tech-kern: Re: brconfig and "ipf" to use "pfil" also

Subject: Re: brconfig and "ipf" to use "pfil" also
To: George Georgalis <george@galis.org>
From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
List: tech-kern
Date: 01/12/2006 10:44:16

On Wed, Jan 11, 2006 at 10:02:57PM -0500, George Georgalis wrote:
> On Thu, Jan 12, 2006 at 02:11:10AM +0100, Pavel Cahyna wrote:
> >On Wed, Jan 11, 2006 at 02:34:34PM -0800, Jeremy C. Reed wrote:
> >> > The description will then look like:
> >> > 
> >> >   pfil		Enable packet filtering with pfil(9) on the bridge.
> >> > 		The current implementation passes all ARP and RARP packets
> >> > 		through the bridge while filtering IP and ICMP packets through
> >> > 		the configured packet filter.
> >
> >I would say instead:
> >
> >through the bridge while filtering IP and IPv6 packets through
> >the configured packet filter, such as pf(4) or ipf(4). Other packet types
> >are blocked.
> 
> or...
> 
>   pfil     Enable pfil(9) packet filtering on the bridge.  The current
>            implementation filters IP and ICMP packets across the bridge
>            with the configured packet filter, pf(4) or ipf(4); while ARP
>            and RARP packets are passed, unfiltered, through the bridge.

This fails to mention IPv6 and does not tell explicitely that other
non-IP, non-(R)ARP packets are blocked. Also, the configured packet filter
may be something else than pf or ipf, contrary to what your formulation
implies. (True, there is no other packet filter available, but if you
write a custom one, it should Just Work.)

Pavel Cahyna