master
1/* $NetBSD: bpf.h,v 1.78.4.1 2023/09/13 09:50:50 martin Exp $ */
2
3/*
4 * Copyright (c) 1990, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from the Stanford/CMU enet packet filter,
8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Berkeley Laboratory.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)bpf.h 8.2 (Berkeley) 1/9/95
37 * @(#) Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp (LBL)
38 */
39
40#ifndef _NET_BPF_H_
41#define _NET_BPF_H_
42
43#include <sys/ioccom.h>
44#include <sys/time.h>
45
46/* BSD style release date */
47#define BPF_RELEASE 199606
48
49/* Date when COP instructions and external memory have been released. */
50#define BPF_COP_EXTMEM_RELEASE 20140624
51
52__BEGIN_DECLS
53
54typedef int bpf_int32;
55typedef u_int bpf_u_int32;
56
57/*
58 * Alignment macros. BPF_WORDALIGN rounds up to the next
59 * even multiple of BPF_ALIGNMENT.
60 */
61#define BPF_ALIGNMENT sizeof(long)
62#define BPF_ALIGNMENT32 sizeof(int)
63
64#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
65#define BPF_WORDALIGN32(x) (((x)+(BPF_ALIGNMENT32-1))&~(BPF_ALIGNMENT32-1))
66
67#define BPF_MAXINSNS 512
68#define BPF_DFLTBUFSIZE (1024*1024) /* default static upper limit */
69#define BPF_MAXBUFSIZE (1024*1024*16) /* hard limit on sysctl'able value */
70#define BPF_MINBUFSIZE 32
71
72/*
73 * Structure for BIOCSETF.
74 */
75struct bpf_program {
76 u_int bf_len;
77 struct bpf_insn *bf_insns;
78};
79
80/*
81 * Struct returned by BIOCGSTATS and net.bpf.stats sysctl.
82 */
83struct bpf_stat {
84 uint64_t bs_recv; /* number of packets received */
85 uint64_t bs_drop; /* number of packets dropped */
86 uint64_t bs_capt; /* number of packets captured */
87 uint64_t bs_padding[13];
88};
89
90/*
91 * Struct returned by BIOCGSTATSOLD.
92 */
93struct bpf_stat_old {
94 u_int bs_recv; /* number of packets received */
95 u_int bs_drop; /* number of packets dropped */
96};
97
98/*
99 * Struct return by BIOCVERSION. This represents the version number of
100 * the filter language described by the instruction encodings below.
101 * bpf understands a program iff kernel_major == filter_major &&
102 * kernel_minor >= filter_minor, that is, if the value returned by the
103 * running kernel has the same major number and a minor number equal
104 * equal to or less than the filter being downloaded. Otherwise, the
105 * results are undefined, meaning an error may be returned or packets
106 * may be accepted haphazardly.
107 * It has nothing to do with the source code version.
108 */
109struct bpf_version {
110 u_short bv_major;
111 u_short bv_minor;
112};
113/* Current version number of filter architecture. */
114#define BPF_MAJOR_VERSION 1
115#define BPF_MINOR_VERSION 1
116
117/*
118 * BPF ioctls
119 *
120 * The first set is for compatibility with Sun's pcc style
121 * header files. If your using gcc, we assume that you
122 * have run fixincludes so the latter set should work.
123 */
124#define BIOCGBLEN _IOR('B', 102, u_int)
125#define BIOCSBLEN _IOWR('B', 102, u_int)
126#define BIOCSETF _IOW('B', 103, struct bpf_program)
127#define BIOCFLUSH _IO('B', 104)
128#define BIOCPROMISC _IO('B', 105)
129#define BIOCGDLT _IOR('B', 106, u_int)
130#define BIOCGETIF _IOR('B', 107, struct ifreq)
131#define BIOCSETIF _IOW('B', 108, struct ifreq)
132#ifdef COMPAT_50
133#include <compat/sys/time.h>
134#define BIOCSORTIMEOUT _IOW('B', 109, struct timeval50)
135#define BIOCGORTIMEOUT _IOR('B', 110, struct timeval50)
136#endif
137#define BIOCGSTATS _IOR('B', 111, struct bpf_stat)
138#define BIOCGSTATSOLD _IOR('B', 111, struct bpf_stat_old)
139#define BIOCIMMEDIATE _IOW('B', 112, u_int)
140#define BIOCVERSION _IOR('B', 113, struct bpf_version)
141#define BIOCSTCPF _IOW('B', 114, struct bpf_program)
142#define BIOCSUDPF _IOW('B', 115, struct bpf_program)
143#define BIOCGHDRCMPLT _IOR('B', 116, u_int)
144#define BIOCSHDRCMPLT _IOW('B', 117, u_int)
145#define BIOCSDLT _IOW('B', 118, u_int)
146#define BIOCGDLTLIST _IOWR('B', 119, struct bpf_dltlist)
147#define BIOCGDIRECTION _IOR('B', 120, u_int)
148#define BIOCSDIRECTION _IOW('B', 121, u_int)
149#define BIOCSRTIMEOUT _IOW('B', 122, struct timeval)
150#define BIOCGRTIMEOUT _IOR('B', 123, struct timeval)
151#define BIOCGFEEDBACK _IOR('B', 124, u_int)
152#define BIOCSFEEDBACK _IOW('B', 125, u_int)
153#define BIOCFEEDBACK BIOCSFEEDBACK /* FreeBSD name */
154#define BIOCLOCK _IO('B', 126)
155#define BIOCSETWF _IOW('B', 127, struct bpf_program)
156
157/* Obsolete */
158#define BIOCGSEESENT BIOCGDIRECTION
159#define BIOCSSEESENT BIOCSDIRECTION
160
161/*
162 * Packet directions.
163 * BPF_D_IN = 0, BPF_D_INOUT =1 for backward compatibility of BIOC[GS]SEESENT.
164 */
165#define BPF_D_IN 0 /* See incoming packets */
166#define BPF_D_INOUT 1 /* See incoming and outgoing packets */
167#define BPF_D_OUT 2 /* See outgoing packets */
168
169/*
170 * Structure prepended to each packet. This is "wire" format, so we
171 * cannot change it unfortunately to 64 bit times on 32 bit systems [yet].
172 */
173struct bpf_timeval {
174 long tv_sec;
175 long tv_usec;
176};
177
178struct bpf_timeval32 {
179 int32_t tv_sec;
180 int32_t tv_usec;
181};
182
183struct bpf_hdr {
184 struct bpf_timeval bh_tstamp; /* time stamp */
185 uint32_t bh_caplen; /* length of captured portion */
186 uint32_t bh_datalen; /* original length of packet */
187 uint16_t bh_hdrlen; /* length of bpf header (this struct
188 plus alignment padding) */
189};
190
191struct bpf_hdr32 {
192 struct bpf_timeval32 bh_tstamp; /* time stamp */
193 uint32_t bh_caplen; /* length of captured portion */
194 uint32_t bh_datalen; /* original length of packet */
195 uint16_t bh_hdrlen; /* length of bpf header (this struct
196 plus alignment padding) */
197};
198/*
199 * Because the structure above is not a multiple of 4 bytes, some compilers
200 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
201 * Only the kernel needs to know about it; applications use bh_hdrlen.
202 * XXX To save a few bytes on 32-bit machines, we avoid end-of-struct
203 * XXX padding by using the size of the header data elements. This is
204 * XXX fail-safe: on new machines, we just use the 'safe' sizeof.
205 */
206#ifdef _KERNEL
207#if defined(__mips64)
208#define SIZEOF_BPF_HDR sizeof(struct bpf_hdr)
209#define SIZEOF_BPF_HDR32 18
210#elif defined(__arm32__) || defined(__i386__) || defined(__m68k__) || \
211 defined(__mips__) || defined(__ns32k__) || defined(__vax__) || \
212 defined(__sh__) || (defined(__sparc__) && !defined(__sparc64__))
213#define SIZEOF_BPF_HDR 18
214#define SIZEOF_BPF_HDR32 18
215#else
216#define SIZEOF_BPF_HDR sizeof(struct bpf_hdr)
217#define SIZEOF_BPF_HDR32 sizeof(struct bpf_hdr32)
218#endif
219#endif
220
221/* Pull in data-link level type codes. */
222#include <net/dlt.h>
223
224/*
225 * The instruction encodings.
226 */
227/* instruction classes */
228#define BPF_CLASS(code) ((code) & 0x07)
229#define BPF_LD 0x00
230#define BPF_LDX 0x01
231#define BPF_ST 0x02
232#define BPF_STX 0x03
233#define BPF_ALU 0x04
234#define BPF_JMP 0x05
235#define BPF_RET 0x06
236#define BPF_MISC 0x07
237
238/* ld/ldx fields */
239#define BPF_SIZE(code) ((code) & 0x18)
240#define BPF_W 0x00
241#define BPF_H 0x08
242#define BPF_B 0x10
243/* 0x18 reserved; used by BSD/OS */
244#define BPF_MODE(code) ((code) & 0xe0)
245#define BPF_IMM 0x00
246#define BPF_ABS 0x20
247#define BPF_IND 0x40
248#define BPF_MEM 0x60
249#define BPF_LEN 0x80
250#define BPF_MSH 0xa0
251/* 0xc0 reserved; used by BSD/OS */
252/* 0xe0 reserved; used by BSD/OS */
253
254/* alu/jmp fields */
255#define BPF_OP(code) ((code) & 0xf0)
256#define BPF_ADD 0x00
257#define BPF_SUB 0x10
258#define BPF_MUL 0x20
259#define BPF_DIV 0x30
260#define BPF_OR 0x40
261#define BPF_AND 0x50
262#define BPF_LSH 0x60
263#define BPF_RSH 0x70
264#define BPF_NEG 0x80
265#define BPF_MOD 0x90
266#define BPF_XOR 0xa0
267/* 0xb0 reserved */
268/* 0xc0 reserved */
269/* 0xd0 reserved */
270/* 0xe0 reserved */
271/* 0xf0 reserved */
272#define BPF_JA 0x00
273#define BPF_JEQ 0x10
274#define BPF_JGT 0x20
275#define BPF_JGE 0x30
276#define BPF_JSET 0x40
277/* 0x50 reserved; used by BSD/OS */
278/* 0x60 reserved */
279/* 0x70 reserved */
280/* 0x80 reserved */
281/* 0x90 reserved */
282/* 0xa0 reserved */
283/* 0xb0 reserved */
284/* 0xc0 reserved */
285/* 0xd0 reserved */
286/* 0xe0 reserved */
287/* 0xf0 reserved */
288#define BPF_SRC(code) ((code) & 0x08)
289#define BPF_K 0x00
290#define BPF_X 0x08
291
292/* ret - BPF_K and BPF_X also apply */
293#define BPF_RVAL(code) ((code) & 0x18)
294#define BPF_A 0x10
295/* 0x18 reserved */
296
297/* misc */
298#define BPF_MISCOP(code) ((code) & 0xf8)
299#define BPF_TAX 0x00
300/* 0x10 reserved */
301/* 0x18 reserved */
302#define BPF_COP 0x20
303/* 0x28 reserved */
304/* 0x30 reserved */
305/* 0x38 reserved */
306#define BPF_COPX 0x40 /* XXX: also used by BSD/OS */
307/* 0x48 reserved */
308/* 0x50 reserved */
309/* 0x58 reserved */
310/* 0x60 reserved */
311/* 0x68 reserved */
312/* 0x70 reserved */
313/* 0x78 reserved */
314#define BPF_TXA 0x80
315/* 0x88 reserved */
316/* 0x90 reserved */
317/* 0x98 reserved */
318/* 0xa0 reserved */
319/* 0xa8 reserved */
320/* 0xb0 reserved */
321/* 0xb8 reserved */
322/* 0xc0 reserved; used by BSD/OS */
323/* 0xc8 reserved */
324/* 0xd0 reserved */
325/* 0xd8 reserved */
326/* 0xe0 reserved */
327/* 0xe8 reserved */
328/* 0xf0 reserved */
329/* 0xf8 reserved */
330
331/*
332 * The instruction data structure.
333 */
334struct bpf_insn {
335 uint16_t code;
336 u_char jt;
337 u_char jf;
338 uint32_t k;
339};
340
341/*
342 * Auxiliary data, for use when interpreting a filter intended for the
343 * Linux kernel when the kernel rejects the filter (requiring us to
344 * run it in userland). It contains VLAN tag information.
345 */
346struct bpf_aux_data {
347 u_short vlan_tag_present;
348 u_short vlan_tag;
349};
350
351/*
352 * Macros for insn array initializers.
353 */
354#define BPF_STMT(code, k) { (uint16_t)(code), 0, 0, k }
355#define BPF_JUMP(code, k, jt, jf) { (uint16_t)(code), jt, jf, k }
356
357/*
358 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
359 */
360#define BPF_MEMWORDS 16
361
362/*
363 * bpf_memword_init_t: bits indicate which words in the external memory
364 * store will be initialised by the caller before BPF program execution.
365 */
366typedef uint32_t bpf_memword_init_t;
367#define BPF_MEMWORD_INIT(k) (UINT32_C(1) << (k))
368
369/* Note: two most significant bits are reserved by bpfjit. */
370__CTASSERT(BPF_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY);
371
372#ifdef _KERNEL
373/*
374 * Max number of external memory words (for BPF_LD|BPF_MEM and BPF_ST).
375 */
376#define BPF_MAX_MEMWORDS 30
377
378__CTASSERT(BPF_MAX_MEMWORDS >= BPF_MEMWORDS);
379__CTASSERT(BPF_MAX_MEMWORDS + 2 <= sizeof(bpf_memword_init_t) * NBBY);
380#endif
381
382/*
383 * Structure to retrieve available DLTs for the interface.
384 */
385struct bpf_dltlist {
386 u_int bfl_len; /* number of bfd_list array */
387 u_int *bfl_list; /* array of DLTs */
388};
389
390struct bpf_ctx;
391typedef struct bpf_ctx bpf_ctx_t;
392
393typedef struct bpf_args {
394 const uint8_t * pkt;
395 size_t wirelen;
396 size_t buflen;
397 /*
398 * The following arguments are used only by some kernel
399 * subsystems.
400 * They aren't required for classical bpf filter programs.
401 * For such programs, bpfjit generated code doesn't read
402 * those arguments at all. Note however that bpf interpreter
403 * always needs a pointer to memstore.
404 */
405 uint32_t * mem; /* pointer to external memory store */
406 void * arg; /* auxiliary argument for a copfunc */
407} bpf_args_t;
408
409#if defined(_KERNEL) || defined(__BPF_PRIVATE)
410
411typedef uint32_t (*bpf_copfunc_t)(const bpf_ctx_t *, bpf_args_t *, uint32_t);
412
413struct bpf_ctx {
414 /*
415 * BPF coprocessor functions and the number of them.
416 */
417 const bpf_copfunc_t * copfuncs;
418 size_t nfuncs;
419
420 /*
421 * The number of memory words in the external memory store.
422 * There may be up to BPF_MAX_MEMWORDS words; if zero is set,
423 * then the internal memory store is used which has a fixed
424 * number of words (BPF_MEMWORDS).
425 */
426 size_t extwords;
427
428 /*
429 * The bitmask indicating which words in the external memstore
430 * will be initialised by the caller.
431 */
432 bpf_memword_init_t preinited;
433};
434#endif
435
436#ifdef _KERNEL
437#include <net/bpfjit.h>
438#include <net/if.h>
439
440struct bpf_if;
441
442struct bpf_ops {
443 void (*bpf_attach)(struct ifnet *, u_int, u_int, struct bpf_if **);
444 void (*bpf_detach)(struct ifnet *);
445 void (*bpf_change_type)(struct ifnet *, u_int, u_int);
446
447 void (*bpf_mtap)(struct bpf_if *, struct mbuf *, u_int);
448 void (*bpf_mtap2)(struct bpf_if *, void *, u_int, struct mbuf *,
449 u_int);
450 void (*bpf_mtap_af)(struct bpf_if *, uint32_t, struct mbuf *, u_int);
451 void (*bpf_mtap_sl_in)(struct bpf_if *, u_char *, struct mbuf **);
452 void (*bpf_mtap_sl_out)(struct bpf_if *, u_char *, struct mbuf *);
453
454 void (*bpf_mtap_softint_init)(struct ifnet *);
455 void (*bpf_mtap_softint)(struct ifnet *, struct mbuf *);
456
457 int (*bpf_register_track_event)(struct bpf_if **,
458 void (*)(struct bpf_if *, struct ifnet *, int, int));
459 int (*bpf_deregister_track_event)(struct bpf_if **,
460 void (*)(struct bpf_if *, struct ifnet *, int, int));
461};
462
463extern struct bpf_ops *bpf_ops;
464
465static __inline void
466bpf_attach(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen)
467{
468 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, &_ifp->if_bpf);
469}
470
471static __inline void
472bpf_attach2(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen, struct bpf_if **_dp)
473{
474 bpf_ops->bpf_attach(_ifp, _dlt, _hdrlen, _dp);
475}
476
477static __inline void
478bpf_mtap(struct ifnet *_ifp, struct mbuf *_m, u_int _direction)
479{
480 if (_ifp->if_bpf) {
481 if (_ifp->if_bpf_mtap) {
482 _ifp->if_bpf_mtap(_ifp->if_bpf, _m, _direction);
483 } else {
484 bpf_ops->bpf_mtap(_ifp->if_bpf, _m, _direction);
485 }
486 }
487}
488
489static __inline void
490bpf_mtap2(struct bpf_if *_bpf, void *_data, u_int _dlen, struct mbuf *_m,
491 u_int _direction)
492{
493 bpf_ops->bpf_mtap2(_bpf, _data, _dlen, _m, _direction);
494}
495
496static __inline void
497bpf_mtap3(struct bpf_if *_bpf, struct mbuf *_m, u_int _direction)
498{
499 if (_bpf)
500 bpf_ops->bpf_mtap(_bpf, _m, _direction);
501}
502
503static __inline void
504bpf_mtap_af(struct ifnet *_ifp, uint32_t _af, struct mbuf *_m,
505 u_int _direction)
506{
507 if (_ifp->if_bpf)
508 bpf_ops->bpf_mtap_af(_ifp->if_bpf, _af, _m, _direction);
509}
510
511static __inline void
512bpf_change_type(struct ifnet *_ifp, u_int _dlt, u_int _hdrlen)
513{
514 bpf_ops->bpf_change_type(_ifp, _dlt, _hdrlen);
515}
516
517static __inline bool
518bpf_peers_present(struct bpf_if *dp)
519{
520 /*
521 * Our code makes sure the driver visible pointer is NULL
522 * whenever there is no listener on this tap.
523 */
524 return dp != NULL;
525}
526
527static __inline void
528bpf_detach(struct ifnet *_ifp)
529{
530 bpf_ops->bpf_detach(_ifp);
531}
532
533static __inline void
534bpf_mtap_sl_in(struct ifnet *_ifp, u_char *_hdr, struct mbuf **_m)
535{
536 bpf_ops->bpf_mtap_sl_in(_ifp->if_bpf, _hdr, _m);
537}
538
539static __inline void
540bpf_mtap_sl_out(struct ifnet *_ifp, u_char *_hdr, struct mbuf *_m)
541{
542 if (_ifp->if_bpf)
543 bpf_ops->bpf_mtap_sl_out(_ifp->if_bpf, _hdr, _m);
544}
545
546static __inline void
547bpf_mtap_softint_init(struct ifnet *_ifp)
548{
549
550 bpf_ops->bpf_mtap_softint_init(_ifp);
551}
552
553static __inline void
554bpf_mtap_softint(struct ifnet *_ifp, struct mbuf *_m)
555{
556
557 if (_ifp->if_bpf)
558 bpf_ops->bpf_mtap_softint(_ifp, _m);
559}
560
561static __inline int
562bpf_register_track_event(struct bpf_if **_dp,
563 void (*_fun)(struct bpf_if *, struct ifnet *, int, int))
564{
565 if (bpf_ops->bpf_register_track_event == NULL)
566 return ENXIO;
567 return bpf_ops->bpf_register_track_event(_dp, _fun);
568}
569
570static __inline int
571bpf_deregister_track_event(struct bpf_if **_dp,
572 void (*_fun)(struct bpf_if *, struct ifnet *, int, int))
573{
574 if (bpf_ops->bpf_deregister_track_event == NULL)
575 return ENXIO;
576 return bpf_ops->bpf_deregister_track_event(_dp, _fun);
577}
578
579void bpf_setops(void);
580
581void bpf_ops_handover_enter(struct bpf_ops *);
582void bpf_ops_handover_exit(void);
583
584void bpfilterattach(int);
585
586bpf_ctx_t *bpf_create(void);
587void bpf_destroy(bpf_ctx_t *);
588
589int bpf_set_cop(bpf_ctx_t *, const bpf_copfunc_t *, size_t);
590int bpf_set_extmem(bpf_ctx_t *, size_t, bpf_memword_init_t);
591u_int bpf_filter_ext(const bpf_ctx_t *, const struct bpf_insn *, bpf_args_t *);
592int bpf_validate_ext(const bpf_ctx_t *, const struct bpf_insn *, int);
593
594bpfjit_func_t bpf_jit_generate(bpf_ctx_t *, void *, size_t);
595void bpf_jit_freecode(bpfjit_func_t);
596
597#endif
598
599int bpf_validate(const struct bpf_insn *, int);
600u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
601
602u_int bpf_filter_with_aux_data(const struct bpf_insn *, const u_char *, u_int, u_int, const struct bpf_aux_data *);
603
604/*
605 * events to be tracked by bpf_register_track_event callbacks
606 */
607#define BPF_TRACK_EVENT_ATTACH 1
608#define BPF_TRACK_EVENT_DETACH 2
609
610
611__END_DECLS
612
613#endif /* !_NET_BPF_H_ */