if_bridge(4)/bpf on incoming packets

[Kyle Evans]

On Sat, Mar 16, 2019 at 11:37 PM Kyle Evans <kevans at freebsd.org> wrote:
>
> On Sat, Mar 16, 2019 at 11:17 PM Kyle Evans <kevans at freebsd.org> wrote:
> >
> > Hi,
> >
> > Given a setup like:
> >
> > ifconfig bridge0 create
> > ifconfig bridge0 addm em0 addm wlan0 up
> >
> > Packets coming in on em0 that get routed to wlan0 by the bridge will
> > not be passed over to wlan0's bpf(4). I have an open review [0] that
> > proposes changing this so that if we're passing traffic over a bridge,
> > it gets exposed to the destination interface's bpf interface assuming
> > it's not the interface that just injected it into the bridge.
> >
> > I don't know the history here, though- is there any particular reason
> > bridge doesn't/shouldn't do this now, or is it just that it's not
> > useful by conventional (read: almost all) usage of a bridge?
> >
>
> Further reading leads me to believe that it's maybe technically a bug
> -- see [1], where packets running through bridge_forward and destined
> for a member interface *do* get pushed through bpf. The problem is
> that this can never happen, because we've either grabbed it and bailed
> out in bridge_input [2] before we call bridge_forward, or we're
> calling bridge_forward for broadcast/multicast [3].
>
> This also leads me to wonder if we should be invoking pfil hooks
> before bailing out of bridge_input in this case, though, so that pfil
> hooks have a chance to operate on bridge-passed local traffic as well.

Apologies for the extra noise... this last e-mail was me failing to
notice that the linked snippet is tapping it for the bridge interface,
not the destination interface. This is likely irrelevant to my
original question.

> [1] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2222
> [2] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2480
> [3] https://svnweb.freebsd.org/base/head/sys/net/if_bridge.c?view=markup&pathrev=345194#l2367