In message <19980908223335.A20791@noc.untraceable.net>  Andrew Brown wrote:
> On Tue, Sep 08, 1998 at 01:33:22AM -0700, Michael Graff wrote:
> >Stefan Grefen <grefen@hprc.tandem.com> writes:
> >
> >> Hmm man 5 ipf says there is the "to" keyword which allows you to switch
> >> packets directly to an interface bypassing the routing code.
> >> (this -current )
> >> 
> >> This should do the trick for IP-based protocols. 
> >
> >Except that the NetBSD machine won't usually get the packets unless you
> >also fake ARP requests.  And now you're not a bridge, or at least not
> >a transparent one.
> 
> well...wouldn't bridging the non-ip protocols via the bpf include arp
> requests/replies?  wouldn't that make you pretty transparent?

You can filter the stuff for IP-arps even in the bpf-rules (the IP packets
must be dropped anyway),
Is running trough a user process anyway, so if you're lazy you can put the
filter there.

Stefan
> 
> -- 
> |-----< "CODE WARRIOR" >-----|
> codewarrior@daemon.org             * "ah!  i see you have the internet
> twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
> warfare@graffiti.com      * "information is power -- share the wealth."

--
Stefan Grefen                                Tandem Computers Europe Inc.
grefen@hprc.tandem.com                       High Performance Research Center
 --- Hacking's just another word for nothing left to kludge. ---