bridge callbacks in if_ed.c?
Matthew Dillon
dillon at apollo.backplane.com
Sun Sep 5 14:37:31 PDT 2004
Well, wait a second... are we talking about a lot of packets being
discarded by the filter in 'normal' operation, or are we talking about
an attack? Because if we are takling about an attack the LAST ethernet
device anyone would ever want to use would be ED. i.e. they would be
under a major cpu load anyway and would be far better served using a
better ethernet card. It seems silly to leave a major hack in the system
just to support attacks on an ethernet device that nobody in their right
mind would use if they expected to be attacked! Also, most ED devices
are limited to 10BaseT (?), it's hard to imagine how the added load could
possibly make things any worse then they would otherwise be, and similarly
hard to imagine why anyone would want to use a programmed-I/O interface
at 100BaseT or greater speeds (I'd say that the poor guy would deserve
what he gets from that!).
-Matt
:there are performance reasons to do this way -- grabbing
:the entire packet is expensive because it is done via programmed
:I/O, so the current code only grabs the header, does the
:filtering, and grabs the rest of the packet only if
:needed.
:
:Probably the current code runs bridge_in_ptr() twice, but I
:believe this is still cheaper than grabbing all packets
:entirely.
:
:I'd rather not apply the patch unless you can show that
:the current code leads to incorrect behaviour.
:
:cheers
:luigi
More information about the freebsd-net
mailing list