Date: Mon, 11 Dec 2006 13:27:35 -0800 From: Julian Elischer <julian@elischer.org> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: addition to ipfw.. Message-ID: <457DCD47.5090004@elischer.org>
next in thread | raw e-mail | index | archive | help
in ipfw layer 2 processing, the packet is passed to the firewall as if it was a layer 3 IP packet but the ether header is also made available. I would like to add something similar in the case where a vlan tag is also on the packet.. basically I have a change where: If we are processing layer 2 packets (in ether or bridge code) AND a sysctl says to do it, and it is a vlan packet, Then the vlan header is also held back so that the packet can be processed and examined as an IP packet. It is (in the same way the ether header is) reattached when the packet is accepted. This allows me to filter packets that are traversing my bridge, even though they are encapsulated in a vlan. I have patches to allow this. I need this function. does anyone else? Julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?457DCD47.5090004>