summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCan Erkin Acar <canacar@cvs.openbsd.org>2004-05-04 18:03:59 +0000
committerCan Erkin Acar <canacar@cvs.openbsd.org>2004-05-04 18:03:59 +0000
commitec0ee59d515737ff4e6bc79b23b56e0e791ab2c6 (patch)
treeeb88e57de2a07db6ea490e53210141b1b69f5fa8
parent9afc597bd18344fb24961cd3921d07c31710eda3 (diff)
Apply bridge filter rules to incoming packets destined to the local machine.
Allows tagging of the incoming packets, and a single interface bridge to be actually useful for MAC level filtering/tagging. ok henning@
-rw-r--r--sys/net/if_bridge.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index e05d122b37e..714853b41ec 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bridge.c,v 1.133 2004/05/04 16:59:32 grange Exp $ */
+/* $OpenBSD: if_bridge.c,v 1.134 2004/05/04 18:03:58 canacar Exp $ */
/*
* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@@ -1392,6 +1392,11 @@ bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m)
bridge_rtupdate(sc,
(struct ether_addr *)&eh->ether_shost,
ifp, 0, IFBAF_DYNAMIC);
+ if (bridge_filterrule(&srcifl->bif_brlin, eh, m) ==
+ BRL_ACTION_BLOCK) {
+ m_freem(m);
+ return (NULL);
+ }
m->m_pkthdr.rcvif = ifl->ifp;
if (ifp->if_type == IFT_GIF) {
m->m_flags |= M_PROTO1;