diff options
| author | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 03:52:20 +0000 |
|---|---|---|
| committer | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 03:52:20 +0000 |
| commit | 781ac69d614f18f3a062f09f4114df646729d1f4 (patch) | |
| tree | d35b9790c3a701453c5f26373609f72d03e19ec9 /sys/netinet | |
| parent | 572772cf7ccf3f3860c0121c89ee22e0001d0692 (diff) | |
Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain
to bpf with either an address family or other header added.
These helpers only allocate a much smaller struct m_hdr on the stack when
needed, rather than leaving 256 byte struct mbufs on the stack in deep
call paths. Also removes a fair bit of duplicated code.
commit now, tune after deraadt@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ah.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_carp.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_ether.c | 15 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.c | 41 | ||||
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 18 | ||||
| -rw-r--r-- | sys/netinet/ip_ipip.c | 21 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 17 |
8 files changed, 32 insertions, 137 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index be91d8fd650..c673c37d366 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.81 2005/05/28 15:10:07 ho Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.82 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -951,12 +951,11 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int len, rplen; u_int8_t prot; struct ah *ah; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero (&hdr, sizeof(hdr)); @@ -964,15 +963,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, hdr.spi = tdb->tdb_spi; hdr.flags |= M_AUTH | M_AUTH_AH; - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index 2e78ec9c5f4..f75af9d8447 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_carp.c,v 1.107 2005/06/19 18:17:02 pascoe Exp $ */ +/* $OpenBSD: ip_carp.c,v 1.108 2005/07/31 03:52:19 pascoe Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff. All rights reserved. @@ -1251,21 +1251,8 @@ carp_input(struct mbuf *m, u_int8_t *shost, u_int8_t *dhost, u_int16_t etype) m->m_pkthdr.rcvif = ifp; #if NBPFILTER > 0 - if (ifp->if_bpf) { - /* - * Do the usual BPF fakery. Note that we don't support - * promiscuous mode here, since it would require the - * drivers to know about CARP and we're not ready for - * that yet. - */ - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = ETHER_HDR_LEN; - m0.m_data = (char *)&eh; - bpf_mtap(ifp->if_bpf, &m0); - } + if (ifp->if_bpf) + bpf_mtap_hdr(ifp->if_bpf, (char *)&eh, ETHER_HDR_LEN, m); #endif ifp->if_ipackets++; ether_input(ifp, &eh, m); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 35e41b62708..f374aba0d40 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.92 2005/05/28 15:10:07 ho Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.93 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -731,12 +731,11 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct cryptodesc *crde = NULL, *crda = NULL; struct cryptop *crp; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero (&hdr, sizeof(hdr)); @@ -747,15 +746,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, if (esph) hdr.flags |= M_AUTH; - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif diff --git a/sys/netinet/ip_ether.c b/sys/netinet/ip_ether.c index 4949fb1c0bc..cd53c0b5513 100644 --- a/sys/netinet/ip_ether.c +++ b/sys/netinet/ip_ether.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ether.c,v 1.47 2004/11/17 12:06:16 markus Exp $ */ +/* $OpenBSD: ip_ether.c,v 1.48 2005/07/31 03:52:19 pascoe Exp $ */ /* * The author of this code is Angelos D. Keromytis (kermit@adk.gr) * @@ -242,17 +242,8 @@ etherip_input(struct mbuf *m, ...) return; } #if NBPFILTER > 0 - if (sc->gif_if.if_bpf) { - struct mbuf m0; - u_int32_t af = sdst.sa.sa_family; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(sc->gif_if.if_bpf, &m0); - } + if (sc->gif_if.if_bpf) + bpf_mtap_af(sc->gif_if.if_bpf, sdst.sa.sa_family, m); #endif #if NBRIDGE > 0 diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index 8c65f1a3798..886964f2070 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.26 2005/06/08 06:16:42 henning Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.27 2005/07/31 03:52:19 pascoe Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -192,23 +192,8 @@ gre_input2(m , hlen, proto) m_adj(m, hlen); #if NBPFILTER > 0 - if (sc->sc_if.if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a fake header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *) ⁡ - - bpf_mtap(sc->sc_if.if_bpf, &m0); - } + if (sc->sc_if.if_bpf) + bpf_mtap_af(sc->sc_if.if_bpf, af, m); #endif s = splimp(); /* possible */ @@ -333,24 +318,8 @@ gre_mobile_input(struct mbuf *m, ...) ifq = &ipintrq; #if NBPFILTER > 0 - if (sc->sc_if.if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a fake header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m0; - u_int af = AF_INET; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *) ⁡ - - bpf_mtap(sc->sc_if.if_bpf, &m0); - } + if (sc->sc_if.if_bpf) + bpf_mtap_af(sc->sc_if.if_bpf, AF_INET, m); #endif s = splimp(); /* possible */ diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 36ebfad06ac..a1a1f2d0f4d 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.17 2004/11/25 21:54:54 markus Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.18 2005/07/31 03:52:19 pascoe Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -387,26 +387,18 @@ ipcomp_output(m, tdb, mp, skip, protoff) struct cryptop *crp; struct tdb_crypto *tc; struct mbuf *mi, *mo; - #if NBPFILTER > 0 - { - struct ifnet *ifn; + struct ifnet *ifn = &(encif[0].sc_if); + + if (ifn->if_bpf) { struct enchdr hdr; - struct mbuf m1; bzero(&hdr, sizeof(hdr)); hdr.af = tdb->tdb_dst.sa.sa_family; hdr.spi = tdb->tdb_spi; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - ifn = &(encif[0].sc_if); - - if (ifn->if_bpf) - bpf_mtap(ifn->if_bpf, &m1); + bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif hlen = IPCOMP_HLENGTH; diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index e1aca31dc4b..e121ece0c3e 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.32 2004/11/17 12:06:16 markus Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.33 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -360,22 +360,9 @@ ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) } #if NBPFILTER > 0 - if (gifp && gifp->if_bpf) { - struct mbuf m0; - u_int af; - - if (ifq == &ipintrq) - af = AF_INET; - else - af = AF_INET6; - - m0.m_flags = 0; - m0.m_next = m; - m0.m_len = 4; - m0.m_data = (char *)⁡ - - bpf_mtap(gifp->if_bpf, &m0); - } + if (gifp && gifp->if_bpf) + bpf_mtap_af(gifp->if_bpf, ifq == &ipintrq ? AF_INET : AF_INET6, + m); #endif s = splimp(); /* isn't it already? */ diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index cb7aa669434..17e23e856e0 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.75 2004/11/25 21:54:54 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.76 2005/07/31 03:52:19 pascoe Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -560,26 +560,13 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, #if NBPFILTER > 0 bpfif = &encif[0].sc_if; if (bpfif->if_bpf) { - /* - * We need to prepend the address family as - * a four byte field. Cons up a dummy header - * to pacify bpf. This is safe because bpf - * will only read from the mbuf (i.e., it won't - * try to free it or keep a pointer a to it). - */ - struct mbuf m1; struct enchdr hdr; hdr.af = af; hdr.spi = tdbp->tdb_spi; hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); - m1.m_flags = 0; - m1.m_next = m; - m1.m_len = ENC_HDRLEN; - m1.m_data = (char *) &hdr; - - bpf_mtap(bpfif->if_bpf, &m1); + bpf_mtap_hdr(bpfif->if_bpf, (char *)&hdr, ENC_HDRLEN, m); } #endif |