From 756fff0053f82b5bcb128c91f6d656cbbb52d166 Mon Sep 17 00:00:00 2001
From: Archie Cobbs <archie@FreeBSD.org>
Date: Fri, 2 Jun 2000 22:47:53 +0000
Subject: [PATCH] Don't try to apply ipfw filtering to non-IP packets.

Reported-by:	"Lachlan O'Dea" <lodea@vet.com.au>
---
 sys/net/bridge.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/net/bridge.c b/sys/net/bridge.c
index 83b711ed826..633b65afae2 100644
--- a/sys/net/bridge.c
+++ b/sys/net/bridge.c
@@ -656,6 +656,8 @@ bdg_forward(struct mbuf **m0, struct ether_header *const eh, struct ifnet *dst)
 	    goto forward ;
 	if (src == NULL)
 	    goto forward ; /* do not apply to packets from ether_output */
+	if (ntohs(eh->ether_type) != ETHERTYPE_IP)
+	    goto forward ; /* not an IP packet, ipfw is not appropriate */
 	/*
 	 * In this section, canfree=1 means m is the same as *m0.
 	 * canfree==0 means m is a copy. We need to make a copy here