FreeBSD Bugzilla – Attachment 12240 Details for
Bug 23771
bridge/firewall doesn't work as in bridge(4)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.52 KB, created by
Joost Bekkers
on 2000-12-22 19:50:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Joost Bekkers
Created:
2000-12-22 19:50:01 UTC
Size:
2.52 KB
patch
obsolete
>*** net/bridge.c~ Thu Dec 21 20:04:45 2000 >--- net/bridge.c Thu Dec 21 20:44:41 2000 >*************** >*** 56,61 **** >--- 56,71 ---- > * option BRIDGE > * and then at runtime set the sysctl variable to enable bridging. > * >+ * If you want to combine a bridge with a firewall: >+ * option IPFIREWALL >+ * and since it usualy doesn't make a lot of sense to block ip and >+ * let all the other protocols pass freely, use >+ * option BRIDGE_IP_ONLY >+ * And because arp (and sometimes rarp) can be extremely usefull in >+ * an ip network >+ * option BRIDGE_ALLOW_ARP >+ * option BRIDGE_ALLOW_RARP >+ * > * Only one interface is supposed to have addresses set (but > * there are no problems in practice if you set addresses for more > * than one interface). >*************** >*** 91,96 **** >--- 101,107 ---- > > #include "opt_ipfw.h" > #include "opt_ipdn.h" >+ #include "opt_bdg.h" > > #if defined(IPFIREWALL) > #include <net/route.h> >*************** >*** 445,450 **** >--- 456,474 ---- > bzero(ifp2sc, BDG_MAX_PORTS * sizeof(struct bdg_softc) ); > > bzero(&bdg_stats, sizeof(bdg_stats) ); >+ /* added by bps */ >+ printf("BRIDGING ENABLED" >+ #ifdef BRIDGE_IP_ONLY >+ " protocols ip" >+ #ifdef BRIDGE_ALLOW_ARP >+ ",arp" >+ #endif >+ #ifdef BRIDGE_ALLOW_RARP >+ ",rarp" >+ #endif >+ " only" >+ #endif >+ "\n"); > bdgtakeifaces(); > bdg_timeout(0); > do_bridge=0; >*************** >*** 658,663 **** >--- 682,688 ---- > struct ip_fw_chain *rule = NULL ; > int off; > struct ip *ip ; >+ u_short frame_type; > > m = *m0 ; > #ifdef DUMMYNET >*************** >*** 678,685 **** >--- 703,729 ---- > goto forward ; > if (src == NULL) > goto forward ; /* do not apply to packets from ether_output */ >+ frame_type=ntohs(eh->ether_type); >+ #ifdef BRIDGE_ALLOW_ARP >+ if (frame_type == ETHERTYPE_ARP) >+ goto forward ; /* BRIDGE_ALLOW_ARP is defined, so forward arp */ >+ #endif >+ #ifdef BRIDGE_ALLOW_RARP >+ if (frame_type == ETHERTYPE_REVARP) >+ goto forward ; /* BRIDGE_ALLOW_RARP is defined, so forward rarp */ >+ #endif > if (ntohs(eh->ether_type) != ETHERTYPE_IP) >+ #ifdef BRIDGE_IP_ONLY /* we're bridging IP (and maybe arp/rarp) only */ >+ { >+ if (canfree) { >+ m_freem(*m0) ; >+ *m0 = NULL ; >+ } >+ return 0; >+ } >+ #else /* we're bridging everything */ > goto forward ; /* not an IP packet, ipfw is not appropriate */ >+ #endif > /* > * In this section, canfree=1 means m is the same as *m0. > * canfree==0 means m is a copy. We need to make a copy here
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12240">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 23771
:
12239
| 12240