Hello, I'm currently searching for a root cause for a certain behavior in ethernet packet handling and want to ask some things to be sure.
Let me begin with a short description: Consider an interface in promiscuous mode. A packet ingressing the interface is prevented from reaching upper layers by camparing the destination address with the local one and by checking for multicast and CARP. If I am right, this pre-filtering happens in ether_input_internal() (if_ethersubr.c) and the packet is later dropped by ether_demux() if IFF_PPROMISC is not set. Now, consider the following netgraph with the interface above: if:lower <-> tee <-> if:upper In this case, ingressing and egressing traffic is not manipulated in any way. The difference to the packet handling described before is the existence of ng_hooks. This leads to the fact that netgraph gets the packet without the destination address checks executed. When the packet reaches ether_demux(), M_PROMISC is never set in m->m_flags. Am I right? The background to my question is the following: When netgraph is being used, I've noticed that packets which are not destined to the host are being handled by the host's upper layers when attached to a non-switched network and promiscous mode is enabled. Thanks, Martin
