re-implement the bpf "filter drop" option that it actually works. the

bpf FILDROP interface exists for about one year but the required
interface to the drivers was missing - so it was useless. this new
approach based on a design by henning@ uses a new mbuf flag to mark
filtered packets and to drop them in the generic network stack input
routines (like ether_input).

for example; after some additional testing, this could be used by
dhclient to filter everything except DHCP packets (track tech@
for a corresponding dhclient diff). the "filter dropped" packets won't
reach the network stack. so it's probably some kind of a very basic
application layer packet filter ;).

ok canacar@, discussed with henning@ and others

1 files changed, 4 insertions, 4 deletions

diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index b6e8c0e1610..3a435af6ed4 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bpf.h,v 1.31 2005/07/31 03:52:18 pascoe Exp $	*/
+/*	$OpenBSD: bpf.h,v 1.32 2005/11/03 20:00:18 reyk Exp $	*/
 /*	$NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $	*/
 
 /*
@@ -261,9 +261,9 @@ struct bpf_dltlist {
 #ifdef _KERNEL
 int	 bpf_validate(struct bpf_insn *, int);
 int	 bpf_tap(caddr_t, u_char *, u_int);
-int	 bpf_mtap(caddr_t, struct mbuf *);
-int	 bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *);
-int	 bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *);
+void	 bpf_mtap(caddr_t, struct mbuf *);
+void	 bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *);
+void	 bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *);
 void	 bpfattach(caddr_t *, struct ifnet *, u_int, u_int);
 void	 bpfdetach(struct ifnet *);
 void	 bpfilterattach(int);