#
431bbcd8 |
| 03-Aug-2020 |
dlg <dlg@openbsd.org> |
add a BPF_RND load location that provides a random value.
this will be used so a bpf filter can make a decision based on a random number, which in turn will be used so a filter can perform random sa
add a BPF_RND load location that provides a random value.
this will be used so a bpf filter can make a decision based on a random number, which in turn will be used so a filter can perform random sampling of packets rather than capturing all packets. random sampling means that we don't have to figure out how to make bpf coordinate multiple concurrent calls to do counter based sampling.
BPF_RND is currently backed with arc4random.
discussed with many including jmatthew@, alex wilson, claudio@, sthen@, deraadt@, and tb@ ok kn@ tb@ jmatthew@
i call this extended bpf... xBPF.
show more ...
|
#
b27348b2 |
| 08-Sep-2017 |
deraadt <deraadt@openbsd.org> |
If you use sys/param.h, you don't need sys/types.h
|
#
8d156956 |
| 13-Sep-2016 |
krw <krw@openbsd.org> |
Don't waste time zero'ing memory until there is some chance it might be used.
Also noted by dlg@.
ok phessler@ mpi@
|
#
11c43d6a |
| 12-Sep-2016 |
krw <krw@openbsd.org> |
Kill some unsightly whitespace.
|
#
1cd89e0a |
| 02-Apr-2016 |
dlg <dlg@openbsd.org> |
mark the bpf_mem ops as Static.
Static is a nop in _KERNEL, but is static in userland and therefore libpcap
|
#
5a7a1150 |
| 02-Apr-2016 |
dlg <dlg@openbsd.org> |
mark the program and buffer as const in bpf_filter()
other projects have already done this, and there's software (eg, gopacket) which now expects it.
based on a discussion with jasper@ and canacar@
mark the program and buffer as const in bpf_filter()
other projects have already done this, and there's software (eg, gopacket) which now expects it.
based on a discussion with jasper@ and canacar@ ok jasper@
show more ...
|
#
e153f52b |
| 02-Apr-2016 |
dlg <dlg@openbsd.org> |
refactor bpf_filter a bit.
the code was confusing around how it dealt with packets in mbufs vs plain memory buffers with a lenght.
this renames bpf_filter to _bpf_filter, and changes it so the pack
refactor bpf_filter a bit.
the code was confusing around how it dealt with packets in mbufs vs plain memory buffers with a lenght.
this renames bpf_filter to _bpf_filter, and changes it so the packet memory is referred to by an opaque pointer, and callers have to provide a set of operations to extra values from that opaque pointer.
bpf_filter is now provided as a wrapper around _bpf_filter. it provides a set of operators that work on a straight buffer with a lenght.
this also adds a bpf_mfilter function which takes an mbuf instead of a buffer, and it provides explicit operations for extracting values from mbufs.
if we want to use bpf filters against other data structures (usb or scsi packets maybe?) we are able to provide functions for extracting payloads from them and use _bpf_filter as is.
ok canacar@
show more ...
|
#
64a3f76c |
| 13-May-2015 |
jsg <jsg@openbsd.org> |
test mbuf pointers against NULL not 0 ok krw@ miod@
|
#
2a7fff12 |
| 19-Sep-2014 |
otto <otto@openbsd.org> |
better boundchecks in validation; from Guy Harris; ok millert@ dlg@
|
#
a471fb9e |
| 18-Sep-2014 |
dlg <dlg@openbsd.org> |
ansify function declaration things.
ok mpi@ henning@ krw@
|
#
0acaab2c |
| 13-Feb-2011 |
canacar <canacar@openbsd.org> |
Unbreak userland as well, since bpf_filter.c is also used in libpcap. Noticed by robert at openbsd pap st, thanks.
|
#
d5295a39 |
| 12-Feb-2011 |
canacar <canacar@openbsd.org> |
Unbreak previous commit by adding the proper header file.
|
#
f3652036 |
| 12-Feb-2011 |
canacar <canacar@openbsd.org> |
Clear the filter memory area before using it. Leaving it uninitialized may leak previous kernel stack contents through a malicioius BPF filter. Reported by Dan Rosenberg via Alistair Crooks. ok deraa
Clear the filter memory area before using it. Leaving it uninitialized may leak previous kernel stack contents through a malicioius BPF filter. Reported by Dan Rosenberg via Alistair Crooks. ok deraadt@, krw@, claudio@
show more ...
|
#
ce66601f |
| 21-Apr-2010 |
otto <otto@openbsd.org> |
Fix validation of div by constant; from Guy Harris; ok deraadt@ miod@
|
#
01ebccde |
| 02-Jan-2008 |
canacar <canacar@openbsd.org> |
Accept BPF_MUL as a valid instruction in bpf_validate() also improve the comments. Based on diff from Guy Harris
|
#
a2fd75e8 |
| 06-Aug-2007 |
tom <tom@openbsd.org> |
Fix some "that that"s.
ok miod@ jmc@
|
#
96588daa |
| 28-Oct-2006 |
otto <otto@openbsd.org> |
Fix handling of errors wrt to MINDEX. From NetBSD bpf_filter 1.32; ok henning@ deraadt@ canacar@
|
#
68b78301 |
| 27-Feb-2006 |
otto <otto@openbsd.org> |
add missing break; now filters containing a division can pass validation; from NetBSD; ok deraadt@
|
#
a555f402 |
| 08-Dec-2005 |
otto <otto@openbsd.org> |
Avoid sign extend by casting to u_char *; from NetBSD via Guy Harris. Also change another cast, for the sake of consistency, as prompted by djm@ ok deraadt@ djm@ canacar@
|
#
128e989f |
| 28-Sep-2005 |
miod <miod@openbsd.org> |
No part of the code defines UNALIGNED_ACCESS, use reverted tests for __STRICT_ALIGNMENT instead.
Help pedro@ deraadt@, ok deraadt@
|
#
2ce458d6 |
| 26-Apr-2004 |
otto <otto@openbsd.org> |
- make the k field in struct bpf_insn unsigned, as promised in the manual page. - more strict bpf code validation, preventing arbitrary kernel memory read and writes. Some help from frantzen@ and can
- make the k field in struct bpf_insn unsigned, as promised in the manual page. - more strict bpf code validation, preventing arbitrary kernel memory read and writes. Some help from frantzen@ and canacar@; testing jmc@ markus@; ok canacar@ henning@ franzen@
show more ...
|
#
770976fc |
| 23-Feb-2004 |
markus <markus@openbsd.org> |
prevent backward jumps; pls@egsys.hu; ok canacar, deraadt
|
#
64aa4cc7 |
| 10-Dec-2003 |
itojun <itojun@openbsd.org> |
de-register. deraadt ok
|
#
26fda0ef |
| 18-Jul-2003 |
david <david@openbsd.org> |
add missing includes ok tedu@
|
#
acc9ae8d |
| 27-Jun-2003 |
deraadt <deraadt@openbsd.org> |
protos for userland build
|