From owner-freebsd-net@FreeBSD.ORG  Mon Dec 29 10:36:49 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E11A106564A
	for <freebsd-net@freebsd.org>; Mon, 29 Dec 2008 10:36:49 +0000 (UTC)
	(envelope-from gerryw@compvia.com)
Received: from mail01.compvia.com (mail01.compvia.com [12.147.132.91])
	by mx1.freebsd.org (Postfix) with ESMTP id E6F038FC08
	for <freebsd-net@freebsd.org>; Mon, 29 Dec 2008 10:36:48 +0000 (UTC)
	(envelope-from gerryw@compvia.com)
Received: from [10.10.20.11] ([10.10.20.11])
	by mail01.compvia.com (Kerio MailServer 6.5.1);
	Mon, 29 Dec 2008 04:36:17 -0600
To: rea-fbsd@codelabs.ru
From: "Gerry Weaver" <gerryw@compvia.com>
In-Reply-To: "<PTEt0I6qfmOW7cqoflbu9cfFnOc@kjaK+/sQ5DW5981v71UogZJPf/0>"
Message-ID: <20081229103617.cee01bda@mail01.compvia.com>
Date: Mon, 29 Dec 2008 04:36:17 -0600
X-Mailer: Kerio MailServer 6.5.1 WebMail
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-net@freebsd.org
Subject: Re: pfil + if_bridge hooks not being called
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Dec 2008 10:36:49 -0000

=5F=5F=5F=5F=5F =20

From: Eygene Ryabinkin [mailto:rea-fbsd@codelabs.ru]
To: Gerry Weaver [mailto:gerryw@compvia.com]
Cc: freebsd-net@freebsd.org
Sent: Mon, 29 Dec 2008 01:10:37 -0600
Subject: Re: pfil + if=5Fbridge hooks not being called

Gerry, good day.
 =20
  Sun, Dec 28, 2008 at 07:59:57PM -0600, Gerry Weaver wrote:
  > I am working on a driver to collect some network statistics using
  > pfil. I have set up a bridge and set net.link.bridge.pfil=5Fmember=
=3D1 via
  > sysctl. I have added hooks for incoming and outgoing packets. I also
  > put a third adapter into the system for dev/managment purposes. My
  > hooks are only being called for outgoing packets on the management
  > (non bridge) interface.
 =20
  A simple check will be to fire up standard hooks (for example, pf
  firewall + some rules with 'log' keyword, see 'man pf.conf') and watch
  for the logged packets on a pflog0 interface using tcpdump.  If you'll
  see the packets you wanted to see, then the problem is probably with
  your code.  If not, then probably your setup is incorrect and/or syste=
m
  has a bug.
 =20
  > I have been searching for information about
  > what I may have overlooked, but I can't find anything concrete. Is
  > there something else that I need to do to see packets on the bridge
  > member interfaces and incoming packets in general=3F
 =20
  You may want to add some diagnostics to the bridge=5Fpfil() in
  /sys/net/if=5Fbridge.c, rebuild your kernel and try to see how it goes=
.
  --=20
  Eygene
   =5F                =5F=5F=5F       =5F.--.   #
   \`.|\..----...-'`   `-.=5F.-'=5F.-'`   #  Remember that it is hard
   /  ' `         ,       =5F=5F.--'      #  to read the on-line manual
   )/' =5F/     \   `-=5F,   /            #  while single-stepping the k=
ernel.
   `-'" `"\=5F  ,=5F.-;=5F.-\=5F ',  fsc/as   #
       =5F.-'=5F./   {=5F.'   ; /           #    -- FreeBSD Developers h=
andbook
      {=5F.-``-'         {=5F/            #
  =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
  freebsd-net@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-net
  To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Hello All,
 =20
  Thanks for the advice Eygene. It turns out that the pointer to the  if=
net
structure is null when the hook is called for incoming packets. I  had a
check for a null pointer, but failed to log the error. Reworking  this c=
ode
fixed the incoming packet problem. I put a printf in the  outgoing packe=
t
hook function and things magically started working. If  I take it out, t=
hings
stop working. Something is getting stepped on. I'm  gonna fiddle with it=
 a=20
bit to see what's happening there. I would assume it's probably somethin=
g
in my code as well. Also, after  having a look at the if=5Fbridge code, =
I'm=20
starting to rethink the use of  pfil in the first place. Calling my code
from the if=5Fbridge code  offers some additional protocol support as we=
ll
as several other possibilities. I appreciate the pointer to if=5Fbridge.=
c. It made
me look at it a lot sooner than I probably would have otherwise.
 =20
  Thanks Again for your help,
  Gerry