1/*
2 * Copyright (c) 2012-2017 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef _NET_PKTAP_H_
30#define _NET_PKTAP_H_
31
32#include <sys/_types/_timeval32.h>
33#include <stdint.h>
34#include <net/if.h>
35#include <uuid/uuid.h>
36#include <string.h>
37
38#ifdef PRIVATE
39
40#define PKTAP_IFNAME "pktap"
41
42/* To store interface name + unit */
43#define PKTAP_IFXNAMESIZE (IF_NAMESIZE + 8)
44
45/*
46 * Commands via SIOCGDRVSPEC/SIOCSDRVSPEC
47 */
48#define PKTP_CMD_FILTER_GET 1 /* array of PKTAP_MAX_FILTERS * struct pktap_filter */
49#define PKTP_CMD_FILTER_SET 3 /* array of PKTAP_MAX_FILTERS * struct pktap_filter */
50#define PKTP_CMD_TAP_COUNT 4 /* uint32_t number of active bpf tap on the interface */
51
52/*
53 * Filtering is currently based on network interface properties --
54 * the interface type and the interface name -- and has two types of
55 * operations -- pass and skip.
56 * By default only interfaces of type IFT_ETHER and IFT_CELLULAR pass
57 * the filter.
58 * It's possible to include other interfaces by type or by name
59 * The interface type is evaluated before the interface name
60 * The first matching rule stops the evaluation.
61 * A rule with interface type 0 (zero) matches any interfaces
62 */
63#define PKTAP_FILTER_OP_NONE 0 /* For inactive entries at the end of the list */
64#define PKTAP_FILTER_OP_PASS 1
65#define PKTAP_FILTER_OP_SKIP 2
66
67#define PKTAP_FILTER_PARAM_NONE 0
68#define PKTAP_FILTER_PARAM_IF_TYPE 1
69#define PKTAP_FILTER_PARAM_IF_NAME 2
70
71#ifdef BSD_KERNEL_PRIVATE
72struct pktap_filter {
73 uint32_t filter_op;
74 uint32_t filter_param;
75 union {
76 uint32_t _filter_if_type;
77 char _filter_if_name[PKTAP_IFXNAMESIZE];
78 } param_;
79 size_t filter_ifname_prefix_len;
80};
81
82struct x_pktap_filter {
83#else
84struct pktap_filter {
85#endif /* BSD_KERNEL_PRIVATE */
86 uint32_t filter_op;
87 uint32_t filter_param;
88 union {
89 uint32_t _filter_if_type;
90 char _filter_if_name[PKTAP_IFXNAMESIZE];
91 } param_;
92};
93#define filter_param_if_type param_._filter_if_type
94#define filter_param_if_name param_._filter_if_name
95
96#define PKTAP_MAX_FILTERS 8
97
98/*
99 * Header for DLT_PKTAP
100 *
101 * In theory, there could be several types of blocks in a chain before the actual packet
102 */
103struct pktap_header {
104 uint32_t pth_length; /* length of this header */
105 uint32_t pth_type_next; /* type of data following */
106 uint32_t pth_dlt; /* DLT of packet */
107 char pth_ifname[PKTAP_IFXNAMESIZE]; /* interface name */
108 uint32_t pth_flags; /* flags */
109 uint32_t pth_protocol_family;
110 uint32_t pth_frame_pre_length;
111 uint32_t pth_frame_post_length;
112 pid_t pth_pid; /* process ID */
113 char pth_comm[MAXCOMLEN+1]; /* process name */
114 uint32_t pth_svc; /* service class */
115 uint16_t pth_iftype;
116 uint16_t pth_ifunit;
117 pid_t pth_epid; /* effective process ID */
118 char pth_ecomm[MAXCOMLEN+1]; /* effective command name */
119 uint32_t pth_flowid;
120 uint32_t pth_ipproto;
121 struct timeval32 pth_tstamp;
122 uuid_t pth_uuid;
123 uuid_t pth_euuid;
124};
125
126/*
127 * The original version 1 of the pktap_header structure always had the field
128 * pth_type_next set to PTH_TYPE_PACKET
129 */
130#define PTH_TYPE_NONE 0 /* No more data following */
131#define PTH_TYPE_PACKET 1 /* Actual captured packet data */
132
133/*
134 * Size of buffer that can contain any pktap header
135 * followed by the optional 4 bytes protocol field
136 * or 16 bytes link layer header
137 */
138union pktap_header_extra {
139 uint8_t llhdr[16];
140 uint32_t proto;
141};
142
143/*
144 * Version 2 version of the header
145 *
146 * The field pth_flags is at the same offset as the orignal pktap_header and
147 * the flag PTH_FLAG_V2_HDR allows to differentiate the header version.
148 */
149
150#define PKTAP_MAX_COMM_SIZE (MAXCOMLEN + 1)
151
152struct pktap_v2_hdr {
153 uint8_t pth_length; /* length of this header */
154 uint8_t pth_uuid_offset; /* max size: sizeof(uuid_t) */
155 uint8_t pth_e_uuid_offset; /* max size: sizeof(uuid_t) */
156 uint8_t pth_ifname_offset; /* max size: PKTAP_IFXNAMESIZE*/
157 uint8_t pth_comm_offset; /* max size: PKTAP_MAX_COMM_SIZE */
158 uint8_t pth_e_comm_offset; /* max size: PKTAP_MAX_COMM_SIZE */
159 uint16_t pth_dlt; /* DLT of packet */
160 uint16_t pth_frame_pre_length;
161 uint16_t pth_frame_post_length;
162 uint16_t pth_iftype;
163 uint16_t pth_ipproto;
164 uint32_t pth_protocol_family;
165 uint32_t pth_svc; /* service class */
166 uint32_t pth_flowid;
167 pid_t pth_pid; /* process ID */
168 pid_t pth_e_pid; /* effective process ID */
169 uint32_t pth_flags; /* flags */
170};
171
172struct pktap_v2_hdr_space {
173 struct pktap_v2_hdr pth_hdr;
174 uint8_t pth_uuid[sizeof(uuid_t)];
175 uint8_t pth_e_uuid[sizeof(uuid_t)];
176 uint8_t pth_ifname[PKTAP_IFXNAMESIZE];
177 uint8_t pth_comm[PKTAP_MAX_COMM_SIZE];
178 uint8_t pth_e_comm[PKTAP_MAX_COMM_SIZE];
179};
180
181struct pktap_buffer_v2_hdr_extra {
182 struct pktap_v2_hdr_space hdr_space;
183 union pktap_header_extra extra;
184};
185
186#define COPY_PKTAP_COMMON_FIELDS_TO_V2(pktap_v2_hdr_dst, pktap_header_src) { \
187 (pktap_v2_hdr_dst)->pth_length = sizeof(struct pktap_v2_hdr); \
188 (pktap_v2_hdr_dst)->pth_uuid_offset = 0; \
189 (pktap_v2_hdr_dst)->pth_e_uuid_offset = 0; \
190 (pktap_v2_hdr_dst)->pth_ifname_offset = 0; \
191 (pktap_v2_hdr_dst)->pth_comm_offset = 0; \
192 (pktap_v2_hdr_dst)->pth_e_comm_offset = 0; \
193 (pktap_v2_hdr_dst)->pth_dlt = (pktap_header_src)->pth_dlt; \
194 (pktap_v2_hdr_dst)->pth_frame_pre_length = (pktap_header_src)->pth_frame_pre_length; \
195 (pktap_v2_hdr_dst)->pth_frame_post_length = (pktap_header_src)->pth_frame_post_length; \
196 (pktap_v2_hdr_dst)->pth_iftype = (pktap_header_src)->pth_iftype; \
197 (pktap_v2_hdr_dst)->pth_ipproto = (pktap_header_src)->pth_ipproto; \
198 (pktap_v2_hdr_dst)->pth_protocol_family = (pktap_header_src)->pth_protocol_family; \
199 (pktap_v2_hdr_dst)->pth_svc = (pktap_header_src)->pth_svc; \
200 (pktap_v2_hdr_dst)->pth_flowid = (pktap_header_src)->pth_flowid; \
201 (pktap_v2_hdr_dst)->pth_pid = (pktap_header_src)->pth_pid; \
202 (pktap_v2_hdr_dst)->pth_e_pid = (pktap_header_src)->pth_epid; \
203 (pktap_v2_hdr_dst)->pth_flags = (pktap_header_src)->pth_flags; \
204 (pktap_v2_hdr_dst)->pth_flags |= PTH_FLAG_V2_HDR; \
205}
206
207/*
208 * Values for field pth_flags
209 */
210#define PTH_FLAG_DIR_IN 0x00000001 /* Outgoing packet */
211#define PTH_FLAG_DIR_OUT 0x00000002 /* Incoming packet */
212#define PTH_FLAG_PROC_DELEGATED 0x00000004 /* Process delegated */
213#define PTH_FLAG_IF_DELEGATED 0x00000008 /* Interface delegated */
214#ifdef BSD_KERNEL_PRIVATE
215#define PTH_FLAG_DELAY_PKTAP 0x00001000 /* Finalize pktap header on read */
216#endif /* BSD_KERNEL_PRIVATE */
217#define PTH_FLAG_TSTAMP 0x00002000 /* Has time stamp */
218#define PTH_FLAG_NEW_FLOW 0x00004000 /* Packet from a new flow */
219#define PTH_FLAG_REXMIT 0x00008000 /* Packet is a retransmission */
220#define PTH_FLAG_KEEP_ALIVE 0x00010000 /* Is keep alive packet */
221#define PTH_FLAG_SOCKET 0x00020000 /* Packet on a Socket */
222#define PTH_FLAG_NEXUS_CHAN 0x00040000 /* Packet on a nexus channel */
223#define PTH_FLAG_V2_HDR 0x00080000 /* Version 2 of pktap */
224
225#ifdef BSD_KERNEL_PRIVATE
226
227#include <net/bpf.h>
228
229struct pktap_header_buffer {
230 struct pktap_header pkth;
231 union pktap_header_extra extra;
232} ;
233
234extern uint32_t pktap_total_tap_count;
235
236extern void pktap_init(void);
237extern void pktap_input(struct ifnet *, protocol_family_t, struct mbuf *, char *);
238extern void pktap_output(struct ifnet *, protocol_family_t, struct mbuf *,
239 u_int32_t, u_int32_t);
240extern void pktap_fill_proc_info(struct pktap_header *, protocol_family_t ,
241 struct mbuf *, u_int32_t , int , struct ifnet *);
242extern void pktap_finalize_proc_info(struct pktap_header *);
243extern void pktap_v2_finalize_proc_info(struct pktap_v2_hdr *);
244extern void convert_to_pktap_header_to_v2(struct bpf_packet *bpf_pkt, bool truncate);
245#endif /* BSD_KERNEL_PRIVATE */
246#endif /* PRIVATE */
247
248#endif /* _NET_PKTAP_H_ */
249