Date: Sat, 16 Mar 2019 23:58:24 -0500 From: Kyle Evans <kevans@freebsd.org> To: freebsd-net <freebsd-net@freebsd.org> Subject: Re: if_bridge(4)/bpf on incoming packets Message-ID: <CACNAnaGFWuOBdnYXbX6PBj1ae57swbhWsGf_Y_dm_XVLhjOwzA@mail.gmail.com> In-Reply-To: <CACNAnaEgZ0YX%2BK9vOtObfrK1pD3gqT94Y4%2BDyjf4UhAYvX2EUQ@mail.gmail.com> References: <CACNAnaEZtJdOkuq3i9grV0VBqGaemLhq_UR7a4%2Buc1eDhErk=Q@mail.gmail.com> <CACNAnaEgZ0YX%2BK9vOtObfrK1pD3gqT94Y4%2BDyjf4UhAYvX2EUQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 16, 2019 at 11:37 PM Kyle Evans <kevans@freebsd.org> wrote: > > On Sat, Mar 16, 2019 at 11:17 PM Kyle Evans <kevans@freebsd.org> wrote: > > > > Hi, > > > > Given a setup like: > > > > ifconfig bridge0 create > > ifconfig bridge0 addm em0 addm wlan0 up > > > > Packets coming in on em0 that get routed to wlan0 by the bridge will > > not be passed over to wlan0's bpf(4). I have an open review [0] that > > proposes changing this so that if we're passing traffic over a bridge, > > it gets exposed to the destination interface's bpf interface assuming > > it's not the interface that just injected it into the bridge. > > > > I don't know the history here, though- is there any particular reason > > bridge doesn't/shouldn't do this now, or is it just that it's not > > useful by conventional (read: almost all) usage of a bridge? > > > > Further reading leads me to believe that it's maybe technically a bug > -- see [1], where packets running through bridge_forward and destined > for a member interface *do* get pushed through bpf. The problem is > that this can never happen, because we've either grabbed it and bailed > out in bridge_input [2] before we call bridge_forward, or we're > calling bridge_forward for broadcast/multicast [3]. > > This also leads me to wonder if we should be invoking pfil hooks > before bailing out of bridge_input in this case, though, so that pfil > hooks have a chance to operate on bridge-passed local traffic as well. Apologies for the extra noise... this last e-mail was me failing to notice that the linked snippet is tapping it for the bridge interface, not the destination interface. This is likely irrelevant to my original question. > [1] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2222 > [2] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2480 > [3] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2367
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaGFWuOBdnYXbX6PBj1ae57swbhWsGf_Y_dm_XVLhjOwzA>