diff options
| author |   reyk <reyk@openbsd.org> | 2005-11-03 20:00:18 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2005-11-03 20:00:18 +0000 |
| commit | 832330f3029a23a689cc9ad622d2847e4bf78802 (patch) | |
| tree | bd320d98b91be48955ffb653cdcc138cfcde4d5e /sys/net/bpf.c | |
| parent | - minor KNF (diff) | |
| download | wireguard-openbsd-832330f3029a23a689cc9ad622d2847e4bf78802.tar.xz wireguard-openbsd-832330f3029a23a689cc9ad622d2847e4bf78802.zip | |
re-implement the bpf "filter drop" option that it actually works. the
bpf FILDROP interface exists for about one year but the required
interface to the drivers was missing - so it was useless. this new
approach based on a design by henning@ uses a new mbuf flag to mark
filtered packets and to drop them in the generic network stack input
routines (like ether_input).
for example; after some additional testing, this could be used by
dhclient to filter everything except DHCP packets (track tech@
for a corresponding dhclient diff). the "filter dropped" packets won't
reach the network stack. so it's probably some kind of a very basic
application layer packet filter ;).
ok canacar@, discussed with henning@ and others
Diffstat (limited to 'sys/net/bpf.c')
| -rw-r--r-- | sys/net/bpf.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index f329bde00b6..c7ff40f28f6 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.59 2005/07/31 03:52:18 pascoe Exp $ */ +/* $OpenBSD: bpf.c,v 1.60 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1157,17 +1157,16 @@ bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) /* * Incoming linkage from device drivers, when packet is in an mbuf chain. */ -int +void bpf_mtap(caddr_t arg, struct mbuf *m) { struct bpf_if *bp = (struct bpf_if *)arg; struct bpf_d *d; size_t pktlen, slen; struct mbuf *m0; - int drop = 0; if (m == NULL) - return (0); + return; pktlen = 0; for (m0 = m; m0 != 0; m0 = m0->m_next) @@ -1182,10 +1181,8 @@ bpf_mtap(caddr_t arg, struct mbuf *m) bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); if (d->bd_fildrop) - drop++; + m->m_flags |= M_FILDROP; } - - return (drop); } /* @@ -1197,7 +1194,7 @@ bpf_mtap(caddr_t arg, struct mbuf *m) * fields in this header that we initialize, and will not try to free * it or keep a pointer to it. */ -int +void bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) { struct m_hdr mh; @@ -1207,7 +1204,8 @@ bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) mh.mh_len = dlen; mh.mh_data = data; - return bpf_mtap(arg, (struct mbuf *) &mh); + bpf_mtap(arg, (struct mbuf *) &mh); + m->m_flags |= mh.mh_flags & M_FILDROP; } /* @@ -1219,7 +1217,7 @@ bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) * fields in this header that we initialize, and will not try to free * it or keep a pointer to it. */ -int +void bpf_mtap_af(caddr_t arg, u_int32_t af, struct mbuf *m) { struct m_hdr mh; @@ -1229,7 +1227,8 @@ bpf_mtap_af(caddr_t arg, u_int32_t af, struct mbuf *m) mh.mh_len = 4; mh.mh_data = (caddr_t)⁡ - return bpf_mtap(arg, (struct mbuf *) &mh); + bpf_mtap(arg, (struct mbuf *) &mh); + m->m_flags |= mh.mh_flags & M_FILDROP; } /* |