Directly drop packets filtered by bpf(4) instead of going through the

input handlers.

ok dlg@

2 files changed, 17 insertions, 9 deletions

diff --git a/sys/net/if.c b/sys/net/if.c
index c04975c0f80..a035c440cdd 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if.c,v 1.434 2016/06/10 20:33:29 vgross Exp $	*/
+/*	$OpenBSD: if.c,v 1.435 2016/07/12 09:33:13 mpi Exp $	*/
 /*	$NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $	*/
 
 /*
@@ -618,9 +618,18 @@ if_input(struct ifnet *ifp, struct mbuf_list *ml)
 #if NBPFILTER > 0
 	if_bpf = ifp->if_bpf;
 	if (if_bpf) {
-		MBUF_LIST_FOREACH(ml, m)
-			if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0)
-				m->m_flags |= M_FILDROP;
+		struct mbuf_list ml0;
+
+		ml_init(&ml0);
+		ml_enlist(&ml0, ml);
+		ml_init(ml);
+
+		while ((m = ml_dequeue(&ml0)) != NULL) {
+			if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN))
+				m_freem(m);
+			else
+				ml_enqueue(ml, m);
+		}
 	}
 #endif
 
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 2aef400a555..b800d6d02c4 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_ethersubr.c,v 1.238 2016/06/08 12:57:58 mpi Exp $	*/
+/*	$OpenBSD: if_ethersubr.c,v 1.239 2016/07/12 09:33:13 mpi Exp $	*/
 /*	$NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $	*/
 
 /*
@@ -344,11 +344,10 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
 	}
 
 	/*
-	 * If packet has been filtered by the bpf listener, drop it now
-	 * also HW vlan tagged packets that were not collected by vlan(4)
-	 * must be dropped now.
+	 * HW vlan tagged packets that were not collected by vlan(4) must
+	 * be dropped now.
 	 */
-	if (m->m_flags & (M_FILDROP | M_VLANTAG)) {
+	if (m->m_flags & M_VLANTAG) {
 		m_freem(m);
 		return (1);
 	}