1 /* $OpenBSD: bpf.h,v 1.33 2006/03/25 22:41:47 djm Exp $ */
2 /* $NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $ */
3
4 /*
5 * Copyright (c) 1990, 1991, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * This code is derived from the Stanford/CMU enet packet filter,
9 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
10 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
11 * Berkeley Laboratory.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * @(#)bpf.h 8.1 (Berkeley) 6/10/93
38 */
39
40 #ifndef _NET_BPF_H_
41 #define _NET_BPF_H_
42
43 /* BSD style release date */
44 #define BPF_RELEASE 199606
45
46 typedef int32_t bpf_int32;
47 typedef u_int32_t bpf_u_int32;
48 /*
49 * Alignment macros. BPF_WORDALIGN rounds up to the next even multiple of
50 * BPF_ALIGNMENT (which is at least as much as what a timeval needs).
51 */
52 #define BPF_ALIGNMENT sizeof(long)
53 #define BPF_WORDALIGN(x) (((x) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1))
54
55 #define BPF_MAXINSNS 512
56 #define BPF_MAXBUFSIZE (2 * 1024 * 1024)
57 #define BPF_MINBUFSIZE 32
58
59 /*
60 * Structure for BIOCSETF.
61 */
62 struct bpf_program {
63 u_int bf_len;
64 struct bpf_insn *bf_insns;
65 };
66
67 /*
68 * Struct returned by BIOCGSTATS.
69 */
70 struct bpf_stat {
71 u_int bs_recv; /* number of packets received */
72 u_int bs_drop; /* number of packets dropped */
73 };
74
75 /*
76 * Struct return by BIOCVERSION. This represents the version number of
77 * the filter language described by the instruction encodings below.
78 * bpf understands a program iff kernel_major == filter_major &&
79 * kernel_minor >= filter_minor, that is, if the value returned by the
80 * running kernel has the same major number and a minor number equal
81 * equal to or less than the filter being downloaded. Otherwise, the
82 * results are undefined, meaning an error may be returned or packets
83 * may be accepted haphazardly.
84 * It has nothing to do with the source code version.
85 */
86 struct bpf_version {
87 u_short bv_major;
88 u_short bv_minor;
89 };
90 /* Current version number of filter architecture. */
91 #define BPF_MAJOR_VERSION 1
92 #define BPF_MINOR_VERSION 1
93
94 /*
95 * BPF ioctls
96 */
97 #define BIOCGBLEN _IOR('B',102, u_int)
98 #define BIOCSBLEN _IOWR('B',102, u_int)
99 #define BIOCSETF _IOW('B',103, struct bpf_program)
100 #define BIOCFLUSH _IO('B',104)
101 #define BIOCPROMISC _IO('B',105)
102 #define BIOCGDLT _IOR('B',106, u_int)
103 #define BIOCGETIF _IOR('B',107, struct ifreq)
104 #define BIOCSETIF _IOW('B',108, struct ifreq)
105 #define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
106 #define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
107 #define BIOCGSTATS _IOR('B',111, struct bpf_stat)
108 #define BIOCIMMEDIATE _IOW('B',112, u_int)
109 #define BIOCVERSION _IOR('B',113, struct bpf_version)
110 #define BIOCSRSIG _IOW('B',114, u_int)
111 #define BIOCGRSIG _IOR('B',115, u_int)
112 #define BIOCGHDRCMPLT _IOR('B',116, u_int)
113 #define BIOCSHDRCMPLT _IOW('B',117, u_int)
114 #define BIOCLOCK _IO('B',118)
115 #define BIOCSETWF _IOW('B',119, struct bpf_program)
116 #define BIOCGFILDROP _IOR('B',120, u_int)
117 #define BIOCSFILDROP _IOW('B',121, u_int)
118 #define BIOCSDLT _IOW('B',122, u_int)
119 #define BIOCGDLTLIST _IOWR('B',123, struct bpf_dltlist)
120 #define BIOCGDIRFILT _IOR('B',124, u_int)
121 #define BIOCSDIRFILT _IOW('B',125, u_int)
122
123 /*
124 * Direction filters for BIOCSDIRFILT/BIOCGDIRFILT
125 */
126 #define BPF_DIRECTION_IN 1
127 #define BPF_DIRECTION_OUT (1<<1)
128
129 struct bpf_timeval {
130 u_int32_t tv_sec;
131 u_int32_t tv_usec;
132 };
133
134 /*
135 * Structure prepended to each packet.
136 */
137 struct bpf_hdr {
138 struct bpf_timeval bh_tstamp; /* time stamp */
139 u_int32_t bh_caplen; /* length of captured portion */
140 u_int32_t bh_datalen; /* original length of packet */
141 u_int16_t bh_hdrlen; /* length of bpf header (this struct
142 plus alignment padding) */
143 };
144 /*
145 * Because the structure above is not a multiple of 4 bytes, some compilers
146 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
147 * Only the kernel needs to know about it; applications use bh_hdrlen.
148 * XXX To save a few bytes on 32-bit machines, we avoid end-of-struct
149 * XXX padding by using the size of the header data elements. This is
150 * XXX fail-safe: on new machines, we just use the 'safe' sizeof.
151 */
152 #ifdef _KERNEL
153 #if defined(__arm32__) || defined(__i386__) || defined(__m68k__) || \
154 defined(__mips__) || defined(__ns32k__) || defined(__sparc__) || \
155 defined(__vax__)
156 #define SIZEOF_BPF_HDR 18
157 #else
158 #define SIZEOF_BPF_HDR sizeof(struct bpf_hdr)
159 #endif
160 #endif
161
162 /*
163 * Data-link level type codes.
164 */
165 #define DLT_NULL 0 /* no link-layer encapsulation */
166 #define DLT_EN10MB 1 /* Ethernet (10Mb) */
167 #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
168 #define DLT_AX25 3 /* Amateur Radio AX.25 */
169 #define DLT_PRONET 4 /* Proteon ProNET Token Ring */
170 #define DLT_CHAOS 5 /* Chaos */
171 #define DLT_IEEE802 6 /* IEEE 802 Networks */
172 #define DLT_ARCNET 7 /* ARCNET */
173 #define DLT_SLIP 8 /* Serial Line IP */
174 #define DLT_PPP 9 /* Point-to-point Protocol */
175 #define DLT_FDDI 10 /* FDDI */
176 #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
177 #define DLT_LOOP 12 /* loopback type (af header) */
178 #define DLT_ENC 13 /* IPSEC enc type (af header, spi, flags) */
179 #define DLT_RAW 14 /* raw IP */
180 #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
181 #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
182 #define DLT_OLD_PFLOG 17 /* Packet filter logging, old (XXX remove?) */
183 #define DLT_PFSYNC 18 /* Packet filter state syncing */
184 #define DLT_PPP_ETHER 51 /* PPP over Ethernet; session only w/o ether header */
185 #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
186 #define DLT_PFLOG 117 /* Packet filter logging, by pcap people */
187 #define DLT_IEEE802_11_RADIO 127 /* IEEE 802.11 plus WLAN header */
188
189 /*
190 * The instruction encodings.
191 */
192 /* instruction classes */
193 #define BPF_CLASS(code) ((code) & 0x07)
194 #define BPF_LD 0x00
195 #define BPF_LDX 0x01
196 #define BPF_ST 0x02
197 #define BPF_STX 0x03
198 #define BPF_ALU 0x04
199 #define BPF_JMP 0x05
200 #define BPF_RET 0x06
201 #define BPF_MISC 0x07
202
203 /* ld/ldx fields */
204 #define BPF_SIZE(code) ((code) & 0x18)
205 #define BPF_W 0x00
206 #define BPF_H 0x08
207 #define BPF_B 0x10
208 #define BPF_MODE(code) ((code) & 0xe0)
209 #define BPF_IMM 0x00
210 #define BPF_ABS 0x20
211 #define BPF_IND 0x40
212 #define BPF_MEM 0x60
213 #define BPF_LEN 0x80
214 #define BPF_MSH 0xa0
215
216 /* alu/jmp fields */
217 #define BPF_OP(code) ((code) & 0xf0)
218 #define BPF_ADD 0x00
219 #define BPF_SUB 0x10
220 #define BPF_MUL 0x20
221 #define BPF_DIV 0x30
222 #define BPF_OR 0x40
223 #define BPF_AND 0x50
224 #define BPF_LSH 0x60
225 #define BPF_RSH 0x70
226 #define BPF_NEG 0x80
227 #define BPF_JA 0x00
228 #define BPF_JEQ 0x10
229 #define BPF_JGT 0x20
230 #define BPF_JGE 0x30
231 #define BPF_JSET 0x40
232 #define BPF_SRC(code) ((code) & 0x08)
233 #define BPF_K 0x00
234 #define BPF_X 0x08
235
236 /* ret - BPF_K and BPF_X also apply */
237 #define BPF_RVAL(code) ((code) & 0x18)
238 #define BPF_A 0x10
239
240 /* misc */
241 #define BPF_MISCOP(code) ((code) & 0xf8)
242 #define BPF_TAX 0x00
243 #define BPF_TXA 0x80
244
245 /*
246 * The instruction data structure.
247 */
248 struct bpf_insn {
249 u_int16_t code;
250 u_char jt;
251 u_char jf;
252 u_int32_t k;
253 };
254
255 /*
256 * Structure to retrieve available DLTs for the interface.
257 */
258 struct bpf_dltlist {
259 u_int bfl_len; /* number of bfd_list array */
260 u_int *bfl_list; /* array of DLTs */
261 };
262
263 /*
264 * Macros for insn array initializers.
265 */
266 #define BPF_STMT(code, k) { (u_int16_t)(code), 0, 0, k }
267 #define BPF_JUMP(code, k, jt, jf) { (u_int16_t)(code), jt, jf, k }
268
269 #ifdef _KERNEL
270 int bpf_validate(struct bpf_insn *, int);
271 int bpf_tap(caddr_t, u_char *, u_int, u_int);
272 void bpf_mtap(caddr_t, struct mbuf *, u_int);
273 void bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *, u_int);
274 void bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *, u_int);
275 void bpfattach(caddr_t *, struct ifnet *, u_int, u_int);
276 void bpfdetach(struct ifnet *);
277 void bpfilterattach(int);
278 u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
279 #endif /* _KERNEL */
280
281 /*
282 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
283 */
284 #define BPF_MEMWORDS 16
285
286 extern int ticks; /* from kern/kern_clock.c; incremented each */
287 /* clock tick. */
288
289 #endif /* _NET_BPF_H_ */