diff options
| author |   canacar <canacar@openbsd.org> | 2004-05-04 18:03:58 +0000 |
|---|---|---|
| committer | canacar <canacar@openbsd.org> | 2004-05-04 18:03:58 +0000 |
| commit | 950acb1f200d574fdb330f4d43ad22d39edc6573 (patch) | |
| tree | 10354e6bd3edd8a8a28b7d81cccda1c40bde3aad | |
| parent | Move _bus_space_unmap() to machdep.c so it can be used not (diff) | |
| download | wireguard-openbsd-950acb1f200d574fdb330f4d43ad22d39edc6573.tar.xz wireguard-openbsd-950acb1f200d574fdb330f4d43ad22d39edc6573.zip | |
Apply bridge filter rules to incoming packets destined to the local machine.
Allows tagging of the incoming packets, and a single interface bridge to
be actually useful for MAC level filtering/tagging.
ok henning@
| -rw-r--r-- | sys/net/if_bridge.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index e05d122b37e..714853b41ec 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.133 2004/05/04 16:59:32 grange Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.134 2004/05/04 18:03:58 canacar Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -1392,6 +1392,11 @@ bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) bridge_rtupdate(sc, (struct ether_addr *)&eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); + if (bridge_filterrule(&srcifl->bif_brlin, eh, m) == + BRL_ACTION_BLOCK) { + m_freem(m); + return (NULL); + } m->m_pkthdr.rcvif = ifl->ifp; if (ifp->if_type == IFT_GIF) { m->m_flags |= M_PROTO1; |