From owner-freebsd-net@FreeBSD.ORG Fri Sep 15 17:49:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B88916A47B for ; Fri, 15 Sep 2006 17:49:01 +0000 (UTC) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7209443D58 for ; Fri, 15 Sep 2006 17:48:59 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from [192.168.2.10] ([192.168.2.10]) by mail1.cil.se with Microsoft SMTPSVC(6.0.3790.0); Fri, 15 Sep 2006 19:48:57 +0200 Message-ID: <450AE789.5020402@ide.resurscentrum.se> Date: Fri, 15 Sep 2006 19:48:57 +0200 From: Jon Otterholm User-Agent: Thunderbird 1.5 (X11/20060204) MIME-Version: 1.0 To: Andrew Thompson , freebsd-net@freebsd.org References: <45084BBD.7090903@ide.resurscentrum.se> <20060914042010.GA35371@heff.fud.org.nz> <4509131D.8090900@ide.resurscentrum.se> <20060914083612.GD35371@heff.fud.org.nz> <450965CB.6050904@ide.resurscentrum.se> <20060914192045.GA37784@heff.fud.org.nz> In-Reply-To: <20060914192045.GA37784@heff.fud.org.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 15 Sep 2006 17:48:57.0554 (UTC) FILETIME=[38091320:01C6D8EF] Cc: Subject: Re: Bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2006 17:49:01 -0000 Andrew Thompson wrote: > On Thu, Sep 14, 2006 at 04:23:07PM +0200, Jon Otterholm wrote: > >> Andrew Thompson wrote: >> >>> On Thu, Sep 14, 2006 at 10:30:21AM +0200, Jon Otterholm wrote: >>> >>> >>>> Andrew Thompson wrote: >>>> >>>> >>>>> On Wed, Sep 13, 2006 at 08:19:41PM +0200, Jon Otterholm wrote: >>>>> >From man if_bridge: >>>>> >>>>> >>>>>> ARP and REVARP packets are forwarded without being filtered and >>>>>> others >>>>>> that are not IP nor IPv6 packets are not forwarded when pfil_onlyip >>>>>> is >>>>>> enabled. IPFW can filter Ethernet types using mac-type so all >>>>>> packets >>>>>> are passed to the filter for processing. >>>>>> >>>>>> ARP is still forwarded though I have the following config: >>>>>> >>>>>> >>>>> The check for ARP happens before the ipfw layer2 code so it isnt >>>>> currently possible to filter them. >>>>> >>>>> >>>>> >>>> What impact would it have to others using bridge? Could it be made in >>>> combination with a sysctl that must be enabled? I can onley speak for me >>>> an my needs - I would like this to be committed. >>>> >>>> >>>> >>> You can try the patch I sent in a later email, it should work fine. >>> >>> >>> Andrew >>> >>> >> Do I have to go to -current for version 1.79 of if_bridge.c? >> > > No, the patch will apply fine to RELENG_6 too. > > > Andrew > It works fine. Thanks for all the help (let me know if you are in town (Ljungby-Sweden) and I will buy you lunch :-)). I hope to put this in production soon - will this patch work on future releases? How about committing this? /Jon