diff options
| author |   reyk <reyk@openbsd.org> | 2005-11-03 20:00:18 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2005-11-03 20:00:18 +0000 |
| commit | 832330f3029a23a689cc9ad622d2847e4bf78802 (patch) | |
| tree | bd320d98b91be48955ffb653cdcc138cfcde4d5e /sys/net/if_ethersubr.c | |
| parent | - minor KNF (diff) | |
| download | wireguard-openbsd-832330f3029a23a689cc9ad622d2847e4bf78802.tar.xz wireguard-openbsd-832330f3029a23a689cc9ad622d2847e4bf78802.zip | |
re-implement the bpf "filter drop" option that it actually works. the
bpf FILDROP interface exists for about one year but the required
interface to the drivers was missing - so it was useless. this new
approach based on a design by henning@ uses a new mbuf flag to mark
filtered packets and to drop them in the generic network stack input
routines (like ether_input).
for example; after some additional testing, this could be used by
dhclient to filter everything except DHCP packets (track tech@
for a corresponding dhclient diff). the "filter dropped" packets won't
reach the network stack. so it's probably some kind of a very basic
application layer packet filter ;).
ok canacar@, discussed with henning@ and others
Diffstat (limited to 'sys/net/if_ethersubr.c')
| -rw-r--r-- | sys/net/if_ethersubr.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 6a7eeed9407..ee4bbf4c1d2 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.98 2005/10/17 08:43:35 henning Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.99 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -615,6 +615,14 @@ ether_input(ifp, eh, m) ac = (struct arpcom *)ifp; /* + * If packet has been filtered by the bpf listener, drop it now + */ + if (m->m_flags & M_FILDROP) { + m_free(m); + return; + } + + /* * If packet is unicast and we're in promiscuous mode, make sure it * is for us. Drop otherwise. */ |