1 /* $OpenBSD: bpf.c,v 1.20 2007/01/08 02:51:13 krw Exp $ */
2 /* $DragonFly: src/sbin/dhclient/bpf.c,v 1.2 2008/11/05 14:08:41 sephe Exp $ */
4 /* BPF socket interface code, originally contributed by Archie Cobbs. */
7 * Copyright (c) 1995, 1996, 1998, 1999
8 * The Internet Software Consortium. All rights reserved.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of The Internet Software Consortium nor the names
20 * of its contributors may be used to endorse or promote products derived
21 * from this software without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
24 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
28 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
29 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
31 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
32 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
33 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
34 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * This software has been written for the Internet Software Consortium
38 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
39 * Enterprises. To learn more about the Internet Software Consortium,
40 * see ``http://www.vix.com/isc''. To learn more about Vixie
41 * Enterprises, see ``http://www.vix.com''.
44 #include <sys/ioctl.h>
48 #include <netinet/if_ether.h>
49 #include <netinet/in_systm.h>
50 #include <netinet/ip.h>
51 #include <netinet/udp.h>
56 * Called by get_interface_list for each interface that's discovered.
57 * Opens a packet filter for each interface and adds it to the select
67 * Open a BPF device. Try auto-clone first (newer kernels),
68 * otherwise iterate (older kernels).
70 sock
= open("/dev/bpf", O_RDWR
, 0);
73 snprintf(filename
, sizeof(filename
), "/dev/bpf%d", b
);
74 sock
= open(filename
, O_RDWR
, 0);
79 error("Can't find free bpf: %m");
86 /* Set the BPF device to point at this interface. */
87 if (ioctl(sock
, BIOCSETIF
, ifi
->ifp
) < 0)
88 error("Can't attach interface %s to bpf device %s: %m",
95 if_register_send(void)
100 * If we're using the bpf API for sending and receiving, we
101 * don't need to register this interface twice.
103 ifi
->wfdesc
= ifi
->rfdesc
;
106 * Use raw socket for unicast send.
108 if ((sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_UDP
)) == -1)
109 error("socket(SOCK_RAW): %m");
110 if (setsockopt(sock
, IPPROTO_IP
, IP_HDRINCL
, &on
,
112 error("setsockopt(IP_HDRINCL): %m");
117 * Packet filter program...
119 * XXX: Changes to the filter program may require changes to the
120 * constant offsets used in if_register_send to patch the BPF program!
122 struct bpf_insn dhcp_bpf_filter
[] = {
123 /* Make sure this is an IP packet... */
124 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_ABS
, 12),
125 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, ETHERTYPE_IP
, 0, 8),
127 /* Make sure it's a UDP packet... */
128 BPF_STMT(BPF_LD
+ BPF_B
+ BPF_ABS
, 23),
129 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, IPPROTO_UDP
, 0, 6),
131 /* Make sure this isn't a fragment... */
132 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_ABS
, 20),
133 BPF_JUMP(BPF_JMP
+ BPF_JSET
+ BPF_K
, 0x1fff, 4, 0),
135 /* Get the IP header length... */
136 BPF_STMT(BPF_LDX
+ BPF_B
+ BPF_MSH
, 14),
138 /* Make sure it's to the right port... */
139 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_IND
, 16),
140 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, 67, 0, 1), /* patch */
142 /* If we passed all the tests, ask for the whole packet. */
143 BPF_STMT(BPF_RET
+BPF_K
, (u_int
)-1),
145 /* Otherwise, drop it. */
146 BPF_STMT(BPF_RET
+BPF_K
, 0),
149 int dhcp_bpf_filter_len
= sizeof(dhcp_bpf_filter
) / sizeof(struct bpf_insn
);
152 * Packet write filter program:
153 * 'ip and udp and src port bootps and dst port (bootps or bootpc)'
155 struct bpf_insn dhcp_bpf_wfilter
[] = {
156 BPF_STMT(BPF_LD
+ BPF_B
+ BPF_IND
, 14),
157 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, (IPVERSION
<< 4) + 5, 0, 12),
159 /* Make sure this is an IP packet... */
160 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_ABS
, 12),
161 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, ETHERTYPE_IP
, 0, 10),
163 /* Make sure it's a UDP packet... */
164 BPF_STMT(BPF_LD
+ BPF_B
+ BPF_ABS
, 23),
165 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, IPPROTO_UDP
, 0, 8),
167 /* Make sure this isn't a fragment... */
168 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_ABS
, 20),
169 BPF_JUMP(BPF_JMP
+ BPF_JSET
+ BPF_K
, 0x1fff, 6, 0), /* patched */
171 /* Get the IP header length... */
172 BPF_STMT(BPF_LDX
+ BPF_B
+ BPF_MSH
, 14),
174 /* Make sure it's from the right port... */
175 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_IND
, 14),
176 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, 68, 0, 3),
178 /* Make sure it is to the right ports ... */
179 BPF_STMT(BPF_LD
+ BPF_H
+ BPF_IND
, 16),
180 BPF_JUMP(BPF_JMP
+ BPF_JEQ
+ BPF_K
, 67, 0, 1),
182 /* If we passed all the tests, ask for the whole packet. */
183 BPF_STMT(BPF_RET
+BPF_K
, (u_int
)-1),
185 /* Otherwise, drop it. */
186 BPF_STMT(BPF_RET
+BPF_K
, 0),
189 int dhcp_bpf_wfilter_len
= sizeof(dhcp_bpf_wfilter
) / sizeof(struct bpf_insn
);
192 if_register_receive(void)
194 struct bpf_version v
;
195 struct bpf_program p
;
198 /* Open a BPF device and hang it on this interface... */
199 ifi
->rfdesc
= if_register_bpf();
201 /* Make sure the BPF version is in range... */
202 if (ioctl(ifi
->rfdesc
, BIOCVERSION
, &v
) < 0)
203 error("Can't get BPF version: %m");
205 if (v
.bv_major
!= BPF_MAJOR_VERSION
||
206 v
.bv_minor
< BPF_MINOR_VERSION
)
207 error("Kernel BPF version out of range - recompile dhcpd!");
210 * Set immediate mode so that reads return as soon as a packet
211 * comes in, rather than waiting for the input buffer to fill
214 if (ioctl(ifi
->rfdesc
, BIOCIMMEDIATE
, &flag
) < 0)
215 error("Can't set immediate mode on bpf device: %m");
217 /*if (ioctl(ifi->rfdesc, BIOCSFILDROP, &flag) < 0)
218 error("Can't set filter-drop mode on bpf device: %m");*/
220 /* Get the required BPF buffer length from the kernel. */
221 if (ioctl(ifi
->rfdesc
, BIOCGBLEN
, &sz
) < 0)
222 error("Can't get bpf buffer length: %m");
224 ifi
->rbuf
= malloc(ifi
->rbuf_max
);
226 error("Can't allocate %lu bytes for bpf input buffer.",
227 (unsigned long)ifi
->rbuf_max
);
228 ifi
->rbuf_offset
= 0;
231 /* Set up the bpf filter program structure. */
232 p
.bf_len
= dhcp_bpf_filter_len
;
233 p
.bf_insns
= dhcp_bpf_filter
;
235 /* Patch the server port into the BPF program...
237 * XXX: changes to filter program may require changes to the
238 * insn number(s) used below!
240 dhcp_bpf_filter
[8].k
= LOCAL_PORT
;
242 if (ioctl(ifi
->rfdesc
, BIOCSETF
, &p
) < 0)
243 error("Can't install packet filter program: %m");
245 /* Set up the bpf write filter program structure. */
246 p
.bf_len
= dhcp_bpf_wfilter_len
;
247 p
.bf_insns
= dhcp_bpf_wfilter
;
249 if (dhcp_bpf_wfilter
[7].k
== 0x1fff)
250 dhcp_bpf_wfilter
[7].k
= htons(IP_MF
|IP_OFFMASK
);
252 if (ioctl(ifi
->rfdesc
, BIOCSETWF
, &p
) < 0)
253 error("Can't install write filter program: %m");
255 if (ioctl(ifi
->rfdesc
, BIOCLOCK
, NULL
) < 0)
256 error("Cannot lock bpf");
260 send_packet(struct in_addr from
, struct sockaddr_in
*to
,
261 struct hardware
*hto
)
264 unsigned char buf
[256];
265 struct iovec iov
[IOVCNT
];
267 int result
, bufp
= 0;
269 if (to
->sin_addr
.s_addr
== INADDR_BROADCAST
) {
270 assemble_hw_header(buf
, &bufp
, hto
);
273 assemble_udp_ip_header(buf
, &bufp
, from
.s_addr
,
274 to
->sin_addr
.s_addr
, to
->sin_port
,
275 (unsigned char *)&client
->packet
,
276 client
->packet_length
);
278 iov
[0].iov_base
= (char *)buf
;
279 iov
[0].iov_len
= bufp
;
280 iov
[1].iov_base
= (char *)&client
->packet
;
281 iov
[1].iov_len
= client
->packet_length
;
283 if (to
->sin_addr
.s_addr
== INADDR_BROADCAST
) {
284 result
= writev(ifi
->wfdesc
, iov
, IOVCNT
);
286 struct ip
*ip
= (struct ip
*)buf
;
289 * DragonFly's raw socket expects ip_len/ip_off
290 * in host byte order.
292 ip
->ip_len
= ntohs(ip
->ip_len
);
293 ip
->ip_off
= ntohs(ip
->ip_off
);
295 memset(&msg
, 0, sizeof(msg
));
296 msg
.msg_name
= (struct sockaddr
*)to
;
297 msg
.msg_namelen
= sizeof(*to
);
299 msg
.msg_iovlen
= IOVCNT
;
300 result
= sendmsg(ifi
->ufdesc
, &msg
, 0);
304 warning("send_packet: %m");
309 receive_packet(struct sockaddr_in
*from
, struct hardware
*hfrom
)
311 int length
= 0, offset
= 0;
315 * All this complexity is because BPF doesn't guarantee that
316 * only one packet will be returned at a time. We're getting
317 * what we deserve, though - this is a terrible abuse of the BPF
321 /* Process packets until we get one we can return or until we've
322 * done a read and gotten nothing we can return...
325 /* If the buffer is empty, fill it. */
326 if (ifi
->rbuf_offset
== ifi
->rbuf_len
) {
327 length
= read(ifi
->rfdesc
, ifi
->rbuf
, ifi
->rbuf_max
);
330 ifi
->rbuf_offset
= 0;
331 ifi
->rbuf_len
= BPF_WORDALIGN(length
);
335 * If there isn't room for a whole bpf header, something
336 * went wrong, but we'll ignore it and hope it goes
339 if (ifi
->rbuf_len
- ifi
->rbuf_offset
< sizeof(hdr
)) {
340 ifi
->rbuf_offset
= ifi
->rbuf_len
;
344 /* Copy out a bpf header... */
345 memcpy(&hdr
, &ifi
->rbuf
[ifi
->rbuf_offset
], sizeof(hdr
));
348 * If the bpf header plus data doesn't fit in what's
349 * left of the buffer, stick head in sand yet again...
351 if (ifi
->rbuf_offset
+ hdr
.bh_hdrlen
+ hdr
.bh_caplen
>
353 ifi
->rbuf_offset
= ifi
->rbuf_len
;
358 * If the captured data wasn't the whole packet, or if
359 * the packet won't fit in the input buffer, all we can
362 if (hdr
.bh_caplen
!= hdr
.bh_datalen
) {
363 ifi
->rbuf_offset
= BPF_WORDALIGN(
364 ifi
->rbuf_offset
+ hdr
.bh_hdrlen
+
369 /* Skip over the BPF header... */
370 ifi
->rbuf_offset
+= hdr
.bh_hdrlen
;
372 /* Decode the physical header... */
373 offset
= decode_hw_header(ifi
->rbuf
, ifi
->rbuf_offset
, hfrom
);
376 * If a physical layer checksum failed (dunno of any
377 * physical layer that supports this, but WTH), skip
381 ifi
->rbuf_offset
= BPF_WORDALIGN(
382 ifi
->rbuf_offset
+ hdr
.bh_caplen
);
385 ifi
->rbuf_offset
+= offset
;
386 hdr
.bh_caplen
-= offset
;
388 /* Decode the IP and UDP headers... */
389 offset
= decode_udp_ip_header(ifi
->rbuf
,
390 ifi
->rbuf_offset
, from
, NULL
, hdr
.bh_caplen
);
392 /* If the IP or UDP checksum was bad, skip the packet... */
394 ifi
->rbuf_offset
= BPF_WORDALIGN(
395 ifi
->rbuf_offset
+ hdr
.bh_caplen
);
398 ifi
->rbuf_offset
+= offset
;
399 hdr
.bh_caplen
-= offset
;
402 * If there's not enough room to stash the packet data,
403 * we have to skip it (this shouldn't happen in real
406 if (hdr
.bh_caplen
> sizeof(client
->packet
)) {
407 ifi
->rbuf_offset
= BPF_WORDALIGN(
408 ifi
->rbuf_offset
+ hdr
.bh_caplen
);
412 /* Copy out the data in the packet... */
413 memset(&client
->packet
, DHO_END
, sizeof(client
->packet
));
414 memcpy(&client
->packet
, ifi
->rbuf
+ ifi
->rbuf_offset
,
416 ifi
->rbuf_offset
= BPF_WORDALIGN(ifi
->rbuf_offset
+
418 return (hdr
.bh_caplen
);