On 08/06/16(Wed) 14:52, Masao Uebayashi wrote:
> This is suboptimal with respect to performance, but "correctly work-around"
> the problem, that is, bpf against an bridge'ed interface receives duplicate
> frames. (It happens for not only broadcast but also unicast.)
No way.
>
> diff --git a/sys/net/if.c b/sys/net/if.c
> index 9b53bf1..5209281 100644
> --- a/sys/net/if.c
> +++ b/sys/net/if.c
> @@ -568,7 +568,8 @@ if_enqueue(struct ifnet *ifp, struct mbuf *m)
> unsigned short mflags;
>
> #if NBRIDGE > 0
> - if (ifp->if_bridgeport && (m->m_flags & M_PROTO1) == 0) {
> + /* Loop prevention. */
> + if (ifp->if_bridgeport != NULL && (m->m_flags & M_PROTO1) == 0) {
> KERNEL_LOCK();
> error = bridge_output(ifp, m, NULL, NULL);
> KERNEL_UNLOCK();
> @@ -618,7 +619,13 @@ if_input(struct ifnet *ifp, struct mbuf_list *ml)
> if_bpf = ifp->if_bpf;
> if (if_bpf) {
> MBUF_LIST_FOREACH(ml, m)
> - if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0)
> + if (
> +#if NBRIDGE > 0
> + /* Loop prevention. */
> + !(ifp->if_bridgeport != NULL &&
> + (m->m_flags & M_PROTO1) != 0) &&
> +#endif
> + bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN) != 0)
> m->m_flags |= M_FILDROP;
> }
> #endif
