From 557c43e9396d8a8de456e2d0b37af069cdb6057a Mon Sep 17 00:00:00 2001 From: mpi Date: Tue, 12 Jul 2016 09:33:13 +0000 Subject: [PATCH] Directly drop packets filtered by bpf(4) instead of going through the input handlers. ok dlg@ --- sys/net/if.c | 17 +++++++++++++---- sys/net/if_ethersubr.c | 9 ++++----- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/sys/net/if.c b/sys/net/if.c index c04975c0f80..a035c440cdd 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.434 2016/06/10 20:33:29 vgross Exp $ */ +/* $OpenBSD: if.c,v 1.435 2016/07/12 09:33:13 mpi Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -618,9 +618,18 @@ if_input(struct ifnet *ifp, struct mbuf_list *ml) #if NBPFILTER > 0 if_bpf = ifp->if_bpf; if (if_bpf) { - MBUF_LIST_FOREACH(ml, m) - if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0) - m->m_flags |= M_FILDROP; + struct mbuf_list ml0; + + ml_init(&ml0); + ml_enlist(&ml0, ml); + ml_init(ml); + + while ((m = ml_dequeue(&ml0)) != NULL) { + if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN)) + m_freem(m); + else + ml_enqueue(ml, m); + } } #endif diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 2aef400a555..b800d6d02c4 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.238 2016/06/08 12:57:58 mpi Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.239 2016/07/12 09:33:13 mpi Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -344,11 +344,10 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie) } /* - * If packet has been filtered by the bpf listener, drop it now - * also HW vlan tagged packets that were not collected by vlan(4) - * must be dropped now. + * HW vlan tagged packets that were not collected by vlan(4) must + * be dropped now. */ - if (m->m_flags & (M_FILDROP | M_VLANTAG)) { + if (m->m_flags & M_VLANTAG) { m_freem(m); return (1); } -- 2.20.1