diff options
| author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2004-06-22 04:04:20 +0000 |
|---|---|---|
| committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2004-06-22 04:04:20 +0000 |
| commit | d66f33dc7ea9a623159771237b2971077996e0b9 (patch) | |
| tree | 78e0b778b08ad8aef085db390430e71896943550 /sys/net | |
| parent | 07f9a9d13ea0b7f12cf124c7c25c9b01c96c9369 (diff) | |
Add a new "filter drop" flag to bpf and related ioclts.
When enabled, it notifies the calling interface that the packet
matches a bpf filter and should be dropped.
ok henning@ markus@ frantzen@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/bpf.c | 31 | ||||
| -rw-r--r-- | sys/net/bpf.h | 8 | ||||
| -rw-r--r-- | sys/net/bpfdesc.h | 3 |
3 files changed, 32 insertions, 10 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index d8f5ec3e1ea..bfa21d4bfcb 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.49 2004/06/21 23:05:10 markus Exp $ */ +/* $OpenBSD: bpf.c,v 1.50 2004/06/22 04:04:19 canacar Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -826,6 +826,14 @@ bpfioctl(dev, cmd, addr, flag, p) d->bd_locked = 1; break; + case BIOCGFILDROP: /* get "filter-drop" flag */ + *(u_int *)addr = d->bd_fildrop; + break; + + case BIOCSFILDROP: /* set "filter-drop" flag */ + d->bd_fildrop = *(u_int *)addr ? 1 : 0; + break; + case FIONBIO: /* Non-blocking I/O */ if (*(int *)addr) d->bd_rtout = -1; @@ -1087,7 +1095,7 @@ filt_bpfread(struct knote *kn, long hint) * by each process' filter, and if accepted, stashed into the corresponding * buffer. */ -void +int bpf_tap(arg, pkt, pktlen) caddr_t arg; u_char *pkt; @@ -1096,6 +1104,8 @@ bpf_tap(arg, pkt, pktlen) struct bpf_if *bp; struct bpf_d *d; size_t slen; + int match = 0; + /* * Note that the ipl does not have to be raised at this point. * The only problem that could arise here is that if two different @@ -1105,9 +1115,13 @@ bpf_tap(arg, pkt, pktlen) for (d = bp->bif_dlist; d != 0; d = d->bd_next) { ++d->bd_rcount; slen = bpf_filter(d->bd_rfilter, pkt, pktlen, pktlen); - if (slen != 0) + if (slen != 0) { bpf_catchpacket(d, pkt, pktlen, slen, bcopy); + match ++; + } } + + return (d->bd_fildrop && match); } /* @@ -1140,7 +1154,7 @@ bpf_mcopy(src_arg, dst_arg, len) /* * Incoming linkage from device drivers, when packet is in an mbuf chain. */ -void +int bpf_mtap(arg, m) caddr_t arg; struct mbuf *m; @@ -1149,9 +1163,10 @@ bpf_mtap(arg, m) struct bpf_d *d; size_t pktlen, slen; struct mbuf *m0; + int match = 0; if (m == NULL) - return; + return (0); pktlen = 0; for (m0 = m; m0 != 0; m0 = m0->m_next) @@ -1160,9 +1175,13 @@ bpf_mtap(arg, m) for (d = bp->bif_dlist; d != 0; d = d->bd_next) { ++d->bd_rcount; slen = bpf_filter(d->bd_rfilter, (u_char *)m, pktlen, 0); - if (slen != 0) + if (slen != 0) { bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); + match++; + } } + + return (d->bd_fildrop && match); } /* diff --git a/sys/net/bpf.h b/sys/net/bpf.h index a922c8255ae..77759f3d422 100644 --- a/sys/net/bpf.h +++ b/sys/net/bpf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.h,v 1.27 2004/05/16 04:34:58 brad Exp $ */ +/* $OpenBSD: bpf.h,v 1.28 2004/06/22 04:04:19 canacar Exp $ */ /* $NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $ */ /* @@ -113,6 +113,8 @@ struct bpf_version { #define BIOCSHDRCMPLT _IOW('B',117, u_int) #define BIOCLOCK _IO('B',118) #define BIOCSETWF _IOW('B',119, struct bpf_program) +#define BIOCGFILDROP _IOR('B',120, u_int) +#define BIOCSFILDROP _IOW('B',121, u_int) struct bpf_timeval { u_int32_t tv_sec; @@ -247,8 +249,8 @@ struct bpf_insn { #ifdef _KERNEL int bpf_validate(struct bpf_insn *, int); -void bpf_tap(caddr_t, u_char *, u_int); -void bpf_mtap(caddr_t, struct mbuf *); +int bpf_tap(caddr_t, u_char *, u_int); +int bpf_mtap(caddr_t, struct mbuf *); void bpfattach(caddr_t *, struct ifnet *, u_int, u_int); void bpfdetach(struct ifnet *); void bpfilterattach(int); diff --git a/sys/net/bpfdesc.h b/sys/net/bpfdesc.h index 4087eb2685d..715cca0ee03 100644 --- a/sys/net/bpfdesc.h +++ b/sys/net/bpfdesc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bpfdesc.h,v 1.13 2004/05/28 08:16:23 grange Exp $ */ +/* $OpenBSD: bpfdesc.h,v 1.14 2004/06/22 04:04:19 canacar Exp $ */ /* $NetBSD: bpfdesc.h,v 1.11 1995/09/27 18:30:42 thorpej Exp $ */ /* @@ -76,6 +76,7 @@ struct bpf_d { u_char bd_state; /* idle, waiting, or timed out */ u_char bd_immediate; /* true to return on packet arrival */ u_char bd_locked; /* true if descriptor is locked */ + u_char bd_fildrop; /* true if filtered packets will be dropped */ int bd_hdrcmplt; /* false to fill in src lladdr automatically */ int bd_async; /* non-zero if packet reception should generate signal */ int bd_sig; /* signal to send upon packet reception */ |