On 03/11/15(Tue) 17:03, Armin Wolfermann wrote:
> * Martin Pieuchot <m...@openbsd.org> [03.11.2015 13:51]:
> > > It seems the order of interface evaluation changed in 5.8. If a vlan
> > > parent interface is on a bridge, vlan tagged packets get blocked by
> > > bridge filter rules on the parent interface.
> >
> > Yes, as soon as a interface is part of a bridge(4), the packets it
> > receives will be feed to this bridge before doing any processing.
>
> But now the bridge filter rules affect all packets - even vlan tagged
> packets destined for another interface. The vlan interface doesn't even
> need to be part of the same bridge.
So you want to keep your vlan packets outside of the bridge?
> > Why do you need the parent interface and the vlan interface on your
> > bridge?
>
> It is a boot server for dump devices on different vlans.
Diff below should restore the previous behavior as long as bridge is
configured last on your interface (which is the case in netstart(8)).
I'm not sure it applies on 5.8 though...
Index: net/if.c
===================================================================
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.402
diff -u -p -r1.402 if.c
--- net/if.c 3 Nov 2015 12:25:37 -0000 1.402
+++ net/if.c 3 Nov 2015 16:41:31 -0000
@@ -791,17 +791,6 @@ if_input_process(void *xmq)
continue;
}
-#if NBRIDGE > 0
- if (ifp->if_bridgeport && (m->m_flags & M_PROTO1) == 0) {
- m = bridge_input(ifp, m);
- if (m == NULL) {
- if_put(ifp);
- continue;
- }
- }
- m->m_flags &= ~M_PROTO1; /* Loop prevention */
-#endif
-
/*
* Pass this mbuf to all input handlers of its
* interface until it is consumed.
Index: net/if_bridge.c
===================================================================
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.268
diff -u -p -r1.268 if_bridge.c
--- net/if_bridge.c 12 Oct 2015 10:03:25 -0000 1.268
+++ net/if_bridge.c 3 Nov 2015 16:45:51 -0000
@@ -114,6 +114,7 @@
void bridgeattach(int);
int bridge_ioctl(struct ifnet *, u_long, caddr_t);
+int bridge_input(struct ifnet *, struct mbuf *, void *);
void bridge_start(struct ifnet *);
void bridge_process(struct ifnet *, struct mbuf *);
void bridgeintr_frame(struct bridge_softc *, struct ifnet *, struct mbuf *);
@@ -270,6 +271,7 @@ bridge_delete(struct bridge_softc *sc, s
p->ifp->if_bridgeport = NULL;
error = ifpromisc(p->ifp, 0);
+ if_ih_remove(p->ifp, bridge_input, NULL);
TAILQ_REMOVE(&sc->sc_iflist, p, next);
bridge_rtdelete(sc, p->ifp, 0);
bridge_flushrule(p);
@@ -388,6 +390,7 @@ bridge_ioctl(struct ifnet *ifp, u_long c
SIMPLEQ_INIT(&p->bif_brlin);
SIMPLEQ_INIT(&p->bif_brlout);
ifs->if_bridgeport = (caddr_t)p;
+ if_ih_insert(p->ifp, bridge_input, NULL);
TAILQ_INSERT_TAIL(&sc->sc_iflist, p, next);
break;
case SIOCBRDGDEL:
@@ -1266,14 +1269,19 @@ bridgeintr_frame(struct bridge_softc *sc
* Receive input from an interface. Queue the packet for bridging if its
* not for us, and schedule an interrupt.
*/
-struct mbuf *
-bridge_input(struct ifnet *ifp, struct mbuf *m)
+int
+bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
{
- if ((m->m_flags & M_PKTHDR) == 0)
- panic("bridge_input(): no HDR");
+ KASSERT(m->m_flags & M_PKTHDR);
+
+ if (m->m_flags & M_PROTO1) {
+ m->m_flags &= ~M_PROTO1;
+ return (0);
+ }
niq_enqueue(&bridgeintrq, m);
- return (NULL);
+
+ return (1);
}
void
Index: net/if_bridge.h
===================================================================
RCS file: /cvs/src/sys/net/if_bridge.h,v
retrieving revision 1.45
diff -u -p -r1.45 if_bridge.h
--- net/if_bridge.h 24 Aug 2015 21:28:47 -0000 1.45
+++ net/if_bridge.h 3 Nov 2015 16:38:49 -0000
@@ -436,7 +436,6 @@ struct bridge_softc {
extern const u_int8_t bstp_etheraddr[];
void bridge_ifdetach(struct ifnet *);
-struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
void bridge_update(struct ifnet *, struct ether_addr *, int);
Index: netinet/ip_ether.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_ether.c,v
retrieving revision 1.78
diff -u -p -r1.78 ip_ether.c
--- netinet/ip_ether.c 31 Jul 2015 15:38:10 -0000 1.78
+++ netinet/ip_ether.c 3 Nov 2015 16:45:59 -0000
@@ -164,7 +164,7 @@ etherip_decap(struct mbuf *m, int iphlen
{
struct etherip_header eip;
struct gif_softc *sc;
- int s;
+ struct mbuf_list ml = MBUF_LIST_INITIALIZER();
etheripstat.etherip_ipackets++;
@@ -231,33 +231,12 @@ etherip_decap(struct mbuf *m, int iphlen
/* Reset the flags based on the inner packet */
m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF|M_PROTO1);
-#if NBPFILTER > 0
- if (sc->gif_if.if_bpf)
- bpf_mtap_af(sc->gif_if.if_bpf, AF_LINK, m, BPF_DIRECTION_IN);
-#endif
-
- /*
- * Tap the packet off here for a bridge. bridge_input() returns
- * NULL if it has consumed the packet. In the case of gif's,
- * bridge_input() returns non-NULL when an error occurs.
- */
#if NPF > 0
pf_pkt_addr_changed(m);
#endif
- m->m_pkthdr.ph_ifidx = sc->gif_if.if_index;
- m->m_pkthdr.ph_rtableid = sc->gif_if.if_rdomain;
- if (m->m_flags & (M_BCAST|M_MCAST))
- sc->gif_if.if_imcasts++;
-
- s = splnet();
- m = bridge_input(&sc->gif_if, m);
- splx(s);
- if (m == NULL)
- return;
- etheripstat.etherip_noifdrops++;
- m_freem(m);
- return;
+ ml_enqueue(&ml, m);
+ if_input(&sc->gif_if, &ml);
}
#endif
