From 8e2e76e822b65b23c7ae5c633b7c0714b2950c5e Mon Sep 17 00:00:00 2001 From: florian Date: Tue, 2 Mar 2021 19:20:13 +0000 Subject: [PATCH] Only attach a fully configured bpf filter to a network interface. I'm worried we could see packets we shouldn't during a small time window. --- sbin/dhcpleased/bpf.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sbin/dhcpleased/bpf.c b/sbin/dhcpleased/bpf.c index 15ba041dd6e..6945860d369 100644 --- a/sbin/dhcpleased/bpf.c +++ b/sbin/dhcpleased/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.1 2021/02/26 16:16:37 florian Exp $ */ +/* $OpenBSD: bpf.c,v 1.2 2021/03/02 19:20:13 florian Exp $ */ /* BPF socket interface code, originally contributed by Archie Cobbs. */ @@ -145,13 +145,6 @@ get_bpf_sock(const char *name) if (sz != BPFLEN) fatal("BIOCSBLEN, expected %u, got %u", BPFLEN, sz); - strlcpy(ifr.ifr_name, name, IFNAMSIZ); - if (ioctl(bpffd, BIOCSETIF, &ifr) == -1) { - log_warn("BIOCSETIF"); /* interface might have disappeared */ - close(bpffd); - return -1; - } - /* * Set immediate mode so that reads return as soon as a packet * comes in, rather than waiting for the input buffer to fill @@ -180,6 +173,13 @@ get_bpf_sock(const char *name) if (ioctl(bpffd, BIOCSETWF, &p) == -1) fatal("BIOCSETWF"); + strlcpy(ifr.ifr_name, name, IFNAMSIZ); + if (ioctl(bpffd, BIOCSETIF, &ifr) == -1) { + log_warn("BIOCSETIF"); /* interface might have disappeared */ + close(bpffd); + return -1; + } + if (ioctl(bpffd, BIOCLOCK, NULL) == -1) fatal("BIOCLOCK"); -- 2.20.1