_____
From: Eygene Ryabinkin [mailto:rea-f...@codelabs.ru]
To: Gerry Weaver [mailto:ger...@compvia.com]
Cc: freebsd-net@freebsd.org
Sent: Mon, 29 Dec 2008 01:10:37 -0600
Subject: Re: pfil + if_bridge hooks not being called
Gerry, good day.
Sun, Dec 28, 2008 at 07:59:57PM -0600, Gerry Weaver wrote:
> I am working on a driver to collect some network statistics using
> pfil. I have set up a bridge and set net.link.bridge.pfil_member=1 via
> sysctl. I have added hooks for incoming and outgoing packets. I also
> put a third adapter into the system for dev/managment purposes. My
> hooks are only being called for outgoing packets on the management
> (non bridge) interface.
A simple check will be to fire up standard hooks (for example, pf
firewall + some rules with 'log' keyword, see 'man pf.conf') and watch
for the logged packets on a pflog0 interface using tcpdump. If you'll
see the packets you wanted to see, then the problem is probably with
your code. If not, then probably your setup is incorrect and/or system
has a bug.
> I have been searching for information about
> what I may have overlooked, but I can't find anything concrete. Is
> there something else that I need to do to see packets on the bridge
> member interfaces and incoming packets in general?
You may want to add some diagnostics to the bridge_pfil() in
/sys/net/if_bridge.c, rebuild your kernel and try to see how it goes.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Hello All,
Thanks for the advice Eygene. It turns out that the pointer to the ifnet
structure is null when the hook is called for incoming packets. I had a
check for a null pointer, but failed to log the error. Reworking this code
fixed the incoming packet problem. I put a printf in the outgoing packet
hook function and things magically started working. If I take it out, things
stop working. Something is getting stepped on. I'm gonna fiddle with it a
bit to see what's happening there. I would assume it's probably something
in my code as well. Also, after having a look at the if_bridge code, I'm
starting to rethink the use of pfil in the first place. Calling my code
from the if_bridge code offers some additional protocol support as well
as several other possibilities. I appreciate the pointer to if_bridge.c. It made
me look at it a lot sooner than I probably would have otherwise.
Thanks Again for your help,
Gerry
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
