From 23e9862bcd1cec2160166d253b928b0f12e59f0a Mon Sep 17 00:00:00 2001 From: Jason Wright Date: Fri, 19 Mar 1999 22:47:35 +0000 Subject: Add flag to allow some interfaces to not see packets with unknown destination. --- usr.sbin/brconfig/brconfig.8 | 21 ++++++++++++- usr.sbin/brconfig/brconfig.c | 72 +++++++++++++++++++++++++++++--------------- 2 files changed, 67 insertions(+), 26 deletions(-) (limited to 'usr.sbin/brconfig') diff --git a/usr.sbin/brconfig/brconfig.8 b/usr.sbin/brconfig/brconfig.8 index 19958a412ae..48978b3b4f9 100644 --- a/usr.sbin/brconfig/brconfig.8 +++ b/usr.sbin/brconfig/brconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: brconfig.8,v 1.8 1999/03/19 02:46:55 jason Exp $ +.\" $OpenBSD: brconfig.8,v 1.9 1999/03/19 22:47:34 jason Exp $ .\" .\" Copyright (c) 1999 Jason L. Wright (jason@thought.net) .\" All rights reserved. @@ -51,6 +51,8 @@ .Op Ar deladdr address .Op Ar flush .Op Ar flushall +.Op Ar discover interface-name +.Op Ar -discover interface-name .Op Ar learn interface-name .Op Ar -learn interface-name .Op Ar link0 @@ -117,6 +119,23 @@ Delete an address from the cache. Remove all dynamically learned addresses from the cache. .It Ar flushall Remove all addresses from the cache including static addresses. +.It Ar discover interface +Mark an interface so that packets are sent out of the interface +if the destination port of the packet is unknown. +If the bridge has no address cache entry for the destination of +a packet, meaning that there is no static entry and no dynamically learned +entry for the destination, the bridge will forward the packet to all member +interfaces that have this flag set. +This is the default for interfaces added to the bridge. +.It Ar -discover interface +Mark an interface so that packets are not sent out of the interface +if the destination port of the packet is unknown. Turning this flag +off means that the bridge will not send packets out of this interface +unless the packet is a broadcast packet, multicast packet, or a +packet with a destination address found on the interface's segment. +This, in combination with static address cache entries, +prevents potentially sensitive packets from being sent on +segments that have no need to see the packet. .It Ar learn interface Mark an interface so that the source address of packets received from .Cm interface diff --git a/usr.sbin/brconfig/brconfig.c b/usr.sbin/brconfig/brconfig.c index 66ef54c23b6..cdddde95a72 100644 --- a/usr.sbin/brconfig/brconfig.c +++ b/usr.sbin/brconfig/brconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: brconfig.c,v 1.8 1999/03/19 02:46:55 jason Exp $ */ +/* $OpenBSD: brconfig.c,v 1.9 1999/03/19 22:47:33 jason Exp $ */ /* * Copyright (c) 1999 Jason L. Wright (jason@thought.net) @@ -50,34 +50,34 @@ #include #include -void usage(void); -int main(int, char **); -int bridge_setflag(int, char *, short); -int bridge_clrflag(int, char *, short); -int bridge_ifsetflag(int, char *, char *, u_int32_t); -int bridge_ifclrflag(int, char *, char *, u_int32_t); -int bridge_list(int, char *, char *); -int bridge_addrs(int, char *, char *); -int bridge_addaddr(int, char *, char *, char *); -int bridge_deladdr(int, char *, char *); -int bridge_maxaddr(int, char *, char *); -int bridge_timeout(int, char *, char *); -int bridge_flush(int, char *); -int bridge_flushall(int, char *); -int bridge_add(int, char *, char *); -int bridge_delete(int, char *, char *); -int bridge_status(int, char *); -int is_bridge(int, char *); -int bridge_show_all(int); -void printb(char *, unsigned short, char *); +void usage __P((void)); +int main __P((int, char **)); +int bridge_setflag __P((int, char *, short)); +int bridge_clrflag __P((int, char *, short)); +int bridge_ifsetflag __P((int, char *, char *, u_int32_t)); +int bridge_ifclrflag __P((int, char *, char *, u_int32_t)); +int bridge_list __P((int, char *, char *)); +int bridge_addrs __P((int, char *, char *)); +int bridge_addaddr __P((int, char *, char *, char *)); +int bridge_deladdr __P((int, char *, char *)); +int bridge_maxaddr __P((int, char *, char *)); +int bridge_timeout __P((int, char *, char *)); +int bridge_flush __P((int, char *)); +int bridge_flushall __P((int, char *)); +int bridge_add __P((int, char *, char *)); +int bridge_delete __P((int, char *, char *)); +int bridge_status __P((int, char *)); +int is_bridge __P((int, char *)); +int bridge_show_all __P((int)); +void printb __P((char *, unsigned short, char *)); /* if_flags bits: borrowed from ifconfig.c */ #define IFFBITS \ "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6NOTRAILERS\7RUNNING\10NOARP\ \11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2\20MULTICAST" -#define IFBABITS "\020\1STATIC" -#define IFBIBITS "\020\1LEARNING" +#define IFBAFBITS "\020\1STATIC" +#define IFBIFBITS "\020\1LEARNING\2DISCOVER" void usage() @@ -152,6 +152,28 @@ main(argc, argv) if (error) return (error); } + else if (strcmp("discover", argv[0]) == 0) { + argc--; argv++; + if (argc == 0) { + warnx("discover requires an argument"); + return (EX_USAGE); + } + error = bridge_ifsetflag(sock, brdg, argv[0], + IFBIF_DISCOVER); + if (error) + return (error); + } + else if (strcmp("-discover", argv[0]) == 0) { + argc--; argv++; + if (argc == 0) { + warnx("-discover requires an argument"); + return (EX_USAGE); + } + error = bridge_ifclrflag(sock, brdg, argv[0], + IFBIF_DISCOVER); + if (error) + return (error); + } else if (strcmp("learn", argv[0]) == 0) { argc--; argv++; if (argc == 0) { @@ -488,7 +510,7 @@ bridge_list(s, brdg, delim) bzero(buf, sizeof(buf)); strncpy(buf, reqp->ifbr_ifsname, sizeof(reqp->ifbr_ifsname)); printf("%s%s ", delim, buf); - printb("flags", reqp->ifbr_ifsflags, IFBIBITS); + printb("flags", reqp->ifbr_ifsflags, IFBIFBITS); printf("\n"); } free(bifc.ifbic_buf); @@ -672,7 +694,7 @@ bridge_addrs(s, brdg, delim) strncpy(buf, ifba->ifba_ifsname, sizeof(ifba->ifba_ifsname)); printf("%s%s %s %u ", delim, ether_ntoa(&ifba->ifba_dst), buf, ifba->ifba_age); - printb("flags", ifba->ifba_flags, IFBABITS); + printb("flags", ifba->ifba_flags, IFBAFBITS); printf("\n"); } -- cgit v1.2.3