Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Mar 2014 18:39:38 -0700
From:      Rui Paulo <rpaulo@FreeBSD.org>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>, Ian Lepore <ian@freebsd.org>, Hooman Fazaeli <hoomanfazaeli@gmail.com>
Subject:   Re: mbuf question
Message-ID:  <7FA2AB99-EE03-4E84-A67D-F3FCD734B66B@FreeBSD.org>
In-Reply-To: <20140316212106.GF32089@funkthat.com>
References:  <53230214.7010501@gmail.com> <BBAFAB2A-F496-46A2-8FE0-224BE562EAA7@FreeBSD.org> <532405B7.2020007@gmail.com> <96659837-1FDC-421D-A339-87104A0075C7@FreeBSD.org> <5324D669.804@gmail.com> <5324DAC0.9020508@gmail.com> <1394925228.1149.558.camel@revolution.hippie.lan> <BEA4D691-6405-4D5B-B437-DAEB655D45EF@FreeBSD.org> <5325BC99.2060703@gmail.com> <20140316212106.GF32089@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 16 Mar 2014, at 14:21, John-Mark Gurney <jmg@funkthat.com> wrote:

> Why do we need this info in another location?  Isn't this already in
> the packet?  How else did we get it then?  Or are you dealing w/ the
> fact that the L2 information was stripped by an upper layer, and if
> that is the case, shouldn't you be getting the packet soon then?

It's mostly because the netpfil hooks are in layer 3.  The layer 2 =
headers are stripped by layer 2 code before it passes the mbuf to layer =
3.

I don't know what the goals are, so it's hard to suggest alternatives... =
Do we want to filter IP packets based on L2 information or do we want to =
filter L2 packets like ARP?  It's possible that the best alternative is =
to extend netpfil to layer 2 and then validate the mbuf there.

--
Rui Paulo






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7FA2AB99-EE03-4E84-A67D-F3FCD734B66B>