1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * STREAMS Packet Filter Module 30 * 31 * This module applies a filter to messages arriving on its read 32 * queue, passing on messages that the filter accepts adn discarding 33 * the others. It supports ioctls for setting the filter. 34 * 35 * On the write side, the module simply passes everything through 36 * unchanged. 37 * 38 * Based on SunOS 4.x version. This version has minor changes: 39 * - general SVR4 porting stuff 40 * - change name and prefixes from "nit" buffer to streams buffer 41 * - multithreading assumes configured as D_MTQPAIR 42 */ 43 44 #include <sys/types.h> 45 #include <sys/sysmacros.h> 46 #include <sys/errno.h> 47 #include <sys/debug.h> 48 #include <sys/time.h> 49 #include <sys/stropts.h> 50 #include <sys/stream.h> 51 #include <sys/conf.h> 52 #include <sys/ddi.h> 53 #include <sys/sunddi.h> 54 #include <sys/kmem.h> 55 #include <sys/strsun.h> 56 #include <sys/pfmod.h> 57 #include <sys/modctl.h> 58 59 /* 60 * Expanded version of the Packetfilt structure that includes 61 * some additional fields that aid filter execution efficiency. 62 */ 63 struct epacketfilt { 64 struct Pf_ext_packetfilt pf; 65 #define pf_Priority pf.Pf_Priority 66 #define pf_FilterLen pf.Pf_FilterLen 67 #define pf_Filter pf.Pf_Filter 68 /* pointer to word immediately past end of filter */ 69 ushort_t *pf_FilterEnd; 70 /* length in bytes of packet prefix the filter examines */ 71 ushort_t pf_PByteLen; 72 }; 73 74 /* 75 * (Internal) packet descriptor for FilterPacket 76 */ 77 struct packdesc { 78 ushort_t *pd_hdr; /* header starting address */ 79 uint_t pd_hdrlen; /* header length in shorts */ 80 ushort_t *pd_body; /* body starting address */ 81 uint_t pd_bodylen; /* body length in shorts */ 82 }; 83 84 85 /* 86 * Function prototypes. 87 */ 88 static int pfopen(queue_t *, dev_t *, int, int, cred_t *); 89 static int pfclose(queue_t *); 90 static void pfioctl(queue_t *wq, mblk_t *mp); 91 static int FilterPacket(struct packdesc *, struct epacketfilt *); 92 /* 93 * To save instructions, since STREAMS ignores the return value 94 * from these functions, they are defined as void here. Kind of icky, but... 95 */ 96 static void pfwput(queue_t *, mblk_t *); 97 static void pfrput(queue_t *, mblk_t *); 98 99 static struct module_info pf_minfo = { 100 22, /* mi_idnum */ 101 "pfmod", /* mi_idname */ 102 0, /* mi_minpsz */ 103 INFPSZ, /* mi_maxpsz */ 104 0, /* mi_hiwat */ 105 0 /* mi_lowat */ 106 }; 107 108 static struct qinit pf_rinit = { 109 (int (*)())pfrput, /* qi_putp */ 110 NULL, 111 pfopen, /* qi_qopen */ 112 pfclose, /* qi_qclose */ 113 NULL, /* qi_qadmin */ 114 &pf_minfo, /* qi_minfo */ 115 NULL /* qi_mstat */ 116 }; 117 118 static struct qinit pf_winit = { 119 (int (*)())pfwput, /* qi_putp */ 120 NULL, /* qi_srvp */ 121 NULL, /* qi_qopen */ 122 NULL, /* qi_qclose */ 123 NULL, /* qi_qadmin */ 124 &pf_minfo, /* qi_minfo */ 125 NULL /* qi_mstat */ 126 }; 127 128 static struct streamtab pf_info = { 129 &pf_rinit, /* st_rdinit */ 130 &pf_winit, /* st_wrinit */ 131 NULL, /* st_muxrinit */ 132 NULL /* st_muxwinit */ 133 }; 134 135 static struct fmodsw fsw = { 136 "pfmod", 137 &pf_info, 138 D_MTQPAIR | D_MP 139 }; 140 141 static struct modlstrmod modlstrmod = { 142 &mod_strmodops, "streams packet filter module", &fsw 143 }; 144 145 static struct modlinkage modlinkage = { 146 MODREV_1, &modlstrmod, NULL 147 }; 148 149 int 150 _init(void) 151 { 152 return (mod_install(&modlinkage)); 153 } 154 155 int 156 _fini(void) 157 { 158 return (mod_remove(&modlinkage)); 159 } 160 161 int 162 _info(struct modinfo *modinfop) 163 { 164 return (mod_info(&modlinkage, modinfop)); 165 } 166 167 /*ARGSUSED*/ 168 static int 169 pfopen(queue_t *rq, dev_t *dev, int oflag, int sflag, cred_t *crp) 170 { 171 struct epacketfilt *pfp; 172 173 ASSERT(rq); 174 175 if (sflag != MODOPEN) 176 return (EINVAL); 177 178 if (rq->q_ptr) 179 return (0); 180 181 /* 182 * Allocate and initialize per-Stream structure. 183 */ 184 pfp = kmem_alloc(sizeof (struct epacketfilt), KM_SLEEP); 185 rq->q_ptr = WR(rq)->q_ptr = (char *)pfp; 186 187 qprocson(rq); 188 189 return (0); 190 } 191 192 static int 193 pfclose(queue_t *rq) 194 { 195 struct epacketfilt *pfp = (struct epacketfilt *)rq->q_ptr; 196 197 ASSERT(pfp); 198 199 qprocsoff(rq); 200 201 kmem_free(pfp, sizeof (struct epacketfilt)); 202 rq->q_ptr = WR(rq)->q_ptr = NULL; 203 204 return (0); 205 } 206 207 /* 208 * Write-side put procedure. Its main task is to detect ioctls. 209 * Other message types are passed on through. 210 */ 211 static void 212 pfwput(queue_t *wq, mblk_t *mp) 213 { 214 switch (mp->b_datap->db_type) { 215 case M_IOCTL: 216 pfioctl(wq, mp); 217 break; 218 219 default: 220 putnext(wq, mp); 221 break; 222 } 223 } 224 225 /* 226 * Read-side put procedure. It's responsible for applying the 227 * packet filter and passing upstream message on or discarding it 228 * depending upon the results. 229 * 230 * Upstream messages can start with zero or more M_PROTO mblks 231 * which are skipped over before executing the packet filter 232 * on any remaining M_DATA mblks. 233 */ 234 static void 235 pfrput(queue_t *rq, mblk_t *mp) 236 { 237 struct epacketfilt *pfp = (struct epacketfilt *)rq->q_ptr; 238 mblk_t *mbp, *mpp; 239 struct packdesc pd; 240 int need; 241 242 ASSERT(pfp); 243 244 switch (DB_TYPE(mp)) { 245 case M_PROTO: 246 case M_DATA: 247 /* 248 * Skip over protocol information and find the start 249 * of the message body, saving the overall message 250 * start in mpp. 251 */ 252 for (mpp = mp; mp && (DB_TYPE(mp) == M_PROTO); mp = mp->b_cont) 253 ; 254 255 /* 256 * Null body (exclusive of M_PROTO blocks) ==> accept. 257 * Note that a null body is not the same as an empty body. 258 */ 259 if (mp == NULL) { 260 putnext(rq, mpp); 261 break; 262 } 263 264 /* 265 * Pull the packet up to the length required by 266 * the filter. Note that doing so destroys sharing 267 * relationships, which is unfortunate, since the 268 * results of pulling up here are likely to be useful 269 * for shared messages applied to a filter on a sibling 270 * stream. 271 * 272 * Most packet sources will provide the packet in two 273 * logical pieces: an initial header in a single mblk, 274 * and a body in a sequence of mblks hooked to the 275 * header. We're prepared to deal with variant forms, 276 * but in any case, the pullup applies only to the body 277 * part. 278 */ 279 mbp = mp->b_cont; 280 need = pfp->pf_PByteLen; 281 if (mbp && (MBLKL(mbp) < need)) { 282 int len = msgdsize(mbp); 283 284 /* XXX discard silently on pullupmsg failure */ 285 if (pullupmsg(mbp, MIN(need, len)) == 0) { 286 freemsg(mpp); 287 break; 288 } 289 } 290 291 /* 292 * Misalignment (not on short boundary) ==> reject. 293 */ 294 if (((uintptr_t)mp->b_rptr & (sizeof (ushort_t) - 1)) || 295 (mbp != NULL && 296 ((uintptr_t)mbp->b_rptr & (sizeof (ushort_t) - 1)))) { 297 freemsg(mpp); 298 break; 299 } 300 301 /* 302 * These assignments are distasteful, but necessary, 303 * since the packet filter wants to work in terms of 304 * shorts. Odd bytes at the end of header or data can't 305 * participate in the filtering operation. 306 */ 307 pd.pd_hdr = (ushort_t *)mp->b_rptr; 308 pd.pd_hdrlen = (mp->b_wptr - mp->b_rptr) / sizeof (ushort_t); 309 if (mbp) { 310 pd.pd_body = (ushort_t *)mbp->b_rptr; 311 pd.pd_bodylen = (mbp->b_wptr - mbp->b_rptr) / 312 sizeof (ushort_t); 313 } else { 314 pd.pd_body = NULL; 315 pd.pd_bodylen = 0; 316 } 317 318 /* 319 * Apply the filter. 320 */ 321 if (FilterPacket(&pd, pfp)) 322 putnext(rq, mpp); 323 else 324 freemsg(mpp); 325 326 break; 327 328 default: 329 putnext(rq, mp); 330 break; 331 } 332 333 } 334 335 /* 336 * Handle write-side M_IOCTL messages. 337 */ 338 static void 339 pfioctl(queue_t *wq, mblk_t *mp) 340 { 341 struct epacketfilt *pfp = (struct epacketfilt *)wq->q_ptr; 342 struct Pf_ext_packetfilt *upfp; 343 struct packetfilt *opfp; 344 ushort_t *fwp; 345 int arg; 346 int maxoff = 0; 347 int maxoffreg = 0; 348 struct iocblk *iocp = (struct iocblk *)mp->b_rptr; 349 int error; 350 351 switch (iocp->ioc_cmd) { 352 case PFIOCSETF: 353 /* 354 * Verify argument length. Since the size of packet filter 355 * got increased (ENMAXFILTERS was bumped up to 2047), to 356 * maintain backwards binary compatibility, we need to 357 * check for both possible sizes. 358 */ 359 switch (iocp->ioc_count) { 360 case sizeof (struct Pf_ext_packetfilt): 361 error = miocpullup(mp, 362 sizeof (struct Pf_ext_packetfilt)); 363 if (error != 0) { 364 miocnak(wq, mp, 0, error); 365 return; 366 } 367 upfp = (struct Pf_ext_packetfilt *)mp->b_cont->b_rptr; 368 if (upfp->Pf_FilterLen > PF_MAXFILTERS) { 369 miocnak(wq, mp, 0, EINVAL); 370 return; 371 } 372 373 bcopy(upfp, pfp, sizeof (struct Pf_ext_packetfilt)); 374 pfp->pf_FilterEnd = &pfp->pf_Filter[pfp->pf_FilterLen]; 375 break; 376 377 case sizeof (struct packetfilt): 378 error = miocpullup(mp, sizeof (struct packetfilt)); 379 if (error != 0) { 380 miocnak(wq, mp, 0, error); 381 return; 382 } 383 opfp = (struct packetfilt *)mp->b_cont->b_rptr; 384 /* this strange comparison keeps gcc from complaining */ 385 if (opfp->Pf_FilterLen - 1 >= ENMAXFILTERS) { 386 miocnak(wq, mp, 0, EINVAL); 387 return; 388 } 389 390 pfp->pf.Pf_Priority = opfp->Pf_Priority; 391 pfp->pf.Pf_FilterLen = (unsigned int)opfp->Pf_FilterLen; 392 393 bcopy(opfp->Pf_Filter, pfp->pf.Pf_Filter, 394 sizeof (opfp->Pf_Filter)); 395 pfp->pf_FilterEnd = &pfp->pf_Filter[pfp->pf_FilterLen]; 396 break; 397 398 default: 399 miocnak(wq, mp, 0, EINVAL); 400 return; 401 } 402 403 /* 404 * Find and record maximum byte offset that the 405 * filter users. We use this when executing the 406 * filter to determine how much of the packet 407 * body to pull up. This code depends on the 408 * filter encoding. 409 */ 410 for (fwp = pfp->pf_Filter; fwp < pfp->pf_FilterEnd; fwp++) { 411 arg = *fwp & ((1 << ENF_NBPA) - 1); 412 switch (arg) { 413 default: 414 if ((arg -= ENF_PUSHWORD) > maxoff) 415 maxoff = arg; 416 break; 417 418 case ENF_LOAD_OFFSET: 419 /* Point to the offset */ 420 fwp++; 421 if (*fwp > maxoffreg) 422 maxoffreg = *fwp; 423 break; 424 425 case ENF_PUSHLIT: 426 case ENF_BRTR: 427 case ENF_BRFL: 428 /* Skip over the literal. */ 429 fwp++; 430 break; 431 432 case ENF_PUSHZERO: 433 case ENF_PUSHONE: 434 case ENF_PUSHFFFF: 435 case ENF_PUSHFF00: 436 case ENF_PUSH00FF: 437 case ENF_NOPUSH: 438 case ENF_POP: 439 break; 440 } 441 } 442 443 /* 444 * Convert word offset to length in bytes. 445 */ 446 pfp->pf_PByteLen = (maxoff + maxoffreg + 1) * sizeof (ushort_t); 447 miocack(wq, mp, 0, 0); 448 break; 449 450 default: 451 putnext(wq, mp); 452 break; 453 } 454 } 455 456 /* #define DEBUG 1 */ 457 /* #define INNERDEBUG 1 */ 458 459 #ifdef INNERDEBUG 460 #define enprintf(a) printf a 461 #else 462 #define enprintf(a) 463 #endif 464 465 /* 466 * Apply the packet filter given by pfp to the packet given by 467 * pp. Return nonzero iff the filter accepts the packet. 468 * 469 * The packet comes in two pieces, a header and a body, since 470 * that's the most convenient form for our caller. The header 471 * is in contiguous memory, whereas the body is in a mbuf. 472 * Our caller will have adjusted the mbuf chain so that its first 473 * min(MLEN, length(body)) bytes are guaranteed contiguous. For 474 * the sake of efficiency (and some laziness) the filter is prepared 475 * to examine only these two contiguous pieces. Furthermore, it 476 * assumes that the header length is even, so that there's no need 477 * to glue the last byte of header to the first byte of data. 478 */ 479 480 #define opx(i) ((i) >> ENF_NBPA) 481 482 static int 483 FilterPacket(struct packdesc *pp, struct epacketfilt *pfp) 484 { 485 int maxhdr = pp->pd_hdrlen; 486 int maxword = maxhdr + pp->pd_bodylen; 487 ushort_t *sp; 488 ushort_t *fp; 489 ushort_t *fpe; 490 unsigned op; 491 unsigned arg; 492 unsigned offreg = 0; 493 ushort_t stack[ENMAXFILTERS+1]; 494 495 fp = &pfp->pf_Filter[0]; 496 fpe = pfp->pf_FilterEnd; 497 498 enprintf(("FilterPacket(%p, %p, %p, %p):\n", pp, pfp, fp, fpe)); 499 500 /* 501 * Push TRUE on stack to start. The stack size is chosen such 502 * that overflow can't occur -- each operation can push at most 503 * one item on the stack, and the stack size equals the maximum 504 * program length. 505 */ 506 sp = &stack[ENMAXFILTERS]; 507 *sp = 1; 508 509 while (fp < fpe) { 510 op = *fp >> ENF_NBPA; 511 arg = *fp & ((1 << ENF_NBPA) - 1); 512 fp++; 513 514 switch (arg) { 515 default: 516 arg -= ENF_PUSHWORD; 517 /* 518 * Since arg is unsigned, 519 * if it were less than ENF_PUSHWORD before, 520 * it would now be huge. 521 */ 522 if (arg + offreg < maxhdr) 523 *--sp = pp->pd_hdr[arg + offreg]; 524 else if (arg + offreg < maxword) 525 *--sp = pp->pd_body[arg - maxhdr + offreg]; 526 else { 527 enprintf(("=>0(len)\n")); 528 return (0); 529 } 530 break; 531 case ENF_PUSHLIT: 532 *--sp = *fp++; 533 break; 534 case ENF_PUSHZERO: 535 *--sp = 0; 536 break; 537 case ENF_PUSHONE: 538 *--sp = 1; 539 break; 540 case ENF_PUSHFFFF: 541 *--sp = 0xffff; 542 break; 543 case ENF_PUSHFF00: 544 *--sp = 0xff00; 545 break; 546 case ENF_PUSH00FF: 547 *--sp = 0x00ff; 548 break; 549 case ENF_LOAD_OFFSET: 550 offreg = *fp++; 551 break; 552 case ENF_BRTR: 553 if (*sp != 0) 554 fp += *fp; 555 else 556 fp++; 557 if (fp >= fpe) { 558 enprintf(("BRTR: fp>=fpe\n")); 559 return (0); 560 } 561 break; 562 case ENF_BRFL: 563 if (*sp == 0) 564 fp += *fp; 565 else 566 fp++; 567 if (fp >= fpe) { 568 enprintf(("BRFL: fp>=fpe\n")); 569 return (0); 570 } 571 break; 572 case ENF_POP: 573 ++sp; 574 if (sp > &stack[ENMAXFILTERS]) { 575 enprintf(("stack underflow\n")); 576 return (0); 577 } 578 break; 579 case ENF_NOPUSH: 580 break; 581 } 582 583 if (sp < &stack[2]) { /* check stack overflow: small yellow zone */ 584 enprintf(("=>0(--sp)\n")); 585 return (0); 586 } 587 588 if (op == ENF_NOP) 589 continue; 590 591 /* 592 * all non-NOP operators binary, must have at least two operands 593 * on stack to evaluate. 594 */ 595 if (sp > &stack[ENMAXFILTERS-2]) { 596 enprintf(("=>0(sp++)\n")); 597 return (0); 598 } 599 600 arg = *sp++; 601 switch (op) { 602 default: 603 enprintf(("=>0(def)\n")); 604 return (0); 605 case opx(ENF_AND): 606 *sp &= arg; 607 break; 608 case opx(ENF_OR): 609 *sp |= arg; 610 break; 611 case opx(ENF_XOR): 612 *sp ^= arg; 613 break; 614 case opx(ENF_EQ): 615 *sp = (*sp == arg); 616 break; 617 case opx(ENF_NEQ): 618 *sp = (*sp != arg); 619 break; 620 case opx(ENF_LT): 621 *sp = (*sp < arg); 622 break; 623 case opx(ENF_LE): 624 *sp = (*sp <= arg); 625 break; 626 case opx(ENF_GT): 627 *sp = (*sp > arg); 628 break; 629 case opx(ENF_GE): 630 *sp = (*sp >= arg); 631 break; 632 633 /* short-circuit operators */ 634 635 case opx(ENF_COR): 636 if (*sp++ == arg) { 637 enprintf(("=>COR %x\n", *sp)); 638 return (1); 639 } 640 break; 641 case opx(ENF_CAND): 642 if (*sp++ != arg) { 643 enprintf(("=>CAND %x\n", *sp)); 644 return (0); 645 } 646 break; 647 case opx(ENF_CNOR): 648 if (*sp++ == arg) { 649 enprintf(("=>COR %x\n", *sp)); 650 return (0); 651 } 652 break; 653 case opx(ENF_CNAND): 654 if (*sp++ != arg) { 655 enprintf(("=>CNAND %x\n", *sp)); 656 return (1); 657 } 658 break; 659 } 660 } 661 enprintf(("=>%x\n", *sp)); 662 return (*sp); 663 }