Module Name: src
Committed By: roy
Date: Thu Jun 11 13:36:20 UTC 2020
Modified Files:
src/share/man/man4: bpf.4
src/sys/net: bpf.c bpf.h bpfdesc.h
Log Message:
bpf(4): Add ioctls BIOCSETWF and BIOCLOCK
Once BIOCLOCK is executed, the device becomes locked which prevents the
execution of ioctl(2) commands which can change the underlying parameters
of the bpf(4) device. An example might be the setting of bpf(4) filter
programs or attaching to different network interfaces.
BIOCSETWF can be used to set write filters for outgoing packets.
Currently if a bpf(4) consumer is compromised, the bpf(4) descriptor can
essentially be used as a raw socket, regardless of consumer's UID.
Write filters give users the ability to constrain which packets can be sent
through the bpf(4) descriptor.
Taken from OpenBSD.
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 src/share/man/man4/bpf.4
cvs rdiff -u -r1.236 -r1.237 src/sys/net/bpf.c
cvs rdiff -u -r1.74 -r1.75 src/sys/net/bpf.h
cvs rdiff -u -r1.46 -r1.47 src/sys/net/bpfdesc.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
