CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: "Roy Marples" <roy%netbsd.org@localhost>
Date: Thu, 11 Jun 2020 13:36:20 +0000

Module Name:    src
Committed By:   roy
Date:           Thu Jun 11 13:36:20 UTC 2020

Modified Files:
        src/share/man/man4: bpf.4
        src/sys/net: bpf.c bpf.h bpfdesc.h

Log Message:
bpf(4): Add ioctls BIOCSETWF and BIOCLOCK

Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.

BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.

Taken from OpenBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 src/share/man/man4/bpf.4
cvs rdiff -u -r1.236 -r1.237 src/sys/net/bpf.c
cvs rdiff -u -r1.74 -r1.75 src/sys/net/bpf.h
cvs rdiff -u -r1.46 -r1.47 src/sys/net/bpfdesc.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/bin/expr
Next by Date: CVS commit: src/sbin/drvctl
Previous by Thread: CVS commit: src/bin/expr
Next by Thread: CVS commit: src/sbin/drvctl
Indexes:

Home | Main Index | Thread Index | Old Index