PERFORCE change 143920 for review

[Gleb Kurtsou]

http://perforce.freebsd.org/chv.cgi?CH=143920

Change 143920 by gk at gk_h1 on 2008/06/22 17:09:25

	fix if_bridge packet filtering

Affected files ...

.. //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#5 edit

Differences ...

==== //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#5 (text+ko) ====

@@ -2848,7 +2848,7 @@
 	KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
 #endif
 
-	if (pfil_bridge == 0 && pfil_member == 0 && (ifp->if_flags & IFF_L2FILTER) == 0)
+	if (pfil_bridge == 0 && pfil_member == 0 && !(bifp != NULL && (bifp->if_flags & IFF_L2FILTER)))
 		return (0); /* filtering is disabled */
 
 	i = min((*mp)->m_pkthdr.len, max_protohdr);
@@ -2909,9 +2909,9 @@
 				goto bad;
 	}
 
-	if (PFIL_HOOKED(&ether_pfil_hook) && (ifp->if_flags & IFF_L2FILTER) &&
-			dir == PFIL_OUT && ifp != NULL) {
-		if (pfil_run_hooks(&ether_pfil_hook, mp, ifp, PFIL_OUT, NULL) != 0)
+	if (PFIL_HOOKED(&ether_pfil_hook) && dir == PFIL_OUT && bifp != NULL &&
+			(bifp->if_flags & IFF_L2FILTER)) {
+		if (pfil_run_hooks(&ether_pfil_hook, mp, bifp, PFIL_OUT, NULL) != 0)
 			return EACCES;
 	}
 
@@ -2947,7 +2947,8 @@
 
 	error = 0;
 
-	if (ifp->if_flags & IFF_L2TAG) {
+	/* Add tag if member or bridge interface has IFF_L2TAG set */
+	if (((bifp ? bifp->if_flags : 0) | (ifp ? ifp->if_flags : 0)) & IFF_L2TAG) {
 		mtag_ether_header = m_tag_locate(*mp, MTAG_ETHER, MTAG_ETHER_HEADER,
 		    NULL);
 		/* XXX ??? can packet be tagged by another interface */