Date: Tue, 7 Mar 2000 09:24:17 +0100 (CET) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Ludo Koren <lk@tempest.sk>, ipfw@FreeBSD.ORG Subject: Re: ipdivert and ethernet bridging Message-ID: <200003070824.JAA60597@info.iet.unipi.it> In-Reply-To: <Pine.NEB.3.96L.1000307001533.16458B-100000@fledge.watson.org> from Robert Watson at "Mar 7, 2000 00:16:36 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Aha, found it in ip_fw_chk, only the check is done after twiddling the > various parts of the IP header, not before... :-) you are right, the check should be done earlier. I think it does not harm too much to do things like this now (hopefully) because the header is restored afterwards in all cases. Will check this. In an ideal world, the bridging code should call *fw_chk() depending on packet type... cheers luigi > On Mon, 6 Mar 2000, Robert Watson wrote: > > > > > Luigi, > > > > I've been reading through the bridge/ipfw code, and can't seem to find a > > place where eh->ether_type is checked to see if it is ETHERTYPE_IP before > > the firewall rules are evaluated. I was wondering if the check is not > > taking place, or if so, where it takes place? > > > > net/bridge.c: > > ... > > /* > > * before calling the firewall, swap fields the same as IP does. > > * here we assume the pkt is an IP one and the header is > > contiguous > > */ > > eh = mtod(m, struct ether_header *); > > ip = (struct ip *)(eh + 1 ) ; > > NTOHS(ip->ip_len); > > NTOHS(ip->ip_id); > > NTOHS(ip->ip_off); > > ... > > > > Thanks, > > > > Robert N M Watson > > > > robert@fledge.watson.org http://www.watson.org/~robert/ > > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > > TIS Labs at Network Associates, Safeport Network Services > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ipfw" in the body of the message > > > > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003070824.JAA60597>