summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Wright <jason@cvs.openbsd.org>1999-03-19 22:47:35 +0000
committerJason Wright <jason@cvs.openbsd.org>1999-03-19 22:47:35 +0000
commit23e9862bcd1cec2160166d253b928b0f12e59f0a (patch)
treef24ce1be271e475b806f70f4a79026ceef8ee7ea
parent4ea62010d0d178dc752f170c8b7bf5464c5df47f (diff)
Add flag to allow some interfaces to not see packets with unknown destination.
Diffstat
-rw-r--r--share/man/man4/bridge.45
-rw-r--r--sys/net/if_bridge.c8
-rw-r--r--sys/net/if_bridge.h5
-rw-r--r--usr.sbin/brconfig/brconfig.821
-rw-r--r--usr.sbin/brconfig/brconfig.c72
5 files changed, 79 insertions, 32 deletions
diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4
index 28c658c769c..aece7c13478 100644
--- a/share/man/man4/bridge.4
+++ b/share/man/man4/bridge.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bridge.4,v 1.6 1999/03/19 02:46:54 jason Exp $
+.\" $OpenBSD: bridge.4,v 1.7 1999/03/19 22:47:33 jason Exp $
.\"
.\" Copyright (c) 1999 Jason L. Wright (jason@thought.net)
.\" All rights reserved.
@@ -94,7 +94,8 @@ struct ifbreq {
u_int32_t ifbr_ifsflags; /* member flags */
};
-#define IFBIF_LEARNING 0x1 /* ifs can learn addrs */
+#define IFBIF_LEARNING 0x1 /* ifs can learn addrs */
+#define IFBIF_DISCOVER 0x2 /* ifs gets fwd'd pkts */
struct ifbifconf {
char ifbic_name[IFNAMSIZ]; /* bridge name */
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 9e3ed260c65..1038df0c081 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bridge.c,v 1.7 1999/03/19 02:46:54 jason Exp $ */
+/* $OpenBSD: if_bridge.c,v 1.8 1999/03/19 22:47:33 jason Exp $ */
/*
* Copyright (c) 1999 Jason L. Wright (jason@thought.net)
@@ -280,7 +280,7 @@ bridge_ioctl(ifp, cmd, data)
}
p->ifp = ifs;
- p->bif_flags = IFBIF_LEARNING;
+ p->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
LIST_INSERT_HEAD(&sc->sc_iflist, p, next);
ifs->if_bridge = (caddr_t)sc;
break;
@@ -890,6 +890,10 @@ bridge_broadcast(sc, ifp, eh, m)
if (p->ifp->if_index == ifp->if_index)
continue;
+ if ((p->bif_flags & IFBIF_DISCOVER) == 0 &&
+ (m->m_flags & (M_BCAST|M_MCAST)) == 0)
+ continue;
+
if ((p->ifp->if_flags & IFF_RUNNING) == 0)
continue;
diff --git a/sys/net/if_bridge.h b/sys/net/if_bridge.h
index 6ebcccf5df1..ca4e89e34dc 100644
--- a/sys/net/if_bridge.h
+++ b/sys/net/if_bridge.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bridge.h,v 1.5 1999/03/19 02:46:54 jason Exp $ */
+/* $OpenBSD: if_bridge.h,v 1.6 1999/03/19 22:47:33 jason Exp $ */
/*
* Copyright (c) 1999 Jason L. Wright (jason@thought.net)
@@ -40,7 +40,8 @@ struct ifbreq {
u_int32_t ifbr_ifsflags; /* memver ifs flags */
};
-#define IFBIF_LEARNING 0x1 /* ifs can learn */
+#define IFBIF_LEARNING 0x1 /* ifs can learn */
+#define IFBIF_DISCOVER 0x2 /* ifs sends packets w/unknown dest */
/*
* Interface list structure
diff --git a/usr.sbin/brconfig/brconfig.8 b/usr.sbin/brconfig/brconfig.8
index 19958a412ae..48978b3b4f9 100644
--- a/usr.sbin/brconfig/brconfig.8
+++ b/usr.sbin/brconfig/brconfig.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: brconfig.8,v 1.8 1999/03/19 02:46:55 jason Exp $
+.\" $OpenBSD: brconfig.8,v 1.9 1999/03/19 22:47:34 jason Exp $
.\"
.\" Copyright (c) 1999 Jason L. Wright (jason@thought.net)
.\" All rights reserved.
@@ -51,6 +51,8 @@
.Op Ar deladdr address
.Op Ar flush
.Op Ar flushall
+.Op Ar discover interface-name
+.Op Ar -discover interface-name
.Op Ar learn interface-name
.Op Ar -learn interface-name
.Op Ar link0
@@ -117,6 +119,23 @@ Delete an address from the cache.
Remove all dynamically learned addresses from the cache.
.It Ar flushall
Remove all addresses from the cache including static addresses.
+.It Ar discover interface
+Mark an interface so that packets are sent out of the interface
+if the destination port of the packet is unknown.
+If the bridge has no address cache entry for the destination of
+a packet, meaning that there is no static entry and no dynamically learned
+entry for the destination, the bridge will forward the packet to all member
+interfaces that have this flag set.
+This is the default for interfaces added to the bridge.
+.It Ar -discover interface
+Mark an interface so that packets are not sent out of the interface
+if the destination port of the packet is unknown. Turning this flag
+off means that the bridge will not send packets out of this interface
+unless the packet is a broadcast packet, multicast packet, or a
+packet with a destination address found on the interface's segment.
+This, in combination with static address cache entries,
+prevents potentially sensitive packets from being sent on
+segments that have no need to see the packet.
.It Ar learn interface
Mark an interface so that the source address of packets received from
.Cm interface
diff --git a/usr.sbin/brconfig/brconfig.c b/usr.sbin/brconfig/brconfig.c
index 66ef54c23b6..cdddde95a72 100644
--- a/usr.sbin/brconfig/brconfig.c
+++ b/usr.sbin/brconfig/brconfig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: brconfig.c,v 1.8 1999/03/19 02:46:55 jason Exp $ */
+/* $OpenBSD: brconfig.c,v 1.9 1999/03/19 22:47:33 jason Exp $ */
/*
* Copyright (c) 1999 Jason L. Wright (jason@thought.net)
@@ -50,34 +50,34 @@
#include <stdlib.h>
#include <limits.h>
-void usage(void);
-int main(int, char **);
-int bridge_setflag(int, char *, short);
-int bridge_clrflag(int, char *, short);
-int bridge_ifsetflag(int, char *, char *, u_int32_t);
-int bridge_ifclrflag(int, char *, char *, u_int32_t);
-int bridge_list(int, char *, char *);
-int bridge_addrs(int, char *, char *);
-int bridge_addaddr(int, char *, char *, char *);
-int bridge_deladdr(int, char *, char *);
-int bridge_maxaddr(int, char *, char *);
-int bridge_timeout(int, char *, char *);
-int bridge_flush(int, char *);
-int bridge_flushall(int, char *);
-int bridge_add(int, char *, char *);
-int bridge_delete(int, char *, char *);
-int bridge_status(int, char *);
-int is_bridge(int, char *);
-int bridge_show_all(int);
-void printb(char *, unsigned short, char *);
+void usage __P((void));
+int main __P((int, char **));
+int bridge_setflag __P((int, char *, short));
+int bridge_clrflag __P((int, char *, short));
+int bridge_ifsetflag __P((int, char *, char *, u_int32_t));
+int bridge_ifclrflag __P((int, char *, char *, u_int32_t));
+int bridge_list __P((int, char *, char *));
+int bridge_addrs __P((int, char *, char *));
+int bridge_addaddr __P((int, char *, char *, char *));
+int bridge_deladdr __P((int, char *, char *));
+int bridge_maxaddr __P((int, char *, char *));
+int bridge_timeout __P((int, char *, char *));
+int bridge_flush __P((int, char *));
+int bridge_flushall __P((int, char *));
+int bridge_add __P((int, char *, char *));
+int bridge_delete __P((int, char *, char *));
+int bridge_status __P((int, char *));
+int is_bridge __P((int, char *));
+int bridge_show_all __P((int));
+void printb __P((char *, unsigned short, char *));
/* if_flags bits: borrowed from ifconfig.c */
#define IFFBITS \
"\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6NOTRAILERS\7RUNNING\10NOARP\
\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2\20MULTICAST"
-#define IFBABITS "\020\1STATIC"
-#define IFBIBITS "\020\1LEARNING"
+#define IFBAFBITS "\020\1STATIC"
+#define IFBIFBITS "\020\1LEARNING\2DISCOVER"
void
usage()
@@ -152,6 +152,28 @@ main(argc, argv)
if (error)
return (error);
}
+ else if (strcmp("discover", argv[0]) == 0) {
+ argc--; argv++;
+ if (argc == 0) {
+ warnx("discover requires an argument");
+ return (EX_USAGE);
+ }
+ error = bridge_ifsetflag(sock, brdg, argv[0],
+ IFBIF_DISCOVER);
+ if (error)
+ return (error);
+ }
+ else if (strcmp("-discover", argv[0]) == 0) {
+ argc--; argv++;
+ if (argc == 0) {
+ warnx("-discover requires an argument");
+ return (EX_USAGE);
+ }
+ error = bridge_ifclrflag(sock, brdg, argv[0],
+ IFBIF_DISCOVER);
+ if (error)
+ return (error);
+ }
else if (strcmp("learn", argv[0]) == 0) {
argc--; argv++;
if (argc == 0) {
@@ -488,7 +510,7 @@ bridge_list(s, brdg, delim)
bzero(buf, sizeof(buf));
strncpy(buf, reqp->ifbr_ifsname, sizeof(reqp->ifbr_ifsname));
printf("%s%s ", delim, buf);
- printb("flags", reqp->ifbr_ifsflags, IFBIBITS);
+ printb("flags", reqp->ifbr_ifsflags, IFBIFBITS);
printf("\n");
}
free(bifc.ifbic_buf);
@@ -672,7 +694,7 @@ bridge_addrs(s, brdg, delim)
strncpy(buf, ifba->ifba_ifsname, sizeof(ifba->ifba_ifsname));
printf("%s%s %s %u ", delim, ether_ntoa(&ifba->ifba_dst),
buf, ifba->ifba_age);
- printb("flags", ifba->ifba_flags, IFBABITS);
+ printb("flags", ifba->ifba_flags, IFBAFBITS);
printf("\n");
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 02:31:11 +0000