1
/*-
2
 * Copyright (c) 2016 Yandex LLC
3
 * Copyright (c) 2016 Andrey V. Elsukov <[email protected]>
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 *
14
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24
 * SUCH DAMAGE.
25
 */
26

27
#include <sys/param.h>
28
#include <sys/systm.h>
29
#include <sys/mbuf.h>
30
#include <sys/kernel.h>
31
#include <sys/lock.h>
32
#include <sys/socket.h>
33
#include <net/ethernet.h>
34
#include <net/if.h>
35
#include <net/if_pflog.h>
36
#include <net/if_var.h>
37
#include <net/if_clone.h>
38
#include <net/if_private.h>
39
#include <net/if_types.h>
40
#include <net/vnet.h>
41
#include <net/bpf.h>
42

43
#include <netinet/in.h>
44
#include <netinet/ip_fw.h>
45
#include <netinet/ip_var.h>
46
#include <netpfil/ipfw/ip_fw_private.h>
47

48
VNET_DEFINE_STATIC(struct ifnet *, log_if);
49
VNET_DEFINE_STATIC(struct ifnet *, pflog_if);
50
VNET_DEFINE_STATIC(struct if_clone *, ipfw_cloner);
51
VNET_DEFINE_STATIC(struct if_clone *, ipfwlog_cloner);
52
#define	V_ipfw_cloner		VNET(ipfw_cloner)
53
#define	V_ipfwlog_cloner	VNET(ipfwlog_cloner)
54
#define	V_log_if		VNET(log_if)
55
#define	V_pflog_if		VNET(pflog_if)
56

57
static const char ipfwname[] = "ipfw";
58
static const char ipfwlogname[] = "ipfwlog";
59

60
static int
61
ipfw_bpf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr)
62
{
63

64
	return (EINVAL);
65
}
66

67
static int
68
ipfw_bpf_output(struct ifnet *ifp, struct mbuf *m,
69
	const struct sockaddr *dst, struct route *ro)
70
{
71

72
	if (m != NULL)
73
		FREE_PKT(m);
74
	return (0);
75
}
76

77
static void
78
ipfw_clone_destroy(struct ifnet *ifp)
79
{
80

81
	if (ifp->if_hdrlen == ETHER_HDR_LEN)
82
		V_log_if = NULL;
83
	else
84
		V_pflog_if = NULL;
85

86
	NET_EPOCH_WAIT();
87
	bpfdetach(ifp);
88
	if_detach(ifp);
89
	if_free(ifp);
90
}
91

92
static int
93
ipfw_clone_create(struct if_clone *ifc, int unit, caddr_t params)
94
{
95
	struct ifnet *ifp;
96

97
	ifp = if_alloc(IFT_PFLOG);
98
	if_initname(ifp, ipfwname, unit);
99
	ifp->if_flags = IFF_UP | IFF_SIMPLEX | IFF_MULTICAST;
100
	ifp->if_mtu = 65536;
101
	ifp->if_ioctl = ipfw_bpf_ioctl;
102
	ifp->if_output = ipfw_bpf_output;
103
	ifp->if_hdrlen = ETHER_HDR_LEN;
104
	if_attach(ifp);
105
	bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN);
106
	if (V_log_if != NULL) {
107
		bpfdetach(ifp);
108
		if_detach(ifp);
109
		if_free(ifp);
110
		return (EEXIST);
111
	}
112
	V_log_if = ifp;
113
	return (0);
114
}
115

116
static int
117
ipfwlog_clone_create(struct if_clone *ifc, int unit, caddr_t params)
118
{
119
	struct ifnet *ifp;
120

121
	ifp = if_alloc(IFT_PFLOG);
122
	if_initname(ifp, ipfwlogname, unit);
123
	ifp->if_flags = IFF_UP | IFF_SIMPLEX | IFF_MULTICAST;
124
	ifp->if_mtu = 65536;
125
	ifp->if_ioctl = ipfw_bpf_ioctl;
126
	ifp->if_output = ipfw_bpf_output;
127
	ifp->if_hdrlen = PFLOG_HDRLEN;
128
	if_attach(ifp);
129
	bpfattach(ifp, DLT_PFLOG, PFLOG_HDRLEN);
130
	if (V_pflog_if != NULL) {
131
		bpfdetach(ifp);
132
		if_detach(ifp);
133
		if_free(ifp);
134
		return (EEXIST);
135
	}
136
	V_pflog_if = ifp;
137
	return (0);
138
}
139

140
void
141
ipfw_bpf_tap(u_char *pkt, u_int pktlen)
142
{
143
	struct ifnet *ifp = V_log_if;
144

145
	NET_EPOCH_ASSERT();
146
	if (ifp != NULL)
147
		BPF_TAP(ifp, pkt, pktlen);
148
}
149

150
void
151
ipfw_bpf_mtap(struct mbuf *m)
152
{
153
	struct ifnet *ifp = V_log_if;
154

155
	NET_EPOCH_ASSERT();
156
	if (ifp != NULL)
157
		BPF_MTAP(ifp, m);
158
}
159

160
void
161
ipfw_bpf_mtap2(void *data, u_int dlen, struct mbuf *m)
162
{
163
	struct ifnet *logif;
164

165
	NET_EPOCH_ASSERT();
166
	switch (dlen) {
167
	case (ETHER_HDR_LEN):
168
		logif = V_log_if;
169
		break;
170
	case (PFLOG_HDRLEN):
171
		logif = V_pflog_if;
172
		break;
173
	default:
174
#ifdef INVARIANTS
175
		panic("%s: unsupported len %d", __func__, dlen);
176
#endif
177
		logif = NULL;
178
	}
179

180
	if (logif != NULL)
181
		BPF_MTAP2(logif, data, dlen, m);
182
}
183

184
void
185
ipfw_bpf_init(int first __unused)
186
{
187

188
	V_log_if = NULL;
189
	V_pflog_if = NULL;
190
	V_ipfw_cloner = if_clone_simple(ipfwname, ipfw_clone_create,
191
	    ipfw_clone_destroy, 0);
192
	V_ipfwlog_cloner = if_clone_simple(ipfwlogname, ipfwlog_clone_create,
193
	    ipfw_clone_destroy, 0);
194
}
195

196
void
197
ipfw_bpf_uninit(int last __unused)
198
{
199

200
	if_clone_detach(V_ipfw_cloner);
201
	if_clone_detach(V_ipfwlog_cloner);
202
}
203

204