[prev in list] [next in list] [prev in thread] [next in thread]
List: tcpdump-workers
Subject: [tcpdump-workers] BPF ioctl BIOCSSEESENT in FreeBSD,
From: Robert Watson <rwatson () freebsd ! org>
Date: 2000-06-29 15:38:23
[Download RAW message or body]
tcpdump-workers,
Skimming the mailing list archives, I noticed that discussion of BPF
consistency across platforms has come up a number of times. With that in
mind, I thought I'd turn myself in as someone who introduced a BPF feature
on FreeBSD but not on other platforms.
Shortly before the FreeBSD 4.0 release, I introduced a new pair of ioctl's
for BPF, BIOCSSEESENT and BIOCGSEESENT, described as follows in the man
page:
BIOCSSEESENT
BIOCGSEESENT (u_int) Set or get the flag determining whether
locally
generated packets on the interface should be returned
by
BPF. Set to zero to see only incoming packets on the
in-
terface. Set to one to see packets originating
locally
and remotely on the interface. This flag is
initialized
to one by default.
I grabbed the next two available ioctl values available:
#define BIOCGSEESENT _IOR('B',118, u_int)
#define BIOCSSEESENT _IOW('B',119, u_int)
The introduction of this ioctl allows for a number of useful pieces of
functionality, including:
1) Ability to watch on-the-wire packets without seeing local interference
-- in particular, this allows you to sniff packets from your ethernet
address but not locally sourced.
2) Ability to request only packets not locally sourced for the purposes of
userland bridging -- the userland process can retrieve only non-locally
sourced packets from the wire, allowing it to forward them to other
segments without fear of a loop-back.
This may be of interest on other platforms -- the implementation in
FreeBSD checks to see of the (struct ifnet *) field in the mbuf is
NULL, if so, it is assumed to be local. This field in the mbuf is
currently a topic of debate as it can result in panics following freeing
of a struct ifnet, as happens during pccard removal, but does serve this
(and other) useful purposes. This field is used a fair amount for packet
filtering behavior by-interface, so I assume it won't be fixed quickly.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic