Date: Mon, 29 Dec 2008 04:36:17 -0600 From: "Gerry Weaver" <gerryw@compvia.com> To: rea-fbsd@codelabs.ru Cc: freebsd-net@freebsd.org Subject: Re: pfil + if_bridge hooks not being called Message-ID: <20081229103617.cee01bda@mail01.compvia.com> In-Reply-To: "<PTEt0I6qfmOW7cqoflbu9cfFnOc@kjaK%2B/sQ5DW5981v71UogZJPf/0>"
next in thread | previous in thread | raw e-mail | index | archive | help
=5F=5F=5F=5F=5F =20
From: Eygene Ryabinkin [mailto:rea-fbsd@codelabs.ru]
To: Gerry Weaver [mailto:gerryw@compvia.com]
Cc: freebsd-net@freebsd.org
Sent: Mon, 29 Dec 2008 01:10:37 -0600
Subject: Re: pfil + if=5Fbridge hooks not being called
Gerry, good day.
=20
Sun, Dec 28, 2008 at 07:59:57PM -0600, Gerry Weaver wrote:
> I am working on a driver to collect some network statistics using
> pfil. I have set up a bridge and set net.link.bridge.pfil=5Fmember=
=3D1 via
> sysctl. I have added hooks for incoming and outgoing packets. I also
> put a third adapter into the system for dev/managment purposes. My
> hooks are only being called for outgoing packets on the management
> (non bridge) interface.
=20
A simple check will be to fire up standard hooks (for example, pf
firewall + some rules with 'log' keyword, see 'man pf.conf') and watch
for the logged packets on a pflog0 interface using tcpdump. If you'll
see the packets you wanted to see, then the problem is probably with
your code. If not, then probably your setup is incorrect and/or syste=
m
has a bug.
=20
> I have been searching for information about
> what I may have overlooked, but I can't find anything concrete. Is
> there something else that I need to do to see packets on the bridge
> member interfaces and incoming packets in general=3F
=20
You may want to add some diagnostics to the bridge=5Fpfil() in
/sys/net/if=5Fbridge.c, rebuild your kernel and try to see how it goes=
.
--=20
Eygene
=5F =5F=5F=5F =5F.--. #
\`.|\..----...-'` `-.=5F.-'=5F.-'` # Remember that it is hard
/ ' ` , =5F=5F.--' # to read the on-line manual
)/' =5F/ \ `-=5F, / # while single-stepping the k=
ernel.
`-'" `"\=5F ,=5F.-;=5F.-\=5F ', fsc/as #
=5F.-'=5F./ {=5F.' ; / # -- FreeBSD Developers h=
andbook
{=5F.-``-' {=5F/ #
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Hello All,
=20
Thanks for the advice Eygene. It turns out that the pointer to the if=
net
structure is null when the hook is called for incoming packets. I had a
check for a null pointer, but failed to log the error. Reworking this c=
ode
fixed the incoming packet problem. I put a printf in the outgoing packe=
t
hook function and things magically started working. If I take it out, t=
hings
stop working. Something is getting stepped on. I'm gonna fiddle with it=
a=20
bit to see what's happening there. I would assume it's probably somethin=
g
in my code as well. Also, after having a look at the if=5Fbridge code, =
I'm=20
starting to rethink the use of pfil in the first place. Calling my code
from the if=5Fbridge code offers some additional protocol support as we=
ll
as several other possibilities. I appreciate the pointer to if=5Fbridge.=
c. It made
me look at it a lot sooner than I probably would have otherwise.
=20
Thanks Again for your help,
Gerry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081229103617.cee01bda>