summaryrefslogtreecommitdiffstats
path: root/sys/netgraph/ng_bpf.c
diff options
context:
space:
mode:
authorarchie <archie@FreeBSD.org>1999-12-03 21:21:49 +0000
committerarchie <archie@FreeBSD.org>1999-12-03 21:21:49 +0000
commit1edd13e295e6ccc9fabae6f5d194ea28e5360dd6 (patch)
tree88a42530b337289bae509596b18b3655989a24c9 /sys/netgraph/ng_bpf.c
parent2bb264d4df9f7a0124b3916344d7be225c4dda75 (diff)
downloadFreeBSD-src-1edd13e295e6ccc9fabae6f5d194ea28e5360dd6.zip
FreeBSD-src-1edd13e295e6ccc9fabae6f5d194ea28e5360dd6.tar.gz
New netgraph node type, ng_bpf(8). This node type allows you to
apply bpf(4) filters to data travelling through a netgraph network.
Diffstat (limited to 'sys/netgraph/ng_bpf.c')
-rw-r--r--sys/netgraph/ng_bpf.c501
1 files changed, 501 insertions, 0 deletions
diff --git a/sys/netgraph/ng_bpf.c b/sys/netgraph/ng_bpf.c
new file mode 100644
index 0000000..7b0e80c
--- /dev/null
+++ b/sys/netgraph/ng_bpf.c
@@ -0,0 +1,501 @@
+
+/*
+ * ng_bpf.c
+ *
+ * Copyright (c) 1999 Whistle Communications, Inc.
+ * All rights reserved.
+ *
+ * Subject to the following obligations and disclaimer of warranty, use and
+ * redistribution of this software, in source or object code forms, with or
+ * without modifications are expressly permitted by Whistle Communications;
+ * provided, however, that:
+ * 1. Any and all reproductions of the source or object code must include the
+ * copyright notice above and the following disclaimer of warranties; and
+ * 2. No rights are granted, in any manner or form, to use Whistle
+ * Communications, Inc. trademarks, including the mark "WHISTLE
+ * COMMUNICATIONS" on advertising, endorsements, or otherwise except as
+ * such appears in the above copyright notice or in the software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
+ * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
+ * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
+ * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
+ * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANBPF, OR MAKE ANY
+ * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
+ * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
+ * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
+ * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
+ * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Archie Cobbs <archie@whistle.com>
+ *
+ * $FreeBSD$
+ * $Whistle: ng_bpf.c,v 1.3 1999/12/03 20:30:23 archie Exp $
+ */
+
+/*
+ * BPF NETGRAPH NODE TYPE
+ *
+ * This node type accepts any number of hook connections. With each hook
+ * is associated a bpf(4) filter program, and two hook names (each possibly
+ * the empty string). Incoming packets are compared against the filter;
+ * matching packets are delivered out the first named hook (or dropped if
+ * the empty string), and non-matching packets are delivered out the second
+ * named hook (or dropped if the empty string).
+ *
+ * Each hook also keeps statistics about how many packets have matched, etc.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/errno.h>
+#include <sys/kernel.h>
+#include <sys/malloc.h>
+#include <sys/mbuf.h>
+
+#include <net/bpf.h>
+
+#include <netgraph/ng_message.h>
+#include <netgraph/netgraph.h>
+#include <netgraph/ng_parse.h>
+#include <netgraph/ng_bpf.h>
+
+#define OFFSETOF(s, e) ((char *)&((s *)0)->e - (char *)((s *)0))
+
+#define ERROUT(x) do { error = (x); goto done; } while (0)
+
+/* Per hook private info */
+struct ng_bpf_hookinfo {
+ node_p node;
+ hook_p hook;
+ struct ng_bpf_hookprog *prog;
+ struct ng_bpf_hookstat stats;
+};
+typedef struct ng_bpf_hookinfo *hinfo_p;
+
+/* Netgraph methods */
+static ng_constructor_t ng_bpf_constructor;
+static ng_rcvmsg_t ng_bpf_rcvmsg;
+static ng_shutdown_t ng_bpf_rmnode;
+static ng_newhook_t ng_bpf_newhook;
+static ng_rcvdata_t ng_bpf_rcvdata;
+static ng_disconnect_t ng_bpf_disconnect;
+
+/* Internal helper functions */
+static int ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp);
+
+/* Parse type for one struct bfp_insn */
+static const struct ng_parse_struct_info ng_bpf_insn_type_info = {
+ {
+ { "code", &ng_parse_int16_type },
+ { "jt", &ng_parse_int8_type },
+ { "jf", &ng_parse_int8_type },
+ { "k", &ng_parse_int32_type },
+ { NULL }
+ }
+};
+static const struct ng_parse_type ng_bpf_insn_type = {
+ &ng_parse_struct_type,
+ &ng_bpf_insn_type_info
+};
+
+/* Parse type for the field 'bpf_prog' in struct ng_bpf_hookprog */
+static int
+ng_bpf_hookprogary_getLength(const struct ng_parse_type *type,
+ const u_char *start, const u_char *buf)
+{
+ const struct ng_bpf_hookprog *hp;
+
+ hp = (const struct ng_bpf_hookprog *)
+ (buf - OFFSETOF(struct ng_bpf_hookprog, bpf_prog));
+ return hp->bpf_prog_len;
+}
+
+static const struct ng_parse_array_info ng_bpf_hookprogary_info = {
+ &ng_bpf_insn_type,
+ &ng_bpf_hookprogary_getLength,
+ NULL
+};
+static const struct ng_parse_type ng_bpf_hookprogary_type = {
+ &ng_parse_array_type,
+ &ng_bpf_hookprogary_info
+};
+
+/* Parse type for struct ng_bpf_hookprog */
+static const struct ng_parse_struct_info ng_bpf_hookprog_type_info
+ = NG_BPF_HOOKPROG_TYPE_INFO(&ng_bpf_hookprogary_type);
+static const struct ng_parse_type ng_bpf_hookprog_type = {
+ &ng_parse_struct_type,
+ &ng_bpf_hookprog_type_info
+};
+
+/* Parse type for struct ng_bpf_hookstat */
+static const struct ng_parse_struct_info
+ ng_bpf_hookstat_type_info = NG_BPF_HOOKSTAT_TYPE_INFO;
+static const struct ng_parse_type ng_bpf_hookstat_type = {
+ &ng_parse_struct_type,
+ &ng_bpf_hookstat_type_info
+};
+
+/* List of commands and how to convert arguments to/from ASCII */
+static const struct ng_cmdlist ng_bpf_cmdlist[] = {
+ {
+ NGM_BPF_COOKIE,
+ NGM_BPF_SET_PROGRAM,
+ "setprogram",
+ &ng_bpf_hookprog_type,
+ NULL
+ },
+ {
+ NGM_BPF_COOKIE,
+ NGM_BPF_GET_PROGRAM,
+ "getprogram",
+ &ng_parse_hookbuf_type,
+ &ng_bpf_hookprog_type
+ },
+ {
+ NGM_BPF_COOKIE,
+ NGM_BPF_GET_STATS,
+ "getstats",
+ &ng_parse_hookbuf_type,
+ &ng_bpf_hookstat_type
+ },
+ {
+ NGM_BPF_COOKIE,
+ NGM_BPF_CLR_STATS,
+ "clrstats",
+ &ng_parse_hookbuf_type,
+ NULL
+ },
+ {
+ NGM_BPF_COOKIE,
+ NGM_BPF_GETCLR_STATS,
+ "getclrstats",
+ &ng_parse_hookbuf_type,
+ &ng_bpf_hookstat_type
+ },
+ { 0 }
+};
+
+/* Netgraph type descriptor */
+static struct ng_type typestruct = {
+ NG_VERSION,
+ NG_BPF_NODE_TYPE,
+ NULL,
+ ng_bpf_constructor,
+ ng_bpf_rcvmsg,
+ ng_bpf_rmnode,
+ ng_bpf_newhook,
+ NULL,
+ NULL,
+ ng_bpf_rcvdata,
+ ng_bpf_rcvdata,
+ ng_bpf_disconnect,
+ ng_bpf_cmdlist
+};
+NETGRAPH_INIT(bpf, &typestruct);
+
+/* Default BPF program for a hook that matches nothing */
+static const struct ng_bpf_hookprog ng_bpf_default_prog = {
+ { '\0' }, /* to be filled in at hook creation time */
+ { '\0' },
+ { '\0' },
+ 1,
+ { BPF_STMT(BPF_RET+BPF_K, 0) }
+};
+
+/*
+ * Node constructor
+ *
+ * We don't keep any per-node private data
+ */
+static int
+ng_bpf_constructor(node_p *nodep)
+{
+ int error = 0;
+
+ if ((error = ng_make_node_common(&typestruct, nodep)))
+ return (error);
+ (*nodep)->private = NULL;
+ return (0);
+}
+
+/*
+ * Add a hook
+ */
+static int
+ng_bpf_newhook(node_p node, hook_p hook, const char *name)
+{
+ hinfo_p hip;
+ int error;
+
+ /* Create hook private structure */
+ MALLOC(hip, hinfo_p, sizeof(*hip), M_NETGRAPH, M_WAITOK);
+ if (hip == NULL)
+ return (ENOMEM);
+ bzero(hip, sizeof(*hip));
+ hip->hook = hook;
+ hook->private = hip;
+ hip->node = node;
+
+ /* Attach the default BPF program */
+ if ((error = ng_bpf_setprog(hook, &ng_bpf_default_prog)) != 0) {
+ FREE(hip, M_NETGRAPH);
+ hook->private = NULL;
+ return (error);
+ }
+
+ /* Set hook name */
+ strncpy(hip->prog->thisHook, name, sizeof(hip->prog->thisHook) - 1);
+ hip->prog->thisHook[sizeof(hip->prog->thisHook) - 1] = '\0';
+ return (0);
+}
+
+/*
+ * Receive a control message
+ */
+static int
+ng_bpf_rcvmsg(node_p node, struct ng_mesg *msg, const char *retaddr,
+ struct ng_mesg **rptr)
+{
+ struct ng_mesg *resp = NULL;
+ int error = 0;
+
+ switch (msg->header.typecookie) {
+ case NGM_BPF_COOKIE:
+ switch (msg->header.cmd) {
+ case NGM_BPF_SET_PROGRAM:
+ {
+ struct ng_bpf_hookprog *const
+ hp = (struct ng_bpf_hookprog *)msg->data;
+ hook_p hook;
+
+ /* Sanity check */
+ if (msg->header.arglen < sizeof(*hp)
+ || msg->header.arglen != NG_BPF_HOOKPROG_SIZE(hp))
+ ERROUT(EINVAL);
+
+ /* Find hook */
+ if ((hook = ng_findhook(node, hp->thisHook)) == NULL)
+ ERROUT(ENOENT);
+
+ /* Set new program */
+ if ((error = ng_bpf_setprog(hook, hp)) != 0)
+ ERROUT(error);
+ break;
+ }
+
+ case NGM_BPF_GET_PROGRAM:
+ {
+ hook_p hook;
+ hinfo_p hip;
+
+ /* Sanity check */
+ if (msg->header.arglen == 0)
+ ERROUT(EINVAL);
+ msg->data[msg->header.arglen - 1] = '\0';
+
+ /* Find hook */
+ if ((hook = ng_findhook(node, msg->data)) == NULL)
+ ERROUT(ENOENT);
+ hip = hook->private;
+
+ /* Build response */
+ NG_MKRESPONSE(resp, msg,
+ NG_BPF_HOOKPROG_SIZE(hip->prog), M_NOWAIT);
+ if (resp == NULL)
+ ERROUT(ENOMEM);
+ bcopy(hip->prog, resp->data,
+ NG_BPF_HOOKPROG_SIZE(hip->prog));
+ break;
+ }
+
+ case NGM_BPF_GET_STATS:
+ case NGM_BPF_CLR_STATS:
+ case NGM_BPF_GETCLR_STATS:
+ {
+ struct ng_bpf_hookstat *stats;
+ hook_p hook;
+
+ /* Sanity check */
+ if (msg->header.arglen == 0)
+ ERROUT(EINVAL);
+ msg->data[msg->header.arglen - 1] = '\0';
+
+ /* Find hook */
+ if ((hook = ng_findhook(node, msg->data)) == NULL)
+ ERROUT(ENOENT);
+ stats = &((hinfo_p)hook->private)->stats;
+
+ /* Build response (if desired) */
+ if (msg->header.cmd != NGM_BPF_CLR_STATS) {
+ NG_MKRESPONSE(resp,
+ msg, sizeof(*stats), M_NOWAIT);
+ if (resp == NULL)
+ ERROUT(ENOMEM);
+ bcopy(stats, resp->data, sizeof(*stats));
+ }
+
+ /* Clear stats (if desired) */
+ if (msg->header.cmd != NGM_BPF_GET_STATS)
+ bzero(stats, sizeof(*stats));
+ break;
+ }
+
+ default:
+ error = EINVAL;
+ break;
+ }
+ break;
+ default:
+ error = EINVAL;
+ break;
+ }
+ if (rptr)
+ *rptr = resp;
+ else if (resp)
+ FREE(resp, M_NETGRAPH);
+
+done:
+ FREE(msg, M_NETGRAPH);
+ return (error);
+}
+
+/*
+ * Receive data on a hook
+ *
+ * Apply the filter, and then drop or forward packet as appropriate.
+ */
+static int
+ng_bpf_rcvdata(hook_p hook, struct mbuf *m, meta_p meta)
+{
+ const hinfo_p hip = hook->private;
+ int totlen = m->m_pkthdr.len;
+ int needfree = 0, error = 0;
+ u_char *data, buf[256];
+ hinfo_p dhip;
+ hook_p dest;
+ u_int len;
+
+ /* Update stats on incoming hook */
+ hip->stats.recvFrames++;
+ hip->stats.recvOctets += totlen;
+
+ /* Need to put packet in contiguous memory for bpf */
+ if (m->m_next != NULL) {
+ if (totlen > sizeof(buf)) {
+ MALLOC(data, u_char *, totlen, M_NETGRAPH, M_NOWAIT);
+ if (data == NULL) {
+ NG_FREE_DATA(m, meta);
+ return (ENOMEM);
+ }
+ needfree = 1;
+ } else
+ data = buf;
+ m_copydata(m, 0, totlen, (caddr_t)data);
+ } else
+ data = mtod(m, u_char *);
+
+ /* Run packet through filter */
+ len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
+ if (needfree)
+ FREE(data, M_NETGRAPH);
+
+ /* See if we got a match and find destination hook */
+ if (len > 0) {
+
+ /* Update stats */
+ hip->stats.recvMatchFrames++;
+ hip->stats.recvMatchOctets += totlen;
+
+ /* Truncate packet length if required by the filter */
+ if (len < totlen) {
+ m_adj(m, -(totlen - len));
+ totlen -= len;
+ }
+ dest = ng_findhook(hip->node, hip->prog->ifMatch);
+ } else
+ dest = ng_findhook(hip->node, hip->prog->ifNotMatch);
+ if (dest == NULL) {
+ NG_FREE_DATA(m, meta);
+ return (0);
+ }
+
+ /* Deliver frame out destination hook */
+ dhip = (hinfo_p)dest->private;
+ dhip->stats.xmitOctets += totlen;
+ dhip->stats.xmitFrames++;
+ NG_SEND_DATA(error, dest, m, meta);
+ return (error);
+}
+
+/*
+ * Shutdown processing
+ */
+static int
+ng_bpf_rmnode(node_p node)
+{
+ node->flags |= NG_INVALID;
+ ng_cutlinks(node);
+ ng_unname(node);
+ ng_unref(node);
+ return (0);
+}
+
+/*
+ * Hook disconnection
+ */
+static int
+ng_bpf_disconnect(hook_p hook)
+{
+ const hinfo_p hip = hook->private;
+
+ KASSERT(hip != NULL, ("%s: null info", __FUNCTION__));
+ FREE(hip->prog, M_NETGRAPH);
+ bzero(hip, sizeof(*hip));
+ FREE(hip, M_NETGRAPH);
+ hook->private = NULL; /* for good measure */
+ if (hook->node->numhooks == 0)
+ ng_rmnode(hook->node);
+ return (0);
+}
+
+/************************************************************************
+ HELPER STUFF
+ ************************************************************************/
+
+/*
+ * Set the BPF program associated with a hook
+ */
+static int
+ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp0)
+{
+ const hinfo_p hip = hook->private;
+ struct ng_bpf_hookprog *hp;
+ int size;
+
+ /* Check program for validity */
+ if (!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len))
+ return (EINVAL);
+
+ /* Make a copy of the program */
+ size = NG_BPF_HOOKPROG_SIZE(hp0);
+ MALLOC(hp, struct ng_bpf_hookprog *, size, M_NETGRAPH, M_WAITOK);
+ if (hp == NULL)
+ return (ENOMEM);
+ bcopy(hp0, hp, size);
+
+ /* Free previous program, if any, and assign new one */
+ if (hip->prog != NULL)
+ FREE(hip->prog, M_NETGRAPH);
+ hip->prog = hp;
+ return (0);
+}
+
OpenPOWER on IntegriCloud