| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2012-2021 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | |
| 29 | #ifndef _NET_PKTAP_H_ |
| 30 | #define _NET_PKTAP_H_ |
| 31 | |
| 32 | #include <sys/_types/_timeval32.h> |
| 33 | #include <stdint.h> |
| 34 | #include <net/if.h> |
| 35 | #include <uuid/uuid.h> |
| 36 | #include <string.h> |
| 37 | |
| 38 | #ifdef PRIVATE |
| 39 | |
| 40 | #define PKTAP_IFNAME "pktap" |
| 41 | |
| 42 | /* To store interface name + unit */ |
| 43 | #define PKTAP_IFXNAMESIZE (IF_NAMESIZE + 8) |
| 44 | |
| 45 | /* |
| 46 | * Commands via SIOCGDRVSPEC/SIOCSDRVSPEC |
| 47 | */ |
| 48 | #define PKTP_CMD_FILTER_GET 1 /* array of PKTAP_MAX_FILTERS * struct pktap_filter */ |
| 49 | #define PKTP_CMD_FILTER_SET 3 /* array of PKTAP_MAX_FILTERS * struct pktap_filter */ |
| 50 | #define PKTP_CMD_TAP_COUNT 4 /* uint32_t number of active bpf tap on the interface */ |
| 51 | |
| 52 | /* |
| 53 | * Filtering is currently based on network interface properties -- |
| 54 | * the interface type and the interface name -- and has two types of |
| 55 | * operations -- pass and skip. |
| 56 | * By default only interfaces of type IFT_ETHER and IFT_CELLULAR pass |
| 57 | * the filter. |
| 58 | * It's possible to include other interfaces by type or by name |
| 59 | * The interface type is evaluated before the interface name |
| 60 | * The first matching rule stops the evaluation. |
| 61 | * A rule with interface type 0 (zero) matches any interfaces |
| 62 | */ |
| 63 | #define PKTAP_FILTER_OP_NONE 0 /* For inactive entries at the end of the list */ |
| 64 | #define PKTAP_FILTER_OP_PASS 1 |
| 65 | #define PKTAP_FILTER_OP_SKIP 2 |
| 66 | |
| 67 | #define PKTAP_FILTER_PARAM_NONE 0 |
| 68 | #define PKTAP_FILTER_PARAM_IF_TYPE 1 |
| 69 | #define PKTAP_FILTER_PARAM_IF_NAME 2 |
| 70 | |
| 71 | #ifdef BSD_KERNEL_PRIVATE |
| 72 | struct pktap_filter { |
| 73 | uint32_t filter_op; |
| 74 | uint32_t filter_param; |
| 75 | union { |
| 76 | uint32_t _filter_if_type; |
| 77 | char _filter_if_name[PKTAP_IFXNAMESIZE]; |
| 78 | } param_; |
| 79 | size_t filter_ifname_prefix_len; |
| 80 | }; |
| 81 | |
| 82 | struct x_pktap_filter { |
| 83 | #else |
| 84 | struct pktap_filter { |
| 85 | #endif /* BSD_KERNEL_PRIVATE */ |
| 86 | uint32_t filter_op; |
| 87 | uint32_t filter_param; |
| 88 | union { |
| 89 | uint32_t _filter_if_type; |
| 90 | char _filter_if_name[PKTAP_IFXNAMESIZE]; |
| 91 | } param_; |
| 92 | }; |
| 93 | #define filter_param_if_type param_._filter_if_type |
| 94 | #define filter_param_if_name param_._filter_if_name |
| 95 | |
| 96 | #define PKTAP_MAX_FILTERS 8 |
| 97 | |
| 98 | /* |
| 99 | * Header for DLT_PKTAP |
| 100 | * |
| 101 | * In theory, there could be several types of blocks in a chain before the actual packet |
| 102 | */ |
| 103 | struct pktap_header { |
| 104 | uint32_t pth_length; /* length of this header */ |
| 105 | uint32_t pth_type_next; /* type of data following */ |
| 106 | uint32_t pth_dlt; /* DLT of packet */ |
| 107 | char pth_ifname[PKTAP_IFXNAMESIZE]; /* interface name */ |
| 108 | uint32_t pth_flags; /* flags */ |
| 109 | uint32_t pth_protocol_family; |
| 110 | uint32_t pth_frame_pre_length; |
| 111 | uint32_t pth_frame_post_length; |
| 112 | pid_t pth_pid; /* process ID */ |
| 113 | char pth_comm[MAXCOMLEN + 1]; /* process name */ |
| 114 | uint8_t pth_pad1; |
| 115 | uint16_t pth_trace_tag; |
| 116 | uint32_t pth_svc; /* service class */ |
| 117 | uint16_t pth_iftype; |
| 118 | uint16_t pth_ifunit; |
| 119 | pid_t pth_epid; /* effective process ID */ |
| 120 | char pth_ecomm[MAXCOMLEN + 1]; /* effective command name */ |
| 121 | uint8_t pth_pad2; |
| 122 | uint16_t pth_pad3; |
| 123 | uint32_t pth_flowid; |
| 124 | uint32_t pth_ipproto; |
| 125 | struct timeval32 pth_tstamp; |
| 126 | uuid_t pth_uuid; |
| 127 | uuid_t pth_euuid; |
| 128 | }; |
| 129 | |
| 130 | #define PKTAP_HAS_TRACE_TAG 1 |
| 131 | |
| 132 | /* |
| 133 | * The original version 1 of the pktap_header structure always had the field |
| 134 | * pth_type_next set to PTH_TYPE_PACKET |
| 135 | */ |
| 136 | #define PTH_TYPE_NONE 0 /* No more data following */ |
| 137 | #define PTH_TYPE_PACKET 1 /* Actual captured packet data */ |
| 138 | |
| 139 | /* |
| 140 | * Size of buffer that can contain any pktap header |
| 141 | * followed by the optional 4 bytes protocol field |
| 142 | * or 16 bytes link layer header |
| 143 | */ |
| 144 | union pktap_header_extra { |
| 145 | uint8_t llhdr[16]; |
| 146 | uint32_t proto; |
| 147 | }; |
| 148 | |
| 149 | /* |
| 150 | * Version 2 version of the header |
| 151 | * |
| 152 | * The field pth_flags is at the same offset as the orignal pktap_header and |
| 153 | * the flag PTH_FLAG_V2_HDR allows to differentiate the header version. |
| 154 | */ |
| 155 | |
| 156 | #define PKTAP_MAX_COMM_SIZE (MAXCOMLEN + 1) |
| 157 | |
| 158 | struct pktap_v2_hdr { |
| 159 | uint8_t pth_length; /* length of this header */ |
| 160 | uint8_t pth_uuid_offset; /* max size: sizeof(uuid_t) */ |
| 161 | uint8_t pth_e_uuid_offset; /* max size: sizeof(uuid_t) */ |
| 162 | uint8_t pth_ifname_offset; /* max size: PKTAP_IFXNAMESIZE*/ |
| 163 | uint8_t pth_comm_offset; /* max size: PKTAP_MAX_COMM_SIZE */ |
| 164 | uint8_t pth_e_comm_offset; /* max size: PKTAP_MAX_COMM_SIZE */ |
| 165 | uint16_t pth_dlt; /* DLT of packet */ |
| 166 | uint16_t pth_frame_pre_length; |
| 167 | uint16_t pth_frame_post_length; |
| 168 | uint16_t pth_iftype; |
| 169 | uint16_t pth_ipproto; |
| 170 | uint32_t pth_protocol_family; |
| 171 | uint32_t pth_svc; /* service class */ |
| 172 | uint32_t pth_flowid; |
| 173 | pid_t pth_pid; /* process ID */ |
| 174 | pid_t pth_e_pid; /* effective process ID */ |
| 175 | uint32_t pth_flags; /* flags */ |
| 176 | }; |
| 177 | |
| 178 | struct pktap_v2_hdr_space { |
| 179 | struct pktap_v2_hdr pth_hdr; |
| 180 | uint8_t pth_uuid[sizeof(uuid_t)]; |
| 181 | uint8_t pth_e_uuid[sizeof(uuid_t)]; |
| 182 | uint8_t pth_ifname[PKTAP_IFXNAMESIZE]; |
| 183 | uint8_t pth_comm[PKTAP_MAX_COMM_SIZE]; |
| 184 | uint8_t pth_e_comm[PKTAP_MAX_COMM_SIZE]; |
| 185 | }; |
| 186 | |
| 187 | struct pktap_buffer_v2_hdr_extra { |
| 188 | struct pktap_v2_hdr_space hdr_space; |
| 189 | union pktap_header_extra extra; |
| 190 | }; |
| 191 | |
| 192 | #define COPY_PKTAP_COMMON_FIELDS_TO_V2(pktap_v2_hdr_dst, pktap_header_src) { \ |
| 193 | (pktap_v2_hdr_dst)->pth_length = sizeof(struct pktap_v2_hdr); \ |
| 194 | (pktap_v2_hdr_dst)->pth_uuid_offset = 0; \ |
| 195 | (pktap_v2_hdr_dst)->pth_e_uuid_offset = 0; \ |
| 196 | (pktap_v2_hdr_dst)->pth_ifname_offset = 0; \ |
| 197 | (pktap_v2_hdr_dst)->pth_comm_offset = 0; \ |
| 198 | (pktap_v2_hdr_dst)->pth_e_comm_offset = 0; \ |
| 199 | (pktap_v2_hdr_dst)->pth_dlt = (uint16_t)(pktap_header_src)->pth_dlt; \ |
| 200 | (pktap_v2_hdr_dst)->pth_frame_pre_length = (uint16_t)(pktap_header_src)->pth_frame_pre_length; \ |
| 201 | (pktap_v2_hdr_dst)->pth_frame_post_length = (uint16_t)(pktap_header_src)->pth_frame_post_length; \ |
| 202 | (pktap_v2_hdr_dst)->pth_iftype = (pktap_header_src)->pth_iftype; \ |
| 203 | (pktap_v2_hdr_dst)->pth_ipproto = (uint16_t)(pktap_header_src)->pth_ipproto; \ |
| 204 | (pktap_v2_hdr_dst)->pth_protocol_family = (pktap_header_src)->pth_protocol_family; \ |
| 205 | (pktap_v2_hdr_dst)->pth_svc = (pktap_header_src)->pth_svc; \ |
| 206 | (pktap_v2_hdr_dst)->pth_flowid = (pktap_header_src)->pth_flowid; \ |
| 207 | (pktap_v2_hdr_dst)->pth_pid = (pktap_header_src)->pth_pid; \ |
| 208 | (pktap_v2_hdr_dst)->pth_e_pid = (pktap_header_src)->pth_epid; \ |
| 209 | (pktap_v2_hdr_dst)->pth_flags = (pktap_header_src)->pth_flags; \ |
| 210 | (pktap_v2_hdr_dst)->pth_flags |= PTH_FLAG_V2_HDR; \ |
| 211 | } |
| 212 | |
| 213 | /* |
| 214 | * Values for field pth_flags |
| 215 | */ |
| 216 | #define PTH_FLAG_DIR_IN 0x00000001 /* Outgoing packet */ |
| 217 | #define PTH_FLAG_DIR_OUT 0x00000002 /* Incoming packet */ |
| 218 | #define PTH_FLAG_PROC_DELEGATED 0x00000004 /* Process delegated */ |
| 219 | #define PTH_FLAG_IF_DELEGATED 0x00000008 /* Interface delegated */ |
| 220 | #ifdef BSD_KERNEL_PRIVATE |
| 221 | #define PTH_FLAG_DELAY_PKTAP 0x00001000 /* Finalize pktap header on read */ |
| 222 | #endif /* BSD_KERNEL_PRIVATE */ |
| 223 | #define PTH_FLAG_TSTAMP 0x00002000 /* Has time stamp */ |
| 224 | #define PTH_FLAG_NEW_FLOW 0x00004000 /* Packet from a new flow */ |
| 225 | #define PTH_FLAG_REXMIT 0x00008000 /* Packet is a retransmission */ |
| 226 | #define PTH_FLAG_KEEP_ALIVE 0x00010000 /* Is keep alive packet */ |
| 227 | #define PTH_FLAG_SOCKET 0x00020000 /* Packet on a Socket */ |
| 228 | #define PTH_FLAG_NEXUS_CHAN 0x00040000 /* Packet on a nexus channel */ |
| 229 | #define PTH_FLAG_V2_HDR 0x00080000 /* Version 2 of pktap */ |
| 230 | #define PTH_FLAG_WAKE_PKT 0x00100000 /* Packet caused system to ake from sleep */ |
| 231 | |
| 232 | #ifdef BSD_KERNEL_PRIVATE |
| 233 | |
| 234 | #include <net/bpf.h> |
| 235 | |
| 236 | struct pktap_header_buffer { |
| 237 | struct pktap_header pkth; |
| 238 | union pktap_header_extra extra; |
| 239 | }; |
| 240 | |
| 241 | extern uint32_t pktap_total_tap_count; |
| 242 | |
| 243 | extern void pktap_init(void); |
| 244 | extern void pktap_input(struct ifnet *, protocol_family_t, struct mbuf *, char *); |
| 245 | extern void pktap_output(struct ifnet *, protocol_family_t, struct mbuf *, |
| 246 | u_int32_t, u_int32_t); |
| 247 | extern void pktap_fill_proc_info(struct pktap_header *, protocol_family_t, |
| 248 | struct mbuf *, u_int32_t, int, struct ifnet *); |
| 249 | extern void pktap_finalize_proc_info(struct pktap_header *); |
| 250 | extern void pktap_v2_finalize_proc_info(struct pktap_v2_hdr *); |
| 251 | #if SKYWALK |
| 252 | #include <skywalk/os_skywalk.h> |
| 253 | extern void pktap_input_packet(struct ifnet *, protocol_family_t, uint32_t, |
| 254 | pid_t, const char *, pid_t, const char *, kern_packet_t, const void *, size_t, |
| 255 | uint8_t, uint32_t, uint32_t); |
| 256 | extern void pktap_output_packet(struct ifnet *, protocol_family_t, uint32_t, |
| 257 | pid_t, const char *, pid_t, const char *, kern_packet_t, const void *, size_t, |
| 258 | uint8_t, uint32_t, uint32_t); |
| 259 | #endif /* SKYWALK */ |
| 260 | extern void convert_to_pktap_header_to_v2(struct bpf_packet *bpf_pkt, bool truncate); |
| 261 | #endif /* BSD_KERNEL_PRIVATE */ |
| 262 | #endif /* PRIVATE */ |
| 263 | |
| 264 | #endif /* _NET_PKTAP_H_ */ |
| 265 |
Generated while processing xnu/bsd/kern/bsd_init.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.