pfil on bridge interface, looking for ether_header
Kevin Sanders
newroswell at gmail.com
Fri Nov 3 21:00:38 UTC 2006
On 11/2/06, Andrew Thompson <thompsa at freebsd.org> wrote:
> On Thu, Nov 02, 2006 at 05:45:50PM -0800, Kevin Sanders wrote:
> > I've written a kernel module that has pfil_add_hook'ed into the pfil
> > framework. When my input packet filter function is called, I can
> > mtod(*m, struct IP *) to the IP header, but haven't found a way to
> > find the original ethernet header.
>
> If you look in if_bridge.c:bridge_pfil you will see that the ethernet
> header is stripped from the mbuf before passing to pfil. You may want to
> create another hook such as ether_pfil_hook and modify the bridge to use
> it. Alternatively see the recent discussion between Julian and Andre on
> the matter.
I've got a simple fix for this that solves my immediate need (to be
able to reach the ethernet header). I grepped around, and don't see
much use of the m_pkthdr.header value anymore, and this doesn't appear
to break anything yet.
*** if_bridge.c 21 Oct 2006 12:10:39 -0700 1.11.2.40
--- if_bridge.c 03 Nov 2006 11:46:15 -0800
***************
*** 2781,2786 ****
--- 2781,2787 ----
ipfwpass:
error = 0;
+ (*mp)->m_pkthdr.header = &eh2;
/*
* Run the packet through pfil
***************
*** 2902,2907 ****
--- 2903,2909 ----
if (*mp == NULL)
return (error);
bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
+ (*mp)->m_pkthdr.header = NULL;
return (0);
More information about the freebsd-net
mailing list