From owner-freebsd-ipfw Wed Oct 30 16:10:26 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C094F37B401; Wed, 30 Oct 2002 16:10:24 -0800 (PST) Received: from mta2.srv.hcvlny.cv.net (mta2.srv.hcvlny.cv.net [167.206.5.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CEDC43E7B; Wed, 30 Oct 2002 16:10:22 -0800 (PST) (envelope-from avg@icyb.net.ua) Received: from edge.foundation.invalid (ool-182f90f3.dyn.optonline.net [24.47.144.243]) by mta2.srv.hcvlny.cv.net (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002)) with ESMTP id <0H4T009GGKC93Q@mta2.srv.hcvlny.cv.net>; Wed, 30 Oct 2002 19:07:22 -0500 (EST) Received: from localhost (localhost.foundation.invalid [127.0.0.1]) by edge.foundation.invalid (8.12.6/8.12.3) with ESMTP id g9V07HTg030871; Wed, 30 Oct 2002 19:07:20 -0500 (EST envelope-from avg@icyb.net.ua) Date: Wed, 30 Oct 2002 19:07:17 -0500 (EST) From: Andriy Gapon Subject: Re: kern/44417: ipfw layer2 rules are not checked for ether_output_frame() on bridged interface In-reply-to: <20021029095521.A12933@carp.icir.org> X-X-Sender: avg@edge.foundation.invalid To: Luigi Rizzo Cc: FreeBSD-gnats-submit@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Message-id: <20021030185817.K30853-100000@edge.foundation.invalid> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG sorry, sent that patch before even trying to compile it. of course it should be: 391,406d390 < if (rule) /* packet was already bridged */ < goto no_bridge; < < if (BDG_ACTIVE(ifp) ) { < struct ether_header *eh; /* a ptr suffices */ < < m->m_pkthdr.rcvif = NULL; < eh = mtod(m, struct ether_header *); < m_adj(m, ETHER_HDR_LEN); < m = bdg_forward_ptr(m, eh, ifp); < if (m != NULL) < m_freem(m); < return (0); < } < < no_bridge: 432a417,429 > } > > if (BDG_ACTIVE(ifp) ) { > struct ether_header *eh; /* a ptr suffices */ > > splx(s); /* XXX */ > m->m_pkthdr.rcvif = NULL; > eh = mtod(m, struct ether_header *); > m_adj(m, ETHER_HDR_LEN); > m = bdg_forward_ptr(m, eh, ifp); > if (m != NULL) > m_freem(m); > return (0); damn C++ :-) Btw, could you please educate me a little bit about this splXXX() stuff ? I've tried to understand it from man page, but failed... What purpose does it serve here ? Is this like some kind of locking ? Is it ok that there are return statements after ether_ipfw_chk() call in ether_output_frame() without splx(s) ? Thank you! -- Andriy Gapon * "The worst part of communication is the illusion that it has actually occurred". M. Jenkins. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message