1 /* 2 * Copyright (c) 2025 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 /* 29 * Copyright (c) 1990, 1991, 1993 30 * The Regents of the University of California. All rights reserved. 31 * 32 * This code is derived from the Stanford/CMU enet packet filter, 33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 35 * Berkeley Laboratory. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)bpf.h 8.1 (Berkeley) 6/10/93 66 * @(#)bpf.h 1.34 (LBL) 6/16/96 67 * 68 * $FreeBSD: src/sys/net/bpf.h,v 1.21.2.3 2001/08/01 00:23:13 fenner Exp $ 69 */ 70 /* 71 * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce 72 * support for mandatory and extensible security protections. This notice 73 * is included in support of clause 2.2 (b) of the Apple Public License, 74 * Version 2.0. 75 */ 76 77 #ifndef _NET_BPF_PRIVATE_H_ 78 #define _NET_BPF_PRIVATE_H_ 79 80 #include <net/bpf.h> 81 82 #if !defined(DRIVERKIT) 83 #include <net/if_var.h> 84 #include <uuid/uuid.h> 85 86 struct bpf_setup_args { 87 uuid_t bsa_uuid; 88 char bsa_ifname[IFNAMSIZ]; 89 }; 90 91 #ifdef KERNEL_PRIVATE 92 /* 93 * LP64 version of bpf_program. all pointers 94 * grow when we're dealing with a 64-bit process. 95 * WARNING - keep in sync with bpf_program 96 */ 97 struct bpf_program64 { 98 u_int bf_len; 99 user64_addr_t bf_insns __attribute__((aligned(8))); 100 }; 101 102 struct bpf_program32 { 103 u_int bf_len; 104 user32_addr_t bf_insns; 105 }; 106 #endif /* KERNEL_PRIVATE */ 107 108 struct bpf_comp_stats { 109 uint64_t bcs_total_read; /* number of packets read from device */ 110 uint64_t bcs_total_size; /* total size of filtered packets */ 111 uint64_t bcs_total_hdr_size; /* total header size of captured packets */ 112 uint64_t bcs_count_no_common_prefix; /* count of packets not compressible */ 113 uint64_t bcs_count_compressed_prefix; /* count of compressed packets */ 114 uint64_t bcs_total_compressed_prefix_size; /* total size of compressed data */ 115 uint64_t bcs_max_compressed_prefix_size; /* max compressed data size */ 116 }; 117 118 #ifdef KERNEL_PRIVATE 119 #define BIOCSETF64 _IOW('B',103, struct bpf_program64) 120 #define BIOCSETF32 _IOW('B',103, struct bpf_program32) 121 #define BIOCSRTIMEOUT64 _IOW('B',109, struct user64_timeval) 122 #define BIOCSRTIMEOUT32 _IOW('B',109, struct user32_timeval) 123 #define BIOCGRTIMEOUT64 _IOR('B',110, struct user64_timeval) 124 #define BIOCGRTIMEOUT32 _IOR('B',110, struct user32_timeval) 125 #endif /* KERNEL_PRIVATE */ 126 #define BIOCGETTC _IOR('B', 122, int) 127 #define BIOCSETTC _IOW('B', 123, int) 128 #define BIOCSEXTHDR _IOW('B', 124, u_int) 129 #define BIOCGIFATTACHCOUNT _IOWR('B', 125, struct ifreq) 130 #ifdef KERNEL_PRIVATE 131 #define BIOCSETFNR64 _IOW('B',126, struct bpf_program64) 132 #define BIOCSETFNR32 _IOW('B',126, struct bpf_program32) 133 #endif /* KERNEL_PRIVATE */ 134 #define BIOCGWANTPKTAP _IOR('B', 127, u_int) 135 #define BIOCSWANTPKTAP _IOWR('B', 127, u_int) 136 #define BIOCSHEADDROP _IOW('B', 128, int) 137 #define BIOCGHEADDROP _IOR('B', 128, int) 138 #define BIOCSTRUNCATE _IOW('B', 129, u_int) 139 #define BIOCGETUUID _IOR('B', 130, uuid_t) 140 #define BIOCSETUP _IOW('B', 131, struct bpf_setup_args) 141 #define BIOCSPKTHDRV2 _IOW('B', 132, int) 142 #define BIOCGPKTHDRV2 _IOW('B', 133, int) 143 #define BIOCGHDRCOMP _IOR('B', 134, int) 144 #define BIOCSHDRCOMP _IOW('B', 135, int) 145 #define BIOCGHDRCOMPSTATS _IOR('B', 136, struct bpf_comp_stats) 146 #define BIOCGHDRCOMPON _IOR('B', 137, int) 147 #define BIOCGDIRECTION _IOR('B', 138, int) 148 #define BIOCSDIRECTION _IOW('B', 139, int) 149 #define BIOCSWRITEMAX _IOW('B', 140, u_int) 150 #define BIOCGWRITEMAX _IOR('B', 141, u_int) 151 #define BIOCGBATCHWRITE _IOR('B', 142, int) 152 #define BIOCSBATCHWRITE _IOW('B', 143, int) 153 #define BIOCGNOTSTAMP _IOR('B', 144, int) 154 #define BIOCSNOTSTAMP _IOW('B', 145, int) 155 #define BIOCGDVRTIN _IOR('B', 146, int) 156 #define BIOCSDVRTIN _IOW('B', 146, int) 157 158 /* 159 * This structure must be a multiple of 4 bytes. 160 * It includes padding and spare fields that we can use later if desired. 161 */ 162 struct bpf_hdr_ext { 163 struct BPF_TIMEVAL bh_tstamp; /* time stamp */ 164 bpf_u_int32 bh_caplen; /* length of captured portion */ 165 bpf_u_int32 bh_datalen; /* original length of packet */ 166 u_short bh_hdrlen; /* length of bpf header */ 167 u_char bh_complen; 168 u_char bh_flags; 169 #define BPF_HDR_EXT_FLAGS_DIR_IN 0x00 170 #define BPF_HDR_EXT_FLAGS_DIR_OUT 0x01 171 #ifdef BSD_KERNEL_PRIVATE 172 #define BPF_HDR_EXT_FLAGS_TCP 0x02 173 #define BPF_HDR_EXT_FLAGS_UDP 0x04 174 #endif /* BSD_KERNEL_PRIVATE */ 175 pid_t bh_pid; /* process PID */ 176 char bh_comm[MAXCOMLEN + 1]; /* process command */ 177 u_char bh_pktflags; 178 #define BPF_PKTFLAGS_TCP_REXMT 0x01 179 #define BPF_PKTFLAGS_START_SEQ 0x02 180 #define BPF_PKTFLAGS_LAST_PKT 0x04 181 #define BPF_PKTFLAGS_WAKE_PKT 0x08 182 #define BPF_PKTFLAGS_ULPN 0x10 183 uint16_t bh_trace_tag; 184 bpf_u_int32 bh_svc; /* service class */ 185 bpf_u_int32 bh_flowid; /* kernel reserved; 0 in userland */ 186 bpf_u_int32 bh_unsent_bytes; /* unsent bytes at interface */ 187 bpf_u_int32 bh_unsent_snd; /* unsent bytes at socket buffer */ 188 bpf_u_int32 bh_comp_gencnt; /* unsent bytes at socket buffer */ 189 }; 190 191 #define BPF_HDR_EXT_HAS_TRACE_TAG 1 192 #define BPF_HDR_EXT_HAS_COMP_GENCNT 1 193 194 /* 195 * External representation of the bpf descriptor 196 */ 197 struct xbpf_d { 198 uint32_t bd_structsize; /* Size of this structure. */ 199 int32_t bd_dev_minor; 200 int32_t bd_sig; 201 uint32_t bd_slen; 202 uint32_t bd_hlen; 203 uint32_t bd_bufsize; 204 pid_t bd_pid; 205 206 uint8_t bd_promisc; 207 uint8_t bd_immediate; 208 uint8_t bd_hdrcmplt; 209 uint8_t bd_async; 210 211 uint8_t bd_headdrop; 212 uint8_t bd_direction; 213 uint8_t bh_compreq; 214 uint8_t bh_compenabled; 215 216 uint8_t bd_exthdr; 217 uint8_t bd_trunc; 218 uint8_t bd_pkthdrv2; 219 uint8_t bd_batch_write : 1; 220 uint8_t bd_divert_in : 1; 221 uint8_t bd_padding : 6; 222 223 uint64_t bd_rcount; 224 uint64_t bd_dcount; 225 uint64_t bd_fcount; 226 uint64_t bd_wcount; 227 uint64_t bd_wdcount; 228 229 char bd_ifname[IFNAMSIZ]; 230 231 uint64_t bd_comp_count; 232 uint64_t bd_comp_size; 233 234 uint32_t bd_scnt; /* number of packets in store buffer */ 235 uint32_t bd_hcnt; /* number of packets in hold buffer */ 236 237 uint64_t bd_read_count; 238 uint64_t bd_fsize; 239 }; 240 241 #ifndef bd_seesent 242 /* 243 * Code compatibility workaround so that old versions of network_cmds will continue to build 244 * even if netstat -B shows an incorrect value. 245 */ 246 #define bd_seesent bd_direction 247 #endif /* bd_seesent */ 248 249 #define _HAS_STRUCT_XBPF_D_ 2 250 251 struct bpf_comp_hdr { 252 struct BPF_TIMEVAL bh_tstamp; /* time stamp */ 253 bpf_u_int32 bh_caplen; /* length of captured portion */ 254 bpf_u_int32 bh_datalen; /* original length of packet */ 255 u_short bh_hdrlen; /* length of bpf header (this struct 256 * plus alignment padding) */ 257 u_char bh_complen; /* data portion compressed */ 258 u_char bh_padding; /* data portion compressed */ 259 }; 260 261 #define HAS_BPF_HDR_COMP 1 262 #define BPF_HDR_COMP_LEN_MAX 255 263 264 /* 265 * Packet tap directions 266 */ 267 #define BPF_D_NONE 0x0 /* See no packet (for writing only) */ 268 #define BPF_D_IN 0x1 /* See incoming packets */ 269 #define BPF_D_OUT 0x2 /* See outgoing packets */ 270 #define BPF_D_INOUT 0x3 /* See incoming and outgoing packets */ 271 272 #endif /* !defined(DRIVERKIT) */ 273 274 /* 275 * For Apple private usage 276 */ 277 #define DLT_USER0_APPLE_INTERNAL DLT_USER0 /* rdar://12019509 */ 278 #define DLT_USER1_APPLE_INTERNAL DLT_USER1 /* rdar://12019509 */ 279 #define DLT_PKTAP DLT_USER2 /* rdar://11779467 */ 280 #define DLT_USER3_APPLE_INTERNAL DLT_USER3 /* rdar://19614531 */ 281 #define DLT_USER4_APPLE_INTERNAL DLT_USER4 /* rdar://19614531 */ 282 283 #if !defined(DRIVERKIT) 284 #ifdef KERNEL_PRIVATE 285 #define BPF_MIN_PKT_SIZE 40 286 #define PORT_DNS 53 287 #define PORT_BOOTPS 67 288 #define PORT_BOOTPC 68 289 #define PORT_ISAKMP 500 290 #define PORT_ISAKMP_NATT 4500 /* rfc3948 */ 291 292 #define BPF_T_MICROTIME 0x0000 /* The default */ 293 #define BPF_T_NONE 0x0003 294 295 /* Forward declerations */ 296 struct ifnet; 297 struct mbuf; 298 299 #define BPF_PACKET_TYPE_MBUF 0 300 #if SKYWALK 301 #define BPF_PACKET_TYPE_PKT 1 302 #include <skywalk/os_skywalk.h> 303 #endif /* SKYWALK */ 304 305 struct bpf_packet { 306 int bpfp_type; 307 void *__sized_by(bpfp_header_length) bpfp_header; /* optional */ 308 size_t bpfp_header_length; 309 union { 310 struct mbuf *bpfpu_mbuf; 311 void * bpfpu_ptr; 312 #if SKYWALK 313 kern_packet_t bpfpu_pkt; 314 #define bpfp_pkt bpfp_u.bpfpu_pkt 315 #endif /* SKYWALK */ 316 } bpfp_u; 317 #define bpfp_mbuf bpfp_u.bpfpu_mbuf 318 #define bpfp_ptr bpfp_u.bpfpu_ptr 319 size_t bpfp_total_length; /* length including optional header */ 320 }; 321 322 extern int bpf_validate(const struct bpf_insn *__counted_by(len), int len); 323 extern void bpfdetach(struct ifnet *); 324 extern void bpfilterattach(int); 325 extern u_int bpf_filter(const struct bpf_insn *__counted_by(pc_len), u_int pc_len, 326 u_char *__sized_by(sizeof(struct bpf_packet)), u_int wirelen, u_int); 327 #endif /* KERNEL_PRIVATE */ 328 329 #endif /* !defined(DRIVERKIT) */ 330 331 #ifdef KERNEL 332 #if SKYWALK 333 /*! 334 * @function bpf_tap_packet_in 335 * @discussion Call this function when your interface receives a 336 * packet. This function will check if any bpf devices need a 337 * a copy of the packet. 338 * @param interface The interface the packet was received on. 339 * @param dlt The data link type of the packet. 340 * @param packet The packet received. 341 * @param header An optional pointer to a header that will be prepended. 342 * @param header_len If the header was specified, the length of the header. 343 */ 344 extern void bpf_tap_packet_in(ifnet_t interface, u_int32_t dlt, 345 kern_packet_t packet, void *__sized_by(header_len) header, size_t header_len); 346 347 /*! 348 * @function bpf_tap_packet_out 349 * @discussion Call this function when your interface transmits a 350 * packet. This function will check if any bpf devices need a 351 * a copy of the packet. 352 * @param interface The interface the packet was or will be transmitted on. 353 * @param dlt The data link type of the packet. 354 * @param packet The packet received. 355 * @param header An optional pointer to a header that will be prepended. 356 * @param header_len If the header was specified, the length of the header. 357 */ 358 extern void bpf_tap_packet_out(ifnet_t interface, u_int32_t dlt, 359 kern_packet_t packet, void *__sized_by(header_len) header, size_t header_len); 360 361 #endif /* SKYWALK */ 362 #endif /* KERNEL */ 363 364 #endif /* _NET_BPF_PRIVATE_H_ */ 365