[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-net
Subject:    Re: bridge(4)+ NPF
From:       Mindaugas Rasiukevicius <rmind () netbsd ! org>
Date:       2017-03-23 23:58:02
Message-ID: 20170323235803.5F3BD84CDE () mail ! netbsd ! org
[Download RAW message or body]

Stephen Borrill <netbsd@precedence.co.uk> wrote:
> I've happily used BRIDGE_IPF in the past, but given IPFilter 5's lack of 
> stability, I've been forced to consider NPF even with its missing 
> functionality. Does NPF have a similar option to BRIDGE_IPF?

Despite the name, BRIDGE_IPF is pretty generic code -- it just passes
the bridged packets through the pfil(9) hooks, with the Etherned header
temporarily removed.  I did not inspect the BRIDGE_IPF code in detail,
but generally there should be no reason why it would not work with NPF
or other packet filters.

Also, having the BRIDGE_IPF kernel option does not seem to be worth
these days.  The #ifdef-ed code is small and it's configured by a flag.

-- 
Mindaugas
[prev in list] [next in list] [prev in thread] [next in thread]