From 7432002de6b5ecd51d01bb7e91819ee6347ea6f3 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 18 Mar 2000 06:30:42 +0000 Subject: [PATCH] Introduce a new bd_seesent flag to the BPF descriptor, indicating whether or not the current BPF device should report locally generated packets or not. This allows sniffing applications to see only packets that are not generated locally, which can be useful for debugging bridging problems, or other situations where MAC addresses are not sufficient to identify locally sourced packets. Default to true for this flag, so as to provide existing behavior by default. Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used to manipulate this flag from userland, given appropriate privilege. Modify bpf.4 to document these two new ioctl arguments. Reviewed by: asmodai --- share/man/man4/bpf.4 | 8 ++++++++ sys/net/bpf.c | 19 +++++++++++++++++++ sys/net/bpf.h | 2 ++ sys/net/bpfdesc.h | 1 + 4 files changed, 30 insertions(+) diff --git a/share/man/man4/bpf.4 b/share/man/man4/bpf.4 index 88ffb6a43615..ff57584981ca 100644 --- a/share/man/man4/bpf.4 +++ b/share/man/man4/bpf.4 @@ -290,6 +290,14 @@ Set to zero if the link level source address should be filled in automatically by the the interface output routine. Set to one if the link level source address will be written, as provided, to the wire. This flag is initialized to zero by default. +.It Dv BIOCSSEESENT +.It Dv BIOCGSEESENT +.Pq Li u_int +Set or get the flag determining whether locally generated packets on the +interface should be returned by BPF. Set to zero to see only incoming +packets on the interface. Set to one to see packets originating +locally and remotely on the interface. This flag is initialized to one by +default. .Sh BPF HEADER The following structure is prepended to each packet returned by .Xr read 2 : diff --git a/sys/net/bpf.c b/sys/net/bpf.c index d75013e4cd54..466227ce2986 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -359,6 +359,7 @@ bpfopen(dev, flags, fmt, p) dev->si_drv1 = d; d->bd_bufsize = bpf_bufsize; d->bd_sig = SIGIO; + d->bd_seesent = 1; return (0); } @@ -633,6 +634,8 @@ reset_d(d) * BIOCVERSION Get filter language version. * BIOCGHDRCMPLT Get "header already complete" flag * BIOCSHDRCMPLT Set "header already complete" flag + * BIOCGSEESENT Get "see packets sent" flag + * BIOCSSEESENT Set "see packets sent" flag */ /* ARGSUSED */ static int @@ -848,6 +851,20 @@ bpfioctl(dev, cmd, addr, flags, p) d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0; break; + /* + * Get "see sent packets" flag + */ + case BIOCGSEESENT: + *(u_int *)addr = d->bd_seesent; + break; + + /* + * Set "see sent packets" flag + */ + case BIOCSSEESENT: + d->bd_seesent = *(u_int *)addr; + break; + case FIONBIO: /* Non-blocking I/O */ break; @@ -1103,6 +1120,8 @@ bpf_mtap(ifp, m) pktlen += m0->m_len; for (d = bp->bif_dlist; d != 0; d = d->bd_next) { + if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL)) + continue; ++d->bd_rcount; slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0); if (slen != 0) diff --git a/sys/net/bpf.h b/sys/net/bpf.h index a684314e6841..9494e8349f7e 100644 --- a/sys/net/bpf.h +++ b/sys/net/bpf.h @@ -113,6 +113,8 @@ struct bpf_version { #define BIOCSRSIG _IOW('B',115, u_int) #define BIOCGHDRCMPLT _IOR('B',116, u_int) #define BIOCSHDRCMPLT _IOW('B',117, u_int) +#define BIOCGSEESENT _IOR('B',118, u_int) +#define BIOCSSEESENT _IOW('B',119, u_int) /* * Structure prepended to each packet. diff --git a/sys/net/bpfdesc.h b/sys/net/bpfdesc.h index 1e638f7ec9d6..de3dfb9058ee 100644 --- a/sys/net/bpfdesc.h +++ b/sys/net/bpfdesc.h @@ -77,6 +77,7 @@ struct bpf_d { u_char bd_state; /* idle, waiting, or timed out */ u_char bd_immediate; /* true to return on packet arrival */ int bd_hdrcmplt; /* false to fill in src lladdr automatically */ + int bd_seesent; /* true if bpf should see sent packets */ int bd_async; /* non-zero if packet reception should generate signal */ int bd_sig; /* signal to send upon packet reception */ struct sigio * bd_sigio; /* information for async I/O */