re-implement the bpf "filter drop" option that it actually works. the

bpf FILDROP interface exists for about one year but the required
interface to the drivers was missing - so it was useless. this new
approach based on a design by henning@ uses a new mbuf flag to mark
filtered packets and to drop them in the generic network stack input
routines (like ether_input).

for example; after some additional testing, this could be used by
dhclient to filter everything except DHCP packets (track tech@
for a corresponding dhclient diff). the "filter dropped" packets won't
reach the network stack. so it's probably some kind of a very basic
application layer packet filter ;).

ok canacar@, discussed with henning@ and others

1 files changed, 10 insertions, 1 deletions

diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index eaa2559a2ec..709255a3cb9 100644
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c
@@ -1,5 +1,5 @@
 /*	$NetBSD: ieee80211_input.c,v 1.24 2004/05/31 11:12:24 dyoung Exp $	*/
-/*	$OpenBSD: ieee80211_input.c,v 1.11 2005/09/13 12:11:03 reyk Exp $	*/
+/*	$OpenBSD: ieee80211_input.c,v 1.12 2005/11/03 20:00:18 reyk Exp $	*/
 
 /*-
  * Copyright (c) 2001 Atsushi Onoe
@@ -408,6 +408,15 @@ ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni,
 #if NBPFILTER > 0
 		if (ic->ic_rawbpf)
 			bpf_mtap(ic->ic_rawbpf, m);
+		/*
+		 * Drop mbuf if it was filtered by bpf. Normally, this is
+		 * done in ether_input() but IEEE 802.11 management frames
+		 * are a special case.
+		 */
+		if (m->m_flags & M_FILDROP) {
+			m_freem(m);
+			return;
+		}			
 #endif
 		(*ic->ic_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp);
 		m_freem(m);