kern/64718: [patch] Bridged packets still seen by BPF listener after BIOCSEESENT ioctl.

Ed Maste emaste at sandvine.com
Thu Mar 25 08:20:23 PST 2004


>Number:         64718
>Category:       kern
>Synopsis:       [patch] Bridged packets still seen by BPF listener after BIOCSEESENT ioctl.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 25 08:20:22 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Ed Maste
>Release:        4.7
>Organization:
Sandvine Inc.
>Environment:
FreeBSD 4.7

>Description:
The BIOCSSEESENT ioctl sets a flag that controls whether received packets only, or both transmitted and received packets, are captured by BPF.

This flag does not have any effect for packets transmitted by an interface as a result of bridging.  These packets are always seen by the BPF listener.

>How-To-Repeat:
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg="em0 em1"

Open a bpf listener on em0 and set the BIOCSEESENT flag to zero.  Observe that both packets received on em0, and packets bridged from em1 to em0, are caught by BPF.

It seems that bpf_mtap uses m->m_pkthdr.rcvif == NULL as an indication that the packet is was transmitted, and that bridged packets still have the rcvif set.
>Fix:
This is one way to get around the problem:

--- bridge.c.orig    2003-12-29 14:07:02.000000000 -0500
+++ bridge.c    2004-03-22 16:52:27.000000000 -0500
@@ -1080,6 +1080,11 @@
                    return m0;
                bcopy(&save_eh, mtod(m, struct ether_header *), ETHER_HDR_LEN);
            }
+            /* 
+             * Clear rcvif so that a bpf listener on the output interface
+             * won't see this packet if it has SEESENT off.
+             */
+            m->m_pkthdr.rcvif = 0;
            if (!IF_HANDOFF(&last->if_snd, m, last)) {
 #if 0
                BDG_MUTE(last); /* should I also mute ? */

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list