diff options
author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2004-05-04 18:03:59 +0000 |
---|---|---|
committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2004-05-04 18:03:59 +0000 |
commit | ec0ee59d515737ff4e6bc79b23b56e0e791ab2c6 (patch) | |
tree | eb88e57de2a07db6ea490e53210141b1b69f5fa8 | |
parent | 9afc597bd18344fb24961cd3921d07c31710eda3 (diff) |
Apply bridge filter rules to incoming packets destined to the local machine.
Allows tagging of the incoming packets, and a single interface bridge to
be actually useful for MAC level filtering/tagging.
ok henning@
-rw-r--r-- | sys/net/if_bridge.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index e05d122b37e..714853b41ec 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.133 2004/05/04 16:59:32 grange Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.134 2004/05/04 18:03:58 canacar Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -1392,6 +1392,11 @@ bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) bridge_rtupdate(sc, (struct ether_addr *)&eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); + if (bridge_filterrule(&srcifl->bif_brlin, eh, m) == + BRL_ACTION_BLOCK) { + m_freem(m); + return (NULL); + } m->m_pkthdr.rcvif = ifl->ifp; if (ifp->if_type == IFT_GIF) { m->m_flags |= M_PROTO1; |