Date: Mon, 28 Oct 2002 11:47:41 -0500 (EST) From: Andriy Gapon <avg@icyb.net.ua> To: FreeBSD-gnats-submit@FreeBSD.org Cc: freebsd-ipfw@freebsd.org Subject: Re: kern/44417: ipfw layer2 rules are not checked for ether_output_frame() on bridged interface Message-ID: <20021028114346.T76307-100000@edge.foundation.invalid> In-Reply-To: <200210231810.g9NIA15C037636@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's a patch that I think fixes this problem, it works for me.
If anybody else could test this that would be great.
--- if_ethersubr.c.orig Wed Oct 23 15:27:08 2002
+++ if_ethersubr.c Wed Oct 23 15:28:06 2002
@@ -388,9 +388,6 @@
if (m->m_flags == PACKET_TAG_DUMMYNET)
rule = ((struct dn_pkt *)m)->rule;
- if (rule) /* packet was already bridged */
- goto no_bridge;
-
if (BDG_ACTIVE(ifp) ) {
struct ether_header *eh; /* a ptr suffices */
--- bridge.c.orig Wed Oct 23 15:28:16 2002
+++ bridge.c Wed Oct 23 15:29:06 2002
@@ -857,11 +857,11 @@
* Additional restrictions may apply e.g. non-IP, short packets,
* and pkts already gone through a pipe.
*/
- if (src != NULL && (
+ if (
#ifdef PFIL_HOOKS
((pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh)) != NULL && bdg_ipf !=0) ||
#endif
- (IPFW_LOADED && bdg_ipfw != 0))) {
+ (IPFW_LOADED && bdg_ipfw != 0)) {
int i;
--
Andriy Gapon
*
"Never try to outstubborn a cat." Lazarus Long, "Time Enough for Love"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021028114346.T76307-100000>