Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 16 Mar 2019 23:37:09 -0500
From:      Kyle Evans <kevans@freebsd.org>
To:        freebsd-net <freebsd-net@freebsd.org>
Subject:   Re: if_bridge(4)/bpf on incoming packets
Message-ID:  <CACNAnaEgZ0YX%2BK9vOtObfrK1pD3gqT94Y4%2BDyjf4UhAYvX2EUQ@mail.gmail.com>
In-Reply-To: <CACNAnaEZtJdOkuq3i9grV0VBqGaemLhq_UR7a4%2Buc1eDhErk=Q@mail.gmail.com>
References:  <CACNAnaEZtJdOkuq3i9grV0VBqGaemLhq_UR7a4%2Buc1eDhErk=Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Mar 16, 2019 at 11:17 PM Kyle Evans <kevans@freebsd.org> wrote:
>
> Hi,
>
> Given a setup like:
>
> ifconfig bridge0 create
> ifconfig bridge0 addm em0 addm wlan0 up
>
> Packets coming in on em0 that get routed to wlan0 by the bridge will
> not be passed over to wlan0's bpf(4). I have an open review [0] that
> proposes changing this so that if we're passing traffic over a bridge,
> it gets exposed to the destination interface's bpf interface assuming
> it's not the interface that just injected it into the bridge.
>
> I don't know the history here, though- is there any particular reason
> bridge doesn't/shouldn't do this now, or is it just that it's not
> useful by conventional (read: almost all) usage of a bridge?
>

Further reading leads me to believe that it's maybe technically a bug
-- see [1], where packets running through bridge_forward and destined
for a member interface *do* get pushed through bpf. The problem is
that this can never happen, because we've either grabbed it and bailed
out in bridge_input [2] before we call bridge_forward, or we're
calling bridge_forward for broadcast/multicast [3].

This also leads me to wonder if we should be invoking pfil hooks
before bailing out of bridge_input in this case, though, so that pfil
hooks have a chance to operate on bridge-passed local traffic as well.

[1] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2222
[2] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2480
[3] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2367

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaEgZ0YX%2BK9vOtObfrK1pD3gqT94Y4%2BDyjf4UhAYvX2EUQ>