On Wednesday 24 December 2003 18:12, Rajashekhar Mansanpally wrote:> #ifdef CONFIG_NETFILTER > if (skb->nf_bridge) > memcpy(skb->data - 16, > skb->nf_bridge->hh, 16); > #endif > > 1. What is 16 bytes here...? Ethernet hdr is just 14 > bytesA memcpy of 16 bytes is faster.> 2. Why the ethernet hdr is being overwritten with > nf_bridge->hh? what is there in nf_bridge->hh?This is needed for refragmented UDP packets.> when is nf_bridge is actually assigned this content.See br_netfilter.c. cheers, Bart
Hi,
I found this block of code in br_dev_queue_xmit() @
br_forward.c, after applying 'netfilter' patch for
2.4.21 kernel
Can someone explain what this block of code is doin?
#ifdef CONFIG_NETFILTER
if (skb->nf_bridge)
memcpy(skb->data - 16,
skb->nf_bridge->hh, 16);
#endif
1. What is 16 bytes here...? Ethernet hdr is just 14
bytes
2. Why the ethernet hdr is being overwritten with
nf_bridge->hh? what is there in nf_bridge->hh? and
when is nf_bridge is actually assigned this content.
-Raj
Hi guyz, Looks like Bart Schuymer is busy. I will appreciate if anyone else can help me. I am using br_handle_frame_finish to implement my protocol which encapusulates and also decapsulates just like VLAN does. I made changes to br_netfilter.c similar to VLAN protocol and the IPTABLES seems to be working. But my ebtables INPUT chain does not see the frame early enough. ebtables INPUT chain is seeing frame after the decapsulation. The remedy, Bart says:> You should not add a new hook. What you need to do is register yourfunction> on the existing NF_BR_PRE_ROUTING hook, with a priority number lowerthan> that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). > See f.e. net/bridge/netfilter/ebtable_nat.c, where the ebtables natchains are> registered on the relevant netfilter hooks.can I add the following: { { NULL, NULL }, br_handle_frame_finish, PF_BRIDGE, NF_BR_PRE_ROUTING, NF_BR_PRI_BRNF}, to ebtables_nat.c @ end of 'static struct nf_hook_ops ebt_ops_nat[] {' ? Thanks in advance, Raj
Reasonably Related Threads
- [Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
- [Bridge] [PATCH/RFC] Reduce call chain length in netfilter (take 2)
- [Bug 479] tunnel0 and br0
- [Bridge] Re: do_IRQ: stack overflow: 872..
- [Bridge] RFC: [PATCH] bridge vlan integration