pfil + if_bridge hooks not being called

[Gerry Weaver]

_____  

From: Eygene Ryabinkin [mailto:rea-fbsd at codelabs.ru]
To: Gerry Weaver [mailto:gerryw at compvia.com]
Cc: freebsd-net at freebsd.org
Sent: Mon, 29 Dec 2008 01:10:37 -0600
Subject: Re: pfil + if_bridge hooks not being called

Gerry, good day.
  
  Sun, Dec 28, 2008 at 07:59:57PM -0600, Gerry Weaver wrote:
  > I am working on a driver to collect some network statistics using
  > pfil. I have set up a bridge and set net.link.bridge.pfil_member=1 via
  > sysctl. I have added hooks for incoming and outgoing packets. I also
  > put a third adapter into the system for dev/managment purposes. My
  > hooks are only being called for outgoing packets on the management
  > (non bridge) interface.
  
  A simple check will be to fire up standard hooks (for example, pf
  firewall + some rules with 'log' keyword, see 'man pf.conf') and watch
  for the logged packets on a pflog0 interface using tcpdump.  If you'll
  see the packets you wanted to see, then the problem is probably with
  your code.  If not, then probably your setup is incorrect and/or system
  has a bug.
  
  > I have been searching for information about
  > what I may have overlooked, but I can't find anything concrete. Is
  > there something else that I need to do to see packets on the bridge
  > member interfaces and incoming packets in general?
  
  You may want to add some diagnostics to the bridge_pfil() in
  /sys/net/if_bridge.c, rebuild your kernel and try to see how it goes.
  -- 
  Eygene
   _                ___       _.--.   #
   \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
   /  ' `         ,       __.--'      #  to read the on-line manual
   )/' _/     \   `-_,   /            #  while single-stepping the kernel.
   `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
       _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
      {_.-``-'         {_/            #
  _______________________________________________
  freebsd-net at freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-net
  To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
Hello All,
  
  Thanks for the advice Eygene. It turns out that the pointer to the  ifnet
structure is null when the hook is called for incoming packets. I  had a
check for a null pointer, but failed to log the error. Reworking  this code
fixed the incoming packet problem. I put a printf in the  outgoing packet
hook function and things magically started working. If  I take it out, things
stop working. Something is getting stepped on. I'm  gonna fiddle with it a 
bit to see what's happening there. I would assume it's probably something
in my code as well. Also, after  having a look at the if_bridge code, I'm 
starting to rethink the use of  pfil in the first place. Calling my code
from the if_bridge code  offers some additional protocol support as well
as several other possibilities. I appreciate the pointer to if_bridge.c. It made
me look at it a lot sooner than I probably would have otherwise.
  
  Thanks Again for your help,
  Gerry