diff options
| author | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 03:52:20 +0000 |
|---|---|---|
| committer | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 03:52:20 +0000 |
| commit | 781ac69d614f18f3a062f09f4114df646729d1f4 (patch) | |
| tree | d35b9790c3a701453c5f26373609f72d03e19ec9 | |
| parent | 572772cf7ccf3f3860c0121c89ee22e0001d0692 (diff) | |
Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain
to bpf with either an address family or other header added.
These helpers only allocate a much smaller struct m_hdr on the stack when
needed, rather than leaving 256 byte struct mbufs on the stack in deep
call paths. Also removes a fair bit of duplicated code.
commit now, tune after deraadt@
| -rw-r--r-- | sys/arch/mvme68k/dev/if_ie.c | 10 | ||||
| -rw-r--r-- | sys/arch/mvme88k/dev/if_ie.c | 10 | ||||
| -rw-r--r-- | sys/arch/sparc/dev/if_ie.c | 10 | ||||
| -rw-r--r-- | sys/dev/isa/if_ie.c | 10 | ||||
| -rw-r--r-- | sys/net/bpf.c | 46 | ||||
| -rw-r--r-- | sys/net/bpf.h | 4 | ||||
| -rw-r--r-- | sys/net/if_faith.c | 22 | ||||
| -rw-r--r-- | sys/net/if_gif.c | 22 | ||||
| -rw-r--r-- | sys/net/if_gre.c | 22 | ||||
| -rw-r--r-- | sys/net/if_loop.c | 22 | ||||
| -rw-r--r-- | sys/net/if_pflog.c | 16 | ||||
| -rw-r--r-- | sys/net/if_trunk.c | 13 | ||||
| -rw-r--r-- | sys/net/if_vlan.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_ah.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_carp.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_ether.c | 15 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.c | 41 | ||||
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 18 | ||||
| -rw-r--r-- | sys/netinet/ip_ipip.c | 21 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 17 |
21 files changed, 116 insertions, 279 deletions
diff --git a/sys/arch/mvme68k/dev/if_ie.c b/sys/arch/mvme68k/dev/if_ie.c index 87cc07d8bd2..a50fcd5c92a 100644 --- a/sys/arch/mvme68k/dev/if_ie.c +++ b/sys/arch/mvme68k/dev/if_ie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ie.c,v 1.28 2005/01/15 05:24:10 brad Exp $ */ +/* $OpenBSD: if_ie.c,v 1.29 2005/07/31 03:52:18 pascoe Exp $ */ /*- * Copyright (c) 1999 Steve Murphree, Jr. @@ -1203,13 +1203,9 @@ ie_readframe(sc, num) * tho' it will make a copy for tcpdump.) */ if (bpf_gets_it) { - struct mbuf m0; - m0.m_len = sizeof eh; - m0.m_data = (caddr_t)&eh; - m0.m_next = m; - /* Pass it up. */ - bpf_mtap(sc->sc_arpcom.ac_if.if_bpf, &m0); + bpf_mtap_hdr(sc->sc_arpcom.ac_if.if_bpf, (caddr_t)&eh, + sizeof(eh), m); } /* * A signal passed up from the filtering code indicating that the diff --git a/sys/arch/mvme88k/dev/if_ie.c b/sys/arch/mvme88k/dev/if_ie.c index 51e24e79a7d..07ad5d32810 100644 --- a/sys/arch/mvme88k/dev/if_ie.c +++ b/sys/arch/mvme88k/dev/if_ie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ie.c,v 1.32 2005/01/15 05:24:10 brad Exp $ */ +/* $OpenBSD: if_ie.c,v 1.33 2005/07/31 03:52:18 pascoe Exp $ */ /*- * Copyright (c) 1998 Steve Murphree, Jr. @@ -1169,13 +1169,9 @@ ie_readframe(sc, num) * tho' it will make a copy for tcpdump.) */ if (bpf_gets_it) { - struct mbuf m0; - m0.m_len = sizeof eh; - m0.m_data = (caddr_t)&eh; - m0.m_next = m; - /* Pass it up. */ - bpf_mtap(sc->sc_arpcom.ac_if.if_bpf, &m0); + bpf_mtap_hdr(sc->sc_arpcom.ac_if.if_bpf, (caddr_t)&eh, + sizeof(eh), m); } /* * A signal passed up from the filtering code indicating that the diff --git a/sys/arch/sparc/dev/if_ie.c b/sys/arch/sparc/dev/if_ie.c index 57fc0eda24b..8842603e47a 100644 --- a/sys/arch/sparc/dev/if_ie.c +++ b/sys/arch/sparc/dev/if_ie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ie.c,v 1.31 2005/06/08 17:03:02 henning Exp $ */ +/* $OpenBSD: if_ie.c,v 1.32 2005/07/31 03:52:19 pascoe Exp $ */ /* $NetBSD: if_ie.c,v 1.33 1997/07/29 17:55:38 fair Exp $ */ /*- @@ -1337,13 +1337,9 @@ ie_readframe(sc, num) * tho' it will make a copy for tcpdump.) */ if (bpf_gets_it) { - struct mbuf m0; - m0.m_len = sizeof eh; - m0.m_data = (caddr_t)&eh; - m0.m_next = m; - /* Pass it up. */ - bpf_mtap(sc->sc_arpcom.ac_if.if_bpf, &m0); + bpf_mtap_hdr(sc->sc_arpcom.ac_if.if_bpf, (caddr_t)&eh, + sizeof(eh), m); } /* * A signal passed up from the filtering code indicating that the diff --git a/sys/dev/isa/if_ie.c b/sys/dev/isa/if_ie.c index 225e1411ef7..b91288d13dc 100644 --- a/sys/dev/isa/if_ie.c +++ b/sys/dev/isa/if_ie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ie.c,v 1.30 2005/01/15 05:24:11 brad Exp $ */ +/* $OpenBSD: if_ie.c,v 1.31 2005/07/31 03:52:19 pascoe Exp $ */ /* $NetBSD: if_ie.c,v 1.51 1996/05/12 23:52:48 mycroft Exp $ */ /*- @@ -1393,13 +1393,9 @@ ie_readframe(sc, num) * tho' it will make a copy for tcpdump.) */ if (bpf_gets_it) { - struct mbuf m0; - m0.m_len = sizeof eh; - m0.m_data = (caddr_t)&eh; - m0.m_next = m; - /* Pass it up. */ - bpf_mtap(sc->sc_arpcom.ac_if.if_bpf, &m0); + bpf_mtap_hdr(sc->sc_arpcom.ac_if.if_bpf, (caddr_t)&eh, + sizeof(eh), m); /* * A signal passed up from the filtering code indicating that diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 980066a9490..f329bde00b6 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.58 2005/04/20 19:52:42 reyk Exp $ */ +/* $OpenBSD: bpf.c,v 1.59 2005/07/31 03:52:18 pascoe Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1189,6 +1189,50 @@ bpf_mtap(caddr_t arg, struct mbuf *m) } /* + * Incoming linkage from device drivers, where we have a mbuf chain + * but need to prepend some arbitrary header from a linear buffer. + * + * Con up a minimal dummy header to pacify bpf. Allocate (only) a + * struct m_hdr on the stack. This is safe as bpf only reads from the + * fields in this header that we initialize, and will not try to free + * it or keep a pointer to it. + */ +int +bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) +{ + struct m_hdr mh; + + mh.mh_flags = 0; + mh.mh_next = m; + mh.mh_len = dlen; + mh.mh_data = data; + + return bpf_mtap(arg, (struct mbuf *) &mh); +} + +/* + * Incoming linkage from device drivers, where we have a mbuf chain + * but need to prepend the address family. + * + * Con up a minimal dummy header to pacify bpf. We allocate (only) a + * struct m_hdr on the stack. This is safe as bpf only reads from the + * fields in this header that we initialize, and will not try to free + * it or keep a pointer to it. + */ +int +bpf_mtap_af(caddr_t arg, u_int32_t af, struct mbuf *m) +{ + struct m_hdr mh; + + mh.mh_flags = 0; + mh.mh_next = m; + mh.mh_len = 4; + mh.mh_data = (caddr_t)⁡ + + return bpf_mtap(arg, (struct mbuf *) &mh); +} + +/* * Move the packet data from interface memory (pkt) into the * store buffer. Return 1 if it's time to wakeup a listener (buffer full), * otherwise 0. "copy" is the routine called to do the actual data diff --git a/sys/net/bpf.h b/sys/net/bpf.h index c8465ea15c7..b6e8c0e1610 100644 --- a/sys/net/bpf.h +++ b/sys/net/bpf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.h,v 1.30 2005/01/07 16:28:38 reyk Exp $ */ +/* $OpenBSD: bpf.h,v 1.31 2005/07/31 03:52:18 pascoe Exp $ */ /* $NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $ */ /* @@ -262,6 +262,8 @@ struct bpf_dltlist { int bpf_validate(struct bpf_insn *, int); int bpf_tap(caddr_t, u_char *, u_int); int bpf_mtap(caddr_t, struct mbuf *); +int bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *); +int bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *); void bpfattach(caddr_t *, struct ifnet *, u_int, u_int); void bpfdetach(struct ifnet *); void bpfilterattach(int); diff --git a/sys/net/if_faith.c b/sys/net/if_faith.c index b936b6f4204..e7a224c80ee 100644 --- a/sys/net/if_faith.c +++ b/sys/net/if_faith.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_faith.c,v 1.17 2003/12/16 20:33:25 markus Exp $ */ +/* $OpenBSD: if_faith.c,v 1.18 2005/07/31 03:52:18 pascoe Exp $ */ /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. @@ -151,24 +151,8 @@ faithoutput(ifp, m, dst, rt) m->m_data += sizeof(int); } - if (ifp->if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a faith header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - u_int32_t af = dst->sa_family; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf) + bpf_mtap_af(ifp->if_bpf, dst->sa_family); #endif if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) { diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index cce663f9a5f..931791e25a5 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.c,v 1.31 2003/12/16 20:33:25 markus Exp $ */ +/* $OpenBSD: if_gif.c,v 1.32 2005/07/31 03:52:18 pascoe Exp $ */ /* $KAME: if_gif.c,v 1.43 2001/02/20 08:51:07 itojun Exp $ */ /* @@ -232,24 +232,8 @@ gif_output(ifp, m, dst, rt) m->m_flags &= ~(M_BCAST|M_MCAST); #if NBPFILTER > 0 - if (ifp->if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a dummy header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - u_int32_t af = dst->sa_family; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf) + bpf_mtap_af(ifp->if_bpf, dst->sa_family, m); #endif ifp->if_opackets++; ifp->if_obytes += m->m_pkthdr.len; diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 8310ff5404e..8b411fc95fe 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gre.c,v 1.34 2005/06/08 06:35:04 henning Exp $ */ +/* $OpenBSD: if_gre.c,v 1.35 2005/07/31 03:52:18 pascoe Exp $ */ /* $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -235,24 +235,8 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, m_tag_prepend(m, mtag); #if NBPFILTER >0 - if (ifp->if_bpf) { - /* - * We need to prepend the address family as a four - * byte field. Cons up a fake header to pacify bpf. - * This is safe because bpf will only read from the - * mbuf (i.e., it won't try to free it or keep a - * pointer a to it). - */ - struct mbuf m0; - u_int32_t af = dst->sa_family; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *) ⁡ - - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf) + bpf_mtap_af(ifp->if_bpf, dst->sa_family, m); #endif if (sc->g_proto == IPPROTO_MOBILE) { diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c index dc51a28c9b5..b4760546e43 100644 --- a/sys/net/if_loop.c +++ b/sys/net/if_loop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_loop.c,v 1.35 2005/06/12 06:23:43 henning Exp $ */ +/* $OpenBSD: if_loop.c,v 1.36 2005/07/31 03:52:18 pascoe Exp $ */ /* $NetBSD: if_loop.c,v 1.15 1996/05/07 02:40:33 thorpej Exp $ */ /* @@ -250,24 +250,8 @@ looutput(ifp, m, dst, rt) * looutput() is also called for SIMPLEX interfaces to duplicate * packets for local use. But don't dup them to bpf. */ - if (ifp->if_bpf && (ifp->if_flags&IFF_LOOPBACK)) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a dummy header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer to it). - */ - struct mbuf m0; - u_int32_t af = htonl(dst->sa_family); - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = sizeof(af); - m0.m_data = (char *)⁡ - - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf && (ifp->if_flags & IFF_LOOPBACK)) + bpf_mtap_af(ifp->if_bpf, dst->sa_family, m); #endif m->m_pkthdr.rcvif = ifp; diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index d5370c1c7fa..548d0247c66 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.14 2005/05/27 20:17:31 dhartmei Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.15 2005/07/31 03:52:18 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -180,11 +180,14 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, #if NBPFILTER > 0 struct ifnet *ifn; struct pfloghdr hdr; - struct mbuf m1; if (kif == NULL || m == NULL || rm == NULL || pd == NULL) return (-1); + ifn = &(pflogif[0].sc_if); + if (!ifn->if_bpf) + return (0); + bzero(&hdr, sizeof(hdr)); hdr.length = PFLOG_REAL_HDRLEN; hdr.af = af; @@ -225,14 +228,7 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, } #endif /* INET */ - m1.m_next = m; - m1.m_len = PFLOG_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(pflogif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, PFLOG_HDRLEN, m); #endif return (0); diff --git a/sys/net/if_trunk.c b/sys/net/if_trunk.c index 8ca077eb43e..84b896281b7 100644 --- a/sys/net/if_trunk.c +++ b/sys/net/if_trunk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_trunk.c,v 1.3 2005/05/27 22:57:13 reyk Exp $ */ +/* $OpenBSD: if_trunk.c,v 1.4 2005/07/31 03:52:18 pascoe Exp $ */ /* * Copyright (c) 2005 Reyk Floeter <reyk@vantronix.net> @@ -669,15 +669,8 @@ trunk_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) trifp = &tr->tr_ac.ac_if; #if NBPFILTER > 0 - if (trifp->if_bpf) { - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = ETHER_HDR_LEN; - m0.m_data = (char *)eh; - bpf_mtap(trifp->if_bpf, &m0); - } + if (trifp->if_bpf) + bpf_mtap_hdr(trifp->if_bpf, (char *)eh, ETHER_HDR_LEN, m); #endif error = (*tr->tr_input)(tr, tp, eh, m); diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c index 376db014ef0..579128b1456 100644 --- a/sys/net/if_vlan.c +++ b/sys/net/if_vlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vlan.c,v 1.58 2005/07/19 11:50:20 camield Exp $ */ +/* $OpenBSD: if_vlan.c,v 1.59 2005/07/31 03:52:18 pascoe Exp $ */ /* * Copyright 1998 Massachusetts Institute of Technology @@ -301,21 +301,8 @@ vlan_input(eh, m) m->m_pkthdr.len -= EVL_ENCAPLEN; #if NBPFILTER > 0 - if (ifv->ifv_if.if_bpf) { - /* - * Do the usual BPF fakery. Note that we don't support - * promiscuous mode here, since it would require the - * drivers to know about VLANs and we're not ready for - * that yet. - */ - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = ETHER_HDR_LEN; - m0.m_data = (char *)eh; - bpf_mtap(ifv->ifv_if.if_bpf, &m0); - } + if (ifv->ifv_if.if_bpf) + bpf_mtap_hdr(ifv->ifv_if.if_bpf, (char *)eh, ETHER_HDR_LEN, m); #endif ifv->ifv_if.if_ipackets++; ether_input(&ifv->ifv_if, eh, m); diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index be91d8fd650..c673c37d366 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.81 2005/05/28 15:10:07 ho Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.82 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -951,12 +951,11 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int len, rplen; u_int8_t prot; struct ah *ah; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero (&hdr, sizeof(hdr)); @@ -964,15 +963,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, hdr.spi = tdb->tdb_spi; hdr.flags |= M_AUTH | M_AUTH_AH; - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index 2e78ec9c5f4..f75af9d8447 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_carp.c,v 1.107 2005/06/19 18:17:02 pascoe Exp $ */ +/* $OpenBSD: ip_carp.c,v 1.108 2005/07/31 03:52:19 pascoe Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff. All rights reserved. @@ -1251,21 +1251,8 @@ carp_input(struct mbuf *m, u_int8_t *shost, u_int8_t *dhost, u_int16_t etype) m->m_pkthdr.rcvif = ifp; #if NBPFILTER > 0 - if (ifp->if_bpf) { - /* - * Do the usual BPF fakery. Note that we don't support - * promiscuous mode here, since it would require the - * drivers to know about CARP and we're not ready for - * that yet. - */ - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = ETHER_HDR_LEN; - m0.m_data = (char *)&eh; - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf) + bpf_mtap_hdr(ifp->if_bpf, (char *)&eh, ETHER_HDR_LEN, m); #endif ifp->if_ipackets++; ether_input(ifp, &eh, m); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 35e41b62708..f374aba0d40 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.92 2005/05/28 15:10:07 ho Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.93 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -731,12 +731,11 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct cryptodesc *crde = NULL, *crda = NULL; struct cryptop *crp; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero (&hdr, sizeof(hdr)); @@ -747,15 +746,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, if (esph) hdr.flags |= M_AUTH; - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif diff --git a/sys/netinet/ip_ether.c b/sys/netinet/ip_ether.c index 4949fb1c0bc..cd53c0b5513 100644 --- a/sys/netinet/ip_ether.c +++ b/sys/netinet/ip_ether.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ether.c,v 1.47 2004/11/17 12:06:16 markus Exp $ */ +/* $OpenBSD: ip_ether.c,v 1.48 2005/07/31 03:52:19 pascoe Exp $ */ /* * The author of this code is Angelos D. Keromytis (kermit@adk.gr) * @@ -242,17 +242,8 @@ etherip_input(struct mbuf *m, ...) return; } #if NBPFILTER > 0 - if (sc->gif_if.if_bpf) { - struct mbuf m0; - u_int32_t af = sdst.sa.sa_family; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(sc->gif_if.if_bpf, &m0); - } + if (sc->gif_if.if_bpf) + bpf_mtap_af(sc->gif_if.if_bpf, sdst.sa.sa_family, m); #endif #if NBRIDGE > 0 diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index 8c65f1a3798..886964f2070 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.26 2005/06/08 06:16:42 henning Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.27 2005/07/31 03:52:19 pascoe Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -192,23 +192,8 @@ gre_input2(m , hlen, proto) m_adj(m, hlen); #if NBPFILTER > 0 - if (sc->sc_if.if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a fake header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *) ⁡ - - bpf_mtap(sc->sc_if.if_bpf, &m0); - } + if (sc->sc_if.if_bpf) + bpf_mtap_af(sc->sc_if.if_bpf, af, m); #endif s = splimp(); /* possible */ @@ -333,24 +318,8 @@ gre_mobile_input(struct mbuf *m, ...) ifq = &ipintrq; #if NBPFILTER > 0 - if (sc->sc_if.if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a fake header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - u_int af = AF_INET; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *) ⁡ - - bpf_mtap(sc->sc_if.if_bpf, &m0); - } + if (sc->sc_if.if_bpf) + bpf_mtap_af(sc->sc_if.if_bpf, AF_INET, m); #endif s = splimp(); /* possible */ diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 36ebfad06ac..a1a1f2d0f4d 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.17 2004/11/25 21:54:54 markus Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.18 2005/07/31 03:52:19 pascoe Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -387,26 +387,18 @@ ipcomp_output(m, tdb, mp, skip, protoff) struct cryptop *crp; struct tdb_crypto *tc; struct mbuf *mi, *mo; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero(&hdr, sizeof(hdr)); hdr.af = tdb->tdb_dst.sa.sa_family; hdr.spi = tdb->tdb_spi; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif hlen = IPCOMP_HLENGTH; diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index e1aca31dc4b..e121ece0c3e 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.32 2004/11/17 12:06:16 markus Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.33 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -360,22 +360,9 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) } #if NBPFILTER > 0 - if (gifp && gifp->if_bpf) { - struct mbuf m0; - u_int af; - - if (ifq == &ipintrq) - af = AF_INET; - else - af = AF_INET6; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(gifp->if_bpf, &m0); - } + if (gifp && gifp->if_bpf) + bpf_mtap_af(gifp->if_bpf, ifq == &ipintrq ? AF_INET : AF_INET6, + m); #endif s = splimp(); /* isn't it already? */ diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index cb7aa669434..17e23e856e0 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.75 2004/11/25 21:54:54 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.76 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -560,26 +560,13 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, #if NBPFILTER > 0 bpfif = &encif[0].sc_if; if (bpfif->if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a dummy header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m1; struct enchdr hdr; hdr.af = af; hdr.spi = tdbp->tdb_spi; hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - bpf_mtap(bpfif->if_bpf, &m1); + bpf_mtap_hdr(bpfif->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif |