bpf(4) bypassing pfil(9)?

To: tech-net%netbsd.org@localhost
Subject: bpf(4) bypassing pfil(9)?
From: Timo Buhrmester <fstd.lkml%gmail.com@localhost>
Date: Thu, 14 Feb 2019 19:20:06 +0100

Using a bpf network tap (like dhcpd does), packets injected or received on it effectively bypass pfil(9).  I noticed it by using npf to block DHCP traffic from a particular network, only to find out that hosts on that network are still able to get DHCP leases.

pfil(9) sees the inbound packets and they're correctly discarded by npf, but it seems the bpf interface receives a copy anyway.   Outbound packets are never passed through pfil at all.

Is this the way things are supposed to be?  I feel that packets received/injected no a bpf interface should still be subject to packet filtering.

Any insights?

Follow-Ups:
- Re: bpf(4) bypassing pfil(9)?
  - From: Greg Troxel

Prev by Date: Re: IP_PKTINFO, sendmsg(2) and routing.
Next by Date: Re: bpf(4) bypassing pfil(9)?
Previous by Thread: Re: kern/53962: npf: weird 'stateful' behavior
Next by Thread: Re: bpf(4) bypassing pfil(9)?
Indexes:

Home | Main Index | Thread Index | Old Index