In article <20041014224224.K23300@cargo-cult.k.bsd.de>,
Christoph Badura <bad@bsd.de> wrote:
>When compiling a kernel with bridge devices and option BRIDGE_IPF, the
>current behaviour is that ARP packets are passed unconditionally over the
>bridge, IPv4 packets are run through the inet_pfil_hooks and, if the kernel was
>configured with "option INET6", IPv6 packets are run through the
>inet6_pfil_hooks and all other packets are blocked.
>
>It seems inconsistent to me that ARP and IPv4 packets are not blocked when
>the kernel isn't configured with "option INET".  Does anyone mind if if I
>commit the following diffs?  As a side effect, they'd avoid calling
>pfil_run_hooks on an un-initialised inet_pfil_hook if the kernel isn't
>configured with "option INET".

I agree. The way it is now does not make any sense and should be changed.

>And shouldn't the code use pfil_head_get to get the pfil hook lists for
>the AF_INET and AF_INET6 protocols instead of using COMMON variables?

Yes, but that is more work...

christos