cvs commit: src/sys/net bpf.c bpf.h bpfdesc.h

Christian S.J. Peron csjp at FreeBSD.org
Mon Aug 22 19:35:49 GMT 2005 

csjp        2005-08-22 19:35:49 UTC

  FreeBSD src repository

  Modified files:
    sys/net              bpf.c bpf.h bpfdesc.h 
  Log:
  Introduce two new ioctl(2) commands, BIOCLOCK and BIOCSETWF. These commands
  enhance the security of bpf(4) by further relinquishing the privilege of
  the bpf(4) consumer (assuming the ioctl commands are being implemented).
  
  Once BIOCLOCK is executed, the device becomes locked which prevents the
  execution of ioctl(2) commands which can change the underly parameters of the
  bpf(4) device. An example might be the setting of bpf(4) filter programs or
  attaching to different network interfaces.
  
  BIOCSETWF can be used to set write filters for outgoing packets. Currently if
  a bpf(4) consumer is compromised, the bpf(4) descriptor can essentially be used
  as a raw socket, regardless of consumer's UID. Write filters give users the
  ability to constrain which packets can be sent through the bpf(4) descriptor.
  
  These features are currently implemented by a couple programs which came from
  OpenBSD, such as the new dhclient and pflogd.
  
  -Modify bpf_setf(9) to accept a "cmd" parameter. This will be used to specify
   whether a read or write filter is to be set.
  -Add a bpf(4) filter program as a parameter to bpf_movein(9) as we will run the
   filter program on the mbuf data once we move the packet in from user-space.
  -Rather than execute two uiomove operations, (one for the link header and the
   other for the packet data), execute one and manually copy the linker header
   into the sockaddr structure via bcopy.
  -Restructure bpf_setf to compensate for write filters, as well as read.
  -Adjust bpf(4) stats structures to include a bd_locked member.
  
  It should be noted that the FreeBSD and OpenBSD implementations differ a bit in
  the sense that we unconditionally enforce the lock, where OpenBSD enforces it
  only if the calling credential is not root.
  
  Idea from:      OpenBSD
  Reviewed by:    mlaier
  
  Revision  Changes    Path
  1.158     +81 -23    src/sys/net/bpf.c
  1.40      +2 -0      src/sys/net/bpf.h
  1.31      +4 -1      src/sys/net/bpfdesc.h

More information about the cvs-src mailing list