Date: Tue, 7 Mar 2000 00:16:36 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: Ludo Koren <lk@tempest.sk>, ipfw@FreeBSD.ORG Subject: Re: ipdivert and ethernet bridging Message-ID: <Pine.NEB.3.96L.1000307001533.16458B-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1000306212358.16458A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Aha, found it in ip_fw_chk, only the check is done after twiddling the various parts of the IP header, not before... :-) On Mon, 6 Mar 2000, Robert Watson wrote: > > Luigi, > > I've been reading through the bridge/ipfw code, and can't seem to find a > place where eh->ether_type is checked to see if it is ETHERTYPE_IP before > the firewall rules are evaluated. I was wondering if the check is not > taking place, or if so, where it takes place? > > net/bridge.c: > ... > /* > * before calling the firewall, swap fields the same as IP does. > * here we assume the pkt is an IP one and the header is > contiguous > */ > eh = mtod(m, struct ether_header *); > ip = (struct ip *)(eh + 1 ) ; > NTOHS(ip->ip_len); > NTOHS(ip->ip_id); > NTOHS(ip->ip_off); > ... > > Thanks, > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000307001533.16458B-100000>