[ovs-dev] [PATCH] netdev implementation for FreeBSD

[Ben Pfaff]

On Fri, Jul 06, 2012 at 09:51:12PM -0400, Ed Maste wrote:
> A packet received by em0 is intercepted by BPF and delivered to Open
> vSwitch via libpcap.  Open vSwitch delivers it to the tap device, and
> the stack then gets copies from both em0 and br0.  This can be addressed
> by a firewall rule to discard packets received by em0 so that they don't
> make it beyond the BPF call.
> 
> It isn't clear to me though why the Linux userspace mode does not behave
> the same way though.  I had a (very) brief look at the way PF_PACKET is
> handled in Linux and it seemed like the packet would still be passed up
> the stack -- there must be something else that I'm missing.

Linux appears to have a special case such that a packet will never be
delivered back to the socket from which it originates via the network
tap interface, see dev_queue_xmit_nit() in net/core/dev.c:

/*
 *	Support routine. Sends outgoing frames to any network
 *	taps currently in use.
 */

static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
{
	struct packet_type *ptype;
	struct sk_buff *skb2 = NULL;
	struct packet_type *pt_prev = NULL;

	rcu_read_lock();
	list_for_each_entry_rcu(ptype, &ptype_all, list) {
		/* Never send packets back to the socket
		 * they originated from - MvS (miquels at drinkel.ow.org)
		 */
		if ((ptype->dev == dev || !ptype->dev) &&
		    (ptype->af_packet_priv == NULL ||
		     (struct sock *)ptype->af_packet_priv != skb->sk)) {
			if (pt_prev) {
				deliver_skb(skb2, pt_prev, skb->dev);
				pt_prev = ptype;
				continue;
			}