		(BPF_T_BINTIME | BPF_T_MONOTONIC)
199
#define	BPF_T_MICROTIME_MONOTONIC_FAST	(BPF_T_MICROTIME | BPF_T_MONOTONIC_FAST)
200
#define	BPF_T_NANOTIME_MONOTONIC_FAST	(BPF_T_NANOTIME | BPF_T_MONOTONIC_FAST)
201
#define	BPF_T_BINTIME_MONOTONIC_FAST	(BPF_T_BINTIME | BPF_T_MONOTONIC_FAST)
202

203
/*
204
 * Structure prepended to each packet.
205
 */
206
struct bpf_ts {
207
	bpf_int64	bt_sec;		/* seconds */
208
	bpf_u_int64	bt_frac;	/* fraction */
209
};
210
struct bpf_xhdr {
211
	struct bpf_ts	bh_tstamp;	/* time stamp */
212
	bpf_u_int32	bh_caplen;	/* length of captured portion */
213
	bpf_u_int32	bh_datalen;	/* original length of packet */
214
	u_short		bh_hdrlen;	/* length of bpf header (this struct
215
					   plus alignment padding) */
216
};
217
/* Obsolete */
218
struct bpf_hdr {
219
	struct timeval	bh_tstamp;	/* time stamp */
220
	bpf_u_int32	bh_caplen;	/* length of captured portion */
221
	bpf_u_int32	bh_datalen;	/* original length of packet */
222
	u_short		bh_hdrlen;	/* length of bpf header (this struct
223
					   plus alignment padding) */
224
};
225
#ifdef _KERNEL
226
#define	MTAG_BPF		0x627066
227
#define	MTAG_BPF_TIMESTAMP	0
228
#endif
229

230
/*
231
 * When using zero-copy BPF buffers, a shared memory header is present
232
 * allowing the kernel BPF implementation and user process to synchronize
233
 * without using system calls.  This structure defines that header.  When
234
 * accessing these fields, appropriate atomic operation and memory barriers
235
 * are required in order not to see stale or out-of-order data; see bpf(4)
236
 * for reference code to access these fields from userspace.
237
 *
238
 * The layout of this structure is critical, and must not be changed; if must
239
 * fit in a single page on all architectures.
240
 */
241
struct bpf_zbuf_header {
242
	volatile u_int	bzh_kernel_gen;	/* Kernel generation number. */
243
	volatile u_int	bzh_kernel_len;	/* Length of data in the buffer. */
244
	volatile u_int	bzh_user_gen;	/* User generation number. */
245
	u_int _bzh_pad[5];
246
};
247

248
/*
249
 * The instruction encodings.
250
 *
251
 * Please inform [email protected] if you use any
252
 * of the reserved values, so that we can note that they're used
253
 * (and perhaps implement it in the reference BPF implementation
254
 * and encourage its implementation elsewhere).
255
 */
256

257
/*
258
 * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000.
259
 */
260

261
/* instruction classes */
262
#define BPF_CLASS(code) ((code) & 0x07)
263
#define		BPF_LD		0x00
264
#define		BPF_LDX		0x01
265
#define		BPF_ST		0x02
266
#define		BPF_STX		0x03
267
#define		BPF_ALU		0x04
268
#define		BPF_JMP		0x05
269
#define		BPF_RET		0x06
270
#define		BPF_MISC	0x07
271

272
/* ld/ldx fields */
273
#define BPF_SIZE(code)	((code) & 0x18)
274
#define		BPF_W		0x00
275
#define		BPF_H		0x08
276
#define		BPF_B		0x10
277
/*				0x18	reserved; used by BSD/OS */
278
#define BPF_MODE(code)	((code) & 0xe0)
279
#define		BPF_IMM 	0x00
280
#define		BPF_ABS		0x20
281
#define		BPF_IND		0x40
282
#define		BPF_MEM		0x60
283
#define		BPF_LEN		0x80
284
#define		BPF_MSH		0xa0
285
/*				0xc0	reserved; used by BSD/OS */
286
/*				0xe0	reserved; used by BSD/OS */
287

288
/* alu/jmp fields */
289
#define BPF_OP(code)	((code) & 0xf0)
290
#define		BPF_ADD		0x00
291
#define		BPF_SUB		0x10
292
#define		BPF_MUL		0x20
293
#define		BPF_DIV		0x30
294
#define		BPF_OR		0x40
295
#define		BPF_AND		0x50
296
#define		BPF_LSH		0x60
297
#define		BPF_RSH		0x70
298
#define		BPF_NEG		0x80
299
#define		BPF_MOD		0x90
300
#define		BPF_XOR		0xa0
301
/*				0xb0	reserved */
302
/*				0xc0	reserved */
303
/*				0xd0	reserved */
304
/*				0xe0	reserved */
305
/*				0xf0	reserved */
306

307
#define		BPF_JA		0x00
308
#define		BPF_JEQ		0x10
309
#define		BPF_JGT		0x20
310
#define		BPF_JGE		0x30
311
#define		BPF_JSET	0x40
312
/*				0x50	reserved; used on BSD/OS */
313
/*				0x60	reserved */
314
/*				0x70	reserved */
315
/*				0x80	reserved */
316
/*				0x90	reserved */
317
/*				0xa0	reserved */
318
/*				0xb0	reserved */
319
/*				0xc0	reserved */
320
/*				0xd0	reserved */
321
/*				0xe0	reserved */
322
/*				0xf0	reserved */
323
#define BPF_SRC(code)	((code) & 0x08)
324
#define		BPF_K		0x00
325
#define		BPF_X		0x08
326

327
/* ret - BPF_K and BPF_X also apply */
328
#define BPF_RVAL(code)	((code) & 0x18)
329
#define		BPF_A		0x10
330
/*				0x18	reserved */
331

332
/* misc */
333
#define BPF_MISCOP(code) ((code) & 0xf8)
334
#define		BPF_TAX		0x00
335
/*				0x08	reserved */
336
/*				0x10	reserved */
337
/*				0x18	reserved */
338
/* #define	BPF_COP		0x20	NetBSD "coprocessor" extensions */
339
/*				0x28	reserved */
340
/*				0x30	reserved */
341
/*				0x38	reserved */
342
/* #define	BPF_COPX	0x40	NetBSD "coprocessor" extensions */
343
/*					also used on BSD/OS */
344
/*				0x48	reserved */
345
/*				0x50	reserved */
346
/*				0x58	reserved */
347
/*				0x60	reserved */
348
/*				0x68	reserved */
349
/*				0x70	reserved */
350
/*				0x78	reserved */
351
#define		BPF_TXA		0x80
352
/*				0x88	reserved */
353
/*				0x90	reserved */
354
/*				0x98	reserved */
355
/*				0xa0	reserved */
356
/*				0xa8	reserved */
357
/*				0xb0	reserved */
358
/*				0xb8	reserved */
359
/*				0xc0	reserved; used on BSD/OS */
360
/*				0xc8	reserved */
361
/*				0xd0	reserved */
362
/*				0xd8	reserved */
363
/*				0xe0	reserved */
364
/*				0xe8	reserved */
365
/*				0xf0	reserved */
366
/*				0xf8	reserved */
367

368
/*
369
 * The instruction data structure.
370
 */
371
struct bpf_insn {
372
	u_short		code;
373
	u_char		jt;
374
	u_char		jf;
375
	bpf_u_int32	k;
376
};
377

378
/*
379
 * Macros for insn array initializers.
380
 */
381
#define BPF_STMT(code, k)		{ (u_short)(code), 0, 0, k }
382
#define BPF_JUMP(code, k, jt, jf)	{ (u_short)(code), jt, jf, k }
383

384
/*
385
 * Structure to retrieve available DLTs for the interface.
386
 */
387
struct bpf_dltlist {
388
	u_int	bfl_len;	/* number of bfd_list array */
389
	u_int	*bfl_list;	/* array of DLTs */
390
};
391

392
#ifdef _KERNEL
393
#ifdef MALLOC_DECLARE
394
MALLOC_DECLARE(M_BPF);
395
#endif
396
#ifdef SYSCTL_DECL
397
SYSCTL_DECL(_net_bpf);
398
#endif
399

400
/*
401
 * Rotate the packet buffers in descriptor d.  Move the store buffer into the
402
 * hold slot, and the free buffer into the store slot.  Zero the length of the
403
 * new store buffer.  Descriptor lock should be held.  One must be careful to
404
 * not rotate the buffers twice, i.e. if fbuf != NULL.
405
 */
406
#define	ROTATE_BUFFERS(d)	do {					\
407
	(d)->bd_hbuf = (d)->bd_sbuf;					\
408
	(d)->bd_hlen = (d)->bd_slen;					\
409
	(d)->bd_sbuf = (d)->bd_fbuf;					\
410
	(d)->bd_slen = 0;						\
411
	(d)->bd_fbuf = NULL;						\
412
	bpf_bufheld(d);							\
413
} while (0)
414

415
/*
416
 * Descriptor associated with each attached hardware interface.
417
 * Part of this structure is exposed to external callers to speed up
418
 * bpf_peers_present() calls.
419
 */
420
struct mbuf;
421
struct bpf_if;
422
struct bif_methods;
423
CK_LIST_HEAD(bpfd_list, bpf_d);
424

425
struct bpf_if *	bpf_attach(const char *, u_int, u_int,
426
	    const struct bif_methods *, void *);
427
void	bpf_detach(struct bpf_if *);
428
void	bpf_vmove(struct bpf_if *bp);
429
void	bpf_bufheld(struct bpf_d *d);
430
int	bpf_validate(const struct bpf_insn *, int);
431
void	bpf_tap(struct bpf_if *, u_char *, u_int);
432
void	bpf_tap_if(struct ifnet *, u_char *, u_int);
433
void	bpf_mtap(struct bpf_if *, struct mbuf *);
434
void	bpf_mtap_if(struct ifnet *, struct mbuf *);
435
void	bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *);
436
void	bpf_mtap2_if(struct ifnet *, void *, u_int, struct mbuf *);
437
void	bpfattach(struct ifnet *, u_int, u_int);
438
void	bpfdetach(struct ifnet *);
439
bool	bpf_peers_present_if(struct ifnet *);
440
#ifdef VIMAGE
441
void	bpf_ifdetach(struct ifnet *);
442
#endif
443

444
void	bpfilterattach(int);
445
u_int	bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int);
446

447
static __inline bool
448
bpf_peers_present(const struct bpf_if *bpf)
449
{
450
	const struct bpfd_list *dlist;
451

452
	dlist = (const struct bpfd_list *)bpf;
453
	return (!CK_LIST_EMPTY(dlist));
454
}
455

456
#define BPF_TAP(_ifp, _pkt, _pktlen)				\
457
	bpf_tap_if((_ifp), (_pkt), (_pktlen))
458
#define BPF_MTAP(_ifp, _m) 					\
459
	bpf_mtap_if((_ifp), (_m))
460
#define BPF_MTAP2(_ifp, _data, _dlen, _m) 			\
461
	bpf_mtap2_if((_ifp), (_data), (_dlen), (_m))
462

463
typedef void		bif_attachd_t(void *);
464
typedef void		bif_detachd_t(void *);
465
typedef bool		bif_chkdir_t(void *, const struct mbuf *, int);
466
typedef int		bif_write_t(void *, struct mbuf *, struct mbuf *, int);
467
typedef uint32_t	bif_wrsize_t(void *);
468
typedef int		bif_promisc_t(void *, bool);
469
typedef int		bif_mac_check_receive_t(void *, struct bpf_d *);
470
struct bif_methods {
471
	bif_attachd_t	*bif_attachd;
472
	bif_detachd_t	*bif_detachd;
473
	bif_chkdir_t	*bif_chkdir;
474
	bif_promisc_t	*bif_promisc;
475
	/* Writable taps shall implement the below methods. */
476
	bif_write_t	*bif_write;
477
	bif_wrsize_t	*bif_wrsize;
478
	bif_mac_check_receive_t *bif_mac_check_receive;
479
};
480

481
/* Ifnet methods implemented in bpf_ifnet.c are shared with net80211. */
482
extern bif_wrsize_t bpf_ifnet_wrsize;
483
extern bif_promisc_t bpf_ifnet_promisc;
484
#endif /* _KERNEL */
485

486
/*
487
 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
488
 */
489
#define BPF_MEMWORDS 16
490

491
/* BPF attach/detach events */
492
typedef void (*bpf_track_fn)(void *, struct ifnet *, int /* dlt */,
493
    int /* 1 =>'s attach */);
494
EVENTHANDLER_DECLARE(bpf_track, bpf_track_fn);
495

496
#endif /* _NET_BPF_H_ */
497

498