add a MONITOR flag to ifaces to say they're only used for watching packets.

an example use of this is when you have a span port on a switch and
you want to be able to see the packets coming out of it with tcpdump,
but do not want these packets to enter the network stack for
processing. this is particularly important if the span port is
pushing a copy of any packets related to the machine doing the
monitoring as it will confuse pf states and the stack.

ok benno@

diff --git a/sys/net/if.c b/sys/net/if.c
index 32e6cf0..6e01d40 100644 (file)
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if.c,v 1.629 2021/02/11 20:28:01 mvs Exp $    */
+/*     $OpenBSD: if.c,v 1.630 2021/02/20 01:11:43 dlg Exp $    */
 /*     $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $  */
 
 /*
@@ -859,7 +859,8 @@ if_vinput(struct ifnet *ifp, struct mbuf *m)
        }
 #endif
 
-       (*ifp->if_input)(ifp, m);
+       if (__predict_true(!ISSET(ifp->if_xflags, IFXF_MONITOR)))
+               (*ifp->if_input)(ifp, m);
 }
 
 void

diff --git a/sys/net/if.h b/sys/net/if.h
index 0a53f78..15b081b 100644 (file)
--- a/sys/net/if.h
+++ b/sys/net/if.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if.h,v 1.206 2021/02/01 07:43:33 mvs Exp $    */
+/*     $OpenBSD: if.h,v 1.207 2021/02/20 01:11:44 dlg Exp $    */
 /*     $NetBSD: if.h,v 1.23 1996/05/07 02:40:27 thorpej Exp $  */
 
 /*
@@ -230,6 +230,7 @@ struct if_status_description {
 #define        IFXF_AUTOCONF6          0x20    /* [N] v6 autoconf enabled */
 #define IFXF_INET6_NOSOII      0x40    /* [N] don't do RFC 7217 */
 #define        IFXF_AUTOCONF4          0x80    /* [N] v4 autoconf (aka dhcp) enabled */
+#define        IFXF_MONITOR            0x100   /* [N] only used for bpf */
 
 #define        IFXF_CANTCHANGE \
        (IFXF_MPSAFE|IFXF_CLONED)

diff --git a/sys/net/ifq.c b/sys/net/ifq.c
index 5e97c4e..1aa126f 100644 (file)
--- a/sys/net/ifq.c
+++ b/sys/net/ifq.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ifq.c,v 1.41 2020/07/07 00:00:03 dlg Exp $ */
+/*     $OpenBSD: ifq.c,v 1.42 2021/02/20 01:11:44 dlg Exp $ */
 
 /*
  * Copyright (c) 2015 David Gwynne <dlg@openbsd.org>
@@ -715,10 +715,12 @@ ifiq_input(struct ifiqueue *ifiq, struct mbuf_list *ml)
        ifiq->ifiq_bytes += bytes;
 
        len = ml_len(&ifiq->ifiq_ml);
-       if (len > ifiq_maxlen_drop)
-               ifiq->ifiq_qdrops += ml_len(ml);
-       else
-               ml_enlist(&ifiq->ifiq_ml, ml);
+       if (__predict_true(!ISSET(ifp->if_xflags, IFXF_MONITOR))) {
+               if (len > ifiq_maxlen_drop)
+                       ifiq->ifiq_qdrops += ml_len(ml);
+               else
+                       ml_enlist(&ifiq->ifiq_ml, ml);
+       }
        mtx_leave(&ifiq->ifiq_mtx);
 
        if (ml_empty(ml))