From 5d45c61090b3eacff6f64f09e441d1fd089d018d Mon Sep 17 00:00:00 2001
From: Bill Yuan <bycn82@gmail.com>
Date: Wed, 25 Feb 2015 17:15:42 +0800
Subject: [PATCH] allow layer2 filtering on ipfw2 when net.link.ether.ipfw=1

---
 lib/libipfw2/layer2/ipfw2_layer2.c | 2 +-
 sys/net/if_ethersubr.c             | 5 +++--
 sys/net/ipfw2/ip_fw3.c             | 6 ++----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/libipfw2/layer2/ipfw2_layer2.c b/lib/libipfw2/layer2/ipfw2_layer2.c
index 06495ebde7..707d63998f 100644
--- a/lib/libipfw2/layer2/ipfw2_layer2.c
+++ b/lib/libipfw2/layer2/ipfw2_layer2.c
@@ -142,7 +142,7 @@ parse_layer2(ipfw_insn **cmd, int *ac, char **av[])
 void
 parse_mac(ipfw_insn **cmd, int *ac, char **av[])
 {
-	NEED(*ac, 3, "MAC dst src");
+	NEED(*ac, 3, "mac dst src");
 	NEXT_ARG1;
 	(*cmd)->opcode = O_LAYER2_MAC;
 	(*cmd)->module = MODULE_LAYER2_ID;
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 8cb2f62095..bc6958c53f 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -75,6 +75,7 @@
 #include <netinet/if_ether.h>
 #include <netinet/ip_flow.h>
 #include <net/ipfw/ip_fw.h>
+#include <net/ipfw2/ip_fw.h>
 #include <net/dummynet/ip_dummynet.h>
 #endif
 #ifdef INET6
@@ -421,7 +422,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m)
 	if (ifq_is_enabled(&ifp->if_snd))
 		altq_etherclassify(&ifp->if_snd, m, &pktattr);
 	crit_enter();
-	if (IPFW_LOADED && ether_ipfw != 0) {
+	if ((IPFW_LOADED || IPFW2_LOADED) && ether_ipfw != 0) {
 		struct ether_header save_eh, *eh;
 
 		eh = mtod(m, struct ether_header *);
@@ -993,7 +994,7 @@ ether_demux_oncpu(struct ifnet *ifp, struct mbuf *m)
 	}
 
 post_stats:
-	if (IPFW_LOADED && ether_ipfw != 0 && !discard) {
+	if ((IPFW_LOADED || IPFW2_LOADED) && ether_ipfw != 0 && !discard) {
 		struct ether_header save_eh = *eh;
 
 		/* XXX old crufty stuff, needs to be removed */
diff --git a/sys/net/ipfw2/ip_fw3.c b/sys/net/ipfw2/ip_fw3.c
index c22be8775c..cabcf73cfd 100644
--- a/sys/net/ipfw2/ip_fw3.c
+++ b/sys/net/ipfw2/ip_fw3.c
@@ -531,12 +531,10 @@ check_body: /* check the body of the rule again.*/
 					l = f->cmd_len - f->act_ofs;
 					goto check_body;
 			}
-			if (cmd->len & F_NOT) {
+			if (cmd->len & F_NOT)
 				cmd_val= !cmd_val;
-			}
-			if (!cmd_val) {
+			if (!cmd_val)
 				break;
-			}
 		}	/* end of inner for, scan opcodes */
 
 next_rule:;		/* try next rule		*/
-- 
2.11.4.GIT