Page MenuHomeFreeBSD
Differential D19586

if_bridge: Give bpf a shot at packets passed over the bridge
AbandonedPublic
Actions

Authored by kevans on Mar 14 2019, 6:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 8 2024, 2:45 AM
Unknown Object (File)
Feb 28 2024, 1:21 AM
Unknown Object (File)
Jan 17 2024, 12:27 PM
Unknown Object (File)
Dec 20 2023, 1:52 AM
Unknown Object (File)
Nov 27 2023, 3:49 AM
Unknown Object (File)
Oct 5 2023, 3:48 PM
Unknown Object (File)
Jul 3 2023, 10:00 AM
Unknown Object (File)
Jun 19 2023, 11:21 PM
View All 14 Files
Subscribers
ae
freqlabs
imp

Details

Reviewers
kp
philip
Summary

As described in the comment: packets passed to another interface on the bridge via bridge_input will not be exposed to bpf for that interface in any way. They will be passed promptly back up the stack and dispatched almost directly into the next layer up or discarded.

This corrects the accounting for packets flowing in on an interface (either physically or through a bridge) and allows, for instance, an interface directly attached to the bridge pull a DHCP address if it so desires.

It's not clear to me if anything 'out there' relies on bpf to only reflect traffic physically flowing in on an interface and specifically *not* traffic flowing in from the bridge. This doesn't seem likely to me, though.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 23102

Event Timeline

kevans created this revision.Mar 14 2019, 6:23 PM
Herald added subscribers: ae, imp. · View Herald TranscriptMar 14 2019, 6:23 PM
Harbormaster completed remote builds in B23091: Diff 55069.Mar 14 2019, 6:24 PM
freqlabs added a subscriber: freqlabs.Mar 15 2019, 12:58 AM
kevans updated this revision to Diff 55092.Mar 15 2019, 3:50 AM

Correct slight oversight: don't double-tap packets that are being received by the same interface that they came in on. Those take the same path.

Harbormaster completed remote builds in B23102: Diff 55092.Mar 15 2019, 3:50 AM
kp added a reviewer: philip.Mar 15 2019, 2:16 PM
kp added a comment.Mar 15 2019, 2:33 PM

I don't see any obvious problems, but I don't think I know this part of the code well enough to say for sure.

kevans abandoned this revision.Mar 17 2019, 5:02 PM

Abandoning for this now; further contemplation leads me to think my local hack should stay local on this one. I do think there's a tangentially related problem here, though, that I'll likely address in a different review: consider a bridge0 with em0 and em1 members. Traffic rx'd by em0 that gets forwarded *through* em1 will increment bridge0 IPACKETS/IBYTES and get passed through bridge0 bpf. Unicast traffic specifically for em1, though, will *not* have any of this accounting done and not get passed to bridge0 bpf, just em0 bpf, despite still having passed over the bridge in the same fashion. It strikes me as incorrect to treat this traffic any differently than in the bridge_forward case.

Revision Contents
Changeset List

PathSize
sys/
net/
16 lines

Diff 55092

View Options

sys/net/if_bridge.c

Loading...