bpf does not see packets forwarded with ipfw fwd
Jung-uk Kim
jkim at FreeBSD.org
Mon Apr 14 18:40:07 UTC 2008
On Saturday 12 April 2008 02:22 am, Eugene Grosbein wrote:
> Hi!
>
> One of 7.0 users has reported in some cyrillic newsgroup
> a problem that I have reproduced in my 7.0-STABLE system.
> That is: tcpdump does not show locally originated outgoing IP
> packets that were processed by 'ipfw fwd' rule. The same
> configuration presents no problems with 6.3-STABLE.
>
> Consider simple schema: two FreeBSD boxes (A and B) directly
> connected with ethernet intefaces. The box A has another ethernet
> interface and uses "ipfw fwd" as its very first ipfw rule to
> forward some packets to B, while these packets would normally go
> out trough mentioned another interface. Now, tcpdump does NOT show
> outgoing packets but host B also runs tcpdump on its incoming
> interface and does see them.
>
> I double-checked all paramerets for tcpdump, all routing tables.
> I even connected A and B with cross-over ethernet cable, without a
> switch. Still, B sees incoming packets coming over the cable and A
> does not see them leaving. This bothers me a bit :-)
Can you try the attached patch?
Thanks!
Jung-uk Kim
-------------- next part --------------
Index: sys/net/bpf.c
===================================================================
RCS file: /home/ncvs/src/sys/net/bpf.c,v
retrieving revision 1.191
diff -u -r1.191 bpf.c
--- sys/net/bpf.c 7 Apr 2008 02:51:00 -0000 1.191
+++ sys/net/bpf.c 14 Apr 2008 18:37:07 -0000
@@ -88,8 +88,6 @@
#define PRINET 26 /* interruptible */
-#define M_SKIP_BPF M_SKIP_FIREWALL
-
/*
* bpf_iflist is a list of BPF interface structures, each corresponding to a
* specific DLT. The same network interface might have several BPF interface
@@ -843,9 +841,9 @@
mc = m_dup(m, M_DONTWAIT);
if (mc != NULL)
mc->m_pkthdr.rcvif = ifp;
- /* XXX Do not return the same packet twice. */
+ /* Set M_PROMISC as it is seen already. */
if (d->bd_direction == BPF_D_INOUT)
- m->m_flags |= M_SKIP_BPF;
+ m->m_flags |= M_PROMISC;
} else
mc = NULL;
@@ -1588,8 +1586,9 @@
int gottime;
struct timeval tv;
- if (m->m_flags & M_SKIP_BPF) {
- m->m_flags &= ~M_SKIP_BPF;
+ /* Clear M_PROMISC if it is re-entered. */
+ if (m->m_flags & M_PROMISC) {
+ m->m_flags &= ~M_PROMISC;
return;
}
@@ -1642,8 +1641,9 @@
int gottime;
struct timeval tv;
- if (m->m_flags & M_SKIP_BPF) {
- m->m_flags &= ~M_SKIP_BPF;
+ /* Clear M_PROMISC if it is re-entered. */
+ if (m->m_flags & M_PROMISC) {
+ m->m_flags &= ~M_PROMISC;
return;
}
More information about the freebsd-net
mailing list