From afbe3a0f81bd2487579ccd3529de693841ded287 Mon Sep 17 00:00:00 2001
From: Poul-Henning Kamp <phk@FreeBSD.org>
Date: Fri, 27 Sep 2002 18:57:47 +0000
Subject: [PATCH] Add the "Monitor" interface flag.

Setting this flag on an ethernet interface blocks transmission of packets
and discards incoming packets after BPF processing.

This is useful if you want to monitor network trafic but not interact
with the network in question.

Sponsored by:	http://www.babeltech.dk
---
 sbin/ifconfig/ifconfig.8 | 11 +++++++++++
 sbin/ifconfig/ifconfig.c |  2 ++
 sys/net/if.h             |  1 +
 sys/net/if_ethersubr.c   |  7 +++++++
 4 files changed, 21 insertions(+)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index 39761fbe5803..57468e974b34 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -504,6 +504,17 @@ for more information.
 .It Fl link Op Cm 0 No - Cm 2
 .Sm on
 Disable special processing at the link level with the specified interface.
+.It Cm monitor
+.Sm on
+Put the interface in monitor mode.
+No packets are transmitted and received packets are discarded after
+.Xr bpf 4
+processing.
+.Sm off
+.It Fl monitor
+.Sm on
+Take the interface out of monitor mode.
+.Sm off
 .It Cm up
 Mark an interface
 .Dq up .
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index c9ab382b42f5..35ac555e4f67 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -241,6 +241,8 @@ struct	cmd {
 	{ "-link1",	-IFF_LINK1,	setifflags },
 	{ "link2",	IFF_LINK2,	setifflags },
 	{ "-link2",	-IFF_LINK2,	setifflags },
+	{ "monitor",	IFF_MONITOR,	setifflags },
+	{ "-monitor",	-IFF_MONITOR,	setifflags },
 #ifdef USE_IF_MEDIA
 	{ "media",	NEXTARG,	setmedia },
 	{ "mediaopt",	NEXTARG,	setmediaopt },
diff --git a/sys/net/if.h b/sys/net/if.h
index a11dc39318a5..a87dd4778e27 100644
--- a/sys/net/if.h
+++ b/sys/net/if.h
@@ -141,6 +141,7 @@ struct if_data {
 #define	IFF_MULTICAST	0x8000		/* supports multicast */
 #define	IFF_POLLING	0x10000		/* Interface is in polling mode. */
 #define	IFF_PPROMISC	0x20000		/* user-requested promisc mode */
+#define	IFF_MONITOR	0x40000		/* user-requested monitor mode */
 
 /* flags set internally only: */
 #define	IFF_CANTCHANGE \
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index d92f4059a736..0983724f76da 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -162,6 +162,8 @@ ether_output(ifp, m, dst, rt0)
 		senderr(error);
 #endif
 
+	if (ifp->if_flags & IFF_MONITOR)
+		senderr(ENETDOWN);
 	if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING))
 		senderr(ENETDOWN);
 	rt = rt0;
@@ -583,6 +585,11 @@ ether_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m)
 		bpf_mtap(ifp, (struct mbuf *)&mh);
 	}
 
+	if (ifp->if_flags & IFF_MONITOR) {
+		m_freem(m);
+		return;
+	}
+
 #ifdef MAC
 	mac_create_mbuf_from_ifnet(ifp, m);
 #endif