Subject: Re: transparent filtering and bridge(4)?
To: None <current-users@netbsd.org>
From: William Waites <ww@styx.org>
List: current-users
Date: 02/12/2002 00:31:32
On Mon, Feb 11, 2002 at 10:19:13PM -0600, Paul Dokas wrote:
> 
> Personally, I'd settle for the OpenBSD sol'n of just passing the bridged
> traffic through IPFilter.  However, I think that a much better solution
> would be something like the ZPC that Jason Thorpe was once working on:
>

Actually, the bridge code was ported from OpenBSD -- Jason Thorpe did
most of the work. The BPF code was apparently taken out at that time,
although I'm not certain why. I don't believe it would be very difficult
to add it back in unless there's a particular reason not to. BPF in
a bridge might in any case be a compile time option in order not to
adversely affect performance.

Filtering L3 packets in L2 seems kind of dubious. Is there not another
way around the problem?

-w