'[tcpdump-workers] BPF ioctl BIOCSSEESENT in FreeBSD,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    [tcpdump-workers] BPF ioctl BIOCSSEESENT in FreeBSD,
From:       Robert Watson <rwatson () freebsd ! org>
Date:       2000-06-29 15:38:23
[Download RAW message or body]


tcpdump-workers,

Skimming the mailing list archives, I noticed that discussion of BPF
consistency across platforms has come up a number of times.  With that in
mind, I thought I'd turn myself in as someone who introduced a BPF feature
on FreeBSD but not on other platforms.

Shortly before the FreeBSD 4.0 release, I introduced a new pair of ioctl's
for BPF, BIOCSSEESENT and BIOCGSEESENT, described as follows in the man
page:

     BIOCSSEESENT

     BIOCGSEESENT   (u_int) Set or get the flag determining whether
locally
                    generated packets on the interface should be returned
by
                    BPF.  Set to zero to see only incoming packets on the
in-
                    terface.  Set to one to see packets originating
locally
                    and remotely on the interface.  This flag is
initialized
                    to one by default.

I grabbed the next two available ioctl values available:

#define BIOCGSEESENT    _IOR('B',118, u_int)
#define BIOCSSEESENT    _IOW('B',119, u_int)

The introduction of this ioctl allows for a number of useful pieces of
functionality, including:

1) Ability to watch on-the-wire packets without seeing local interference
   -- in particular, this allows you to sniff packets from your ethernet
   address but not locally sourced.

2) Ability to request only packets not locally sourced for the purposes of
   userland bridging -- the userland process can retrieve only non-locally
   sourced packets from the wire, allowing it to forward them to other
   segments without fear of a loop-back.

This may be of interest on other platforms -- the implementation in
FreeBSD checks to see of the (struct ifnet *) field in the mbuf is
NULL, if so, it is assumed to be local.  This field in the mbuf is
currently a topic of debate as it can result in panics following freeing
of a struct ifnet, as happens during pccard removal, but does serve this
(and other) useful purposes.  This field is used a fair amount for packet
filtering behavior by-interface, so I assume it won't be fixed quickly.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic