Date: Wed, 30 Oct 2002 09:40:05 -0800 (PST) From: Andriy Gapon <avg@icyb.net.ua> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/44417: ipfw layer2 rules are not checked for ether_output_frame() on bridged interface Message-ID: <200210301740.g9UHe5hs046499@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/44417; it has been noted by GNATS.
From: Andriy Gapon <avg@icyb.net.ua>
To: Luigi Rizzo <rizzo@icir.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject: Re: kern/44417: ipfw layer2 rules are not checked for
ether_output_frame() on bridged interface
Date: Wed, 30 Oct 2002 12:37:15 -0500 (EST)
Luigi,
you are right - my patch is incorrect, firewall rules are checked at the
wrong place.
This one should be better:
391,406d390
< if (rule) /* packet was already bridged */
< goto no_bridge;
<
< if (BDG_ACTIVE(ifp) ) {
< struct ether_header *eh; /* a ptr suffices */
<
< m->m_pkthdr.rcvif = NULL;
< eh = mtod(m, struct ether_header *);
< m_adj(m, ETHER_HDR_LEN);
< m = bdg_forward_ptr(m, eh, ifp);
< if (m != NULL)
< m_freem(m);
< return (0);
< }
<
< no_bridge:
432a417,429
> }
>
> if (BDG_ACTIVE(ifp) ) {
> splx(s); /* XXX */
> struct ether_header *eh; /* a ptr suffices */
>
> m->m_pkthdr.rcvif = NULL;
> eh = mtod(m, struct ether_header *);
> m_adj(m, ETHER_HDR_LEN);
> m = bdg_forward_ptr(m, eh, ifp);
> if (m != NULL)
> m_freem(m);
> return (0);
basically it moves check for bridging to after ipfw stuff.
What do you think ?
Thank you.
--
Andriy Gapon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210301740.g9UHe5hs046499>