This is suboptimal with respect to performance, but "correctly work-around"
the problem, that is, bpf against an bridge'ed interface receives duplicate
frames. (It happens for not only broadcast but also unicast.)
diff --git a/sys/net/if.c b/sys/net/if.c
index 9b53bf1..5209281 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -568,7 +568,8 @@ if_enqueue(struct ifnet *ifp, struct mbuf *m)
unsigned short mflags;
#if NBRIDGE > 0
- if (ifp->if_bridgeport && (m->m_flags & M_PROTO1) == 0) {
+ /* Loop prevention. */
+ if (ifp->if_bridgeport != NULL && (m->m_flags & M_PROTO1) == 0) {
KERNEL_LOCK();
error = bridge_output(ifp, m, NULL, NULL);
KERNEL_UNLOCK();
@@ -618,7 +619,13 @@ if_input(struct ifnet *ifp, struct mbuf_list *ml)
if_bpf = ifp->if_bpf;
if (if_bpf) {
MBUF_LIST_FOREACH(ml, m)
- if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0)
+ if (
+#if NBRIDGE > 0
+ /* Loop prevention. */
+ !(ifp->if_bridgeport != NULL &&
+ (m->m_flags & M_PROTO1) != 0) &&
+#endif
+ bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0)
m->m_flags |= M_FILDROP;
}
#endif
