Re: bridge(4)+ NPF

To: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Subject: Re: bridge(4)+ NPF
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Thu, 23 Mar 2017 23:58:02 +0000

Stephen Borrill <netbsd%precedence.co.uk@localhost> wrote:
> I've happily used BRIDGE_IPF in the past, but given IPFilter 5's lack of 
> stability, I've been forced to consider NPF even with its missing 
> functionality. Does NPF have a similar option to BRIDGE_IPF?

Despite the name, BRIDGE_IPF is pretty generic code -- it just passes
the bridged packets through the pfil(9) hooks, with the Etherned header
temporarily removed.  I did not inspect the BRIDGE_IPF code in detail,
but generally there should be no reason why it would not work with NPF
or other packet filters.

Also, having the BRIDGE_IPF kernel option does not seem to be worth
these days.  The #ifdef-ed code is small and it's configured by a flag.

-- 
Mindaugas

References:
- bridge(4)+ NPF
  - From: Stephen Borrill

Prev by Date: bridge(4)+ NPF
Next by Date: Frequent network code panics
Previous by Thread: bridge(4)+ NPF
Next by Thread: Frequent network code panics
Indexes:

Home | Main Index | Thread Index | Old Index