Introduce a new bd_seesent flag to the BPF descriptor, indicating whether or

not the current BPF device should report locally generated packets or not.
This allows sniffing applications to see only packets that are not generated
locally, which can be useful for debugging bridging problems, or other
situations where MAC addresses are not sufficient to identify locally
sourced packets.  Default to true for this flag, so as to provide existing
behavior by default.

Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used
to manipulate this flag from userland, given appropriate privilege.

Modify bpf.4 to document these two new ioctl arguments.

Reviewed by:	asmodai

4 files changed, 30 insertions, 0 deletions

diff --git a/share/man/man4/bpf.4 b/share/man/man4/bpf.4
index 88ffb6a43615..ff57584981ca 100644
--- a/share/man/man4/bpf.4
+++ b/share/man/man4/bpf.4
@@ -290,6 +290,14 @@ Set to zero if the link level source address should be filled in automatically
 by the the interface output routine.  Set to one if the link level source
 address will be written, as provided, to the wire.  This flag is initialized
 to zero by default.
+.It Dv BIOCSSEESENT
+.It Dv BIOCGSEESENT
+.Pq Li u_int
+Set or get the flag determining whether locally generated packets on the
+interface should be returned by BPF.  Set to zero to see only incoming
+packets on the interface.  Set to one to see packets originating
+locally and remotely on the interface.  This flag is initialized to one by
+default.
 .Sh BPF HEADER
 The following structure is prepended to each packet returned by
 .Xr read 2 :
diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index d75013e4cd54..466227ce2986 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -359,6 +359,7 @@ bpfopen(dev, flags, fmt, p)
 	dev->si_drv1 = d;
 	d->bd_bufsize = bpf_bufsize;
 	d->bd_sig = SIGIO;
+	d->bd_seesent = 1;
 
 	return (0);
 }
@@ -633,6 +634,8 @@ reset_d(d)
  *  BIOCVERSION		Get filter language version.
  *  BIOCGHDRCMPLT	Get "header already complete" flag
  *  BIOCSHDRCMPLT	Set "header already complete" flag
+ *  BIOCGSEESENT	Get "see packets sent" flag
+ *  BIOCSSEESENT	Set "see packets sent" flag
  */
 /* ARGSUSED */
 static	int
@@ -848,6 +851,20 @@ bpfioctl(dev, cmd, addr, flags, p)
 		d->bd_hdrcmplt = *(u_int *)addr ? 1 : 0;
 		break;
 
+	/*
+	 * Get "see sent packets" flag
+	 */
+	case BIOCGSEESENT:
+		*(u_int *)addr = d->bd_seesent;
+		break;
+
+	/*
+	 * Set "see sent packets" flag
+	 */
+	case BIOCSSEESENT:
+		d->bd_seesent = *(u_int *)addr;
+		break;
+
 	case FIONBIO:		/* Non-blocking I/O */
 		break;
 
@@ -1103,6 +1120,8 @@ bpf_mtap(ifp, m)
 		pktlen += m0->m_len;
 
 	for (d = bp->bif_dlist; d != 0; d = d->bd_next) {
+		if (!d->bd_seesent && (m->m_pkthdr.rcvif == NULL))
+			continue;
 		++d->bd_rcount;
 		slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
 		if (slen != 0)
diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index a684314e6841..9494e8349f7e 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -113,6 +113,8 @@ struct bpf_version {
 #define BIOCSRSIG	_IOW('B',115, u_int)
 #define BIOCGHDRCMPLT	_IOR('B',116, u_int)
 #define BIOCSHDRCMPLT	_IOW('B',117, u_int)
+#define BIOCGSEESENT	_IOR('B',118, u_int)
+#define BIOCSSEESENT	_IOW('B',119, u_int)
 
 /*
  * Structure prepended to each packet.
diff --git a/sys/net/bpfdesc.h b/sys/net/bpfdesc.h
index 1e638f7ec9d6..de3dfb9058ee 100644
--- a/sys/net/bpfdesc.h
+++ b/sys/net/bpfdesc.h
@@ -77,6 +77,7 @@ struct bpf_d {
 	u_char		bd_state;	/* idle, waiting, or timed out */
 	u_char		bd_immediate;	/* true to return on packet arrival */
 	int		bd_hdrcmplt;	/* false to fill in src lladdr automatically */
+	int		bd_seesent;	/* true if bpf should see sent packets */
 	int		bd_async;	/* non-zero if packet reception should generate signal */
 	int		bd_sig;		/* signal to send upon packet reception */
 	struct sigio *	bd_sigio;	/* information for async I/O */