kern/109815: wrong interface identifier at pfil_hooks for vlans
+ if_bridge
Bruce M. Simpson
bms at FreeBSD.org
Tue Mar 6 16:00:14 UTC 2007
Eygene Ryabinkin wrote:
> I am awfully sorry, but you're seem to be mistaken:
Thanks for clarifying this. That'll be because I didn't read if_bridge
that far. ;^) In my original message I was just looking at if_ethersubr.c.
I need to make sure any changes which are made to if_bridge to deal with
vlan problems are incorporated into bms_netdev so that after I commit
M_PROMISC, it does the right thing.
> if_bridge calls
> the ipfw directly only for the L2 filtering (when the net.link.bridge.ipfw
> is set to 1). This is processed by the block in if_bridge just
> above to the 'ipfwpass' label.
>
>
In bms_netdev, the behaviour of ether_demux() is unchanged.
ip_dn_claim_rule() is called to determine if there is an IPFW (usually
dummynet) rule for the input frame at ethernet level, if-and-only-if
net.link.ether.ipfw is non-zero. I just committed some comments to
clarify this and styled it the same as the check in ether_output_frame().
However -- the IPFW check in ether_demux() is *skipped* in bms_netdev if
M_PROMISC is set. This is because we might drop packets which are
destined for vlan_input() which flow in because the interface is
IFF_PROMISC.
Strictly speaking this bends the rules of dummynet, because if you have
frames coming in due to promiscuous mode, which the rest of the stack
doesn't expect, they won't be filtered by Dummynet pipes.
> But the L3 filtering is done fully by the pfil hooks, as I understand
> the code. Moreover, I am using 'pf' in my case, not the ipfw.
>
Yes, this is always the case for the upper layers.
Regards,
BMS
More information about the freebsd-net
mailing list