mbuf question
Rui Paulo
rpaulo at FreeBSD.org
Mon Mar 17 01:39:39 UTC 2014
On 16 Mar 2014, at 14:21, John-Mark Gurney <jmg at funkthat.com> wrote:
> Why do we need this info in another location? Isn't this already in
> the packet? How else did we get it then? Or are you dealing w/ the
> fact that the L2 information was stripped by an upper layer, and if
> that is the case, shouldn't you be getting the packet soon then?
It's mostly because the netpfil hooks are in layer 3. The layer 2 headers are stripped by layer 2 code before it passes the mbuf to layer 3.
I don't know what the goals are, so it's hard to suggest alternatives... Do we want to filter IP packets based on L2 information or do we want to filter L2 packets like ARP? It's possible that the best alternative is to extend netpfil to layer 2 and then validate the mbuf there.
--
Rui Paulo
More information about the freebsd-hackers
mailing list