diff options
| -rw-r--r-- | share/man/man4/bpf.4 | 18 | ||||
| -rw-r--r-- | sys/net/bpf.c | 21 | ||||
| -rw-r--r-- | sys/net/bpf.h | 8 | ||||
| -rw-r--r-- | sys/net/if_ethersubr.c | 10 | ||||
| -rw-r--r-- | sys/net80211/ieee80211_input.c | 11 | ||||
| -rw-r--r-- | sys/sys/mbuf.h | 5 |
6 files changed, 45 insertions, 28 deletions
diff --git a/share/man/man4/bpf.4 b/share/man/man4/bpf.4 index ebc73b457d5..9bd24dbc825 100644 --- a/share/man/man4/bpf.4 +++ b/share/man/man4/bpf.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bpf.4,v 1.26 2005/10/13 11:59:49 reyk Exp $ +.\" $OpenBSD: bpf.4,v 1.27 2005/11/03 20:00:18 reyk Exp $ .\" $NetBSD: bpf.4,v 1.7 1995/09/27 18:31:50 thorpej Exp $ .\" .\" Copyright (c) 1990 The Regents of the University of California. @@ -405,14 +405,14 @@ automatically by the interface output routine. Set to one if the link level source address will be written, as provided, to the wire. This flag is initialized to zero by default. -.\" .Pp -.\" .It Dv BIOCGFILDROP Fa "u_int *" -.\" .It Dv BIOCSFILDROP Fa "u_int *" -.\" Get or set the status of the -.\" .Dq filter drop -.\" flag. -.\" If non-zero, packets matching any filters will be reported to the -.\" associated interface so that they can be dropped. +.Pp +.It Dv BIOCGFILDROP Fa "u_int *" +.It Dv BIOCSFILDROP Fa "u_int *" +Get or set the status of the +.Dq filter drop +flag. +If non-zero, packets matching any filters will be reported to the +associated interface so that they can be dropped. .El .Ss Standard ioctls .Nm diff --git a/sys/net/bpf.c b/sys/net/bpf.c index f329bde00b6..c7ff40f28f6 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.59 2005/07/31 03:52:18 pascoe Exp $ */ +/* $OpenBSD: bpf.c,v 1.60 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1157,17 +1157,16 @@ bpf_mcopy(const void *src_arg, void *dst_arg, size_t len) /* * Incoming linkage from device drivers, when packet is in an mbuf chain. */ -int +void bpf_mtap(caddr_t arg, struct mbuf *m) { struct bpf_if *bp = (struct bpf_if *)arg; struct bpf_d *d; size_t pktlen, slen; struct mbuf *m0; - int drop = 0; if (m == NULL) - return (0); + return; pktlen = 0; for (m0 = m; m0 != 0; m0 = m0->m_next) @@ -1182,10 +1181,8 @@ bpf_mtap(caddr_t arg, struct mbuf *m) bpf_catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy); if (d->bd_fildrop) - drop++; + m->m_flags |= M_FILDROP; } - - return (drop); } /* @@ -1197,7 +1194,7 @@ bpf_mtap(caddr_t arg, struct mbuf *m) * fields in this header that we initialize, and will not try to free * it or keep a pointer to it. */ -int +void bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) { struct m_hdr mh; @@ -1207,7 +1204,8 @@ bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) mh.mh_len = dlen; mh.mh_data = data; - return bpf_mtap(arg, (struct mbuf *) &mh); + bpf_mtap(arg, (struct mbuf *) &mh); + m->m_flags |= mh.mh_flags & M_FILDROP; } /* @@ -1219,7 +1217,7 @@ bpf_mtap_hdr(caddr_t arg, caddr_t data, u_int dlen, struct mbuf *m) * fields in this header that we initialize, and will not try to free * it or keep a pointer to it. */ -int +void bpf_mtap_af(caddr_t arg, u_int32_t af, struct mbuf *m) { struct m_hdr mh; @@ -1229,7 +1227,8 @@ bpf_mtap_af(caddr_t arg, u_int32_t af, struct mbuf *m) mh.mh_len = 4; mh.mh_data = (caddr_t)⁡ - return bpf_mtap(arg, (struct mbuf *) &mh); + bpf_mtap(arg, (struct mbuf *) &mh); + m->m_flags |= mh.mh_flags & M_FILDROP; } /* diff --git a/sys/net/bpf.h b/sys/net/bpf.h index b6e8c0e1610..3a435af6ed4 100644 --- a/sys/net/bpf.h +++ b/sys/net/bpf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.h,v 1.31 2005/07/31 03:52:18 pascoe Exp $ */ +/* $OpenBSD: bpf.h,v 1.32 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: bpf.h,v 1.15 1996/12/13 07:57:33 mikel Exp $ */ /* @@ -261,9 +261,9 @@ struct bpf_dltlist { #ifdef _KERNEL int bpf_validate(struct bpf_insn *, int); int bpf_tap(caddr_t, u_char *, u_int); -int bpf_mtap(caddr_t, struct mbuf *); -int bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *); -int bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *); +void bpf_mtap(caddr_t, struct mbuf *); +void bpf_mtap_hdr(caddr_t, caddr_t, u_int, struct mbuf *); +void bpf_mtap_af(caddr_t, u_int32_t, struct mbuf *); void bpfattach(caddr_t *, struct ifnet *, u_int, u_int); void bpfdetach(struct ifnet *); void bpfilterattach(int); diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 6a7eeed9407..ee4bbf4c1d2 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.98 2005/10/17 08:43:35 henning Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.99 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -615,6 +615,14 @@ ether_input(ifp, eh, m) ac = (struct arpcom *)ifp; /* + * If packet has been filtered by the bpf listener, drop it now + */ + if (m->m_flags & M_FILDROP) { + m_free(m); + return; + } + + /* * If packet is unicast and we're in promiscuous mode, make sure it * is for us. Drop otherwise. */ diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index eaa2559a2ec..709255a3cb9 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -1,5 +1,5 @@ /* $NetBSD: ieee80211_input.c,v 1.24 2004/05/31 11:12:24 dyoung Exp $ */ -/* $OpenBSD: ieee80211_input.c,v 1.11 2005/09/13 12:11:03 reyk Exp $ */ +/* $OpenBSD: ieee80211_input.c,v 1.12 2005/11/03 20:00:18 reyk Exp $ */ /*- * Copyright (c) 2001 Atsushi Onoe @@ -408,6 +408,15 @@ ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni, #if NBPFILTER > 0 if (ic->ic_rawbpf) bpf_mtap(ic->ic_rawbpf, m); + /* + * Drop mbuf if it was filtered by bpf. Normally, this is + * done in ether_input() but IEEE 802.11 management frames + * are a special case. + */ + if (m->m_flags & M_FILDROP) { + m_freem(m); + return; + } #endif (*ic->ic_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); m_freem(m); diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index 1d5b2f13a81..63ab629aeea 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mbuf.h,v 1.83 2005/10/17 08:43:34 henning Exp $ */ +/* $OpenBSD: mbuf.h,v 1.84 2005/11/03 20:00:18 reyk Exp $ */ /* $NetBSD: mbuf.h,v 1.19 1996/02/09 18:25:14 christos Exp $ */ /* @@ -143,10 +143,11 @@ struct mbuf { #define M_ANYCAST6 0x4000 /* received as IPv6 anycast */ #define M_LINK0 0x8000 /* link layer specific flag */ #define M_LOOP 0x0040 /* for Mbuf statistics */ +#define M_FILDROP 0x0080 /* dropped by bpf filter */ /* flags copied when copying m_pkthdr */ #define M_COPYFLAGS (M_PKTHDR|M_EOR|M_PROTO1|M_BCAST|M_MCAST|M_CONF|\ - M_AUTH|M_ANYCAST6|M_LOOP|M_TUNNEL|M_LINK0) + M_AUTH|M_ANYCAST6|M_LOOP|M_TUNNEL|M_LINK0|M_FILDROP) /* Checksumming flags */ #define M_IPV4_CSUM_OUT 0x0001 /* IPv4 checksum needed */ |